summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* SELinux: implement the new sb_remount LSM hookEric Paris2011-03-031-0/+86
| | | | | | | | | | For SELinux we do not allow security information to change during a remount operation. Thus this hook simply strips the security module options from the data and verifies that those are the same options as exist on the current superblock. Signed-off-by: Eric Paris <eparis@redhat.com> Reviewed-by: James Morris <jmorris@namei.org>
* LSM: Pass -o remount options to the LSMEric Paris2011-03-034-0/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The VFS mount code passes the mount options to the LSM. The LSM will remove options it understands from the data and the VFS will then pass the remaining options onto the underlying filesystem. This is how options like the SELinux context= work. The problem comes in that -o remount never calls into LSM code. So if you include an LSM specific option it will get passed to the filesystem and will cause the remount to fail. An example of where this is a problem is the 'seclabel' option. The SELinux LSM hook will print this word in /proc/mounts if the filesystem is being labeled using xattrs. If you pass this word on mount it will be silently stripped and ignored. But if you pass this word on remount the LSM never gets called and it will be passed to the FS. The FS doesn't know what seclabel means and thus should fail the mount. For example an ext3 fs mounted over loop # mount -o loop /tmp/fs /mnt/tmp # cat /proc/mounts | grep /mnt/tmp /dev/loop0 /mnt/tmp ext3 rw,seclabel,relatime,errors=continue,barrier=0,data=ordered 0 0 # mount -o remount /mnt/tmp mount: /mnt/tmp not mounted already, or bad option # dmesg EXT3-fs (loop0): error: unrecognized mount option "seclabel" or missing value This patch passes the remount mount options to an new LSM hook. Signed-off-by: Eric Paris <eparis@redhat.com> Reviewed-by: James Morris <jmorris@namei.org>
* SELinux: Compute SID for the newly created socketHarry Ciao2011-03-031-6/+21
| | | | | | | | | | | | The security context for the newly created socket shares the same user, role and MLS attribute as its creator but may have a different type, which could be specified by a type_transition rule in the relevant policy package. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> [fix call to security_transition_sid to include qstr, Eric Paris] Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
* SELinux: Socket retains creator role and MLS attributeHarry Ciao2011-03-033-7/+29
| | | | | | | | | | | | | | | | The socket SID would be computed on creation and no longer inherit its creator's SID by default. Socket may have a different type but needs to retain the creator's role and MLS attribute in order not to break labeled networking and network access control. The kernel value for a class would be used to determine if the class if one of socket classes. If security_compute_sid is called from userspace the policy value for a class would be mapped to the relevant kernel value first. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
* SELinux: Auto-generate security_is_socket_classHarry Ciao2011-03-032-0/+24
| | | | | | | | | | | The security_is_socket_class() is auto-generated by genheaders based on classmap.h to reduce maintenance effort when a new class is defined in SELinux kernel. The name for any socket class should be suffixed by "socket" and doesn't contain more than one substr of "socket". Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
* Revert "selinux: simplify ioctl checking"Eric Paris2011-02-251-8/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 242631c49d4cf39642741d6627750151b058233b. Conflicts: security/selinux/hooks.c SELinux used to recognize certain individual ioctls and check permissions based on the knowledge of the individual ioctl. In commit 242631c49d4cf396 the SELinux code stopped trying to understand individual ioctls and to instead looked at the ioctl access bits to determine in we should check read or write for that operation. This same suggestion was made to SMACK (and I believe copied into TOMOYO). But this suggestion is total rubbish. The ioctl access bits are actually the access requirements for the structure being passed into the ioctl, and are completely unrelated to the operation of the ioctl or the object the ioctl is being performed upon. Take FS_IOC_FIEMAP as an example. FS_IOC_FIEMAP is defined as: FS_IOC_FIEMAP _IOWR('f', 11, struct fiemap) So it has access bits R and W. What this really means is that the kernel is going to both read and write to the struct fiemap. It has nothing at all to do with the operations that this ioctl might perform on the file itself! Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
* selinux: drop unused packet flow permissionsEric Paris2011-02-251-2/+1
| | | | | | | | | These permissions are not used and can be dropped in the kernel definitions. Suggested-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
* selinux: Fix packet forwarding checks on postroutingSteffen Klassert2011-02-251-18/+5
| | | | | | | | | | | | | | | | The IPSKB_FORWARDED and IP6SKB_FORWARDED flags are used only in the multicast forwarding case to indicate that a packet looped back after forward. So these flags are not a good indicator for packet forwarding. A better indicator is the incoming interface. If we have no socket context, but an incoming interface and we see the packet in the ip postroute hook, the packet is going to be forwarded. With this patch we use the incoming interface as an indicator on packet forwarding. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Eric Paris <eparis@redhat.com>
* selinux: Fix wrong checks for selinux_policycap_netpeerSteffen Klassert2011-02-251-18/+6
| | | | | | | | | | | | | selinux_sock_rcv_skb_compat and selinux_ip_postroute_compat are just called if selinux_policycap_netpeer is not set. However in these functions we check if selinux_policycap_netpeer is set. This leads to some dead code and to the fact that selinux_xfrm_postroute_last is never executed. This patch removes the dead code and the checks for selinux_policycap_netpeer in the compatibility functions. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Eric Paris <eparis@redhat.com>
* selinux: Fix check for xfrm selinux context algorithmSteffen Klassert2011-02-251-1/+1
| | | | | | | | | | selinux_xfrm_sec_ctx_alloc accidentally checks the xfrm domain of interpretation against the selinux context algorithm. This patch fixes this by checking ctx_alg against the selinux context algorithm. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Eric Paris <eparis@redhat.com>
* security: remove unused security_sysctl hookLucian Adrian Grijincu2011-02-014-29/+0
| | | | | | | | | The only user for this hook was selinux. sysctl routes every call through /proc/sys/. Selinux and other security modules use the file system checks for sysctl too, so no need for this hook any more. Signed-off-by: Lucian Adrian Grijincu <lucian.grijincu@gmail.com> Signed-off-by: Eric Paris <eparis@redhat.com>
* security/selinux: fix /proc/sys/ labelingLucian Adrian Grijincu2011-02-012-103/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes an old (2007) selinux regression: filesystem labeling for /proc/sys returned -r--r--r-- unknown /proc/sys/fs/file-nr instead of -r--r--r-- system_u:object_r:sysctl_fs_t:s0 /proc/sys/fs/file-nr Events that lead to breaking of /proc/sys/ selinux labeling: 1) sysctl was reimplemented to route all calls through /proc/sys/ commit 77b14db502cb85a031fe8fde6c85d52f3e0acb63 [PATCH] sysctl: reimplement the sysctl proc support 2) proc_dir_entry was removed from ctl_table: commit 3fbfa98112fc3962c416452a0baf2214381030e6 [PATCH] sysctl: remove the proc_dir_entry member for the sysctl tables 3) selinux still walked the proc_dir_entry tree to apply labeling. Because ctl_tables don't have a proc_dir_entry, we did not label /proc/sys/ inodes any more. To achieve this the /proc/sys/ inodes were marked private and private inodes were ignored by selinux. commit bbaca6c2e7ef0f663bc31be4dad7cf530f6c4962 [PATCH] selinux: enhance selinux to always ignore private inodes commit 86a71dbd3e81e8870d0f0e56b87875f57e58222b [PATCH] sysctl: hide the sysctl proc inodes from selinux Access control checks have been done by means of a special sysctl hook that was called for read/write accesses to any /proc/sys/ entry. We don't have to do this because, instead of walking the proc_dir_entry tree we can walk the dentry tree (as done in this patch). With this patch: * we don't mark /proc/sys/ inodes as private * we don't need the sysclt security hook * we walk the dentry tree to find the path to the inode. We have to strip the PID in /proc/PID/ entries that have a proc_dir_entry because selinux does not know how to label paths like '/1/net/rpc/nfsd.fh' (and defaults to 'proc_t' labeling). Selinux does know of '/net/rpc/nfsd.fh' (and applies the 'sysctl_rpc_t' label). PID stripping from the path was done implicitly in the previous code because the proc_dir_entry tree had the root in '/net' in the example from above. The dentry tree has the root in '/1'. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Lucian Adrian Grijincu <lucian.grijincu@gmail.com> Signed-off-by: Eric Paris <eparis@redhat.com>
* SELinux: Use dentry name in new object labelingEric Paris2011-02-016-37/+197
| | | | | | | | | | | | | | | Currently SELinux has rules which label new objects according to 3 criteria. The label of the process creating the object, the label of the parent directory, and the type of object (reg, dir, char, block, etc.) This patch adds a 4th criteria, the dentry name, thus we can distinguish between creating a file in an etc_t directory called shadow and one called motd. There is no file globbing, regex parsing, or anything mystical. Either the policy exactly (strcmp) matches the dentry name of the object or it doesn't. This patch has no changes from today if policy does not implement the new rules. Signed-off-by: Eric Paris <eparis@redhat.com>
* fs/vfs/security: pass last path component to LSM on inode creationEric Paris2011-02-0139-94/+136
| | | | | | | | | | | | | | | | | | | SELinux would like to implement a new labeling behavior of newly created inodes. We currently label new inodes based on the parent and the creating process. This new behavior would also take into account the name of the new object when deciding the new label. This is not the (supposed) full path, just the last component of the path. This is very useful because creating /etc/shadow is different than creating /etc/passwd but the kernel hooks are unable to differentiate these operations. We currently require that userspace realize it is doing some difficult operation like that and than userspace jumps through SELinux hoops to get things set up correctly. This patch does not implement new behavior, that is obviously contained in a seperate SELinux patch, but it does pass the needed name down to the correct LSM hook. If no such name exists it is fine to pass NULL. Signed-off-by: Eric Paris <eparis@redhat.com>
* CacheFiles: Add calls to path-based security hooksDavid Howells2011-01-242-8/+47
| | | | | | | | | Add calls to path-based security hooks into CacheFiles as, unlike inode-based security, these aren't implicit in the vfs_mkdir() and similar calls. Reported-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
* security:selinux: kill unused MAX_AVTAB_HASH_MASK and ebitmap_startbitShan Wei2011-01-242-2/+0
| | | | | | | Kill unused MAX_AVTAB_HASH_MASK and ebitmap_startbit. Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com> Signed-off-by: James Morris <jmorris@namei.org>
* Subject: [PATCH] Smack: mmap controls for library containmentCasey Schaufler2011-01-175-178/+524
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the embedded world there are often situations where libraries are updated from a variety of sources, for a variety of reasons, and with any number of security characteristics. These differences might include privilege required for a given library provided interface to function properly, as occurs from time to time in graphics libraries. There are also cases where it is important to limit use of libraries based on the provider of the library and the security aware application may make choices based on that criteria. These issues are addressed by providing an additional Smack label that may optionally be assigned to an object, the SMACK64MMAP attribute. An mmap operation is allowed if there is no such attribute. If there is a SMACK64MMAP attribute the mmap is permitted only if a subject with that label has all of the access permitted a subject with the current task label. Security aware applications may from time to time wish to reduce their "privilege" to avoid accidental use of privilege. One case where this arises is the environment in which multiple sources provide libraries to perform the same functions. An application may know that it should eschew services made available from a particular vendor, or of a particular version. In support of this a secondary list of Smack rules has been added that is local to the task. This list is consulted only in the case where the global list has approved access. It can only further restrict access. Unlike the global last, if no entry is found on the local list access is granted. An application can add entries to its own list by writing to /smack/load-self. The changes appear large as they involve refactoring the list handling to accomodate there being more than one rule list. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
* Merge branch 'master' of git://git.infradead.org/users/eparis/selinux into nextJames Morris2011-01-1011-931/+944
|\
| * SELinux: define permissions for DCB netlink messagesEric Paris2010-12-161-0/+2
| | | | | | | | | | | | | | | | | | | | | | Commit 2f90b865 added two new netlink message types to the netlink route socket. SELinux has hooks to define if netlink messages are allowed to be sent or received, but it did not know about these two new message types. By default we allow such actions so noone likely noticed. This patch adds the proper definitions and thus proper permissions enforcement. Signed-off-by: Eric Paris <eparis@redhat.com>
| * selinux: cache sidtab_context_to_sid resultsEric Paris2010-12-072-2/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sidtab_context_to_sid takes up a large share of time when creating large numbers of new inodes (~30-40% in oprofile runs). This patch implements a cache of 3 entries which is checked before we do a full context_to_sid lookup. On one system this showed over a x3 improvement in the number of inodes that could be created per second and around a 20% improvement on another system. Any time we look up the same context string sucessivly (imagine ls -lZ) we should hit this cache hot. A cache miss should have a relatively minor affect on performance next to doing the full table search. All operations on the cache are done COMPLETELY lockless. We know that all struct sidtab_node objects created will never be deleted until a new policy is loaded thus we never have to worry about a pointer being dereferenced. Since we also know that pointer assignment is atomic we know that the cache will always have valid pointers. Given this information we implement a FIFO cache in an array of 3 pointers. Every result (whether a cache hit or table lookup) will be places in the 0 spot of the cache and the rest of the entries moved down one spot. The 3rd entry will be lost. Races are possible and are even likely to happen. Lets assume that 4 tasks are hitting sidtab_context_to_sid. The first task checks against the first entry in the cache and it is a miss. Now lets assume a second task updates the cache with a new entry. This will push the first entry back to the second spot. Now the first task might check against the second entry (which it already checked) and will miss again. Now say some third task updates the cache and push the second entry to the third spot. The first task my check the third entry (for the third time!) and again have a miss. At which point it will just do a full table lookup. No big deal! Signed-off-by: Eric Paris <eparis@redhat.com>
| * SELinux: do not compute transition labels on mountpoint labeled filesystemsEric Paris2010-12-021-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | selinux_inode_init_security computes transitions sids even for filesystems that use mount point labeling. It shouldn't do that. It should just use the mount point label always and no matter what. This causes 2 problems. 1) it makes file creation slower than it needs to be since we calculate the transition sid and 2) it allows files to be created with a different label than the mount point! # id -Z staff_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 # sesearch --type --class file --source sysadm_t --target tmp_t Found 1 semantic te rules: type_transition sysadm_t tmp_t : file user_tmp_t; # mount -o loop,context="system_u:object_r:tmp_t:s0" /tmp/fs /mnt/tmp # ls -lZ /mnt/tmp drwx------. root root system_u:object_r:tmp_t:s0 lost+found # touch /mnt/tmp/file1 # ls -lZ /mnt/tmp -rw-r--r--. root root staff_u:object_r:user_tmp_t:s0 file1 drwx------. root root system_u:object_r:tmp_t:s0 lost+found Whoops, we have a mount point labeled filesystem tmp_t with a user_tmp_t labeled file! Signed-off-by: Eric Paris <eparis@redhat.com> Reviewed-by: Reviewed-by: James Morris <jmorris@namei.org>
| * SELinux: merge policydb_index_classes and policydb_index_othersEric Paris2010-11-301-59/+10
| | | | | | | | | | | | | | | | We duplicate functionality in policydb_index_classes() and policydb_index_others(). This patch merges those functions just to make it clear there is nothing special happening here. Signed-off-by: Eric Paris <eparis@redhat.com>
| * selinux: convert part of the sym_val_to_name array to use flex_arrayEric Paris2010-11-305-68/+127
| | | | | | | | | | | | | | | | | | The sym_val_to_name type array can be quite large as it grows linearly with the number of types. With known policies having over 5k types these allocations are growing large enough that they are likely to fail. Convert those to flex_array so no allocation is larger than PAGE_SIZE Signed-off-by: Eric Paris <eparis@redhat.com>
| * selinux: convert type_val_to_struct to flex_arrayEric Paris2010-11-303-13/+34
| | | | | | | | | | | | | | | | | | In rawhide type_val_to_struct will allocate 26848 bytes, an order 3 allocations. While this hasn't been seen to fail it isn't outside the realm of possibiliy on systems with severe memory fragmentation. Convert to flex_array so no allocation will ever be bigger than PAGE_SIZE. Signed-off-by: Eric Paris <eparis@redhat.com>
| * flex_array: fix flex_array_put_ptr macro to be valid CEric Paris2010-11-301-1/+1
| | | | | | | | | | | | | | Using flex_array_put_ptr() results in a compile error "error: lvalue required as unary ‘&’ operand" fix the casting order to fix this. Signed-off-by: Eric Paris <eparis@redhat.com>
| * SELinux: do not set automatic i_ino in selinuxfsEric Paris2010-11-301-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | selinuxfs carefully uses i_ino to figure out what the inode refers to. The VFS used to generically set this value and we would reset it to something useable. After 85fe4025c616 each filesystem sets this value to a default if needed. Since selinuxfs doesn't use the default value and it can only lead to problems (I'd rather have 2 inodes with i_ino == 0 than one pointing to the wrong data) lets just stop setting a default. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: James Morris <jmorris@namei.org>
| * selinux: rework security_netlbl_secattr_to_sidEric Paris2010-11-301-21/+21
| | | | | | | | | | | | | | security_netlbl_secattr_to_sid is difficult to follow, especially the return codes. Try to make the function obvious. Signed-off-by: Eric Paris <eparis@redhat.com>
| * SELinux: standardize return code handling in selinuxfs.cEric Paris2010-11-301-171/+157
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | selinuxfs.c has lots of different standards on how to handle return paths on error. For the most part transition to rc=errno if (failure) goto out; [...] out: cleanup() return rc; Instead of doing cleanup mid function, or having multiple returns or other options. This doesn't do that for every function, but most of the complex functions which have cleanup routines on error. Signed-off-by: Eric Paris <eparis@redhat.com>
| * SELinux: standardize return code handling in selinuxfs.cEric Paris2010-11-301-337/+311
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | selinuxfs.c has lots of different standards on how to handle return paths on error. For the most part transition to rc=errno if (failure) goto out; [...] out: cleanup() return rc; Instead of doing cleanup mid function, or having multiple returns or other options. This doesn't do that for every function, but most of the complex functions which have cleanup routines on error. Signed-off-by: Eric Paris <eparis@redhat.com>
| * SELinux: standardize return code handling in policydb.cEric Paris2010-11-301-287/+268
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | policydb.c has lots of different standards on how to handle return paths on error. For the most part transition to rc=errno if (failure) goto out; [...] out: cleanup() return rc; Instead of doing cleanup mid function, or having multiple returns or other options. This doesn't do that for every function, but most of the complex functions which have cleanup routines on error. Signed-off-by: Eric Paris <eparis@redhat.com>
* | Merge branch 'master' into nextJames Morris2011-01-104700-221226/+359464
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: security/smack/smack_lsm.c Verified and added fix by Stephen Rothwell <sfr@canb.auug.org.au> Ok'd by Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: James Morris <jmorris@namei.org>
| * \ Merge branch 'for-next' of ↵Linus Torvalds2011-01-0717-400/+701
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/hch/hfsplus * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/hch/hfsplus: hfsplus: %L-to-%ll, macro correction, and remove unneeded braces hfsplus: spaces/indentation clean-up hfsplus: C99 comments clean-up hfsplus: over 80 character lines clean-up hfsplus: fix an artifact in ioctl flag checking hfsplus: flush disk caches in sync and fsync hfsplus: optimize fsync hfsplus: split up inode flags hfsplus: write up fsync for directories hfsplus: simplify fsync hfsplus: avoid useless work in hfsplus_sync_fs hfsplus: make sure sync writes out all metadata hfsplus: use raw bio access for partition tables hfsplus: use raw bio access for the volume headers hfsplus: always use hfsplus_sync_fs to write the volume header hfsplus: silence a few debug printks hfsplus: fix option parsing during remount Fix up conflicts due to VFS changes in fs/hfsplus/{hfsplus_fs.h,unicode.c}
| | * | hfsplus: %L-to-%ll, macro correction, and remove unneeded bracesAnton Salikhmetov2010-12-163-14/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Clean-up based on checkpatch.pl report against unnecessary braces (`{' and `}'), non-standard format option %Lu (%llu recommended) as well as one trailing statement in a macro definition which should have been on the next line. Signed-off-by: Anton Salikhmetov <alexo@tuxera.com> Signed-off-by: Christoph Hellwig <hch@tuxera.com>
| | * | hfsplus: spaces/indentation clean-upAnton Salikhmetov2010-12-164-14/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix incorrect spaces and indentation reported by checkpatch.pl. Signed-off-by: Anton Salikhmetov <alexo@tuxera.com> Signed-off-by: Christoph Hellwig <hch@tuxera.com>
| | * | hfsplus: C99 comments clean-upAnton Salikhmetov2010-12-163-13/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Match coding style restriction against C99 comments where checkpatch.pl reported errors about their usage. Signed-off-by: Anton Salikhmetov <alexo@tuxera.com> Signed-off-by: Christoph Hellwig <hch@tuxera.com>
| | * | hfsplus: over 80 character lines clean-upAnton Salikhmetov2010-12-1616-123/+260
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Match coding style line length limitation where checkpatch.pl reported over-80-character-line warnings. Signed-off-by: Anton Salikhmetov <alexo@tuxera.com> Signed-off-by: Christoph Hellwig <hch@tuxera.com>
| | * | hfsplus: fix an artifact in ioctl flag checkingAnton Salikhmetov2010-12-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a flag checking artifact in hfsplus_ioctl_getflags() routine found while doing clean-up against assignments inside `if's. Signed-off-by: Anton Salikhmetov <alexo@tuxera.com> Signed-off-by: Christoph Hellwig <hch@tuxera.com>
| | * | hfsplus: flush disk caches in sync and fsyncChristoph Hellwig2010-11-234-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Flush the disk cache in fsync and sync to make sure data actually is on disk on completion of these system calls. There is a nobarrier mount option to disable this behaviour. It's slightly misnamed now that barrier actually are gone, but it matches the name used by all major filesystems. Signed-off-by: Christoph Hellwig <hch@tuxera.com>
| | * | hfsplus: optimize fsyncChristoph Hellwig2010-11-236-32/+78
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Avoid doing unessecary work in fsync. Do nothing unless the inode was marked dirty, and only write the various metadata inodes out if they contain any dirty state from this inode. This is archived by adding three new dirty bits to the hfsplus-specific inode which are set in the correct places. Signed-off-by: Christoph Hellwig <hch@tuxera.com>
| | * | hfsplus: split up inode flagsChristoph Hellwig2010-11-234-19/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Split the flags field in the hfsplus inode into an extent_state flag that is locked by the extent_lock, and a new flags field that uses atomic bitops. The second will grow more flags in the next patch. Signed-off-by: Christoph Hellwig <hch@tuxera.com>
| | * | hfsplus: write up fsync for directoriesChristoph Hellwig2010-11-233-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fsync is supposed to not just work on regular files, but also on directories. Fortunately enough hfsplus_file_fsync works just fine for directories, so we can just wire it up. Signed-off-by: Christoph Hellwig <hch@tuxera.com>
| | * | hfsplus: simplify fsyncChristoph Hellwig2010-11-231-21/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove lots of code we don't need from fsync, we just need to call ->write_inode on the inode if it's dirty, for which sync_inode_metadata is a lot more efficient than write_inode_now, and we need to write out the various metadata inodes, which we now do explicitly instead of by calling ->sync_fs. Signed-off-by: Christoph Hellwig <hch@tuxera.com>
| | * | hfsplus: avoid useless work in hfsplus_sync_fsChristoph Hellwig2010-11-231-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is no reason to write out the metadata inodes or volume headers during a non-blocking sync, as we are almost guaranteed to dirty them again during the inode writeouts. Signed-off-by: Christoph Hellwig <hch@tuxera.com>
| | * | hfsplus: make sure sync writes out all metadataChristoph Hellwig2010-11-231-1/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | hfsplus stores all metadata except for the volume headers in special inodes. While these are marked hashed and periodically written out by the flusher threads, we can't rely on that for sync. For the case of a data integrity sync the VM has life-lock avoidance code that avoids writing inodes again that are redirtied during the sync, which is something that can happen easily for hfsplus. So make sure we explicitly write out the metadata inodes at the beginning of hfsplus_sync_fs. Signed-off-by: Christoph Hellwig <hch@tuxera.com>
| | * | hfsplus: use raw bio access for partition tablesChristoph Hellwig2010-11-232-70/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Switch the hfsplus partition table reding for cdroms to use our bio helpers. Again we don't rely on any caching in the buffer_heads, and this gets rid of the last buffer_head use in hfsplus. Signed-off-by: Christoph Hellwig <hch@tuxera.com>
| | * | hfsplus: use raw bio access for the volume headersChristoph Hellwig2010-11-233-88/+131
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The hfsplus backup volume header is located two blocks from the end of the device. In case of device sizes that are not 4k aligned this means we can't access it using buffer_heads when using the default 4k block size. Switch to using raw bios to read/write all buffer headers. We were not relying on any caching behaviour of the buffer heads anyway. Additionally always read in the backup volume header during mount to verify that we can actually read it. Signed-off-by: Christoph Hellwig <hch@tuxera.com>
| | * | hfsplus: always use hfsplus_sync_fs to write the volume headerChristoph Hellwig2010-11-231-6/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove opencoded writing of the volume header in hfsplus_fill_super and hfsplus_put_super and offload it to hfsplus_sync_fs. In the put_super case this means we only write the superblock once instead of twice. Signed-off-by: Christoph Hellwig <hch@tuxera.com>
| | * | hfsplus: silence a few debug printksChristoph Hellwig2010-11-234-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Turn a few noisy debug printks that show up during xfstests into complied out debug print statements. Signed-off-by: Christoph Hellwig <hch@tuxera.com>
| | * | hfsplus: fix option parsing during remountChristoph Hellwig2010-11-073-5/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | hfsplus only actually uses the force option during remount, but it uses the full option parser with a fake superblock to do so. This means remount will fail if any nls option is set (which happens frequently with older mount tools), even if it is the same. Fix this by adding a simpler version of the parser that only parses the force option for remount. Signed-off-by: Christoph Hellwig <hch@tuxera.com>
| * | | Merge branch 'next-spi' of git://git.secretlab.ca/git/linux-2.6Linus Torvalds2011-01-0745-1365/+1596
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 'next-spi' of git://git.secretlab.ca/git/linux-2.6: (77 commits) spi/omap: Fix DMA API usage in OMAP MCSPI driver spi/imx: correct the test on platform_get_irq() return value spi/topcliff: Typo fix threhold to threshold spi/dw_spi Typo change diable to disable. spi/fsl_espi: change the read behaviour of the SPIRF spi/mpc52xx-psc-spi: move probe/remove to proper sections spi/dw_spi: add DMA support spi/dw_spi: change to EXPORT_SYMBOL_GPL for exported APIs spi/dw_spi: Fix too short timeout in spi polling loop spi/pl022: convert running variable spi/pl022: convert busy flag to a bool spi/pl022: pass the returned sglen to the DMA engine spi/pl022: map the buffers on the DMA engine spi/topcliff_pch: Fix data transfer issue spi/imx: remove autodetection spi/pxa2xx: pass of_node to spi device and set a parent device spi/pxa2xx: Modify RX-Tresh instead of busy-loop for the remaining RX bytes. spi/pxa2xx: Add chipselect support for Sodaville spi/pxa2xx: Consider CE4100's FIFO depth spi/pxa2xx: Add CE4100 support ...
OpenPOWER on IntegriCloud