1. 28 Sep, 2016 1 commit
  2. 22 Sep, 2016 1 commit
  3. 31 Jul, 2016 1 commit
  4. 30 Jul, 2016 1 commit
  5. 11 Jun, 2016 1 commit
    • Linus Torvalds's avatar
      vfs: make the string hashes salt the hash · 8387ff25
      Linus Torvalds authored
      We always mixed in the parent pointer into the dentry name hash, but we
      did it late at lookup time.  It turns out that we can simplify that
      lookup-time action by salting the hash with the parent pointer early
      instead of late.
      A few other users of our string hashes also wanted to mix in their own
      pointers into the hash, and those are updated to use the same mechanism.
      Hash users that don't have any particular initial salt can just use the
      NULL pointer as a no-salt.
      Cc: Vegard Nossum <vegard.nossum@oracle.com>
      Cc: George Spelvin <linux@sciencehorizons.net>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  6. 21 Jan, 2016 1 commit
  7. 15 Jan, 2016 1 commit
    • Vladimir Davydov's avatar
      kmemcg: account certain kmem allocations to memcg · 5d097056
      Vladimir Davydov authored
      Mark those kmem allocations that are known to be easily triggered from
      userspace as __GFP_ACCOUNT/SLAB_ACCOUNT, which makes them accounted to
      memcg.  For the list, see below:
       - threadinfo
       - task_struct
       - task_delay_info
       - pid
       - cred
       - mm_struct
       - vm_area_struct and vm_region (nommu)
       - anon_vma and anon_vma_chain
       - signal_struct
       - sighand_struct
       - fs_struct
       - files_struct
       - fdtable and fdtable->full_fds_bits
       - dentry and external_name
       - inode for all filesystems. This is the most tedious part, because
         most filesystems overwrite the alloc_inode method.
      The list is far from complete, so feel free to add more objects.
      Nevertheless, it should be close to "account everything" approach and
      keep most workloads within bounds.  Malevolent users will be able to
      breach the limit, but this was possible even with the former "account
      everything" approach (simply because it did not account everything in
      [akpm@linux-foundation.org: coding-style fixes]
      Signed-off-by: default avatarVladimir Davydov <vdavydov@virtuozzo.com>
      Acked-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Acked-by: default avatarMichal Hocko <mhocko@suse.com>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Greg Thelen <gthelen@google.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  8. 07 Dec, 2015 1 commit
  9. 01 Jul, 2015 1 commit
  10. 17 Apr, 2015 1 commit
  11. 15 Apr, 2015 1 commit
  12. 12 Apr, 2015 1 commit
  13. 08 Aug, 2014 3 commits
  14. 06 May, 2014 2 commits
  15. 07 Apr, 2014 1 commit
  16. 13 Mar, 2014 1 commit
    • Theodore Ts'o's avatar
      fs: push sync_filesystem() down to the file system's remount_fs() · 02b9984d
      Theodore Ts'o authored
      Previously, the no-op "mount -o mount /dev/xxx" operation when the
      file system is already mounted read-write causes an implied,
      unconditional syncfs().  This seems pretty stupid, and it's certainly
      documented or guaraunteed to do this, nor is it particularly useful,
      except in the case where the file system was mounted rw and is getting
      remounted read-only.
      However, it's possible that there might be some file systems that are
      actually depending on this behavior.  In most file systems, it's
      probably fine to only call sync_filesystem() when transitioning from
      read-write to read-only, and there are some file systems where this is
      not needed at all (for example, for a pseudo-filesystem or something
      like romfs).
      Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
      Cc: linux-fsdevel@vger.kernel.org
      Cc: Christoph Hellwig <hch@infradead.org>
      Cc: Artem Bityutskiy <dedekind1@gmail.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Evgeniy Dushistov <dushistov@mail.ru>
      Cc: Jan Kara <jack@suse.cz>
      Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
      Cc: Anders Larsen <al@alarsen.net>
      Cc: Phillip Lougher <phillip@squashfs.org.uk>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Mikulas Patocka <mikulas@artax.karlin.mff.cuni.cz>
      Cc: Petr Vandrovec <petr@vandrovec.name>
      Cc: xfs@oss.sgi.com
      Cc: linux-btrfs@vger.kernel.org
      Cc: linux-cifs@vger.kernel.org
      Cc: samba-technical@lists.samba.org
      Cc: codalist@coda.cs.cmu.edu
      Cc: linux-ext4@vger.kernel.org
      Cc: linux-f2fs-devel@lists.sourceforge.net
      Cc: fuse-devel@lists.sourceforge.net
      Cc: cluster-devel@redhat.com
      Cc: linux-mtd@lists.infradead.org
      Cc: jfs-discussion@lists.sourceforge.net
      Cc: linux-nfs@vger.kernel.org
      Cc: linux-nilfs@vger.kernel.org
      Cc: linux-ntfs-dev@lists.sourceforge.net
      Cc: ocfs2-devel@oss.oracle.com
      Cc: reiserfs-devel@vger.kernel.org
  17. 25 Oct, 2013 1 commit
  18. 12 Sep, 2013 1 commit
  19. 29 Jun, 2013 2 commits
  20. 04 Mar, 2013 1 commit
    • Eric W. Biederman's avatar
      fs: Limit sys_mount to only request filesystem modules. · 7f78e035
      Eric W. Biederman authored
      Modify the request_module to prefix the file system type with "fs-"
      and add aliases to all of the filesystems that can be built as modules
      to match.
      A common practice is to build all of the kernel code and leave code
      that is not commonly needed as modules, with the result that many
      users are exposed to any bug anywhere in the kernel.
      Looking for filesystems with a fs- prefix limits the pool of possible
      modules that can be loaded by mount to just filesystems trivially
      making things safer with no real cost.
      Using aliases means user space can control the policy of which
      filesystem modules are auto-loaded by editing /etc/modprobe.d/*.conf
      with blacklist and alias directives.  Allowing simple, safe,
      well understood work-arounds to known problematic software.
      This also addresses a rare but unfortunate problem where the filesystem
      name is not the same as it's module name and module auto-loading
      would not work.  While writing this patch I saw a handful of such
      cases.  The most significant being autofs that lives in the module
      This is relevant to user namespaces because we can reach the request
      module in get_fs_type() without having any special permissions, and
      people get uncomfortable when a user specified string (in this case
      the filesystem type) goes all of the way to request_module.
      After having looked at this issue I don't think there is any
      particular reason to perform any filtering or permission checks beyond
      making it clear in the module request that we want a filesystem
      module.  The common pattern in the kernel is to call request_module()
      without regards to the users permissions.  In general all a filesystem
      module does once loaded is call register_filesystem() and go to sleep.
      Which means there is not much attack surface exposed by loading a
      filesytem module unless the filesystem is mounted.  In a user
      namespace filesystems are not mounted unless .fs_flags = FS_USERNS_MOUNT,
      which most filesystems do not set today.
      Acked-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
      Acked-by: default avatarKees Cook <keescook@chromium.org>
      Reported-by: default avatarKees Cook <keescook@google.com>
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
  21. 23 Feb, 2013 1 commit
  22. 21 Jan, 2013 1 commit
  23. 20 Dec, 2012 1 commit
  24. 03 Oct, 2012 1 commit
  25. 21 Sep, 2012 1 commit
  26. 14 Jul, 2012 2 commits
  27. 21 Mar, 2012 1 commit
  28. 07 Jan, 2012 1 commit
  29. 02 Nov, 2011 1 commit
  30. 31 Mar, 2011 1 commit
  31. 24 Mar, 2011 1 commit
  32. 23 Mar, 2011 3 commits
    • Stuart Swales's avatar
      adfs: add hexadecimal filetype suffix option · da23ef05
      Stuart Swales authored
      ADFS (FileCore) storage complies with the RISC OS filetype specification
      (12 bits of file type information is stored in the file load address,
      rather than using a file extension).  The existing driver largely ignores
      this information and does not present it to the end user.
      It is desirable that stored filetypes be made visible to the end user to
      facilitate a precise copy of data and metadata from a hard disc (or image
      thereof) into a RISC OS emulator (such as RPCEmu) or to a network share
      which can be accessed by real Acorn systems.
      This patch implements a per-mount filetype suffix option (use -o
      ftsuffix=1) to present any filetype as a ,xyz hexadecimal suffix on each
      file.  This type suffix is compatible with that used by RISC OS systems
      that access network servers using NFS client software and by RPCemu's host
      filing system.
      Signed-off-by: default avatarStuart Swales <stuart.swales.croftnuisk@gmail.com>
      Cc: Russell King <rmk@arm.linux.org.uk>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Stuart Swales's avatar
      adfs: improve timestamp precision · 7a9730af
      Stuart Swales authored
      ADFS (FileCore) storage complies with the RISC OS timestamp specification
      (40-bit centiseconds since 01 Jan 1900 00:00:00).  It is desirable that
      stored timestamp precision be maintained to facilitate a precise copy of
      data and metadata from a hard disc (or image thereof) into a RISC OS
      emulator (such as RPCEmu).
      This patch implements a full-precision conversion from ADFS to Unix
      timestamp as the existing driver, for ease of calculation with old 32-bit
      compilers, uses the common trick of shifting the 40-bits representing
      centiseconds around into 32-bits representing seconds thereby losing
      Signed-off-by: Stuart Swales<stuart.swales.croftnuisk@gmail.com>
      Cc: Russell King <rmk@arm.linux.org.uk>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Stuart Swales's avatar
      adfs: fix E+/F+ dir size > 2048 crashing kernel · 2f09719a
      Stuart Swales authored
      Kernel crashes in fs/adfs module when accessing directories with a large
      number of objects on mounted Acorn ADFS E+/F+ format discs (or images) as
      the existing code writes off the end of the fixed array of struct
      buffer_head pointers.
      Additionally, each directory access that didn't crash would leak a buffer
      as nr_buffers was not adjusted correctly for E+/F+ discs (was always left
      as one less than required).
      The patch fixes this by allocating a dynamically-sized set of struct
      buffer_head pointers if necessary for the E+/F+ case (many directories
      still do in fact fit in 2048 bytes) and sets the correct nr_buffers so
      that all buffers are released.
      Addresses https://bugzilla.kernel.org/show_bug.cgi?id=26072
      Tested by tar'ing the contents of my RISC PC's E+ format 20Gb HDD which
      contains a number of large directories that previously crashed the kernel.
      Signed-off-by: default avatarStuart Swales <stuart.swales.croftnuisk@gmail.com>
      Cc: Russell King <rmk@arm.linux.org.uk>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  33. 10 Mar, 2011 1 commit