summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2011-08-23KEYS: Correctly destroy key payloads when their keytype is removedDavid Howells
unregister_key_type() has code to mark a key as dead and make it unavailable in one loop and then destroy all those unavailable key payloads in the next loop. However, the loop to mark keys dead renders the key undetectable to the second loop by changing the key type pointer also. Fix this by the following means: (1) The key code has two garbage collectors: one deletes unreferenced keys and the other alters keyrings to delete links to old dead, revoked and expired keys. They can end up holding each other up as both want to scan the key serial tree under spinlock. Combine these into a single routine. (2) Move the dead key marking, dead link removal and dead key removal into the garbage collector as a three phase process running over the three cycles of the normal garbage collection procedure. This is tracked by the KEY_GC_REAPING_DEAD_1, _2 and _3 state flags. unregister_key_type() then just unlinks the key type from the list, wakes up the garbage collector and waits for the third phase to complete. (3) Downgrade the key types sem in unregister_key_type() once it has deleted the key type from the list so that it doesn't block the keyctl() syscall. (4) Dead keys that cannot be simply removed in the third phase have their payloads destroyed with the key's semaphore write-locked to prevent interference by the keyctl() syscall. There should be no in-kernel users of dead keys of that type by the point of unregistration, though keyctl() may be holding a reference. (5) Only perform timer recalculation in the GC if the timer actually expired. If it didn't, we'll get another cycle when it goes off - and if the key that actually triggered it has been removed, it's not a problem. (6) Only garbage collect link if the timer expired or if we're doing dead key clean up phase 2. (7) As only key_garbage_collector() is permitted to use rb_erase() on the key serial tree, it doesn't need to revalidate its cursor after dropping the spinlock as the node the cursor points to must still exist in the tree. (8) Drop the spinlock in the GC if there is contention on it or if we need to reschedule. After dealing with that, get the spinlock again and resume scanning. This has been tested in the following ways: (1) Run the keyutils testsuite against it. (2) Using the AF_RXRPC and RxKAD modules to test keytype removal: Load the rxrpc_s key type: # insmod /tmp/af-rxrpc.ko # insmod /tmp/rxkad.ko Create a key (http://people.redhat.com/~dhowells/rxrpc/listen.c): # /tmp/listen & [1] 8173 Find the key: # grep rxrpc_s /proc/keys 091086e1 I--Q-- 1 perm 39390000 0 0 rxrpc_s 52:2 Link it to a session keyring, preferably one with a higher serial number: # keyctl link 0x20e36251 @s Kill the process (the key should remain as it's linked to another place): # fg /tmp/listen ^C Remove the key type: rmmod rxkad rmmod af-rxrpc This can be made a more effective test by altering the following part of the patch: if (unlikely(gc_state & KEY_GC_REAPING_DEAD_2)) { /* Make sure everyone revalidates their keys if we marked a * bunch as being dead and make sure all keyring ex-payloads * are destroyed. */ kdebug("dead sync"); synchronize_rcu(); To call synchronize_rcu() in GC phase 1 instead. That causes that the keyring's old payload content to hang around longer until it's RCU destroyed - which usually happens after GC phase 3 is complete. This allows the destroy_dead_key branch to be tested. Reported-by: Benjamin Coddington <bcodding@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
2011-08-23KEYS: The dead key link reaper should be non-reentrantDavid Howells
The dead key link reaper should be non-reentrant as it relies on global state to keep track of where it's got to when it returns to the work queue manager to give it some air. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
2011-08-23KEYS: Make the key reaper non-reentrantDavid Howells
Make the key reaper non-reentrant by sticking it on the appropriate system work queue when we queue it. This will allow it to have global state and drop locks. It should probably be non-reentrant already as it may spend a long time holding the key serial spinlock, and so multiple entrants can spend long periods of time just sitting there spinning, waiting to get the lock. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
2011-08-23KEYS: Move the unreferenced key reaper to the keys garbage collector fileDavid Howells
Move the unreferenced key reaper function to the keys garbage collector file as that's a more appropriate place with the dead key link reaper. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
2011-08-23CRED: Fix prepare_kernel_cred() to provide a new thread_group_cred structDavid Howells
Fix prepare_kernel_cred() to provide a new, separate thread_group_cred struct otherwise when using request_key() ____call_usermodehelper() calls umh_keys_init() with the new creds pointing to init_tgcred, which umh_keys_init() then blithely alters. The problem can be demonstrated by: # keyctl request2 user a debug:a @s 249681132 # grep req /proc/keys 079906a5 I--Q-- 1 perm 1f3f0000 0 0 keyring _req.249681132: 1/4 38ef1626 IR---- 1 expd 0b010000 0 0 .request_ key:ee1d4ec pid:4371 ci:1 The keyring _req.XXXX should have gone away, but something (init_tgcred) is pinning it. That key actually requested can then be removed and a new one created: # keyctl unlink 249681132 1 links removed [root@andromeda ~]# grep req /proc/keys 116cecac IR---- 1 expd 0b010000 0 0 .request_ key:eeb4911 pid:4379 ci:1 36d1cbf8 I--Q-- 1 perm 1f3f0000 0 0 keyring _req.250300689: 1/4 which causes the old _req keyring to go away and a new one to take its place. This is a consequence of the changes in: commit 879669961b11e7f40b518784863a259f735a72bf Author: David Howells <dhowells@redhat.com> Date: Fri Jun 17 11:25:59 2011 +0100 KEYS/DNS: Fix ____call_usermodehelper() to not lose the session keyring and: commit 17f60a7da150fdd0cfb9756f86a262daa72c835f Author: Eric Paris <eparis@redhat.com> Date: Fri Apr 1 17:07:50 2011 -0400 capabilites: allow the application of capability limits to usermode helpers After this patch is applied, the _req keyring and the .request_key key are cleaned up. Signed-off-by: David Howells <dhowells@redhat.com> cc: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
2011-08-23KEYS: __key_link() should use the RCU deref wrapper for keyring payloadsDavid Howells
__key_link() should use the RCU deref wrapper rcu_dereference_locked_keyring() for accessing keyring payloads rather than calling rcu_dereference_protected() directly. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
2011-08-23KEYS: keyctl_get_keyring_ID() should create a session keyring if create flag setDavid Howells
The keyctl call: keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 1) should create a session keyring if the process doesn't have one of its own because the create flag argument is set - rather than subscribing to and returning the user-session keyring as: keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0) will do. This can be tested by commenting out pam_keyinit in the /etc/pam.d files and running the following program a couple of times in a row: #include <stdio.h> #include <stdlib.h> #include <keyutils.h> int main(int argc, char *argv[]) { key_serial_t uk, usk, sk, nsk; uk = keyctl_get_keyring_ID(KEY_SPEC_USER_KEYRING, 0); usk = keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0); sk = keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0); nsk = keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 1); printf("keys: %08x %08x %08x %08x\n", uk, usk, sk, nsk); return 0; } Without this patch, I see: keys: 3975ddc7 119c0c66 119c0c66 119c0c66 keys: 3975ddc7 119c0c66 119c0c66 119c0c66 With this patch, I see: keys: 2cb4997b 34112878 34112878 17db2ce3 keys: 2cb4997b 34112878 34112878 39f3c73e As can be seen, the session keyring starts off the same as the user-session keyring each time, but with the patch a new session keyring is created when the create flag is set. Reported-by: Greg Wettstein <greg@enjellic.com> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Greg Wettstein <greg@enjellic.com> Signed-off-by: James Morris <jmorris@namei.org>
2011-08-23KEYS: If install_session_keyring() is given a keyring, it should install itDavid Howells
If install_session_keyring() is given a keyring, it should install it rather than just creating a new one anyway. This was accidentally broken in: commit d84f4f992cbd76e8f39c488cf0c5d123843923b1 Author: David Howells <dhowells@redhat.com> Date: Fri Nov 14 10:39:23 2008 +1100 Subject: CRED: Inaugurate COW credentials The impact of that commit is that pam_keyinit no longer works correctly if 'force' isn't specified against a login process. This is because: keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0) now always creates a new session keyring and thus the check whether the session keyring and the user-session keyring are the same is always false. This leads pam_keyinit to conclude that a session keyring is installed and it shouldn't be revoked by pam_keyinit here if 'revoke' is specified. Any system that specifies 'force' against pam_keyinit in the PAM configuration files for login methods (login, ssh, su -l, kdm, etc.) is not affected since that bypasses the broken check and forces the creation of a new session keyring anyway (for which the revoke flag is not cleared) - and any subsequent call to pam_keyinit really does have a session keyring already installed, and so the check works correctly there. Reverting to the previous behaviour will cause the kernel to subscribe the process to the user-session keyring as its session keyring if it doesn't have a session keyring of its own. pam_keyinit will detect this and install a new session keyring anyway (and won't clear the revert flag). This can be tested by commenting out pam_keyinit in the /etc/pam.d files and running the following program a couple of times in a row: #include <stdio.h> #include <stdlib.h> #include <keyutils.h> int main(int argc, char *argv[]) { key_serial_t uk, usk, sk; uk = keyctl_get_keyring_ID(KEY_SPEC_USER_KEYRING, 0); usk = keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0); sk = keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0); printf("keys: %08x %08x %08x\n", uk, usk, sk); return 0; } Without the patch, I see: keys: 3884e281 24c4dfcf 22825f8e keys: 3884e281 24c4dfcf 068772be With the patch, I see: keys: 26be9c83 0e755ce0 0e755ce0 keys: 26be9c83 0e755ce0 0e755ce0 As can be seen, with the patch, the session keyring is the same as the user-session keyring each time; without the patch a new session keyring is generated each time. Reported-by: Greg Wettstein <greg@enjellic.com> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Greg Wettstein <greg@enjellic.com> Signed-off-by: James Morris <jmorris@namei.org>
2011-08-18evm: add MAINTAINERS entryMimi Zohar
Update the MAINTAINERS file with an entry for EVM. Reported-by: Randy Dunlap <rdunlap@xenotimenet> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
2011-08-18evm: add Kconfig TCG_TPM dependencyMimi Zohar
Although the EVM encrypted-key should be encrypted/decrypted using a trusted-key, a user-defined key could be used instead. When using a user- defined key, a TCG_TPM dependency should not be required. Unfortunately, the encrypted-key code needs to be refactored a bit in order to remove this dependency. This patch adds the TCG_TPM dependency. Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>, Randy Dunlap <rdunlap@xenotimenet> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
2011-08-17tomoyo: remove tomoyo_gc_thread()->daemonize()Oleg Nesterov
daemonize() is only needed when a user-space task does kernel_thread(). tomoyo_gc_thread() is kthread_create()'ed and thus it doesn't need the soon-to-be-deprecated daemonize(). Signed-off-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Tejun Heo <tj@kernel.org> Acked-by: Matt Fleming <matt.fleming@intel.com> Signed-off-by: James Morris <jmorris@namei.org>
2011-08-16evm: fix build problemsMimi Zohar
- Make the previously missing security_old_inode_init_security() stub function definition static inline. - The stub security_inode_init_security() function previously returned -EOPNOTSUPP and relied on the callers to change it to 0. The stub security/security_old_inode_init_security() functions now return 0. Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
2011-08-16capabilities: initialize has_capSerge Hallyn
Initialize has_cap in cap_bprm_set_creds() Reported-by: Andrew G. Morgan <morgan@kernel.org> Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
2011-08-12capabilities: do not grant full privs for setuid w/ file caps + no effective ↵Zhi Li
caps A task (when !SECURE_NOROOT) which executes a setuid-root binary will obtain root privileges while executing that binary. If the binary also has effective capabilities set, then only those capabilities will be granted. The rationale is that the same binary can carry both setuid-root and the minimal file capability set, so that on a filesystem not supporting file caps the binary can still be executed with privilege, while on a filesystem supporting file caps it will run with minimal privilege. This special case currently does NOT happen if there are file capabilities but no effective capabilities. Since capability-aware programs can very well start with empty pE but populated pP and move those caps to pE when needed. In other words, if the file has file capabilities but NOT effective capabilities, then we should do the same thing as if there were file capabilities, and not grant full root privileges. This patchset does that. (Changelog by Serge Hallyn). Signed-off-by: Zhi Li <lizhi1215@gmail.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
2011-08-12CIFS: remove local xattr definitionsMimi Zohar
Local XATTR_TRUSTED_PREFIX_LEN and XATTR_SECURITY_PREFIX_LEN definitions redefined ones in 'linux/xattr.h'. This was caused by commit 9d8f13ba3f48 ("security: new security_inode_init_security API adds function callback") including 'linux/xattr.h' in 'linux/security.h'. In file included from include/linux/security.h:39, from include/net/sock.h:54, from fs/cifs/cifspdu.h:25, from fs/cifs/xattr.c:26: This patch removes the local definitions. Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
2011-08-11evm: fix evm_inode_init_security return codeMimi Zohar
evm_inode_init_security() should return 0, when EVM is not enabled. (Returning an error is a remnant of evm_inode_post_init_security.) Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
2011-08-11evm: building without EVM enabled fixesMimi Zohar
- Missing 'inline' on evm_inode_setattr() definition. Introduced by commit 817b54aa45db ("evm: add evm_inode_setattr to prevent updating an invalid security.evm"). - Missing security_old_inode_init_security() stub function definition. Caused by commit 9d8f13ba3f48 ("security: new security_inode_init_security API adds function callback"). Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
2011-08-09EVM: ensure trusted and encypted key symbols are available to EVMJames Morris
Select trusted and encrypted keys if EVM is selected, to ensure the requisite symbols are available. Otherwise, these can be selected as modules while EVM is static, leading to a kernel build failure. Signed-off-by: James Morris <jmorris@namei.org>
2011-08-09Merge branch 'next-evm' of ↵James Morris
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/ima-2.6 into next Conflicts: fs/attr.c Resolve conflict manually. Signed-off-by: James Morris <jmorris@namei.org>
2011-08-08Merge branch 'next-queue' into nextJames Morris
2011-08-08Merge branch 'linus'; commit 'v3.1-rc1' into nextJames Morris
2011-08-07Linux 3.1-rc1v3.1-rc1Linus Torvalds
2011-08-07Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparcLinus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc: Fix build with DEBUG_PAGEALLOC enabled.
2011-08-07sh: Fix boot crash related to SCIRafael J. Wysocki
Commit d006199e72a9 ("serial: sh-sci: Regtype probing doesn't need to be fatal.") made sci_init_single() return when sci_probe_regmap() succeeds, although it should return when sci_probe_regmap() fails. This causes systems using the serial sh-sci driver to crash during boot. Fix the problem by using the right return condition. Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-08-07arm: remove stale export of 'sha_transform'Linus Torvalds
The generic library code already exports the generic function, this was left-over from the ARM-specific version that just got removed. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-08-07arm: remove "optimized" SHA1 routinesLinus Torvalds
Since commit 1eb19a12bd22 ("lib/sha1: use the git implementation of SHA-1"), the ARM SHA1 routines no longer work. The reason? They depended on the larger 320-byte workspace, and now the sha1 workspace is just 16 words (64 bytes). So the assembly version would overwrite the stack randomly. The optimized asm version is also probably slower than the new improved C version, so there's no reason to keep it around. At least that was the case in git, where what appears to be the same assembly language version was removed two years ago because the optimized C BLK_SHA1 code was faster. Reported-and-tested-by: Joachim Eastwood <manabian@gmail.com> Cc: Andreas Schwab <schwab@linux-m68k.org> Cc: Nicolas Pitre <nico@fluxnic.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-08-07fix rcu annotations noise in cred.hAl Viro
task->cred is declared as __rcu, and access to other tasks' ->cred is, indeed, protected. Access to current->cred does not need rcu_dereference() at all, since only the task itself can change its ->cred. sparse, of course, has no way of knowing that... Add force-cast in current_cred(), make current_fsuid() et.al. use it. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-08-07vfs: rename 'do_follow_link' to 'should_follow_link'Linus Torvalds
Al points out that the do_follow_link() helper function really is misnamed - it's about whether we should try to follow a symlink or not, not about actually doing the following. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-08-07Fix POSIX ACL permission checkAri Savolainen
After commit 3567866bf261: "RCUify freeing acls, let check_acl() go ahead in RCU mode if acl is cached" posix_acl_permission is being called with an unsupported flag and the permission check fails. This patch fixes the issue. Signed-off-by: Ari Savolainen <ari.m.savolainen@gmail.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2011-08-06Merge branch 'for-linus' of git://git.open-osd.org/linux-open-osdLinus Torvalds
* 'for-linus' of git://git.open-osd.org/linux-open-osd: ore: Make ore its own module exofs: Rename raid engine from exofs/ios.c => ore exofs: ios: Move to a per inode components & device-table exofs: Move exofs specific osd operations out of ios.c exofs: Add offset/length to exofs_get_io_state exofs: Fix truncate for the raid-groups case exofs: Small cleanup of exofs_fill_super exofs: BUG: Avoid sbi realloc exofs: Remove pnfs-osd private definitions nfs_xdr: Move nfs4_string definition out of #ifdef CONFIG_NFS_V4
2011-08-06vfs: optimize inode cache access patternsLinus Torvalds
The inode structure layout is largely random, and some of the vfs paths really do care. The path lookup in particular is already quite D$ intensive, and profiles show that accessing the 'inode->i_op->xyz' fields is quite costly. We already optimized the dcache to not unnecessarily load the d_op structure for members that are often NULL using the DCACHE_OP_xyz bits in dentry->d_flags, and this does something very similar for the inode ops that are used during pathname lookup. It also re-orders the fields so that the fields accessed by 'stat' are together at the beginning of the inode structure, and roughly in the order accessed. The effect of this seems to be in the 1-2% range for an empty kernel "make -j" run (which is fairly kernel-intensive, mostly in filename lookup), so it's visible. The numbers are fairly noisy, though, and likely depend a lot on exact microarchitecture. So there's more tuning to be done. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-08-06vfs: renumber DCACHE_xyz flags, remove some stale onesLinus Torvalds
Gcc tends to generate better code with small integers, including the DCACHE_xyz flag tests - so move the common ones to be first in the list. Also just remove the unused DCACHE_INOTIFY_PARENT_WATCHED and DCACHE_AUTOFS_PENDING values, their users no longer exists in the source tree. And add a "unlikely()" to the DCACHE_OP_COMPARE test, since we want the common case to be a nice straight-line fall-through. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-08-06Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: net: Compute protocol sequence numbers and fragment IDs using MD5. crypto: Move md5_transform to lib/md5.c
2011-08-06ore: Make ore its own moduleBoaz Harrosh
Export everything from ore need exporting. Change Kbuild and Kconfig to build ore.ko as an independent module. Import ore from exofs Signed-off-by: Boaz Harrosh <bharrosh@panasas.com>
2011-08-06exofs: Rename raid engine from exofs/ios.c => oreBoaz Harrosh
ORE stands for "Objects Raid Engine" This patch is a mechanical rename of everything that was in ios.c and its API declaration to an ore.c and an osd_ore.h header. The ore engine will later be used by the pnfs objects layout driver. * File ios.c => ore.c * Declaration of types and API are moved from exofs.h to a new osd_ore.h * All used types are prefixed by ore_ from their exofs_ name. * Shift includes from exofs.h to osd_ore.h so osd_ore.h is independent, include it from exofs.h. Other than a pure rename there are no other changes. Next patch will move the ore into it's own module and will export the API to be used by exofs and later the layout driver Signed-off-by: Boaz Harrosh <bharrosh@panasas.com>
2011-08-06exofs: ios: Move to a per inode components & device-tableBoaz Harrosh
Exofs raid engine was saving on memory space by having a single layout-info, single pid, and a single device-table, global to the filesystem. Then passing a credential and object_id info at the io_state level, private for each inode. It would also devise this contraption of rotating the device table view for each inode->ino to spread out the device usage. This is not compatible with the pnfs-objects standard, demanding that each inode can have it's own layout-info, device-table, and each object component it's own pid, oid and creds. So: Bring exofs raid engine to be usable for generic pnfs-objects use by: * Define an exofs_comp structure that holds obj_id and credential info. * Break up exofs_layout struct to an exofs_components structure that holds a possible array of exofs_comp and the array of devices + the size of the arrays. * Add a "comps" parameter to get_io_state() that specifies the ids creds and device array to use for each IO. This enables to keep the layout global, but the device-table view, creds and IDs at the inode level. It only adds two 64bit to each inode, since some of these members already existed in another form. * ios raid engine now access layout-info and comps-info through the passed pointers. Everything is pre-prepared by caller for generic access of these structures and arrays. At the exofs Level: * Super block holds an exofs_components struct that holds the device array, previously in layout. The devices there are in device-table order. The device-array is twice bigger and repeats the device-table twice so now each inode's device array can point to a random device and have a round-robin view of the table, making it compatible to previous exofs versions. * Each inode has an exofs_components struct that is initialized at load time, with it's own view of the device table IDs and creds. When doing IO this gets passed to the io_state together with the layout. While preforming this change. Bugs where found where credentials with the wrong IDs where used to access the different SB objects (super.c). As well as some dead code. It was never noticed because the target we use does not check the credentials. Signed-off-by: Boaz Harrosh <bharrosh@panasas.com>
2011-08-06exofs: Move exofs specific osd operations out of ios.cBoaz Harrosh
ios.c will be moving to an external library, for use by the objects-layout-driver. Remove from it some exofs specific functions. Also g_attr_logical_length is used both by inode.c and ios.c move definition to the later, to keep it independent Signed-off-by: Boaz Harrosh <bharrosh@panasas.com>
2011-08-06exofs: Add offset/length to exofs_get_io_stateBoaz Harrosh
In future raid code we will need to know the IO offset/length and if it's a read or write to determine some of the array sizes we'll need. So add a new exofs_get_rw_state() API for use when writeing/reading. All other simple cases are left using the old way. The major change to this is that now we need to call exofs_get_io_state later at inode.c::read_exec and inode.c::write_exec when we actually know these things. So this patch is kept separate so I can test things apart from other changes. Signed-off-by: Boaz Harrosh <bharrosh@panasas.com>
2011-08-06net: Compute protocol sequence numbers and fragment IDs using MD5.David S. Miller
Computers have become a lot faster since we compromised on the partial MD4 hash which we use currently for performance reasons. MD5 is a much safer choice, and is inline with both RFC1948 and other ISS generators (OpenBSD, Solaris, etc.) Furthermore, only having 24-bits of the sequence number be truly unpredictable is a very serious limitation. So the periodic regeneration and 8-bit counter have been removed. We compute and use a full 32-bit sequence number. For ipv6, DCCP was found to use a 32-bit truncated initial sequence number (it needs 43-bits) and that is fixed here as well. Reported-by: Dan Kaminsky <dan@doxpara.com> Tested-by: Willy Tarreau <w@1wt.eu> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-08-06crypto: Move md5_transform to lib/md5.cDavid S. Miller
We are going to use this for TCP/IP sequence number and fragment ID generation. Signed-off-by: David S. Miller <davem@davemloft.net>
2011-08-06Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: cifs: cope with negative dentries in cifs_get_root cifs: convert prefixpath delimiters in cifs_build_path_to_root CIFS: Fix missing a decrement of inFlight value cifs: demote DFS referral lookup errors to cFYI Revert "cifs: advertise the right receive buffer size to the server"
2011-08-06Merge branch 'pm-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6 * 'pm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6: PM / Runtime: Allow _put_sync() from interrupts-disabled context PM / Domains: Fix pm_genpd_poweron()
2011-08-06Merge branch 'for_linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/mjg59/platform-drivers-x86 * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mjg59/platform-drivers-x86: (38 commits) acer-wmi: support Lenovo ideapad S205 wifi switch acerhdf.c: spaces in aliased changed to * platform-drivers-x86: ideapad-laptop: add missing ideapad_input_exit in ideapad_acpi_add error path x86 driver: fix typo in TDP override enabling Platform: fix samsung-laptop DMI identification for N150/N210/220/N230 dell-wmi: Add keys for Dell XPS L502X platform-drivers-x86: samsung-q10: make dmi_check_callback return 1 Platform: Samsung Q10 backlight driver platform-drivers-x86: intel_scu_ipc: convert to DEFINE_PCI_DEVICE_TABLE platform-drivers-x86: intel_rar_register: convert to DEFINE_PCI_DEVICE_TABLE platform-drivers-x86: intel_menlow: add missing return AE_OK for intel_menlow_register_sensor() platform-drivers-x86: intel_mid_thermal: fix memory leak platform-drivers-x86: msi-wmi: add missing sparse_keymap_free in msi_wmi_init error path Samsung Laptop platform driver: support N510 asus-wmi: add uwb rfkill support asus-wmi: add gps rfkill support asus-wmi: add CWAP support and clarify the meaning of WAPF bits asus-wmi: return proper value in store_cpufv() asus-wmi: check for temp1 presence asus-wmi: add thermal sensor ...
2011-08-06Merge branch 'stable/bug.fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen * 'stable/bug.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen: xen/trace: Fix compile error when CONFIG_XEN_PRIVILEGED_GUEST is not set xen: Fix misleading WARN message at xen_release_chunk xen: Fix printk() format in xen/setup.c xen/tracing: it looks like we wanted CONFIG_FTRACE xen/self-balloon: Add dependency on tmem. xen/balloon: Fix compile errors - missing header files. xen/grant: Fix compile warning. xen/pciback: remove duplicated #include
2011-08-06Merge branch 'release' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 * 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6: Battery: sysfs_remove_battery(): possible circular locking
2011-08-06savagedb: Fix typo causing regression in savage4 series video chip detectionJohn Stanley
Two additional savage4 variants were added, but the S3_SAVAGE4_SERIES macro was incompletely modified, resulting in a false positive detection of a savage4 card regardless of which savage card is actually present. For non-savage4 series cards, such as a Savage/IX-MV card, this results in garbled video and/or a hard-hang at boot time. Fix this by changing an '||' to an '&&' in the S3_SAVAGE4_SERIES macro. Signed-off-by: John P. Stanley <jpsinthemix@verizon.net> Reviewed-by: Tormod Volden <debian.tormod@gmail.com> [ The macros have incomplete parenthesis too, but whatever .. -Linus ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-08-06CodingStyle: Document the exception of not splitting user-visible strings, ↵Josh Triplett
for grepping Patch reviewers now recommend not splitting long user-visible strings, such as printk messages, even if they exceed 80 columns. This avoids breaking grep. However, that recommendation did not actually appear anywhere in Documentation/CodingStyle. See, for example, the thread at http://news.gmane.org/find-root.php?message_id=%3c1312215262.11635.15.camel%40Joe%2dLaptop%3e Signed-off-by: Josh Triplett <josh@joshtriplett.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-08-06vfs: show O_CLOEXE bit properly in /proc/<pid>/fdinfo/<fd> filesLinus Torvalds
The CLOEXE bit is magical, and for performance (and semantic) reasons we don't actually maintain it in the file descriptor itself, but in a separate bit array. Which means that when we show f_flags, the CLOEXE status is shown incorrectly: we show the status not as it is now, but as it was when the file was opened. Fix that by looking up the bit properly in the 'fdt->close_on_exec' bit array. Uli needs this in order to re-implement the pfiles program: "For normal file descriptors (not sockets) this was the last piece of information which wasn't available. This is all part of my 'give Solaris users no reason to not switch' effort. I intend to offer the code to the util-linux-ng maintainers." Requested-by: Ulrich Drepper <drepper@akkadia.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-08-06oom_ajd: don't use WARN_ONCE, just use printk_onceLinus Torvalds
WARN_ONCE() is very annoying, in that it shows the stack trace that we don't care about at all, and also triggers various user-level "kernel oopsed" logic that we really don't care about. And it's not like the user can do anything about the applications (sshd) in question, it's a distro issue. Requested-by: Andi Kleen <andi@firstfloor.org> (and many others) Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-08-06lib/sha1: use the git implementation of SHA-1Mandeep Singh Baines
For ChromiumOS, we use SHA-1 to verify the integrity of the root filesystem. The speed of the kernel sha-1 implementation has a major impact on our boot performance. To improve boot performance, we investigated using the heavily optimized sha-1 implementation used in git. With the git sha-1 implementation, we see a 11.7% improvement in boot time. 10 reboots, remove slowest/fastest. Before: Mean: 6.58 seconds Stdev: 0.14 After (with git sha-1, this patch): Mean: 5.89 seconds Stdev: 0.07 The other cool thing about the git SHA-1 implementation is that it only needs 64 bytes of stack for the workspace while the original kernel implementation needed 320 bytes. Signed-off-by: Mandeep Singh Baines <msb@chromium.org> Cc: Ramsay Jones <ramsay@ramsay1.demon.co.uk> Cc: Nicolas Pitre <nico@cam.org> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: David S. Miller <davem@davemloft.net> Cc: linux-crypto@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>