summaryrefslogtreecommitdiffstats
path: root/fs
Commit message (Collapse)AuthorAgeFilesLines
* Merge git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-2.6-nmwLinus Torvalds2009-06-1131-1575/+1522
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-2.6-nmw: (25 commits) GFS2: Merge gfs2_get_sb into gfs2_get_sb_meta GFS2: Fix cache coherency between truncate and O_DIRECT read GFS2: Fix locking issue mounting gfs2meta fs GFS2: Remove unused variable GFS2: smbd proccess hangs with flock() call. GFS2: Remove args subdir from gfs2 sysfs files GFS2: Remove lockstruct subdir from gfs2 sysfs files GFS2: Move gfs2_unlink_ok into ops_inode.c GFS2: Move gfs2_readlinki into ops_inode.c GFS2: Move gfs2_rmdiri into ops_inode.c GFS2: Merge mount.c and ops_super.c into super.c GFS2: Clean up some file names GFS2: Be more aggressive in reclaiming unlinked inodes GFS2: Add a rgrp bitmap full flag GFS2: Improve resource group error handling GFS2: Don't warn when delete inode fails on ro filesystem GFS2: Update docs GFS2: Umount recovery race fix GFS2: Remove a couple of unused sysfs entries GFS2: Add commit= mount option ...
| * GFS2: Merge gfs2_get_sb into gfs2_get_sb_metaSteven Whitehouse2009-06-101-12/+4
| | | | | | | | | | | | | | These don't need to be separate functions. Reported-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Fix cache coherency between truncate and O_DIRECT readSteven Whitehouse2009-06-101-1/+1
| | | | | | | | | | | | | | | | | | If a page was partially zeroed as the result of a truncate, then it was not being correctly marked dirty. This resulted in the deleted data reappearing if the file was read back via direct I/O. Reported-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Fix locking issue mounting gfs2meta fsSteven Whitehouse2009-06-051-14/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | This patch uses sget() to get a reference to the existing gfs2 sb when mouting the gfs2meta filesystem (in fact thats just another mount of the gfs2 filesystem with a different root and this interface is for backward compatibility). Signed-off-by: Steven Whitehouse <swhiteho@redhat.com> Reported-by: Benjamin Marzinski <bmarzins@redhat.com> Tested-by: Benjamin Marzinski <bmarzins@redhat.com> Cc: Christoph Hellwig <hch@infradead.org>
| * GFS2: Remove unused variableSteven Whitehouse2009-06-031-2/+0
| | | | | | | | Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: smbd proccess hangs with flock() call.Abhijith Das2009-06-021-2/+2
| | | | | | | | | | | | | | | | | | GFS2 currently does not support mandatory flocks. An flock() call with LOCK_MAND triggers unexpected behavior because gfs2 is not checking for this lock type. This patch corrects that. Signed-off-by: Abhi Das <adas@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Remove args subdir from gfs2 sysfs filesSteven Whitehouse2009-05-261-51/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since we can cat /proc/mounts there is no need to have this subdirectory in the gfs2 sysfs files. In fact this does not reflect the full range of possible mount argumenmts, where as /proc/mounts does. There was only one userland user of this set of sysfs files and it will function perfectly well without these files being present (in fact that subcommand of gfs2_tool is obsolete anyway). The tune/* subdirectory is also considered mostly obsolete, but there are a few uses of this until mount arguments can be added for the last few functions for which there are no equivalents currently. However the tune/* directory is still in my sights and new code should avoid using it. Only the gfs2_quota and gfs2_tool programs are know to use tune/* at the moment. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Remove lockstruct subdir from gfs2 sysfs filesSteven Whitehouse2009-05-261-33/+8
| | | | | | | | | | | | | | | | | | The lockstruct sub directory contained two entries, both of which are duplicated elsewhere in the gfs2 sysfs files as well as being available via /proc/mounts. There is no userland program using either of them, so this patch removes them. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Move gfs2_unlink_ok into ops_inode.cSteven Whitehouse2009-05-223-41/+38
| | | | | | | | | | | | | | Another function which is only called from one ops_inode.c so we move it and make it static. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Move gfs2_readlinki into ops_inode.cSteven Whitehouse2009-05-223-58/+56
| | | | | | | | | | | | Move gfs2_readlinki into ops_inode.c and make it static Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Move gfs2_rmdiri into ops_inode.cSteven Whitehouse2009-05-223-54/+53
| | | | | | | | | | | | Move gfs2_rmdiri() into ops_inode.c and make it static. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Merge mount.c and ops_super.c into super.cSteven Whitehouse2009-05-224-956/+903
| | | | | | | | | | | | | | | | mount.c only contained a single function, so is not really worth retaining on its own. All of the super related code is now either in super.c or ops_fstype.c Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Clean up some file namesSteven Whitehouse2009-05-2212-55/+34
| | | | | | | | | | | | | | | | | | | | This patch renames the ops_*.c files which have no counterpart without the ops_ prefix in order to shorten the name and make it more readable. In addition, ops_address.h (which was very small) is moved into inode.h and inode.h is cleaned up by adding extern where required. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Be more aggressive in reclaiming unlinked inodesSteven Whitehouse2009-05-212-3/+4
| | | | | | | | | | | | | | | | | | | | | | This patch increases the frequency with which gfs2 looks for unlinked, but still allocated inodes. Its the equivalent operation to ext3's orphan list, but done with bitmaps in the resource groups. This also fixes a bug where a field in the rgrp was too small. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Add a rgrp bitmap full flagSteven Whitehouse2009-05-212-30/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During block allocation, it is useful to know if sections of disk are full on a finer grained basis than a single resource group. This can make a performance difference when resource groups have larger numbers of bitmap blocks, since we no longer have to search them all block by block in each individual bitmap. The full flag is set on a per-bitmap basis when it has been searched and found to have no free space. It is then skipped in subsequent searches until the flag is reset. The resetting occurs if we have to drop the glock on the resource group for any reason, or if we deallocate some blocks within that resource group and thus free up some space. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Improve resource group error handlingSteven Whitehouse2009-05-207-67/+99
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch improves the error handling in the case where we discover that the summary information in the resource group doesn't match the bitmap information while in the process of allocating blocks. Originally this resulted in a kernel bug, but this patch changes that so that we return -EIO and print some messages explaining what went wrong, and how to fix it. We also remember locally not to try and allocate from the same rgrp again, so that a subsequent allocation in a different rgrp should succeed. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Don't warn when delete inode fails on ro filesystemSteven Whitehouse2009-05-191-1/+1
| | | | | | | | | | | | | | If the filesystem is read-only, then we expect that delete inode will fail, so there is no need to warn about it. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Umount recovery race fixSteven Whitehouse2009-05-199-124/+122
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes a race condition where we can receive recovery requests part way through processing a umount. This was causing problems since the recovery thread had already gone away. Looking in more detail at the recovery code, it was really trying to implement a slight variation on a work queue, and that happens to align nicely with the recently introduced slow-work subsystem. As a result I've updated the code to use slow-work, rather than its own home grown variety of work queue. When using the wait_on_bit() function, I noticed that the wait function that was supplied as an argument was appearing in the WCHAN field, so I've updated the function names in order to produce more meaningful output. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Remove a couple of unused sysfs entriesSteven Whitehouse2009-05-131-13/+0
| | | | | | | | | | | | | | | | | | These two tunables are pointless and would never need to be changed anyway. There is also a race between them and umount as the deamons which they refer to might have gone away. The easiest way to fix the race is to remove the interface. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Add commit= mount optionSteven Whitehouse2009-05-135-60/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It has always been possible to adjust the gfs2 log commit interval, but only from the sysfs interface. This adds a mount option, commit=<nn>, which will be familar to ext3 users. The sysfs interface continues to be available as well, although this might be removed in the future. Also this patch cleans up some duplicated structures in the GFS2 sysfs code. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Move journal live test at transaction startSteven Whitehouse2009-05-131-6/+3
| | | | | | | | | | | | | | | | | | There seems little point grabbing the transaction glock only to have to release it again if the journal isn't live. This moves the test earlier to avoid grabbing the lock when we don't need it in the first place. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Fix timestamps on writeAbhijith Das2009-05-121-10/+10
| | | | | | | | | | | | | | | | | | This patch copies the timestamps from the vfs inode into gfs2 and syncs it to the disk inode during writes. Signed-off-by: Abhijith Das <adas@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Something nonlinear this way comes!Steven Whitehouse2009-05-111-13/+16
| | | | | | | | | | | | | | | | | | | | | | For some reason GFS2 has been missing support for non-linear mappings. This patch fixes that, and also avoids taking any locks for mmap in the O_NOATIME case. In fact we don't actually need to take the lock here at all - just doing file_accessed() would be enough, but we have to take the lock eventually and this helps it hit disk (and thus be seen by other nodes) faster. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Optimise writepage for metadataSteven Whitehouse2009-05-111-9/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | This adds a GFS2 specific writepage for metadata, rather than continuing to use the VFS function. As a result we now tag all our metadata I/O with the correct flag so that blktraces will now be less confusing. Also, the generic function was checking for a number of corner cases which cannot happen on the metadata address spaces so that this should be faster too. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
| * GFS2: Update the rw flagsSteven Whitehouse2009-05-113-20/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After Jens recent updates: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a1f242524c3c1f5d40f1c9c343427e34d1aadd6e et al. this is a patch to bring gfs2 uptodate with the core code. Also I've managed to squash another call to ll_rw_block() along the way. There is still one part of the GFS2 I/O paths which are not correctly annotated and that is due to the sharing of the writeback code between the data and metadata address spaces. I would like to change that too, but this patch is still worth doing on its own, I think. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
* | Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6Linus Torvalds2009-06-1113-177/+180
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: cifs: remove never-used in6_addr option cifs: add addr= mount option alias for ip= [CIFS] Add mention of new mount parm (forceuid) to cifs readme cifs: make overriding of ownership conditional on new mount options cifs: fix IPv6 address length check cifs: clean up set_cifs_acl interfaces cifs: reorganize get_cifs_acl [CIFS] Update readme to indicate change to default mount (serverino) cifs: make serverino the default when mounting cifs: rename cifs_iget to cifs_root_iget cifs: make cnvrtDosUnixTm take a little-endian args and an offset cifs: have cifs_NTtimeToUnix take a little-endian arg cifs: tighten up default file_mode/dir_mode cifs: fix artificial limit on reading symlinks
| * | cifs: remove never-used in6_addr optionJeff Layton2009-06-101-11/+0
| | | | | | | | | | | | | | | | | | | | | | | | This option was never used to my knowledge. Remove it before someone does... Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: add addr= mount option alias for ip=Jeff Layton2009-06-101-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When you look in /proc/mounts, the address of the server gets displayed as "addr=". That's really a better option to use anyway since it's more generic. What if we eventually want to support non-IP transports? It also makes CIFS option consistent with the NFS option of the same name. Begin the migration to that option name by adding an alias for ip= called addr=. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | [CIFS] Add mention of new mount parm (forceuid) to cifs readmeSteve French2009-06-062-2/+12
| | | | | | | | | | | | | | | | | | Also update fs/cifs/CHANGES Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: make overriding of ownership conditional on new mount optionsJeff Layton2009-06-061-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have a bit of a problem with the uid= option. The basic issue is that it means too many things and has too many side-effects. It's possible to allow an unprivileged user to mount a filesystem if the user owns the mountpoint, /bin/mount is setuid root, and the mount is set up in /etc/fstab with the "user" option. When doing this though, /bin/mount automatically adds the "uid=" and "gid=" options to the share. This is fortunate since the correct uid= option is needed in order to tell the upcall what user's credcache to use when generating the SPNEGO blob. On a mount without unix extensions this is fine -- you generally will want the files to be owned by the "owner" of the mount. The problem comes in on a mount with unix extensions. With those enabled, the uid/gid options cause the ownership of files to be overriden even though the server is sending along the ownership info. This means that it's not possible to have a mount by an unprivileged user that shows the server's file ownership info. The result is also inode permissions that have no reflection at all on the server. You simply cannot separate ownership from the mode in this fashion. This behavior also makes MultiuserMount option less usable. Once you pass in the uid= option for a mount, then you can't use unix ownership info and allow someone to share the mount. While I'm not thrilled with it, the only solution I can see is to stop making uid=/gid= force the overriding of ownership on mounts, and to add new mount options that turn this behavior on. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: fix IPv6 address length checkJeff Layton2009-06-022-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For IPv6 the userspace mount helper sends an address in the "ip=" option. This check fails if the length is > 35 characters. I have no idea where the magic 35 character limit came from, but it's clearly not enough for IPv6. Fix it by making it use the INET6_ADDRSTRLEN #define. While we're at it, use the same #define for the address length in SPNEGO upcalls. Reported-by: Charles R. Anderson <cra@wpi.edu> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: clean up set_cifs_acl interfacesChristoph Hellwig2009-05-281-37/+41
| | | | | | | | | | | | | | | | | | | | | Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: reorganize get_cifs_aclChristoph Hellwig2009-05-283-51/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Thus spake Christoph: "But this whole set_cifs_acl function is a real mess anyway and needs some splitting up." With this change too, it's possible to call acl_to_uid_mode() with a NULL inode pointer. That (or something close to it) will eventually be necessary when cifs_get_inode_info is reorganized. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | [CIFS] Update readme to indicate change to default mount (serverino)Steve French2009-05-283-2/+15
| | | | | | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: make serverino the default when mountingJeff Layton2009-05-281-0/+2
| | | | | | | | | | | | | | | Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: rename cifs_iget to cifs_root_igetJeff Layton2009-05-283-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | The current cifs_iget isn't suitable for anything but the root inode. Rename it with a more appropriate name. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: make cnvrtDosUnixTm take a little-endian args and an offsetJeff Layton2009-05-284-34/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The callers primarily end up converting the args from le anyway. Also, most of the callers end up needing to add an offset to the result. The exception to these rules is cnvrtDosCifsTm, but there are no callers of that function, so we might as well remove it. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: have cifs_NTtimeToUnix take a little-endian argJeff Layton2009-05-285-23/+20
| | | | | | | | | | | | | | | | | | | | | | | | ...and just have the function call le64_to_cpu. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: tighten up default file_mode/dir_modeJeff Layton2009-05-261-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current default file mode is 02767 and dir mode is 0777. This is extremely "loose". Given that CIFS is a single-user protocol, these permissions allow anyone to use the mount -- in effect, giving anyone on the machine access to the credentials used to mount the share. Change this by making the default permissions restrict write access to the default owner of the mount. Give read and execute permissions to everyone else. These are the same permissions that VFAT mounts get by default so there is some precedent here. Note that this patch also removes the mandatory locking flags from the default file_mode. After having looked at how these flags are used by the kernel, I don't think that keeping them as the default offers any real benefit. That flag combination makes it so that the kernel enforces mandatory locking. Since the server is going to do that for us anyway, I don't think we want the client to enforce this by default on applications that just want advisory locks. Anyone that does want this behavior can always enable it by setting the file_mode appropriately. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * | cifs: fix artificial limit on reading symlinksJeff Layton2009-05-261-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's no reason to limit the size of a symlink that we can read to 4000 bytes. That may be nowhere near PATH_MAX if the server is sending UCS2 strings. CIFS should be able to read in a symlink up to the size of the buffer. The size of the header has already been accounted for when creating the slabcache, so CIFSMaxBufSize should be the correct size to pass in. Fixes samba bug #6384. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | | Merge branch 'for-linus' of ↵Linus Torvalds2009-06-116-10/+34
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (44 commits) nommu: Provide mmap_min_addr definition. TOMOYO: Add description of lists and structures. TOMOYO: Remove unused field. integrity: ima audit dentry_open failure TOMOYO: Remove unused parameter. security: use mmap_min_addr indepedently of security models TOMOYO: Simplify policy reader. TOMOYO: Remove redundant markers. SELinux: define audit permissions for audit tree netlink messages TOMOYO: Remove unused mutex. tomoyo: avoid get+put of task_struct smack: Remove redundant initialization. integrity: nfsd imbalance bug fix rootplug: Remove redundant initialization. smack: do not beyond ARRAY_SIZE of data integrity: move ima_counts_get integrity: path_check update IMA: Add __init notation to ima functions IMA: Minimal IMA policy and boot param for TCB IMA policy selinux: remove obsolete read buffer limit from sel_read_bool ...
| * \ \ Merge branch 'next' into for-linusJames Morris2009-06-116-10/+34
| |\ \ \
| | * \ \ Merge branch 'master' into nextJames Morris2009-06-0920-121/+212
| | |\ \ \
| | * | | | integrity: nfsd imbalance bug fixMimi Zohar2009-05-281-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | An nfsd exported file is opened/closed by the kernel causing the integrity imbalance message. Before a file is opened, there normally is permission checking, which is done in inode_permission(). However, as integrity checking requires a dentry and mount point, which is not available in inode_permission(), the integrity (permission) checking must be called separately. In order to detect any missing integrity checking calls, we keep track of file open/closes. ima_path_check() increments these counts and does the integrity (permission) checking. As a result, the number of calls to ima_path_check()/ima_file_free() should be balanced. An extra call to fput(), indicates the file could have been accessed without first calling ima_path_check(). In nfsv3 permission checking is done once, followed by multiple reads, which do an open/close for each read. The integrity (permission) checking call should be in nfsd_permission() after the inode_permission() call, but as there is no correlation between the number of permission checking and open calls, the integrity checking call should not increment the counters, but defer it to when the file is actually opened. This patch adds: - integrity (permission) checking for nfsd exported files in nfsd_permission(). - a call to increment counts for files opened by nfsd. This patch has been updated to return the nfs error types. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
| | * | | | Merge branch 'master' into nextJames Morris2009-05-2278-2248/+1489
| | |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: fs/exec.c Removed IMA changes (the IMA checks are now performed via may_open()). Signed-off-by: James Morris <jmorris@namei.org>
| | * | | | | integrity: move ima_counts_getMimi Zohar2009-05-221-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Based on discussion on lkml (Andrew Morton and Eric Paris), move ima_counts_get down a layer into shmem/hugetlb__file_setup(). Resolves drm shmem_file_setup() usage case as well. HD comment: I still think you're doing this at the wrong level, but recognize that you probably won't be persuaded until a few more users of alloc_file() emerge, all wanting your ima_counts_get(). Resolving GEM's shmem_file_setup() is an improvement, so I'll say Acked-by: Hugh Dickins <hugh.dickins@tiscali.co.uk> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
| | * | | | | integrity: path_check updateMimi Zohar2009-05-222-4/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Add support in ima_path_check() for integrity checking without incrementing the counts. (Required for nfsd.) - rename and export opencount_get to ima_counts_get - replace ima_shm_check calls with ima_counts_get - export ima_path_check Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
| | * | | | | CRED: Guard the setprocattr security hook against ptraceDavid Howells2009-05-111-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Guard the setprocattr security hook against ptrace by taking the target task's cred_guard_mutex around it. The problem is that setprocattr() may otherwise note the lack of a debugger, and then perform an action on that basis whilst letting a debugger attach between the two points. Holding cred_guard_mutex across the test and the action prevents ptrace_attach() from doing that. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
| | * | | | | CRED: Rename cred_exec_mutex to reflect that it's a guard against ptraceDavid Howells2009-05-112-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rename cred_exec_mutex to reflect that it's a guard against foreign intervention on a process's credential state, such as is made by ptrace(). The attachment of a debugger to a process affects execve()'s calculation of the new credential state - _and_ also setprocattr()'s calculation of that state. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
* | | | | | | Merge branch 'for_linus' of ↵Linus Torvalds2009-06-1123-1233/+1582
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: (49 commits) ext4: Avoid corrupting the uninitialized bit in the extent during truncate ext4: Don't treat a truncation of a zero-length file as replace-via-truncate ext4: fix dx_map_entry to support 256k directory blocks ext4: truncate the file properly if we fail to copy data from userspace ext4: Avoid leaking blocks after a block allocation failure ext4: Change all super.c messages to print the device ext4: Get rid of EXTEND_DISKSIZE flag of ext4_get_blocks_handle() ext4: super.c whitespace cleanup jbd2: Fix minor typos in comments in fs/jbd2/journal.c ext4: Clean up calls to ext4_get_group_desc() ext4: remove unused function __ext4_write_dirty_metadata ext2: Fix memory leak in ext2_fill_super() in case of a failed mount ext3: Fix memory leak in ext3_fill_super() in case of a failed mount ext4: Fix memory leak in ext4_fill_super() in case of a failed mount ext4: down i_data_sem only for read when walking tree for fiemap ext4: Add a comprehensive block validity check to ext4_get_blocks() ext4: Clean up ext4_get_blocks() so it does not depend on bh_result->b_state ext4: Merge ext4_da_get_block_write() into mpage_da_map_blocks() ext4: Add BUG_ON debugging checks to noalloc_get_block_write() ext4: Add documentation to the ext4_*get_block* functions ...