summaryrefslogtreecommitdiffstats
path: root/fs
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'reiserfs-updates' from Jeff MahoneyLinus Torvalds2009-03-3027-3442/+3170
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * reiserfs-updates: (35 commits) reiserfs: rename [cn]_* variables reiserfs: rename p_._ variables reiserfs: rename p_s_tb to tb reiserfs: rename p_s_inode to inode reiserfs: rename p_s_bh to bh reiserfs: rename p_s_sb to sb reiserfs: strip trailing whitespace reiserfs: cleanup path functions reiserfs: factor out buffer_info initialization reiserfs: add atomic addition of selinux attributes during inode creation reiserfs: use generic readdir for operations across all xattrs reiserfs: journaled xattrs reiserfs: use generic xattr handlers reiserfs: remove i_has_xattr_dir reiserfs: make per-inode xattr locking more fine grained reiserfs: eliminate per-super xattr lock reiserfs: simplify xattr internal file lookups/opens reiserfs: Clean up xattrs when REISERFS_FS_XATTR is unset reiserfs: remove IS_PRIVATE helpers reiserfs: remove link detection code ... Fixed up conflicts manually due to: - quota name cleanups vs variable naming changes: fs/reiserfs/inode.c fs/reiserfs/namei.c fs/reiserfs/stree.c fs/reiserfs/xattr.c - exported include header cleanups include/linux/reiserfs_fs.h
| * reiserfs: rename [cn]_* variablesJeff Mahoney2009-03-304-442/+438
| | | | | | | | | | | | | | | | | | This patch renames n_, c_, etc variables to something more sane. This is the sixth in a series of patches to rip out some of the awful variable naming in reiserfs. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: rename p_._ variablesJeff Mahoney2009-03-304-333/+342
| | | | | | | | | | | | | | | | | | This patch is a simple s/p_._//g to the reiserfs code. This is the fifth in a series of patches to rip out some of the awful variable naming in reiserfs. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: rename p_s_tb to tbJeff Mahoney2009-03-302-250/+253
| | | | | | | | | | | | | | | | | | This patch is a simple s/p_s_tb/tb/g to the reiserfs code. This is the fourth in a series of patches to rip out some of the awful variable naming in reiserfs. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: rename p_s_inode to inodeJeff Mahoney2009-03-304-87/+93
| | | | | | | | | | | | | | | | | | This patch is a simple s/p_s_inode/inode/g to the reiserfs code. This is the third in a series of patches to rip out some of the awful variable naming in reiserfs. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: rename p_s_bh to bhJeff Mahoney2009-03-302-82/+75
| | | | | | | | | | | | | | | | | | This patch is a simple s/p_s_bh/bh/g to the reiserfs code. This is the second in a series of patches to rip out some of the awful variable naming in reiserfs. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: rename p_s_sb to sbJeff Mahoney2009-03-304-462/+461
| | | | | | | | | | | | | | | | | | This patch is a simple s/p_s_sb/sb/g to the reiserfs code. This is the first in a series of patches to rip out some of the awful variable naming in reiserfs. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: strip trailing whitespaceJeff Mahoney2009-03-3018-177/+177
| | | | | | | | | | | | | | This patch strips trailing whitespace from the reiserfs code. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: cleanup path functionsJeff Mahoney2009-03-302-74/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch cleans up some redundancies in the reiserfs tree path code. decrement_bcount() is essentially the same function as brelse(), so we use that instead. decrement_counters_in_path() is exactly the same function as pathrelse(), so we kill that and use pathrelse() instead. There's also a bit of cleanup that makes the code a bit more readable. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: factor out buffer_info initializationJeff Mahoney2009-03-301-115/+60
| | | | | | | | | | | | | | | | | | | | | | This is the first in a series of patches to make balance_leaf() not quite so insane. This patch factors out the open coded initializations of buffer_info structures and defines a few initializers for the 4 cases they're used. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: add atomic addition of selinux attributes during inode creationJeff Mahoney2009-03-303-5/+102
| | | | | | | | | | | | | | | | | | | | | | | | | | Some time ago, some changes were made to make security inode attributes be atomically written during inode creation. ReiserFS fell behind in this area, but with the reworking of the xattr code, it's now fairly easy to add. The following patch adds the ability for security attributes to be added automatically during inode creation. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: use generic readdir for operations across all xattrsJeff Mahoney2009-03-302-300/+130
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current reiserfs xattr implementation open codes reiserfs_readdir and frees the path before calling the filldir function. Typically, the filldir function is something that modifies the file system, such as a chown or an inode deletion that also require reading of an inode associated with each direntry. Since the file system is modified, the path retained becomes invalid for the next run. In addition, it runs backwards in attempt to minimize activity. This is clearly suboptimal from a code cleanliness perspective as well as performance-wise. This patch implements a generic reiserfs_for_each_xattr that uses the generic readdir and a specific filldir routine that simply populates an array of dentries and then performs a specific operation on them. When all files have been operated on, it then calls the operation on the directory itself. The result is a noticable code reduction and better performance. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: journaled xattrsJeff Mahoney2009-03-304-46/+115
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Deadlocks are possible in the xattr code between the journal lock and the xattr sems. This patch implements journalling for xattr operations. The benefit is twofold: * It gets rid of the deadlock possibility by always ensuring that xattr write operations are initiated inside a transaction. * It corrects the problem where xattr backing files aren't considered any differently than normal files, despite the fact they are metadata. I discussed the added journal load with Chris Mason, and we decided that since xattrs (versus other journal activity) is fairly rare, the introduction of larger transactions to support journaled xattrs wouldn't be too big a deal. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: use generic xattr handlersJeff Mahoney2009-03-306-406/+249
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Christoph Hellwig had asked me quite some time ago to port the reiserfs xattrs to the generic xattr interface. This patch replaces the reiserfs-specific xattr handling code with the generic struct xattr_handler. However, since reiserfs doesn't split the prefix and name when accessing xattrs, it can't leverage generic_{set,get,list,remove}xattr without needlessly reconstructing the name on the back end. Update 7/26/07: Added missing dput() to deletion path. Update 8/30/07: Added missing mark_inode_dirty when i_mode is used to represent an ACL and no previous ACL existed. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: remove i_has_xattr_dirJeff Mahoney2009-03-301-8/+1
| | | | | | | | | | | | | | | | With the changes to xattr root locking, the i_has_xattr_dir flag is no longer needed. This patch removes it. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: make per-inode xattr locking more fine grainedJeff Mahoney2009-03-302-67/+54
| | | | | | | | | | | | | | | | | | | | The per-inode locking can be made more fine-grained to surround just the interaction with the filesystem itself. This really only applies to protecting reads during a write, since concurrent writes are barred with inode->i_mutex at the vfs level. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: eliminate per-super xattr lockJeff Mahoney2009-03-305-122/+69
| | | | | | | | | | | | | | | | | | | | With the switch to using inode->i_mutex locking during lookups/creation in the xattr root, the per-super xattr lock is no longer needed. This patch removes it. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: simplify xattr internal file lookups/opensJeff Mahoney2009-03-301-127/+135
| | | | | | | | | | | | | | | | | | | | The xattr file open/lookup code is needlessly complex. We can use vfs-level operations to perform the same work, and also simplify the locking constraints. The locking advantages will be exploited in future patches. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: Clean up xattrs when REISERFS_FS_XATTR is unsetJeff Mahoney2009-03-302-333/+360
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The current reiserfs xattr implementation will not clean up old xattr files if files are deleted when REISERFS_FS_XATTR is unset. This results in inaccessible lost files, wasting space. This patch compiles in basic xattr knowledge, such as how to delete them and change ownership for quota tracking. If the file system has never used xattrs, then the operation is quite fast: it returns immediately when it sees there is no .reiserfs_priv directory. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: remove IS_PRIVATE helpersJeff Mahoney2009-03-306-25/+23
| | | | | | | | | | | | | | | | | | | | There are a number of helper functions for marking a reiserfs inode private that were leftover from reiserfs did its own thing wrt to private inodes. S_PRIVATE has been in the kernel for some time, so this patch removes the helpers and uses IS_PRIVATE instead. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: remove link detection codeJeff Mahoney2009-03-301-13/+0
| | | | | | | | | | | | | | | | | | | | Early in the reiserfs xattr development, there was a plan to use hardlinks to save disk space for identical xattrs. That code never materialized and isn't going to, so this patch removes the detection code. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: xattr reiserfs_get_page takes offset instead of indexJeff Mahoney2009-03-301-6/+4
| | | | | | | | | | | | | | | | This patch changes reiserfs_get_page to take an offset rather than an index since no callers calculate the index differently. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: small variable cleanupJeff Mahoney2009-03-301-12/+8
| | | | | | | | | | | | | | | | This patch removes the xinode and mapping variables from reiserfs_xattr_{get,set}. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: use reiserfs_error()Jeff Mahoney2009-03-309-110/+107
| | | | | | | | | | | | | | | | This patch makes many paths that are currently using warnings to handle the error. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: introduce reiserfs_error()Jeff Mahoney2009-03-301-0/+25
| | | | | | | | | | | | | | | | | | | | | | | | Although reiserfs can currently handle severe errors such as journal failure, it cannot handle less severe errors like metadata i/o failure. The following patch adds a reiserfs_error() function akin to the one in ext3. Subsequent patches will use this new error handler to handle errors more gracefully in general. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: rearrange journal abortJeff Mahoney2009-03-302-20/+5
| | | | | | | | | | | | | | | | | | | | | | This patch kills off reiserfs_journal_abort as it is never called, and combines __reiserfs_journal_abort_{soft,hard} into one function called reiserfs_abort_journal, which performs the same work. It is silent as opposed to the old version, since the message was always issued after a regular 'abort' message. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: rework reiserfs_panicJeff Mahoney2009-03-3012-177/+178
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ReiserFS panics can be somewhat inconsistent. In some cases: * a unique identifier may be associated with it * the function name may be included * the device may be printed separately This patch aims to make warnings more consistent. reiserfs_warning() prints the device name, so printing it a second time is not required. The function name for a warning is always helpful in debugging, so it is now automatically inserted into the output. Hans has stated that every warning should have a unique identifier. Some cases lack them, others really shouldn't have them. reiserfs_warning() now expects an id associated with each message. In the rare case where one isn't needed, "" will suffice. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: add locking around error bufferJeff Mahoney2009-03-301-1/+4
| | | | | | | | | | | | | | | | | | | | The formatting of the error buffer is race prone. It uses static buffers for both formatting and output. While overwriting the error buffer can product garbled output, overwriting the format buffer with incompatible % directives can cause crashes. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: prepare_error_buf wrongly consumes va_argJeff Mahoney2009-03-301-9/+3
| | | | | | | | | | | | | | | | | | | | | | | | vsprintf will consume varargs on its own. Skipping them manually results in garbage in the error buffer, or Oopses in the case of pointers. This patch removes the advancement and fixes a number of bugs where crashes were observed as side effects of a regular error report. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: rework reiserfs_warningJeff Mahoney2009-03-3016-423/+448
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ReiserFS warnings can be somewhat inconsistent. In some cases: * a unique identifier may be associated with it * the function name may be included * the device may be printed separately This patch aims to make warnings more consistent. reiserfs_warning() prints the device name, so printing it a second time is not required. The function name for a warning is always helpful in debugging, so it is now automatically inserted into the output. Hans has stated that every warning should have a unique identifier. Some cases lack them, others really shouldn't have them. reiserfs_warning() now expects an id associated with each message. In the rare case where one isn't needed, "" will suffice. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: make some warnings informationalJeff Mahoney2009-03-303-17/+13
| | | | | | | | | | | | | | | | | | In several places, reiserfs_warning is used when there is no warning, just a notice. This patch changes some of them to indicate that the message is merely informational. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: use more consistent printk formattingJeff Mahoney2009-03-301-14/+14
| | | | | | | | | | | | | | | | | | | | | | The output format between a warning/error/panic/info/etc changes with which one is used. The following patch makes the messages more internally consistent, but also more consistent with other Linux filesystems. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: use buffer_info for leaf_paste_entriesJeff Mahoney2009-03-302-12/+10
| | | | | | | | | | | | | | | | | | | | This patch makes leaf_paste_entries more consistent with respect to the other leaf operations. Using buffer_info instead of buffer_head directly allows us to get a superblock pointer for use in error handling. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: audit transaction ids to always be unsigned intsJeff Mahoney2009-03-302-25/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes up the reiserfs code such that transaction ids are always unsigned ints. In places they can currently be signed ints or unsigned longs. The former just causes an annoying clm-2200 warning and may join a transaction when it should wait. The latter is just for correctness since the disk format uses a 32-bit transaction id. There aren't any runtime problems that result from it not wrapping at the correct location since the value is truncated correctly even on big endian systems. The 0 value might make it to disk, but the mount-time checks will bump it to 10 itself. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| * reiserfs: add support for mount count incrementingJeff Mahoney2009-03-301-1/+5
| | | | | | | | | | | | | | | | | | | | | | The following patch adds the fields for tracking mount counts and last fsck timestamps to the superblock. It also increments the mount count on every read-write mount. Reiserfsprogs 3.6.21 added support for these fields. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | Merge branch 'bkl-removal' of git://git.lwn.net/linux-2.6Linus Torvalds2009-03-301-3/+7
|\ \ | | | | | | | | | | | | | | | * 'bkl-removal' of git://git.lwn.net/linux-2.6: Fix a lockdep warning in fasync_helper() Add a missing unlock_kernel() in raw_open()
| * | Fix a lockdep warning in fasync_helper()Jonathan Corbet2009-03-301-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Lockdep gripes if file->f_lock is taken in a no-IRQ situation, since that is not always the case. We don't really want to disable IRQs for every acquisition of f_lock; instead, just move it outside of fasync_lock. Reported-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com> Reported-by: Larry Finger <Larry.Finger@lwfinger.net> Reported-by: Wu Fengguang <fengguang.wu@intel.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* | | Merge branch 'for-linus' of ↵Linus Torvalds2009-03-301-1/+2
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: fix fuse_file_lseek returning with lock held
| * | | fuse: fix fuse_file_lseek returning with lock heldDan Carpenter2009-03-301-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This bug was found with smatch (http://repo.or.cz/w/smatch.git/). If we return directly the inode->i_mutex lock doesn't get released. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> CC: stable@kernel.org
* | | | Merge branch 'for-linus' of ↵Linus Torvalds2009-03-308-344/+46
|\ \ \ \ | |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/shaggy/jfs-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/shaggy/jfs-2.6: jfs: needs crc32_le jfs: Fix error handling in metapage_writepage() jfs: return f_fsid for statfs(2) jfs: remove xtLookupList() jfs: clean up a dangling comment
| * | | jfs: needs crc32_leRandy Dunlap2009-02-021-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | JFS needs crc32_le(), so select its library config symbol: fs/built-in.o: In function `jfs_statfs': super.c:(.text+0x7c8c0): undefined reference to `crc32_le' super.c:(.text+0x7c8d5): undefined reference to `crc32_le' Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
| * | | Merge branch 'master' of /home/shaggy/git/linus-clean/Dave Kleikamp2009-02-02241-3437/+49259
| |\ \ \
| * | | | jfs: Fix error handling in metapage_writepage()Dave Kleikamp2009-01-301-5/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Improved error handling so that last_write_complete(), and thus end_page_writeback(), gets called only once. Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com> Reported-by: Eric Sesterhenn <snakebyte@gmx.de>
| * | | | jfs: return f_fsid for statfs(2)Coly Li2009-01-271-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch makes jfs return f_fsid info for statfs(2). By Andreas' suggestion, this patch populates a persistent f_fsid between boots/mounts with help of on-disk uuid record. Signed-off-by: Coly Li <coly.li@suse.de> Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
| * | | | jfs: remove xtLookupList()Dave Kleikamp2009-01-094-332/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | xtLookupList() was a more generalized version of xtLookup() with a nastier interface. Its only caller, extHint(), is actually better suited to using xtLookup() than xtLookupList(). This also lets us remove the definition of lxd_t, an obnoxious packed structure that was only used in-memory. Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
| * | | | jfs: clean up a dangling commentDave Kleikamp2009-01-091-7/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | viro cleaned up an hlist hack, but left a comment where it no longer belongs. Combine the old comment with his new one. Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
* | | | | fix setuid sometimes wouldn'tHugh Dickins2009-03-281-34/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | check_unsafe_exec() also notes whether the fs_struct is being shared by more threads than will get killed by the exec, and if so sets LSM_UNSAFE_SHARE to make bprm_set_creds() careful about euid. But /proc/<pid>/cwd and /proc/<pid>/root lookups make transient use of get_fs_struct(), which also raises that sharing count. This might occasionally cause a setuid program not to change euid, in the same way as happened with files->count (check_unsafe_exec also looks at sighand->count, but /proc doesn't raise that one). We'd prefer exec not to unshare fs_struct: so fix this in procfs, replacing get_fs_struct() by get_fs_path(), which does path_get while still holding task_lock, instead of raising fs->count. Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: stable@kernel.org ___ fs/proc/base.c | 50 +++++++++++++++-------------------------------- 1 file changed, 16 insertions(+), 34 deletions(-) Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | | | fix setuid sometimes doesn'tHugh Dickins2009-03-283-9/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Joe Malicki reports that setuid sometimes doesn't: very rarely, a setuid root program does not get root euid; and, by the way, they have a health check running lsof every few minutes. Right, check_unsafe_exec() notes whether the files_struct is being shared by more threads than will get killed by the exec, and if so sets LSM_UNSAFE_SHARE to make bprm_set_creds() careful about euid. But /proc/<pid>/fd and /proc/<pid>/fdinfo lookups make transient use of get_files_struct(), which also raises that sharing count. There's a rather simple fix for this: exec's check on files->count has been redundant ever since 2.6.1 made it unshare_files() (except while compat_do_execve() omitted to do so) - just remove that check. [Note to -stable: this patch will not apply before 2.6.29: earlier releases should just remove the files->count line from unsafe_exec().] Reported-by: Joe Malicki <jmalicki@metacarta.com> Narrowed-down-by: Michael Itz <mitz@metacarta.com> Tested-by: Joe Malicki <jmalicki@metacarta.com> Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | | | compat_do_execve should unshare_filesHugh Dickins2009-03-281-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2.6.26's commit fd8328be874f4190a811c58cd4778ec2c74d2c05 "sanitize handling of shared descriptor tables in failing execve()" moved the unshare_files() from flush_old_exec() and several binfmts to the head of do_execve(); but forgot to make the same change to compat_do_execve(), leaving a CLONE_FILES files_struct shared across exec from a 32-bit process on a 64-bit kernel. It's arguable whether the files_struct really ought to be unshared across exec; but 2.6.1 made that so to stop the loading binary's fd leaking into other threads, and a 32-bit process on a 64-bit kernel ought to behave in the same way as 32 on 32 and 64 on 64. Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | | | Merge branch 'for-linus' of ↵Linus Torvalds2009-03-2768-446/+386
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: (37 commits) fs: avoid I_NEW inodes Merge code for single and multiple-instance mounts Remove get_init_pts_sb() Move common mknod_ptmx() calls into caller Parse mount options just once and copy them to super block Unroll essentials of do_remount_sb() into devpts vfs: simple_set_mnt() should return void fs: move bdev code out of buffer.c constify dentry_operations: rest constify dentry_operations: configfs constify dentry_operations: sysfs constify dentry_operations: JFS constify dentry_operations: OCFS2 constify dentry_operations: GFS2 constify dentry_operations: FAT constify dentry_operations: FUSE constify dentry_operations: procfs constify dentry_operations: ecryptfs constify dentry_operations: CIFS constify dentry_operations: AFS ...
OpenPOWER on IntegriCloud