298405 Commits

Author SHA1 Message Date
Eric W. Biederman
783291e690 userns: Simplify the user_namespace by making userns->creator a kuid.
- Transform userns->creator from a user_struct reference to a simple
  kuid_t, kgid_t pair.

  In cap_capable this allows the check to see if we are the creator of
  a namespace to become the classic suser style euid permission check.

  This allows us to remove the need for a struct cred in the mapping
  functions and still be able to dispaly the user namespace creators
  uid and gid as 0.

- Remove the now unnecessary delayed_work in free_user_ns.

  All that is left for free_user_ns to do is to call kmem_cache_free
  and put_user_ns.  Those functions can be called in any context
  so call them directly from free_user_ns removing the need for delayed work.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-26 02:00:59 -07:00
Eric W. Biederman
7b44ab978b userns: Disassociate user_struct from the user_namespace.
Modify alloc_uid to take a kuid and make the user hash table global.
Stop holding a reference to the user namespace in struct user_struct.

This simplifies the code and makes the per user accounting not
care about which user namespace a uid happens to appear in.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-07 17:11:46 -07:00
Eric W. Biederman
5673a94c14 userns: Add a Kconfig option to enforce strict kuid and kgid type checks
Make it possible to easily switch between strong mandatory
type checks and relaxed type checks so that the code can
easily be tested with the type checks and then built
with the strong type checks disabled so the resulting
code can be used.

Require strong mandatory type checks when enabling the user namespace.
It is very simple to make a typo and use the wrong type allowing
conversions to/from userspace values to be bypassed by accident,
the strong type checks prevent this.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-07 17:11:01 -07:00
Eric W. Biederman
7a4e7408c5 userns: Add kuid_t and kgid_t and associated infrastructure in uidgid.h
Start distinguishing between internal kernel uids and gids and
values that userspace can use.  This is done by introducing two
new types: kuid_t and kgid_t.  These types and their associated
functions are infrastructure are declared in the new header
uidgid.h.

Ultimately there will be a different implementation of the mapping
functions for use with user namespaces.  But to keep it simple
we introduce the mapping functions first to separate the meat
from the mechanical code conversions.

Export overflowuid and overflowgid so we can use from_kuid_munged
and from_kgid_munged in modular code.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-07 17:09:52 -07:00
Eric W. Biederman
1a48e2ac03 userns: Replace the hard to write inode_userns with inode_capable.
This represents a change in strategy of how to handle user namespaces.
Instead of tagging everything explicitly with a user namespace and bulking
up all of the comparisons of uids and gids in the kernel,  all uids and gids
in use will have a mapping to a flat kuid and kgid spaces respectively.  This
allows much more of the existing logic to be preserved and in general
allows for faster code.

In this new and improved world we allow someone to utiliize capabilities
over an inode if the inodes owner mapps into the capabilities holders user
namespace and the user has capabilities in their user namespace.  Which
is simple and efficient.

Moving the fs uid comparisons to be comparisons in a flat kuid space
follows in later patches, something that is only significant if you
are using user namespaces.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-07 17:02:46 -07:00
Eric W. Biederman
973c591426 userns: Start out with a full set of capabilities.
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-07 16:55:59 -07:00
Eric W. Biederman
d0bd6594e2 userns: Deprecate and rename the user_namespace reference in the user_struct
With a user_ns reference in struct cred the only user of the user namespace
reference in struct user_struct is to keep the uid hash table alive.

The user_namespace reference in struct user_struct will be going away soon, and
I have removed all of the references.  Rename the field from user_ns to _user_ns
so that the compiler can verify nothing follows the user struct to the user
namespace anymore.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-07 16:55:54 -07:00
Eric W. Biederman
6f9ac6d93a mqueue: Explicitly capture the user namespace to send the notification to.
Stop relying on user->user_ns which is going away and instead capture
the user_namespace of the process we are supposed to notify.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-07 16:55:53 -07:00
Eric W. Biederman
aeb3ae9da9 userns: Add an explicit reference to the parent user namespace
I am about to remove the struct user_namespace reference from struct user_struct.
So keep an explicit track of the parent user namespace.

Take advantage of this new reference and replace instances of user_ns->creator->user_ns
with user_ns->parent.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-07 16:55:52 -07:00
Eric W. Biederman
0093ccb68f cred: Refcount the user_ns pointed to by the cred.
struct user_struct will shortly loose it's user_ns reference
so make the cred user_ns reference a proper reference complete
with reference counting.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-07 16:55:52 -07:00
Eric W. Biederman
c4a4d60379 userns: Use cred->user_ns instead of cred->user->user_ns
Optimize performance and prepare for the removal of the user_ns reference
from user_struct.  Remove the slow long walk through cred->user->user_ns and
instead go straight to cred->user_ns.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-07 16:55:51 -07:00
Eric W. Biederman
7e6bd8fadd cred: Add forward declaration of init_user_ns in all cases.
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-07 16:55:50 -07:00
Eric W. Biederman
74ba508f60 userns: Remove unnecessary cast to struct user_struct when copying cred->user.
In struct cred the user member is and has always been declared struct user_struct *user.
At most a constant struct cred will have a constant pointer to non-constant user_struct
so remove this unnecessary cast.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-07 16:55:05 -07:00
Eric W. Biederman
39fda8db80 userns: Replace netlink uses of cap_raised with capable.
In 2009 Philip Reiser notied that a few users of netlink connector
interface needed a capability check and added the idiom
cap_raised(nsp->eff_cap, CAP_SYS_ADMIN) to a few of them, on the premise
that netlink was asynchronous.

In 2011 Patrick McHardy noticed we were being silly because netlink is
synchronous and removed eff_cap from the netlink_skb_params and changed
the idiom to cap_raised(current_cap(), CAP_SYS_ADMIN).

Looking at those spots with a fresh eye we should be calling
capable(CAP_SYS_ADMIN).  The only reason I can see for not calling
capable is that it once appeared we were not in the same task as the
caller which would have made calling capable() impossible.

In the initial user_namespace the only difference between  between
cap_raised(current_cap(), CAP_SYS_ADMIN) and capable(CAP_SYS_ADMIN)
are a few sanity checks and the fact that capable(CAP_SYS_ADMIN)
sets PF_SUPERPRIV if we use the capability.

Since we are going to be using root privilege setting PF_SUPERPRIV
seems the right thing to do.

The motivation for this that patch is that in a child user namespace
cap_raised(current_cap(),...) tests your capabilities with respect to
that child user namespace not capabilities in the initial user namespace
and thus will allow processes that should be unprivielged to use the
kernel services that are only protected with
cap_raised(current_cap(),..).

To fix possible user_namespace issues and to just clean up the code
replace cap_raised(current_cap(), CAP_SYS_ADMIN) with
capable(CAP_SYS_ADMIN).

Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Acked-by: Andrew G. Morgan <morgan@kernel.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Philipp Reisner <philipp.reisner@linbit.com>
Cc: Serge E. Hallyn <serge.hallyn@canonical.com>
Cc: Vasiliy Kulikov <segoon@openwall.com>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-07 16:53:12 -07:00
Eric W. Biederman
57a39aa3e3 userns: Kill bogus declaration of function release_uids
There is no release_uids function remove the declaration from sched.h

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-03 04:28:52 -07:00
Eric W. Biederman
975d6b3932 vfs: Don't allow a user namespace root to make device nodes
Safely making device nodes in a container is solvable but simply
having the capability in a user namespace is not sufficient to make
this work.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-03 04:28:51 -07:00
Linus Torvalds
dd775ae254 Linux 3.4-rc1 2012-03-31 16:24:09 -07:00
Linus Torvalds
b7ffff4bb3 Merge branch 's3-for-3.4' of git://git.kernel.org/pub/scm/linux/kernel/git/amit/virtio-console
Pull virtio S3 support patches from Amit Shah:
 "Turns out S3 is not different from S4 for virtio devices: the device
  is assumed to be reset, so the host and guest state are to be assumed
  to be out of sync upon resume.  We handle the S4 case with exactly the
  same scenario, so just point the suspend/resume routines to the
  freeze/restore ones.

  Once that is done, we also use the PM API's macro to initialise the
  sleep functions.

  A couple of cleanups are included: there's no need for special thaw
  processing in the balloon driver, so that's addressed in patches 1 and
  2.

  Testing: both S3 and S4 support have been tested using these patches
  using a similar method used earlier during S4 patch development: a
  guest is started with virtio-blk as the only disk, a virtio network
  card, a virtio-serial port and a virtio balloon device.  Ping from
  guest to host, dd /dev/zero to a file on the disk, and IO from the
  host on the virtio-serial port, all at once, while exercising S4 and
  S3 (separately) were tested.  They all continue to work fine after
  resume.  virtio balloon values too were tested by inflating and
  deflating the balloon."

Pulling from Amit, since Rusty is off getting married (and presumably
shaving people).

* 's3-for-3.4' of git://git.kernel.org/pub/scm/linux/kernel/git/amit/virtio-console:
  virtio-pci: switch to PM ops macro to initialise PM functions
  virtio-pci: S3 support
  virtio-pci: drop restore_common()
  virtio: drop thaw PM operation
  virtio: balloon: Allow stats update after restore from S4
2012-03-31 15:11:39 -07:00
Linus Torvalds
8bb1f22952 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull second try at vfs part d#2 from Al Viro:
 "Miklos' first series (with do_lookup() rewrite split into edible
  chunks) + assorted bits and pieces.

  The 'untangling of do_lookup()' series is is a splitup of what used to
  be a monolithic patch from Miklos, so this series is basically "how do
  I convince myself that his patch is correct (or find a hole in it)".
  No holes found and I like the resulting cleanup, so in it went..."

Changes from try 1: Fix a boot problem with selinux, and commit messages
prettied up a bit.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (24 commits)
  vfs: fix out-of-date dentry_unhash() comment
  vfs: split __lookup_hash
  untangling do_lookup() - take __lookup_hash()-calling case out of line.
  untangling do_lookup() - switch to calling __lookup_hash()
  untangling do_lookup() - merge d_alloc_and_lookup() callers
  untangling do_lookup() - merge failure exits in !dentry case
  untangling do_lookup() - massage !dentry case towards __lookup_hash()
  untangling do_lookup() - get rid of need_reval in !dentry case
  untangling do_lookup() - eliminate a loop.
  untangling do_lookup() - expand the area under ->i_mutex
  untangling do_lookup() - isolate !dentry stuff from the rest of it.
  vfs: move MAY_EXEC check from __lookup_hash()
  vfs: don't revalidate just looked up dentry
  vfs: fix d_need_lookup/d_revalidate order in do_lookup
  ext3: move headers to fs/ext3/
  migrate ext2_fs.h guts to fs/ext2/ext2.h
  new helper: ext2_image_size()
  get rid of pointless includes of ext2_fs.h
  ext2: No longer export ext2_fs.h to user space
  mtdchar: kill persistently held vfsmount
  ...
2012-03-31 13:42:57 -07:00
Linus Torvalds
f22e08a79f Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull scheduler fixes from Ingo Molnar.

* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  sched: Fix incorrect usage of for_each_cpu_mask() in select_fallback_rq()
  sched: Fix __schedule_bug() output when called from an interrupt
  sched/arch: Introduce the finish_arch_post_lock_switch() scheduler callback
2012-03-31 13:35:31 -07:00
Linus Torvalds
f187e9fd68 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf updates and fixes from Ingo Molnar:
 "It's mostly fixes, but there's also two late items:

   - preliminary GTK GUI support for perf report
   - PMU raw event format descriptors in sysfs, to be parsed by tooling

  The raw event format in sysfs is a new ABI.  For example for the 'CPU'
  PMU we have:

    aldebaran:~> ll /sys/bus/event_source/devices/cpu/format/*
    -r--r--r--. 1 root root 4096 Mar 31 10:29 /sys/bus/event_source/devices/cpu/format/any
    -r--r--r--. 1 root root 4096 Mar 31 10:29 /sys/bus/event_source/devices/cpu/format/cmask
    -r--r--r--. 1 root root 4096 Mar 31 10:29 /sys/bus/event_source/devices/cpu/format/edge
    -r--r--r--. 1 root root 4096 Mar 31 10:29 /sys/bus/event_source/devices/cpu/format/event
    -r--r--r--. 1 root root 4096 Mar 31 10:29 /sys/bus/event_source/devices/cpu/format/inv
    -r--r--r--. 1 root root 4096 Mar 31 10:29 /sys/bus/event_source/devices/cpu/format/offcore_rsp
    -r--r--r--. 1 root root 4096 Mar 31 10:29 /sys/bus/event_source/devices/cpu/format/pc
    -r--r--r--. 1 root root 4096 Mar 31 10:29 /sys/bus/event_source/devices/cpu/format/umask

  those lists of fields contain a specific format:

    aldebaran:~> cat /sys/bus/event_source/devices/cpu/format/offcore_rsp
    config1:0-63

  So, those who wish to specify raw events can now use the following
  event format:

    -e cpu/cmask=1,event=2,umask=3

  Most people will not want to specify any events (let alone raw
  events), they'll just use whatever default event the tools use.

  But for more obscure PMU events that have no cross-architecture
  generic events the above syntax is more usable and a bit more
  structured than specifying hex numbers."

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (41 commits)
  perf tools: Remove auto-generated bison/flex files
  perf annotate: Fix off by one symbol hist size allocation and hit accounting
  perf tools: Add missing ref-cycles event back to event parser
  perf annotate: addr2line wants addresses in same format as objdump
  perf probe: Finder fails to resolve function name to address
  tracing: Fix ent_size in trace output
  perf symbols: Handle NULL dso in dso__name_len
  perf symbols: Do not include libgen.h
  perf tools: Fix bug in raw sample parsing
  perf tools: Fix display of first level of callchains
  perf tools: Switch module.h into export.h
  perf: Move mmap page data_head offset assertion out of header
  perf: Fix mmap_page capabilities and docs
  perf diff: Fix to work with new hists design
  perf tools: Fix modifier to be applied on correct events
  perf tools: Fix various casting issues for 32 bits
  perf tools: Simplify event_read_id exit path
  tracing: Fix ftrace stack trace entries
  tracing: Move the tracing_on/off() declarations into CONFIG_TRACING
  perf report: Add a simple GTK2-based 'perf report' browser
  ...
2012-03-31 13:34:04 -07:00
Linus Torvalds
adb3b1f3fc PARISC misc on 20120331
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.18 (GNU/Linux)
 
 iQEcBAABAgAGBQJPdrMOAAoJEDeqqVYsXL0M2pYIAIVf1yn7EUfzEvabivpD0cCm
 RDS3F0LxW67Z0kccSPjQlJ/9DH/U6g/zfVct26E6G31/LJSJnNjHsU8Y+qSx+RYq
 f4ov5uyzqC2Vr0Y0hIxmNg8uKHKT7Z6z8KaWsambXfkWfmnXBaUUS5NEyWXhifU8
 aOW2fX+Y31uPHs2iaDej3/IhjBaN+iB+eoUtqMHgBjFzg0dplM+mNR6NlIW6iWuX
 RA4Gc+Ujs/v4XI07bqn0y3znEmhdIy+csMM7cV1CAdB5DVC1qh5EkmV95AY1hAyG
 JcKwX5tg3dBlzPgrsvTsmy6jYPCzYDWjIuNUrgUV9ZmDPf/6Q9XRSE5qljovqrE=
 =OZIl
 -----END PGP SIGNATURE-----

Merge tag 'parisc-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/parisc-2.6

Pull PARISC misc updates from James Bottomley:
 "This is a couple of minor updates (fixing lws futex locking and
  removing some obsolete cpu_*_map calls)."

* tag 'parisc-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/parisc-2.6:
  [PARISC] remove references to cpu_*_map.
  [PARISC] futex: Use same lock set as lws calls
2012-03-31 13:32:30 -07:00
Linus Torvalds
a75ee6ecd4 SCSI updates on 20120331
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.18 (GNU/Linux)
 
 iQEcBAABAgAGBQJPdrIWAAoJEDeqqVYsXL0Mny4IAMTzXGOXCykpWhdIe2R8w0Ys
 eIoTJhBKoQWnLTV8cOODtwmtZcoQLeXkZmizZiAJvX6O1tOgueg+W4AFa9grxXGI
 O0d1bSb2ardzU7VZrZSY60Hd4bylMwn4Xv/0dRrQMwTJO0LEeGWsJPV2+2BuXwMB
 lGCNB67oUBXgMOI1jUZQRwx/mBzQ3e/gINjnpZTNKHia7YkX/yVTFISq7htgfDN7
 1wRGxymbHtVap3NbtUO96BUUndAiF5vom+4WNvaQUyPrCc6aoGWjv+J9DQXY/zgv
 AYjujAluK396D6YncGFAWBzYOg9WFbq54v0PRUanjcTTAu5ILs2BxqWdhmnvl14=
 =IH8T
 -----END PGP SIGNATURE-----

Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6

Pull SCSI updates from James Bottomley:
 "This is primarily another round of driver updates (lpfc, bfa, fcoe,
  ipr) plus a new ufshcd driver.  There shouldn't be anything
  controversial in here (The final deletion of scsi proc_ops which
  caused some build breakage has been held over until the next merge
  window to give us more time to stabilise it).

  I'm afraid, with me moving continents at exactly the wrong time,
  anything submitted after the merge window opened has been held over to
  the next merge window."

* tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6: (63 commits)
  [SCSI] ipr: Driver version 2.5.3
  [SCSI] ipr: Increase alignment boundary of command blocks
  [SCSI] ipr: Increase max concurrent oustanding commands
  [SCSI] ipr: Remove unnecessary memory barriers
  [SCSI] ipr: Remove unnecessary interrupt clearing on new adapters
  [SCSI] ipr: Fix target id allocation re-use problem
  [SCSI] atp870u, mpt2sas, qla4xxx use pci_dev->revision
  [SCSI] fcoe: Drop the rtnl_mutex before calling fcoe_ctlr_link_up
  [SCSI] bfa: Update the driver version to 3.0.23.0
  [SCSI] bfa: BSG and User interface fixes.
  [SCSI] bfa: Fix to avoid vport delete hang on request queue full scenario.
  [SCSI] bfa: Move service parameter programming logic into firmware.
  [SCSI] bfa: Revised Fabric Assigned Address(FAA) feature implementation.
  [SCSI] bfa: Flash controller IOC pll init fixes.
  [SCSI] bfa: Serialize the IOC hw semaphore unlock logic.
  [SCSI] bfa: Modify ISR to process pending completions
  [SCSI] bfa: Add fc host issue lip support
  [SCSI] mpt2sas: remove extraneous sas_log_info messages
  [SCSI] libfc: fcoe_transport_create fails in single-CPU environment
  [SCSI] fcoe: reduce contention for fcoe_rx_list lock [v2]
  ...
2012-03-31 13:31:23 -07:00
J. Bruce Fields
c0d0259481 vfs: fix out-of-date dentry_unhash() comment
64252c75a2196a0cf1e0d3777143ecfe0e3ae650 "vfs: remove dget() from
dentry_unhash()" changed the implementation but not the comment.

Cc: Sage Weil <sage@newdream.net>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:17 -04:00
Miklos Szeredi
bad6118978 vfs: split __lookup_hash
Split __lookup_hash into two component functions:

 lookup_dcache - tries cached lookup, returns whether real lookup is needed
 lookup_real - calls i_op->lookup

This eliminates code duplication between d_alloc_and_lookup() and
d_inode_lookup().

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:17 -04:00
Al Viro
81e6f52089 untangling do_lookup() - take __lookup_hash()-calling case out of line.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:17 -04:00
Al Viro
a32555466c untangling do_lookup() - switch to calling __lookup_hash()
now we have __lookup_hash() open-coded if !dentry case;
just call the damn thing instead...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:16 -04:00
Al Viro
a6ecdfcfba untangling do_lookup() - merge d_alloc_and_lookup() callers
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:16 -04:00
Al Viro
ec335e91a4 untangling do_lookup() - merge failure exits in !dentry case
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:16 -04:00
Al Viro
d774a058d9 untangling do_lookup() - massage !dentry case towards __lookup_hash()
Reorder if-else cases for starters...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:16 -04:00
Al Viro
08b0ab7c20 untangling do_lookup() - get rid of need_reval in !dentry case
Everything arriving into if (!dentry) will have need_reval = 1.
Indeed, the only way to get there with need_reval reset to 0 would
be via
	if (unlikely(d_need_lookup(dentry)))
		goto unlazy;
	if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE)) {
		status = d_revalidate(dentry, nd);
	if (unlikely(status <= 0)) {
		if (status != -ECHILD)
			need_reval = 0;
		goto unlazy;
...
unlazy:
	/* no assignments to dentry */
	if (dentry && unlikely(d_need_lookup(dentry))) {
		dput(dentry);
		dentry = NULL;
	}
and if d_need_lookup() had already been false the first time around, it
will remain false on the second call as well.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:16 -04:00
Al Viro
acc9cb3cd4 untangling do_lookup() - eliminate a loop.
d_lookup() *will* fail after successful d_invalidate(), if we are
holding i_mutex all along.  IOW, we don't need to jump back to
l: - we know what path will be taken there and can do that (i.e.
d_alloc_and_lookup()) directly.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:16 -04:00
Al Viro
37c17e1f37 untangling do_lookup() - expand the area under ->i_mutex
keep holding ->i_mutex over revalidation parts

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:16 -04:00
Al Viro
3f6c7c71a2 untangling do_lookup() - isolate !dentry stuff from the rest of it.
Duplicate the revalidation-related parts into if (!dentry) branch.
Next step will be to pull them under i_mutex.

This and the next 8 commits are more or less a splitup of patch
by Miklos; folks, when you are working with something that convoluted,
carve your patches up into easily reviewed steps, especially when
a lot of codepaths involved are rarely hit...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:16 -04:00
Miklos Szeredi
cda309de25 vfs: move MAY_EXEC check from __lookup_hash()
The only caller of __lookup_hash() that needs the exec permission check on
parent is lookup_one_len().

All lookup_hash() callers already checked permission in LOOKUP_PARENT walk.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:16 -04:00
Miklos Szeredi
3637c05d88 vfs: don't revalidate just looked up dentry
__lookup_hash() calls ->lookup() if the dentry needs lookup and on success
revalidates the dentry (all under dir->i_mutex).

While this is harmless it doesn't make a lot of sense.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:16 -04:00
Miklos Szeredi
fa4ee15951 vfs: fix d_need_lookup/d_revalidate order in do_lookup
Doing revalidate on a dentry which has not yet been looked up makes no sense.

Move the d_need_lookup() check before d_revalidate().

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:16 -04:00
Al Viro
4613ad180d ext3: move headers to fs/ext3/
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:16 -04:00
Al Viro
f7699f2b01 migrate ext2_fs.h guts to fs/ext2/ext2.h
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:16 -04:00
Al Viro
39429c5e4a new helper: ext2_image_size()
... implemented that way since the next commit will leave it
almost alone in ext2_fs.h - most of the file (including
struct ext2_super_block) is going to move to fs/ext2/ext2.h.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:16 -04:00
Al Viro
2f99c36986 get rid of pointless includes of ext2_fs.h
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:15 -04:00
Thierry Reding
4a165d25f6 ext2: No longer export ext2_fs.h to user space
Since the on-disk format has been stable for quite some time, users
should either use the headers provided by libext2fs or keep a private
copy of this header. For the full discussion, see this thread:

	https://lkml.org/lkml/2012/3/21/516

While at it, this commit removes all __KERNEL__ guards, which are now
unnecessary.

Signed-off-by: Thierry Reding <thierry.reding@avionic-design.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Jan Kara <jack@suse.cz>
Cc: Ted Ts'o <tytso@mit.edu>
Cc: Artem Bityutskiy <dedekind1@gmail.com>
Cc: Andreas Dilger <aedilger@gmail.com>
Cc: linux-ext4@vger.kernel.org
2012-03-31 16:03:15 -04:00
Al Viro
00292bbf76 mtdchar: kill persistently held vfsmount
... and mtdchar_notifier along with it; just have ->drop_inode() that
will unconditionally get evict them instead of dances on mtd device
removal and use simple_pin_fs() instead of kern_mount()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:15 -04:00
Al Viro
22a71c3055 pstore: trim pstore_get_inode()
move mode-dependent parts to callers, kill unused arguments

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:15 -04:00
Al Viro
a2e1859adb aio: take final put_ioctx() into callers of io_destroy()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:15 -04:00
Al Viro
06af121eab aio: merge aio_cancel_all() with wait_for_all_aios()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:15 -04:00
Al Viro
a1c2aa1e86 selinuxfs: merge dentry allocation into sel_make_dir()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-03-31 16:03:15 -04:00
Matthew Garrett
c9651e70ad ASPM: Fix pcie devices with non-pcie children
Since 3.2.12 and 3.3, some systems are failing to boot with a BUG_ON.
Some other systems using the pata_jmicron driver fail to boot because no
disks are detected.  Passing pcie_aspm=force on the kernel command line
works around it.

The cause: commit 4949be16822e ("PCI: ignore pre-1.1 ASPM quirking when
ASPM is disabled") changed the behaviour of pcie_aspm_sanity_check() to
always return 0 if aspm is disabled, in order to avoid cases where we
changed ASPM state on pre-PCIe 1.1 devices.

This skipped the secondary function of pcie_aspm_sanity_check which was
to avoid us enabling ASPM on devices that had non-PCIe children, causing
trouble later on.  Move the aspm_disabled check so we continue to honour
that scenario.

Addresses https://bugzilla.kernel.org/show_bug.cgi?id=42979 and
          http://bugs.debian.org/665420

Reported-by: Romain Francoise <romain@orebokech.com> # kernel panic
Reported-by: Chris Holland <bandidoirlandes@gmail.com> # disk detection trouble
Signed-off-by: Matthew Garrett <mjg@redhat.com>
Cc: stable@vger.kernel.org
Tested-by: Hatem Masmoudi <hatem.masmoudi@gmail.com> # Dell Latitude E5520
Tested-by: janek <jan0x6c@gmail.com> # pata_jmicron with JMB362/JMB363
[jn: with more symptoms in log message]
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-03-31 12:49:56 -07:00
Linus Torvalds
cdb0f9a1ad selinux: inline avc_audit() and avc_has_perm_noaudit() into caller
Now that all the slow-path code is gone from these functions, we can
inline them into the main caller - avc_has_perm_flags().

Now the compiler can see that 'avc' is allocated on the stack for this
case, which helps register pressure a bit.  It also actually shrinks the
total stack frame, because the stack frame that avc_has_perm_flags()
always needed (for that 'avc' allocation) is now sufficient for the
inlined functions too.

Inlining isn't bad - but mindless inlining of cold code (see the
previous commit) is.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-03-31 11:24:22 -07:00
Linus Torvalds
a554bea899 selinux: don't inline slow-path code into avc_has_perm_noaudit()
The selinux AVC paths remain some of the hottest (and deepest) codepaths
at filename lookup time, and we make it worse by having the slow path
cases take up I$ and stack space even when they don't trigger.  Gcc
tends to always want to inline functions that are just called once -
never mind that this might make for slower and worse code in the caller.

So this tries to improve on it a bit by making the slow-path cases
explicitly separate functions that are marked noinline, causing gcc to
at least no longer allocate stack space for them unless they are
actually called.  It also seems to help register allocation a tiny bit,
since gcc now doesn't take the slow case code into account.

Uninlining the slow path may also allow us to inline the remaining hot
path into the one caller that actually matters: avc_has_perm_flags().
I'll have to look at that separately, but both avc_audit() and
avc_has_perm_noaudit() are now small and lean enough that inlining them
may make sense.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-03-31 11:24:22 -07:00