summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2013-09-08cifs: Add a variable specific to NTLMSSP for key exchange.Shirish Pargaonkar
Add a variable specific to NTLMSSP authentication to determine whether to exchange keys during negotiation and authentication phases. Since session key for smb1 is per smb connection, once a very first sesion is established, there is no need for key exchange during subsequent session setups. As a result, smb1 session setup code sets this variable as false. Since session key for smb2 and smb3 is per smb connection, we need to exchange keys to generate session key for every sesion being established. As a result, smb2/3 session setup code sets this variable as true. Acked-by: Jeff Layton <jlayton@samba.org> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-08cifs: Process post session setup code in respective dialect functions.Shirish Pargaonkar
Move the post (successful) session setup code to respective dialect routines. For smb1, session key is per smb connection. For smb2/smb3, session key is per smb session. If client and server do not require signing, free session key for smb1/2/3. If client and server require signing smb1 - Copy (kmemdup) session key for the first session to connection. Free session key of that and subsequent sessions on this connection. smb2 - For every session, keep the session key and free it when the session is being shutdown. smb3 - For every session, generate the smb3 signing key using the session key and then free the session key. There are two unrelated line formatting changes as well. Reviewed-by: Jeff Layton <jlayton@samba.org> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-08CIFS: convert to use le32_add_cpu()Wei Yongjun
Convert cpu_to_le32(le32_to_cpu(E1) + E2) to use le32_add_cpu(). Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-08CIFS: Fix missing lease breakPavel Shilovsky
If a server sends a lease break to a connection that doesn't have opens with a lease key specified in the server response, we can't find an open file to send an ack. Fix this by walking through all connections we have. Cc: <stable@vger.kernel.org> Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-08CIFS: Fix a memory leak when a lease break comesPavel Shilovsky
This happens when we receive a lease break from a server, then find an appropriate lease key in opened files and schedule the oplock_break slow work. lw pointer isn't freed in this case. Cc: <stable@vger.kernel.org> Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-08cifs: add winucase_convert.pl to Documentation/ directoryJeff Layton
Add the script used to generate the case-conversion tables to the Documentation/ directory, in case we ever need to update or regenerate these tables in the future. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-08cifs: convert case-insensitive dentry ops to use new case conversion routinesJeff Layton
Have the case-insensitive d_compare and d_hash routines convert each character in the filenames to wchar_t's and then use the new cifs_toupper routine to convert those into uppercase. With this scheme we should more closely emulate the case conversion that the servers will do. Reported-and-Tested-by: Jan-Marek Glogowski <glogow@fbihome.de> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-08cifs: add new case-insensitive conversion routines that are based on wchar_t'sJeff Layton
The existing NLS case conversion routines do not appropriately handle the (now common) case where the local host is using UTF8. This is because nls_utf8 has no support at all for converting a utf8 string between cases and the NLS infrastructure in general cannot handle a multibyte input character. In any case, what we really need for cifs is to emulate how we expect the server to convert the character to upper or lowercase. Thus, even if we had routines that could handle utf8 case conversion, we likely would end up with the wrong result if the name ends up being in the upper planes. This patch adds a new scheme for doing unicode case conversion. The case conversion tables that Microsoft has published for Windows 8 have been converted to a set of lookup tables, and a routine is added to convert a wchar_t from lower to uppercase using those tables. Reported-and-Tested-by: Jan-Marek Glogowski <glogow@fbihome.de> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-08[CIFS] Add Scott to list of cifs contributorsSteve French
Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-08cifs: Move and expand MAX_SERVER_SIZE definitionScott Lovenberg
MAX_SERVER_SIZE has been moved to cifs_mount.h and renamed CIFS_NI_MAXHOST for clarity. It has been expanded to 1024 as the previous value of 16 was very short. Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-08cifs: Expand max share name length to 256Scott Lovenberg
The old max share name length limit was 80 due to Windows NET SHARE command not allowing more than that. However, share names can be much longer. This is a more reasonable maximum share name length. Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-08cifs: Move string length definitions to uapiScott Lovenberg
The max string length definitions for user name, domain name, password, and share name have been moved into their own header file in uapi so the mount helper can use autoconf to define them instead of keeping the kernel side and userland side definitions in sync manually. The names have also been standardized with a "CIFS" prefix and "LEN" suffix. Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com> Reviewed-by: Chen Gang <gang.chen@asianux.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-08CIFS: Implement follow_link for nounix CIFS mountsPavel Shilovsky
by using a query reparse ioctl request. Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-08CIFS: Implement follow_link for SMB2Pavel Shilovsky
that allows to access files through symlink created on a server. Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-08cifs: display iocharset= option in /proc/mountsJeff Layton
...but only if it's not the default charset. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-08cifs: create a new Documentation/ directory and move docfiles into itJeff Layton
Currently, we have a number of documentation files that live under fs/cifs/. Generally, these don't get picked up by distro packagers, since they're in a non-standard location. Move them to a new spot under Documentation/ instead. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-08cifs: ensure that srv_mutex is held when dealing with ssocket pointerJeff Layton
Oleksii reported that he had seen an oops similar to this: BUG: unable to handle kernel NULL pointer dereference at 0000000000000088 IP: [<ffffffff814dcc13>] sock_sendmsg+0x93/0xd0 PGD 0 Oops: 0000 [#1] PREEMPT SMP Modules linked in: ipt_MASQUERADE xt_REDIRECT xt_tcpudp iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack ip_tables x_tables carl9170 ath usb_storage f2fs nfnetlink_log nfnetlink md4 cifs dns_resolver hid_generic usbhid hid af_packet uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_core videodev rfcomm btusb bnep bluetooth qmi_wwan qcserial cdc_wdm usb_wwan usbnet usbserial mii snd_hda_codec_hdmi snd_hda_codec_realtek iwldvm mac80211 coretemp intel_powerclamp kvm_intel kvm iwlwifi snd_hda_intel cfg80211 snd_hda_codec xhci_hcd e1000e ehci_pci snd_hwdep sdhci_pci snd_pcm ehci_hcd microcode psmouse sdhci thinkpad_acpi mmc_core i2c_i801 pcspkr usbcore hwmon snd_timer snd_page_alloc snd ptp rfkill pps_core soundcore evdev usb_common vboxnetflt(O) vboxdrv(O)Oops#2 Part8 loop tun binfmt_misc fuse msr acpi_call(O) ipv6 autofs4 CPU: 0 PID: 21612 Comm: kworker/0:1 Tainted: G W O 3.10.1SIGN #28 Hardware name: LENOVO 2306CTO/2306CTO, BIOS G2ET92WW (2.52 ) 02/22/2013 Workqueue: cifsiod cifs_echo_request [cifs] task: ffff8801e1f416f0 ti: ffff880148744000 task.ti: ffff880148744000 RIP: 0010:[<ffffffff814dcc13>] [<ffffffff814dcc13>] sock_sendmsg+0x93/0xd0 RSP: 0000:ffff880148745b00 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff880148745b78 RCX: 0000000000000048 RDX: ffff880148745c90 RSI: ffff880181864a00 RDI: ffff880148745b78 RBP: ffff880148745c48 R08: 0000000000000048 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff880181864a00 R13: ffff880148745c90 R14: 0000000000000048 R15: 0000000000000048 FS: 0000000000000000(0000) GS:ffff88021e200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000088 CR3: 000000020c42c000 CR4: 00000000001407b0 Oops#2 Part7 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Stack: ffff880148745b30 ffffffff810c4af9 0000004848745b30 ffff880181864a00 ffffffff81ffbc40 0000000000000000 ffff880148745c90 ffffffff810a5aab ffff880148745bc0 ffffffff81ffbc40 ffff880148745b60 ffffffff815a9fb8 Call Trace: [<ffffffff810c4af9>] ? finish_task_switch+0x49/0xe0 [<ffffffff810a5aab>] ? lock_timer_base.isra.36+0x2b/0x50 [<ffffffff815a9fb8>] ? _raw_spin_unlock_irqrestore+0x18/0x40 [<ffffffff810a673f>] ? try_to_del_timer_sync+0x4f/0x70 [<ffffffff815aa38f>] ? _raw_spin_unlock_bh+0x1f/0x30 [<ffffffff814dcc87>] kernel_sendmsg+0x37/0x50 [<ffffffffa081a0e0>] smb_send_kvec+0xd0/0x1d0 [cifs] [<ffffffffa081a263>] smb_send_rqst+0x83/0x1f0 [cifs] [<ffffffffa081ab6c>] cifs_call_async+0xec/0x1b0 [cifs] [<ffffffffa08245e0>] ? free_rsp_buf+0x40/0x40 [cifs] Oops#2 Part6 [<ffffffffa082606e>] SMB2_echo+0x8e/0xb0 [cifs] [<ffffffffa0808789>] cifs_echo_request+0x79/0xa0 [cifs] [<ffffffff810b45b3>] process_one_work+0x173/0x4a0 [<ffffffff810b52a1>] worker_thread+0x121/0x3a0 [<ffffffff810b5180>] ? manage_workers.isra.27+0x2b0/0x2b0 [<ffffffff810bae00>] kthread+0xc0/0xd0 [<ffffffff810bad40>] ? kthread_create_on_node+0x120/0x120 [<ffffffff815b199c>] ret_from_fork+0x7c/0xb0 [<ffffffff810bad40>] ? kthread_create_on_node+0x120/0x120 Code: 84 24 b8 00 00 00 4c 89 f1 4c 89 ea 4c 89 e6 48 89 df 4c 89 60 18 48 c7 40 28 00 00 00 00 4c 89 68 30 44 89 70 14 49 8b 44 24 28 <ff> 90 88 00 00 00 3d ef fd ff ff 74 10 48 8d 65 e0 5b 41 5c 41 RIP [<ffffffff814dcc13>] sock_sendmsg+0x93/0xd0 RSP <ffff880148745b00> CR2: 0000000000000088 The client was in the middle of trying to send a frame when the server->ssocket pointer got zeroed out. In most places, that we access that pointer, the srv_mutex is held. There's only one spot that I see that the server->ssocket pointer gets set and the srv_mutex isn't held. This patch corrects that. The upstream bug report was here: https://bugzilla.kernel.org/show_bug.cgi?id=60557 Cc: <stable@vger.kernel.org> Reported-by: Oleksii Shevchuk <alxchk@gmail.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-08ASoC: fsl_spdif: Select regmap-mmioMark Brown
The S/PDIF driver needs regmap so select it to make sure it gets included in the build. Reported-by: Fengguang Wu <fengguang.wu@intel.com> Acked-by: Nicolin Chen <b42378@freescale.com> Signed-off-by: Mark Brown <broonie@linaro.org>
2013-09-08crypto: api - Fix race condition in larval lookupHerbert Xu
crypto_larval_lookup should only return a larval if it created one. Any larval created by another entity must be processed through crypto_larval_wait before being returned. Otherwise this will lead to a larval being killed twice, which will most likely lead to a crash. Cc: stable@vger.kernel.org Reported-by: Kees Cook <keescook@chromium.org> Tested-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-09-07Merge git://git.infradead.org/users/willy/linux-nvmeLinus Torvalds
Pull NVM Express driver update from Matthew Wilcox. * git://git.infradead.org/users/willy/linux-nvme: NVMe: Merge issue on character device bring-up NVMe: Handle ioremap failure NVMe: Add pci suspend/resume driver callbacks NVMe: Use normal shutdown NVMe: Separate controller init from disk discovery NVMe: Separate queue alloc/free from create/delete NVMe: Group pci related actions in functions NVMe: Disk stats for read/write commands only NVMe: Bring up cdev on set feature failure NVMe: Fix checkpatch issues NVMe: Namespace IDs are unsigned NVMe: Update nvme_id_power_state with latest spec NVMe: Split header file into user-visible and kernel-visible pieces NVMe: Call nvme_process_cq from submission path NVMe: Remove "process_cq did something" message NVMe: Return correct value from interrupt handler NVMe: Disk IO statistics NVMe: Restructure MSI / MSI-X setup NVMe: Use kzalloc instead of kmalloc+memset
2013-09-07Merge tag 'ntb-3.12' of git://github.com/jonmason/ntbLinus Torvalds
Pull NTB (non-transparent bridge) updates from Jon Mason: "NTB driver bug fixes to address issues in NTB-RP enablement, spad, debugfs, and USD/DSD identification. Add a workaround on Xeon NTB devices for b2bdoorbell errata. Also, add new NTB driver features to support 32bit x86, DMA engine support, and NTB-RP support. Finally, a few clean-ups and update to MAINTAINERS for the NTB git tree and wiki location" * tag 'ntb-3.12' of git://github.com/jonmason/ntb: ntb: clean up unnecessary MSI/MSI-X capability find MAINTAINERS: Add Website and Git Tree for NTB NTB: Update Version NTB: Comment Fix NTB: Remove unused variable NTB: Remove References of non-B2B BWD HW NTB: NTB-RP support NTB: Rename Variables for NTB-RP NTB: Use DMA Engine to Transmit and Receive NTB: Enable 32bit Support NTB: Update Device IDs NTB: BWD Link Recovery NTB: Xeon Errata Workaround NTB: Correct debugfs to work with more than 1 NTB Device NTB: Correct USD/DSD Identification NTB: Correct Number of Scratch Pad Registers NTB: Add Error Handling in ntb_device_setup
2013-09-07Merge tag 'mfd-3.12-1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-next Pull MFD (multi-function device) updates from Samuel Ortiz: "For the 3.12 merge window we have one new driver for the DA9063 PMIC from Dialog Semiconductor. Besides that driver we also have: - Device tree support for the s2mps11 driver - More devm_* conversion for the pm8921, max89xx, menelaus, tps65010, wl1273 and pcf50633-adc drivers. - A conversion to threaded IRQ and IRQ domain for the twl6030 driver. - A fairly big update for the rtsx driver: Better power saving support, better vendor settings handling, and a few fixes. - Support for a couple more boards (COMe-bHL6 and COMe-cTH6) for the Kontron driver. - A conversion to the dev_get_platdata() API for all MFD drivers. - A removal of non-DT (legacy) support for the twl6040 driver. - A few fixes and additions (Mic detect level) to the wm5110 register tables. - Regmap support for the davinci_voicecodec driver. - The usual bunch of minor cleanups and janitorial fixes" * tag 'mfd-3.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-next: (81 commits) mfd: ucb1x00-core: Rewrite ucb1x00_add_dev() mfd: ab8500-debugfs: Apply a check for -ENOMEM after allocating memory for event name mfd: ab8500-debugfs: Apply a check for -ENOMEM after allocating memory for sysfs mfd: timberdale: Use module_pci_driver mfd: timberdale: Remove redundant break mfd: timberdale: Staticize local variables mfd: ab8500-debugfs: Staticize local variables mfd: db8500-prcmu: Staticize clk_mgt mfd: db8500-prcmu: Use ANSI function declaration mfd: omap-usb-host: Staticize usbhs_driver_name mfd: 88pm805: Fix potential NULL pdata dereference mfd: 88pm800: Fix potential NULL pdata dereference mfd: twl6040: Use regmap for register cache mfd: davinci_voicecodec: Provide a regmap for register I/O mfd: davinci_voicecodec: Remove unused read and write functions mmc: memstick: rtsx: Modify copyright comments mmc: rtsx: Clear SD_CLK toggle enable bit if switching voltage fail mfd: mmc: rtsx: Change default tx phase mfd: pcf50633-adc: Use devm_*() functions mfd: rtsx: Copyright modifications ...
2013-09-07Merge branch 'misc' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull misc kbuild updates from Michal Marek: "In the kbuild misc branch, I have: - make rpm-pkg updates, most importantly the rpm package now calls /sbin/installkernel - make deb-pkg: debuginfo split, correct kernel image path for parisc, mips and powerpc and a couple more minor fixes - New coccinelle check" * 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: scripts/checkkconfigsymbols.sh: replace echo -e with printf Provide version number for Debian firmware package coccinelle: replace 0/1 with false/true in functions returning bool deb-pkg: add a hook argument to match debian hooks parameters deb-pkg: fix installed image path on parisc, mips and powerpc deb-pkg: split debug symbols in their own package deb-pkg: use KCONFIG_CONFIG instead of .config file directly rpm-pkg: add generation of kernel-devel rpm-pkg: install firmware files in kernel relative directory rpm-pkg: add %post section to create initramfs and grub hooks
2013-09-07Merge branch 'kbuild' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull kbuild update from Michal Marek: "Only these two commits are in the kbuild branch this time: - Using filechk for include/config/kernel.release - Cleanup in scripts/sortextable.c" * 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: kbuild: Do not overwrite include/config/kernel.release needlessly scripts: remove unused function in sortextable.c
2013-09-07Kill indirect include of file.h from eventfd.h, use fdget() in cgroup.cAl Viro
kernel/cgroup.c is the only place in the tree that relies on eventfd.h pulling file.h; move that include there. Switch from eventfd_fget()/fput() to fdget()/fdput(), while we are at it - eventfd_ctx_fileget() will fail on non-eventfd descriptors just fine, no need to do that check twice... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-09-07prune_super(): sb->s_op is never NULLAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-09-07exportfs: don't assume that ->iterate() won't feed us too long entriesAl Viro
On some filesystems it's impossible even with fs corruption, but we'd better not rely on that, what with memcpy() into on-stack array we are doing there. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-09-07afs: get rid of redundant ->d_name.len checksAl Viro
No dentry can get to directory modification methods without having passed either ->lookup() or ->atomic_open(); if name is rejected by those two (or by ->d_hash()) with an error, it won't be seen by anything else. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-09-07lockref: add ability to mark lockrefs "dead"Linus Torvalds
The only actual current lockref user (dcache) uses zero reference counts even for perfectly live dentries, because it's a cache: there may not be any users, but that doesn't mean that we want to throw away the dentry. At the same time, the dentry cache does have a notion of a truly "dead" dentry that we must not even increment the reference count of, because we have pruned it and it is not valid. Currently that distinction is not visible in the lockref itself, and the dentry cache validation uses "lockref_get_or_lock()" to either get a new reference to a dentry that already had existing references (and thus cannot be dead), or get the dentry lock so that we can then verify the dentry and increment the reference count under the lock if that verification was successful. That's all somewhat complicated. This adds the concept of being "dead" to the lockref itself, by simply using a count that is negative. This allows a usage scenario where we can increment the refcount of a dentry without having to validate it, and pushing the special "we killed it" case into the lockref code. The dentry code itself doesn't actually use this yet, and it's probably too late in the merge window to do that code (the dentry_kill() code with its "should I decrement the count" logic really is pretty complex code), but let's introduce the concept at the lockref level now. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-09-07NFSv4: use mach cred for SECINFO_NO_NAME w/ integrityWeston Andros Adamson
Commit 97431204ea005ec8070ac94bc3251e836daa7ca7 introduced a regression that causes SECINFO_NO_NAME to fail without sending an RPC if: 1) the nfs_client's rpc_client is using krb5i/p (now tried by default) 2) the current user doesn't have valid kerberos credentials This situation is quite common - as of now a sec=sys mount would use krb5i for the nfs_client's rpc_client and a user would hardly be faulted for not having run kinit. The solution is to use the machine cred when trying to use an integrity protected auth flavor for SECINFO_NO_NAME. Older servers may not support using the machine cred or an integrity protected auth flavor for SECINFO_NO_NAME in every circumstance, so we fall back to using the user's cred and the filesystem's auth flavor in this case. We run into another problem when running against linux nfs servers - they return NFS4ERR_WRONGSEC when using integrity auth flavor (unless the mount is also that flavor) even though that is not a valid error for SECINFO*. Even though it's against spec, handle WRONGSEC errors on SECINFO_NO_NAME by falling back to using the user cred and the filesystem's auth flavor. Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-07NFS: nfs_compare_super shouldn't check the auth flavour unless 'sec=' was setTrond Myklebust
Also don't worry about obsolete mount flags... Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-07lockref: fix docbook argument namesLinus Torvalds
The code got rewritten, but the comments got copied as-is from older versions, and as a result the argument name in the comment didn't actually match the code any more. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-09-07NFSv4: Allow security autonegotiation for submountsTrond Myklebust
In cases where the parent super block was not mounted with a 'sec=' line, allow autonegotiation of security for the submounts. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-07NFSv4: Disallow security negotiation for lookups when 'sec=' is specifiedTrond Myklebust
Ensure that nfs4_proc_lookup_common respects the NFS_MOUNT_SECFLAVOUR flag. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-07Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs pile 2 (of many) from Al Viro: "Mostly Miklos' series this time" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: constify dcache.c inlined helpers where possible fuse: drop dentry on failed revalidate fuse: clean up return in fuse_dentry_revalidate() fuse: use d_materialise_unique() sysfs: use check_submounts_and_drop() nfs: use check_submounts_and_drop() gfs2: use check_submounts_and_drop() afs: use check_submounts_and_drop() vfs: check unlinked ancestors before mount vfs: check submounts and drop atomically vfs: add d_walk() vfs: restructure d_genocide()
2013-09-07Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace Pull namespace changes from Eric Biederman: "This is an assorted mishmash of small cleanups, enhancements and bug fixes. The major theme is user namespace mount restrictions. nsown_capable is killed as it encourages not thinking about details that need to be considered. A very hard to hit pid namespace exiting bug was finally tracked and fixed. A couple of cleanups to the basic namespace infrastructure. Finally there is an enhancement that makes per user namespace capabilities usable as capabilities, and an enhancement that allows the per userns root to nice other processes in the user namespace" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: userns: Kill nsown_capable it makes the wrong thing easy capabilities: allow nice if we are privileged pidns: Don't have unshare(CLONE_NEWPID) imply CLONE_THREAD userns: Allow PR_CAPBSET_DROP in a user namespace. namespaces: Simplify copy_namespaces so it is clear what is going on. pidns: Fix hang in zap_pid_ns_processes by sending a potentially extra wakeup sysfs: Restrict mounting sysfs userns: Better restrictions on when proc and sysfs can be mounted vfs: Don't copy mount bind mounts of /proc/<pid>/ns/mnt between namespaces kernel/nsproxy.c: Improving a snippet of code. proc: Restrict mounting the proc filesystem vfs: Lock in place mounts from more privileged users
2013-09-07Merge branch 'next' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull security subsystem updates from James Morris: "Nothing major for this kernel, just maintenance updates" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (21 commits) apparmor: add the ability to report a sha1 hash of loaded policy apparmor: export set of capabilities supported by the apparmor module apparmor: add the profile introspection file to interface apparmor: add an optional profile attachment string for profiles apparmor: add interface files for profiles and namespaces apparmor: allow setting any profile into the unconfined state apparmor: make free_profile available outside of policy.c apparmor: rework namespace free path apparmor: update how unconfined is handled apparmor: change how profile replacement update is done apparmor: convert profile lists to RCU based locking apparmor: provide base for multiple profiles to be replaced at once apparmor: add a features/policy dir to interface apparmor: enable users to query whether apparmor is enabled apparmor: remove minimum size check for vmalloc() Smack: parse multiple rules per write to load2, up to PAGE_SIZE-1 bytes Smack: network label match fix security: smack: add a hash table to quicken smk_find_entry() security: smack: fix memleak in smk_write_rules_list() xattr: Constify ->name member of "struct xattr". ...
2013-09-07Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Linus Torvalds
Pull crypto update from Herbert Xu: "Here is the crypto update for 3.12: - Added MODULE_SOFTDEP to allow pre-loading of modules. - Reinstated crct10dif driver using the module softdep feature. - Allow via rng driver to be auto-loaded. - Split large input data when necessary in nx. - Handle zero length messages correctly for GCM/XCBC in nx. - Handle SHA-2 chunks bigger than block size properly in nx. - Handle unaligned lengths in omap-aes. - Added SHA384/SHA512 to omap-sham. - Added OMAP5/AM43XX SHAM support. - Added OMAP4 TRNG support. - Misc fixes" * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (66 commits) Reinstate "crypto: crct10dif - Wrap crc_t10dif function all to use crypto transform framework" hwrng: via - Add MODULE_DEVICE_TABLE crypto: fcrypt - Fix bitoperation for compilation with clang crypto: nx - fix SHA-2 for chunks bigger than block size crypto: nx - fix GCM for zero length messages crypto: nx - fix XCBC for zero length messages crypto: nx - fix limits to sg lists for AES-CCM crypto: nx - fix limits to sg lists for AES-XCBC crypto: nx - fix limits to sg lists for AES-GCM crypto: nx - fix limits to sg lists for AES-CTR crypto: nx - fix limits to sg lists for AES-CBC crypto: nx - fix limits to sg lists for AES-ECB crypto: nx - add offset to nx_build_sg_lists() padata - Register hotcpu notifier after initialization padata - share code between CPU_ONLINE and CPU_DOWN_FAILED, same to CPU_DOWN_PREPARE and CPU_UP_CANCELED hwrng: omap - reorder OMAP TRNG driver code crypto: omap-sham - correct dma burst size crypto: omap-sham - Enable Polling mode if DMA fails crypto: tegra-aes - bitwise vs logical and crypto: sahara - checking the wrong variable ...
2013-09-07Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds
Pull networking fixes from David Miller: "A quick set of fixes, some to deal with fallout from yesterday's net-next merge. 1) Fix compilation of bnx2x driver with CONFIG_BNX2X_SRIOV disabled, from Dmitry Kravkov. 2) Fix a bnx2x regression caused by one of Dave Jones's mistaken braces changes, from Eilon Greenstein. 3) Add some protective filtering in the netlink tap code, from Daniel Borkmann. 4) Fix TCP congestion window growth regression after timeouts, from Yuchung Cheng. 5) Correctly adjust TCP's rcv_ssthresh for out of order packets, from Eric Dumazet" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: tcp: properly increase rcv_ssthresh for ofo packets net: add documentation for BQL helpers mlx5: remove unused MLX5_DEBUG param in Kconfig bnx2x: Restore a call to config_init bnx2x: fix broken compilation with CONFIG_BNX2X_SRIOV is not set tcp: fix no cwnd growth after timeout net: netlink: filter particular protocols from analyzers
2013-09-07NFSv4: Fix security auto-negotiationTrond Myklebust
NFSv4 security auto-negotiation has been broken since commit 4580a92d44e2b21c2254fa5fef0f1bfb43c82318 (NFS: Use server-recommended security flavor by default (NFSv3)) because nfs4_try_mount() will automatically select AUTH_SYS if it sees no auth flavours. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: Chuck Lever <chuck.lever@oracle.com>
2013-09-07NFS: Clean up nfs_parse_security_flavors()Trond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-07NFS: Clean up the auth flavour array messTrond Myklebust
What is the point of having a 'auth_flavor_len' field, if it is always set to 1, and can't be used to determine if the user has selected an auth flavour? This cleanup goes back to using auth_flavor_len for its original intended purpose, and gets rid of the ad-hoc replacements. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-07Input: evdev - add EVIOCREVOKE ioctlDavid Herrmann
If we have multiple sessions on a system, we normally don't want background sessions to read input events. Otherwise, it could capture passwords and more entered by the user on the foreground session. This is a real world problem as the recent XMir development showed: http://mjg59.dreamwidth.org/27327.html We currently rely on sessions to release input devices when being deactivated. This relies on trust across sessions. But that's not given on usual systems. We therefore need a way to control which processes have access to input devices. With VTs the kernel simply routed them through the active /dev/ttyX. This is not possible with evdev devices, though. Moreover, we want to avoid routing input-devices through some dispatcher-daemon in userspace (which would add some latency). This patch introduces EVIOCREVOKE. If called on an evdev fd, this revokes device-access irrecoverably for that *single* open-file. Hence, once you call EVIOCREVOKE on any dup()ed fd, all fds for that open-file will be rather useless now (but still valid compared to close()!). This allows us to pass fds directly to session-processes from a trusted source. The source keeps a dup()ed fd and revokes access once the session-process is no longer active. Compared to the EVIOCMUTE proposal, we can avoid the CAP_SYS_ADMIN restriction now as there is no way to revive the fd again. Hence, a user is free to call EVIOCREVOKE themself to kill the fd. Additionally, this ioctl allows multi-layer access-control (again compared to EVIOCMUTE which was limited to one layer via CAP_SYS_ADMIN). A middle layer can simply request a new open-file from the layer above and pass it to the layer below. Now each layer can call EVIOCREVOKE on the fds to revoke access for all layers below, at the expense of one fd per layer. There's already ongoing experimental user-space work which demonstrates how it can be used: http://lists.freedesktop.org/archives/systemd-devel/2013-August/012897.html Signed-off-by: David Herrmann <dh.herrmann@gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2013-09-07Merge branch 'hwmon-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging Pull hwmon fixes from Jean Delvare. * 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging: hwmon: (emc6w201) Do not declare enum variable hwmon: (w83792d) Update module author
2013-09-07Merge tag 'gpio-v3.12-1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Pull GPIO updates from Linus Walleij: "This is the bulk of GPIO changes for the v3.12 series: - A new driver for the TZ1090 PDC which is used on the metag architecture. - A new driver for the Kontron ETX or COMexpress GPIO block. This is found on some ETX x86 devices. - A new driver for the Fintek Super-I/O chips, used on some x86 boards. - Added device tree probing on a few select GPIO blocks. - Drop the Exynos support from the Samsung GPIO driver. The Samsung maintainers have moved over to use the modernized pin control driver to provide GPIO for the modern platforms instead. - The usual bunch of non-critical fixes and cleanups" * tag 'gpio-v3.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: (36 commits) gpio: return -ENOTSUPP if debounce cannot be set gpio: improve error path in gpiolib gpio: add GPIO support for F71882FG and F71889F of: add vendor prefix for Microchip Technology Inc gpio: mcp23s08: rename the device tree property gpio: samsung: Drop support for Exynos SoCs gpio: pcf857x: Remove pdata argument to pcf857x_irq_domain_init() gpio: pcf857x: Sort headers alphabetically gpio: max7301: Reverting "Do not force SPI speed when using OF Platform" gpio: Fix bit masking in Kontron PLD GPIO driver gpio: pca953x: fix gpio input on gpio offsets >= 8 drivers/gpio: simplify use of devm_ioremap_resource drivers/gpio/gpio-omap.c: convert comma to semicolon gpio-lynxpoint: Fix warning about unbalanced pm_runtime_enable gpio: Fix platform driver name in Kontron PLD GPIO driver gpio: adnp: Fix segfault if request_threaded_irq fails gpio: msm: Staticize local variable 'msm_gpio' gpio: gpiolib-of.c: make error message more meaningful by adding the node name and index gpio: use dev_get_platdata() gpio/mxc: add chained_irq_enter/exit() to mx2_gpio_irq_handler ...
2013-09-07Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input updates from Dmitry Torokhov: "A new driver for slidebar on Ideapad laptops and a bunch of assorted driver fixes" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: (32 commits) Input: add SYN_MAX and SYN_CNT constants Input: max11801_ts - convert to devm Input: egalax-ts - fix typo and improve text Input: MAINTAINERS - change maintainer for cyttsp driver Input: cyttsp4 - kill 'defined but not used' compiler warnings Input: add driver for slidebar on Lenovo IdeaPad laptops Input: omap-keypad - set up irq type from DT Input: omap-keypad - enable wakeup capability for keypad. Input: omap-keypad - clear interrupts on open Input: omap-keypad - convert to threaded IRQ Input: omap-keypad - use bitfiled instead of hardcoded values Input: cyttsp4 - remove useless NULL test from cyttsp4_watchdog_timer() Input: wacom - fix error return code in wacom_probe() Input: as5011 - fix error return code in as5011_probe() Input: keyboard, serio - simplify use of devm_ioremap_resource Input: tegra-kbc - simplify use of devm_ioremap_resource Input: htcpen - fix incorrect placement of __initdata Input: qt1070 - add power management ops Input: wistron_btns - add MODULE_DEVICE_TABLE Input: wistron_btns - mark the Medion MD96500 keymap as tested ...
2013-09-07Revert "Input: introduce BTN/ABS bits for drums and guitars"Linus Torvalds
This reverts commits 61e00655e9cb, 73f8645db191 and 8e22ecb603c8: "Input: introduce BTN/ABS bits for drums and guitars" "HID: wiimote: add support for Guitar-Hero drums" "HID: wiimote: add support for Guitar-Hero guitars" The extra new ABS_xx values resulted in ABS_MAX no longer being a power-of-two, which broke the comparison logic. It also caused the ioctl numbers to overflow into the next byte, causing problems for that. We'll try again for 3.13. Reported-by: Markus Trippelsdorf <markus@trippelsdorf.de> Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Acked-by: David Herrmann <dh.herrmann@gmail.com> Acked-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Cc: Benjamin Tissoires <benjamin.tissoires@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-09-07s390/compat,uid16: use current_cred()Heiko Carstens
86a264ab "CRED: Wrap current->cred and a few other accessors" converted all uses of current->cred into current_cred() but left s390 alone. So let's convert s390 finally as well, only five years later. This way we also get rid of a sparse warning which complains about a possible invalid rcu dereference which however is a false positive. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2013-09-07s390/ap_bus: use and-mask instead of a castHeiko Carstens
Let's get rid of another sparse false positive: drivers/s390/crypto/ap_bus.c:416:64: warning: cast truncates bits from constant value (102030405060708 becomes 5060708) So instead of using a cast let's use an and-mask. That way sparse remains silent and one doesn't always have to check if this is a valid warning/bug or just a false positive. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2013-09-07s390/ftrace: avoid pointer arithmetics with function pointersHeiko Carstens
Pointer arithmetics with function pointers is not really defined, but seems to do the right thing. Let's cast to a void pointer to have a defined behaviour, at least when using gcc. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>