On 4/10/07, Andrew Morton [EMAIL PROTECTED] wrote:
On Tue, 10 Apr 2007 20:36:00 -0700 Nate Diller [EMAIL PROTECTED] wrote:
It's very common for file systems to need to zero part or all of a page, the
simplist way is just to use kmap_atomic() and memset(). There's actually a
library function
This patchset adds support for keeping mount ownership information in
the kernel, and allow unprivileged mount(2) and umount(2) in certain
cases.
Well, I'd like to feel all smart and point out some bugs, but the code
all reads very nicely, seems to work as advertised, and while I won't
- users can use bind mounts without having to pre-configure them in
/etc/fstab
This is by far the biggest concern I see. I think the security
implication of allowing anyone to do bind mounts are poorly understood.
And especially so since there is no way for a filesystem
Hello,
I have a question regarding calling write() from an interrupt context
in the kernel:
is it possible ?
There is an article about reading/writing files from the kernel
by GregKH; see: http://interactive.linuxjournal.com/article/8110
Everybody (including the author) admits that
On Wed, 2007-04-11 at 12:48 +0200, Miklos Szeredi wrote:
- users can use bind mounts without having to pre-configure them in
/etc/fstab
This is by far the biggest concern I see. I think the security
implication of allowing anyone to do bind mounts are poorly
Quoting Ian Kent ([EMAIL PROTECTED]):
On Wed, 2007-04-11 at 12:48 +0200, Miklos Szeredi wrote:
- users can use bind mounts without having to pre-configure them in
/etc/fstab
This is by far the biggest concern I see. I think the security
implication of allowing
On Wed, 2007-04-11 at 09:26 -0500, Serge E. Hallyn wrote:
Quoting Ian Kent ([EMAIL PROTECTED]):
On Wed, 2007-04-11 at 12:48 +0200, Miklos Szeredi wrote:
- users can use bind mounts without having to pre-configure them in
/etc/fstab
This is by far the biggest
Quoting Ian Kent ([EMAIL PROTECTED]):
On Wed, 2007-04-11 at 09:26 -0500, Serge E. Hallyn wrote:
Quoting Ian Kent ([EMAIL PROTECTED]):
On Wed, 2007-04-11 at 12:48 +0200, Miklos Szeredi wrote:
- users can use bind mounts without having to pre-configure them
in
On Tue, 10 April 2007 22:56:38 -0700, Andrew Morton wrote:
And I'm surprised that this:
+static inline void memclear_highpage_flush(struct page *page, unsigned int
offset, unsigned int size)
+{
+ return zero_user_page(page, offset, size);
+}
compiled. zero_user_page() returns
On Wed, 2007-04-11 at 12:44 +0200, Miklos Szeredi wrote:
1. clone the master namespace.
2. in the new namespace
move the tree under /share/$me to /
for each ($user, $what, $how) {
move /share/$user/$what to /$what
if ($how == slave) {
These patches build on the patchset labelled AF_RXRPC socket family and AFS
rewrite. The patches are also available for http download.
Firstly, the patches fix a number of bugs in AF_RXRPC:
http://people.redhat.com/~dhowells/rxrpc/09-af_rxrpc-own-workqueues.diff
Make the AF_RXRPC module use its own workqueues with their own per-CPU threads.
Currently it uses keventd to do the following tasks, amongst others:
(*) Security negotiation
(*) Packet encryption and decryption
(*) Packet resending
(*) ACK, abort and busy packet generation
(*) Timeout
Make a couple of fixes to AF_RXRPC:
(1) The dead call timeout is shortened to 2 seconds. Without this, each
completed call sits around eating up resources for 10 seconds. The calls
need to hang around for a little while in case duplicate packets appear,
but 10 seconds is
Fix a deadlock in the give-up-callback aggregator dispatcher work item whereby
the aggregator runs on keventd as does timed autounmount, thus leading to the
unmount blocking keventd whilst waiting for keventd to run the aggregator when
the give-up-callback buffer is full.
Signed-Off-By: David
Make two changes to the AF_RXRPC key handling to make it easier for AFS to
use:
(1) Export key_type_rxrpc so that AFS can request keys of this type.
(2) Make it possible to have keys that represent no security. These are
created by instantiating the keys with no data.
Signed-Off-By:
Handle multiple mounts of an AFS superblock correctly, checking to see whether
the superblock is already initialised after calling sget() rather than just
unconditionally stamping all over it.
Also delete the silent parameter to afs_fill_super() as it's not used and
can, in any case, be obtained
Correctly alter the relocation state after update is complete by switching it
from Updating to Valid.
Also display the record state in the vlocation database proc file.
Signed-Off-By: David Howells [EMAIL PROTECTED]
---
fs/afs/proc.c | 15 +--
fs/afs/vlocation.c |4 +++-
On Wed, Apr 11, 2007 at 08:10:37PM +0100, David Howells wrote:
Add security support to the AFS filesystem. Kerberos IV tickets are
added as RxRPC keys are added to the session keyring with the klog
program. open() and other VFS operations then find this ticket with
request_key() and either
It would be nice in general if we could avoid any sort of checks for
(mnt-mnt_ns == init_nsproxy.mnt_ns). Maybe that won't be possible,
but, taking the two listed examples:
[snip]
It's probably worthwile going after these problematic cases, and
fixing them, OTOH it's not easy to audit a
Quoting Miklos Szeredi ([EMAIL PROTECTED]):
It would be nice in general if we could avoid any sort of checks for
(mnt-mnt_ns == init_nsproxy.mnt_ns). Maybe that won't be possible,
but, taking the two listed examples:
[snip]
It's probably worthwile going after these problematic cases,
J. Bruce Fields [EMAIL PROTECTED] wrote:
Just curious--when is the actual crypto done? There doesn't seem to be
any in this patch.
See AF_RXRPC patch:
http://people.redhat.com/~dhowells/rxrpc/04-af_rxrpc.diff
You turn on CONFIG_RXKAD and load the rxkad module thus built (assuming
Quoting Miklos Szeredi ([EMAIL PROTECTED]):
Not objecting to prctl(), but two other options would be
1. add a CLONE_NEW_NS_USERMNT flag - kind of ugly, but that is
the time at which the ns is created, so in that sense it
makes sense.
Yes, I thought about this, but
A while back, Christoph mentioned that he thought that iunique ought to be
cleaned up to use a more conventional loop construct. This patch does that,
turning the strange goto loop into a do/while.
Signed-off-by: Jeff Layton [EMAIL PROTECTED]
diff --git a/fs/inode.c b/fs/inode.c
index
Nick Piggin recently changed the read_cache_page interface to be
synchronous, which is pretty much what the file systems want anyway. Turns
out that they have more in common than that, though, and some of them want
to be able to get an uptodate *locked* page. Many of them want a kmapped
page,
read_mapping_page_async() is going away, so convert its only user to
read_mapping_page(). This change has not been benchmarked, however, in
order to get real parallelism this wants something completely different,
like __do_page_cache_readahead(), which is not currently exported.
Signed-off-by:
Export a single version of read_cache_page, which returns with a locked,
Uptodate page or a synchronous error, and use inline helper functions to
replicate the old behavior. Also, introduce new helper functions for the
most common file system uses, which include kmapping the page, as well as
Replace ext2_get_page() and ext2_put_page() using the new read_kmap_page()
and put_kmapped_page() calls. Also, change the ext2_check_page() call to
return the page's error status, and update the call sites accordingly.
Signed-off-by: Nate Diller [EMAIL PROTECTED]
---
diff -urpN -X dontdiff
Use the new locking variant of read_mapping_page to avoid doing extra work.
Signed-off-by: Nate Diller [EMAIL PROTECTED]
---
diff -urpN -X dontdiff linux-2.6.21-rc6-mm1/fs/jfs/jfs_metapage.c
linux-2.6.21-rc6-mm1-test/fs/jfs/jfs_metapage.c
--- linux-2.6.21-rc6-mm1/fs/jfs/jfs_metapage.c
Replace jffs2_gc_fetch_page() and jffs2_gc_release_page() using the
read_cache_page() and put_kmapped_page() calls, and update the call site
accordingly. Explicit calls to kmap()/kunmap() make the code more clear.
Signed-off-by: Nate Diller [EMAIL PROTECTED]
---
diff -urpN -X dontdiff
Replace minix dir_get_page() and dir_put_page() using the new
read_kmap_page() and put_kmapped_page()/put_locked_page() calls. Also, use
__read_kmap_page() instead of re-taking the page_lock.
Signed-off-by: Nate Diller [EMAIL PROTECTED]
---
diff -urpN -X dontdiff
Replace page_read() with read_kmap_page()/__read_kmap_page(). This probably
fixes behaviour on highmem systems, since page_address() was being used
without kmap(). Also eliminate the need to re-take the page lock during
writes to the page.
Signed-off-by: Nate Diller [EMAIL PROTECTED]
---
diff
read_mapping_page() is now fully synchronous, so there's no need wait for
the page lock or check for I/O errors.
Signed-off-by: Nate Diller [EMAIL PROTECTED]
---
diff -urpN -X dontdiff
linux-2.6.21-rc6-mm1/fs/reiser4/plugin/file/tail_conversion.c
Replace sysv dir_get_page() with the new read_kmap_page().
Signed-off-by: Nate Diller [EMAIL PROTECTED]
---
diff -urpN -X dontdiff linux-2.6.21-rc5-mm4/fs/sysv/dir.c
linux-2.6.21-rc5-mm4-test/fs/sysv/dir.c
--- linux-2.6.21-rc5-mm4/fs/sysv/dir.c 2007-04-05 17:14:25.0 -0700
+++
Replace ufs_get_page()/ufs_get_locked_page() and
ufs_put_page()/ufs_put_locked_page() using the new read_kmap_page() and
put_kmapped_page() calls and their locking variants. Also, change the
ufs_check_page() call to return the page's error status, and update the
call sites accordingly.
Replace ntfs_map_page() and ntfs_unmap_page() using the new read_kmap_page()
and put_kmapped_page() calls, and their locking variants, and remove
unneeded PageError checking.
Signed-off-by: Nate Diller [EMAIL PROTECTED]
---
diff -urpN -X dontdiff linux-2.6.21-rc5-mm4/fs/ntfs/aops.h
Now that read_mapping_page() does error checking internally, there is no
need to check PageError here.
Signed-off-by: Nate Diller [EMAIL PROTECTED]
---
diff -urpN -X dontdiff linux-2.6.21-rc6-mm1/fs/hfs/bnode.c
linux-2.6.21-rc6-mm1-test/fs/hfs/bnode.c
--- linux-2.6.21-rc6-mm1/fs/hfs/bnode.c
http://www.kernel.org/pub/linux/kernel/people/npiggin/patches/new-aops/
2.6.21-rc6-new-aops*
New aops patchset against 2.6.21-rc6.
Reworked the cont helpers to be better aligned with the old scheme.
This unbroke reiserfs (hopefully the only showstopper), and made fat
conversion simpler.
37 matches
Mail list logo
