Re: [RFC PATCH] X.509: Don't check the signature on apparently self-signed keys [ver #2]

Mimi Zohar wrote: > The x509_validate_trust() was originally added for IMA to ensure, on a > secure boot system, a certificate chain of trust rooted in hardware. > The IMA MOK keyring extends this certificate chain of trust to the > running system. The problem is that

[PATCH] X.509: Partially revert patch to add validation against IMA MOK keyring

d keyring. Whilst I appreciate what the patch is trying to do, I don't think this is quite the right solution. Signed-off-by: David Howells <dhowe...@redhat.com> cc: Petko Manolov <pet...@mip-labs.com> cc: Mimi Zohar <zo...@linux.vnet.ibm.com> cc: keyri...@vger.kernel.org -

Re: [RFC PATCH] X.509: Don't check the signature on apparently self-signed keys [ver #2]

Mimi Zohar wrote: > Once the builtin keys are loaded onto the system keyring, isn't the > system keyring locked? No. David -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More

Re: [PATCH] X.509: Partially revert patch to add validation against IMA MOK keyring

David Howells <dhowe...@redhat.com> wrote: > Partially revert commit 41c89b64d7184a780f12f2cccdabe65cb2408893: > > Author: Petko Manolov <pet...@mip-labs.com> > Date: Wed Dec 2 17:47:55 2015 +0200 > IMA: create machine owner and blacklis

Re: [RFC PATCH] X.509: Don't check the signature on apparently self-signed keys [ver #2]

Mimi Zohar wrote: > You're missing Petko's patch: > 41c89b6 IMA: create machine owner and blacklist keyrings It should also be cc'd to the keyrings mailing list. David -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of

[RFC PATCH] X.509: Don't treat self-signed keys specially

on a self-signed cert then succeeding. This is most likely to happen when a duplicate of the certificate is already on the trust keyring - in which case it shouldn't be a problem. Signed-off-by: David Howells <dhowe...@redhat.com> cc: David Woodhouse <david.woodho...@intel.com> cc: Mi

Re: [RFC PATCH] X.509: Don't check the signature on apparently self-signed keys [ver #2]

Mimi Zohar wrote: > You're missing Petko's patch: > 41c89b6 IMA: create machine owner and blacklist keyrings Hmmm... This is wrong. x509_key_preparse() shouldn't be polling the IMA MOK keyring under all circumstances. David -- To unsubscribe from this list: send the

Re: [RFC PATCH] X.509: Don't check the signature on apparently self-signed keys [ver #2]

David Howells <dhowe...@redhat.com> wrote: > If a certificate is self-signed, don't bother checking the validity of the > signature. The cert cannot be checked by validation against the next one > in the chain as this is the root of the chain. Trust for this certificate > can

[RFC PATCH] X.509: Don't check the signature on apparently self-signed keys

module when the result of calculating "m = s^e mod n" is checked. Signed-off-by: David Howells <dhowe...@redhat.com> cc: David Woodhouse <david.woodho...@intel.com> cc: Mimi Zohar <zo...@linux.vnet.ibm.com> --- crypto/asymmetric_keys/x509_public_key.c | 15 ++

[PATCH 0/4] X.509: Fix time handling

Here's a set of patches that fix X.509 time handling in three ways: (1) Fix leap year handling. (2) Add leap second handling (where you get a time of 23:59:60). (3) Add end-of-day midnight encoding (where you get a time of 24:00:00). David --- David Howells (4): X.509: Fix leap year

[RFC PATCH 2/4] Handle ISO 8601 leap seconds and encodings of midnight in mktime64()

as valid parameters. These facility will be used by the X.509 parser. Doing it in mktime64() makes the policy common to the whole kernel and easier to find. Signed-off-by: David Howells <dhowe...@redhat.com> cc: Arnd Bergmann <a...@arndb.de> cc: John Stultz <john.stu...@linaro.org>

[RFC PATCH 4/4] X.509: Handle midnight alternative notation in GeneralizedTime

Polzer <rpol...@google.com> Signed-off-by: David Howells <dhowe...@redhat.com> cc: David Woodhouse <david.woodho...@intel.com> cc: John Stultz <john.stu...@linaro.org> cc: Arnd Bergmann <a...@arndb.de> --- crypto/asymmetric_keys/x509_cert_parser.c |2 +- 1 file chang

[RFC PATCH 3/4] X.509: Support leap seconds

pol...@google.com> Signed-off-by: David Howells <dhowe...@redhat.com> cc: Arnd Bergmann <a...@arndb.de> cc: David Woodhouse <david.woodho...@intel.com> cc: John Stultz <john.stu...@linaro.org> --- crypto/asymmetric_keys/x509_cert_parser.c |2 +- 1 file changed, 1 insertion

Re: [PATCH] X.509: Fix determination of self-signedness

Josh Boyer wrote: > Should this also be Cc'd to stable? Argh. Probably. David -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at

Re: [GIT PULL] Keys fixes

Linus Torvalds <torva...@linux-foundation.org> wrote: > > David Howells (7): > > Handle leap seconds in mktime64() > > This one is completely wrong. > > Leap seconds are inserted *at* the minute, not at the secodn before the > minute. > > So

Re: [GIT PULL] Keys fixes

Linus Torvalds wrote: > Side note: the key handling extra checks seem pretty pointless too. Except that it has been argued that they have to be there or someone can use dates that contribute to the signature to fake a signed content. Admittedly being able to have

[PATCH 3/5] X.509: Support leap seconds

Polzer <rpol...@google.com> Signed-off-by: David Howells <dhowe...@redhat.com> cc: David Woodhouse <david.woodho...@intel.com> cc: John Stultz <john.stu...@linaro.org> cc: Arnd Bergmann <a...@arndb.de> cc: sta...@vger.kernel.org --- crypto/asymmetric_keys/x509_cert_

[PATCH 1/5] X.509: Fix leap year handling again

m> Signed-off-by: David Howells <dhowe...@redhat.com> Acked-By: David Woodhouse <david.woodho...@intel.com> cc: sta...@vger.kernel.org --- crypto/asymmetric_keys/x509_cert_parser.c |8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/asymmetric_keys/

[PATCH 2/5] Handle leap seconds in mktime64()

from all the parameters since they don't really achieve anything and we do need to alter the sec parameter. Signed-off-by: David Howells <dhowe...@redhat.com> cc: John Stultz <john.stu...@linaro.org> cc: Arnd Bergmann <a...@arndb.de> cc: sta...@vger.kernel.org --- include/l

[PATCH] X.509: Fix determination of self-signedness

the Issuer and Subject names differ. Signed-off-by: David Howells <dhowe...@redhat.com> cc: David Woodhouse <david.woodho...@intel.com> --- crypto/asymmetric_keys/x509_public_key.c | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/crypto/asymmetric_key

[PATCH 4/5] Handle both ISO 8601 encodings of midnight in mktime64()

. Signed-off-by: David Howells <dhowe...@redhat.com> cc: John Stultz <john.stu...@linaro.org> cc: Arnd Bergmann <a...@arndb.de> cc: sta...@vger.kernel.org --- kernel/time/time.c |5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/time/time.c b/kernel

[PATCH 5/5] X.509: Handle midnight alternative notation in GeneralizedTime

(). Without this patch, certain X.509 certificates will be rejected and could lead to an unbootable kernel. Reported-by: Rudolf Polzer <rpol...@google.com> Signed-off-by: David Howells <dhowe...@redhat.com> cc: David Woodhouse <david.woodho...@intel.com> cc: John Stultz <john.stu...

[PATCH 0/5] X.509: Fix time handling

Here's a set of patches that fix X.509 time handling in three ways: (1) Fix leap year handling. (2) Add leap second handling (where you get a time of 23:59:60). (3) Add end-of-day midnight encoding (where you get a time of 24:00:00). David --- David Howells (5): X.509: Fix leap year

[PATCH] KEYS: Fix race between read and revoke

to handle kernel NULL pointer dereference at 0010 IP: [] user_read+0x56/0xa3 ... Call Trace: [] keyctl_read_key+0xb6/0xd7 [] SyS_keyctl+0x83/0xe0 [] entry_SYSCALL_64_fastpath+0x12/0x6f Reported-by: Dmitry Vyukov <dvyu...@google.com>

Re: [PATCH] X.509: Fix the time validation [ver #3]

Greg Kroah-Hartman wrote: > David, any reason you didn't put a cc: stable in the commit for it to be > picked up in the stable releases? I did cc it to stable. David -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of

Re: [PATCH] X.509: Fix leap year handling again and support leap seconds

Rudolf Polzer wrote: > Also, while at it - apparently hour 24 is allowed by ISO 8601 too as long as > minutes and seconds are zero, leading to even more non-canonicality... can > you check whether this is also valid ASN.1 then? Sorry, I missed this bit. The ASN.1 spec says

Re: [PATCH 0/2] security: clarify that some code is really non-modular

Paul Gortmaker wrote: > Paul Gortmaker (2): > security/keys: make big_key.c explicitly non-modular > security/integrity: make ima/ima_mok.c explicitly non-modular Note that I only see patch 1. Note also that keyri...@linux-nfs.org should now be

Re: keyring timestamps

Petko Manolov wrote: > 0) does keyrings keep a timestamp when created or last updated? David? No. > 0) is crucial. If there is no such thing as "time of the last update" for > keyrings i guess we'll either have to implement it or use another mechanism > to get

[PATCH] X.509: Fix leap year handling again and support leap seconds

onds value in the range 00-59. Reported-by: Rudolf Polzer <rpol...@google.com> Signed-off-by: David Howells <dhowe...@redhat.com> --- diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index 021d39c0ba75..f57c3c1b5ae7 100644 --- a/

Re: [PATCH] X.509: Fix leap year handling again and support leap seconds

Rudolf Polzer wrote: > the leap second support still looks a bit suspect, as mktime64 will convert > mm/dd/ HH/MM/60 and mm/dd/ HH/MM+1/00 to the same time64_t, > essentially meaning that two different inputs can yield the same output, > possibly violating ASN.1 CER

Re: [PATCH] KEYS: Fix handling of stored error in a negatively instantiated user key

James Morris wrote: > Is this triggerable by normal users? Yes. David -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

[PATCH] KEYS: Fix handling of stored error in a negatively instantiated user key

d or it will fail with EINVAL before getting to the bit that will crashes. Reported-by: Dmitry Vyukov <dvyu...@google.com> Signed-off-by: David Howells <dhowe...@redhat.com> Acked-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/keys/encrypted-keys/encrypted.c |2

Re: [PATCH] KEYS: Fix handling of stored error in a negatively instantiated user key

Hi James, Can this be passed straight to Linus please? Thanks, David -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [RFC] readlink()-related oddities

Al Viro wrote: > All of them? I see two kinds there - one is magical symlink (recognized > by contents in afs_iget()), another is this autocell thing, the latter > having no ->readlink(). Both serve as automount points, don't they? The "autocell" thing is where you

[PATCH] X.509: Fix the time validation [ver #3]

by doing the following: cat < Signed-off-by: David Howells <dhowe...@redhat.com> Tested-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Acked-by: David Woodhouse <david.woodho...@intel.com> --- crypto/asymmetric_keys/x509_cert_parser.c | 12 +++- 1 file changed, 7 inser

[PATCH] X.509: Fix the time validation

by doing the following: cat < Signed-off-by: David Howells <dhowe...@redhat.com> Tested-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Acked-by: David Woodhouse <david.woodho...@intel.com> --- crypto/asymmetric_keys/x509_cert_parser.c | 12 +++- 1 file changed, 7 inser

[PATCH 10/10] KEYS: Move the point of trust determination to __key_link()

be secondarily linked. To accomplish this, the authentication data associated with the key source must now be retained. For an X.509 cert, this means the contents of the AuthorityKeyIdentifier and the signature data. Signed-off-by: David Howells <dhowe...@redhat.com> --- certs/system_key

[PATCH 6/6] KEYS: Merge the type-specific data with the payload data

Merge the type-specific data with the payload data into one four-word chunk as it seems pointless to keep them separate. Use user_key_payload() for accessing the payloads of overloaded user-defined keys. Signed-off-by: David Howells <dhowe...@redhat.com> cc: linux-c...@vger.kernel.org cc:

Re: [PATCH 1/6] KEYS: use kvfree() in add_key

These patches can be found here also: http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-next And tagged with: keys-next-20151021 David -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to

[PATCH 00/10] KEYS: Change how keys are determined to be trusted

=keys-trust and are tagged with: keys-trust-20151021 David --- David Howells (10): KEYS: Generalise system_verify_data() to provide access to internal content PKCS#7: Make trust determination dependent on contents of trust keyring KEYS: Add facility to check key

[PATCH 03/10] KEYS: Add facility to check key trustworthiness upon link creation

keyring being searched. (3) KEY_ALLOC_TRUSTED now acts as an override. If this is passed to key_create_or_update() then the ->verify_trust() method will be ignored and the key will be added anyway. Signed-off-by: David Howells <dhowe...@redhat.com> --- Documentation/security

[PATCH 02/10] PKCS#7: Make trust determination dependent on contents of trust keyring

Make the determination of the trustworthiness of a key dependent on whether a key that can verify it is present in the ring of trusted keys rather than whether or not the verifying key has KEY_FLAG_TRUSTED set. Signed-off-by: David Howells <dhowe...@redhat.com> --- certs/system_key

[PATCH 01/10] KEYS: Generalise system_verify_data() to provide access to internal content

to the function. If the callback is not required, that can be set to NULL. The function is now called verify_pkcs7_signature() to contrast with verify_pefile_signature() and the definitions of both have been moved into linux/verification.h along with the key_being_used_for enum. Signed-off-by: David Howells

[PATCH 3/6] keys: Be more consistent in selection of union members used

From: Insu Yun <wuni...@gmail.com> key->description and key->index_key.description are same because they are unioned. But, for readability, using same name for duplication and validation seems better. Signed-off-by: Insu Yun <wuni...@gmail.com> Signed-off-by: David Howells &l

[PATCH 4/6] KEYS: Provide a script to extract the sys cert list from a vmlinux file

Certificate list at file offset 0x141c540 If vmlinux contains symbols then that is used rather than System.map - even if one is given. Signed-off-by: David Howells <dhowe...@redhat.com> --- scripts/extract-sys-certs.pl | 144 ++ 1 file changed, 144 inse

[PATCH 09/10] X.509: Move the trust validation code out to its own file

Move the X.509 trust validation code out to its own file so that it can be generalised. Signed-off-by: David Howells <dhowe...@redhat.com> --- crypto/asymmetric_keys/Makefile |2 crypto/asymmetric_keys/public_key_trust.c | 192 +

[PATCH 07/10] X.509: Extract signature digest and make self-signed cert checks earlier

it to a ring of trusted keys or follow it further up the chain of trust. Making these checks earlier allows x509_check_signature() to be removed and replaced with direct calls to public_key_verify_signature(). Signed-off-by: David Howells <dhowe...@redhat.com> --- crypto/asymmetri

[PATCH 08/10] PKCS#7: Make the signature a pointer rather than embedding it

. This means we can use public_key_free() to get rid of the signature record. Signed-off-by: David Howells <dhowe...@redhat.com> --- crypto/asymmetric_keys/pkcs7_parser.c | 38 +++- crypto/asymmetric_keys/pkcs7_parser.h | 10 +++--- crypto/asymmetric_keys/pkcs7_trust.c

Re: [PATCH v4 2/3] Create IMA machine owner keys (MOK) and blacklist keyrings;

Petko Manolov wrote: > > > As far as i know there is no concept of write-once to a keyring in the > > > kernel. David will correct me if i am wrong. I wonder how hard would > > > it be to add such functionality, in case it is missing? > > > > Not hard, particularly if

Re: [PATCH v4 2/3] Create IMA machine owner keys (MOK) and blacklist keyrings;

Mimi Zohar wrote: > > I need to think about this. Should -EKEYREVOKED be the same as -ENOKEY in > > this case? I guess the end result is pretty much the same from IMA view > > point, but there may be a requirement to list all revoked keys... > > When checking the

Re: GPF in keyring_destroy

Dmitry Vyukov wrote: > > Does the attached patch fix it for you? > > Yes, it fixes the crash for me. Can I put you down as a Tested-by? David -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to

[PATCH 2/2] KEYS: Don't permit request_key() to construct a new keyring

with keyring metadata. Now the kernel gives an error: request_key("keyring", "#selinux,bdekeyring", "keyring", KEY_SPEC_USER_SESSION_KEYRING) = -1 EPERM (Operation not permitted) Signed-off-by: David Howells <dhowe...@redhat.com> --- security/keys/request

[PATCH 1/2] KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring

f/0x70 [] ? kthread_create_on_node+0x1c2/0x1c2 Note the value in RAX. This is a 32-bit representation of -ENOKEY. The solution is to only call ->destroy() if the key was successfully instantiated. Reported-by: Dmitry Vyukov <dvyu...@google.com> Signed-off-by: David Howells <dhowe...@

Re: [PATCH v2 0/4] Basic trusted keys support for TPM 2.0

Hi Jarkko, For some reason I don't see patch 1. David -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: GPF in keyring_destroy

Dmitry Vyukov wrote: > RAX: ff82 This is the value that matters. It would appear to be -ENOKEY and would be in key->type_data.reject_error, I think. David -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a

Re: [PATCH] keys: correctly check failed allocation for kmemdup

Insu Yun wrote: > Thanks David. Then it is not a bug. > It's a pure question. > Why use different name for allocation and check? > For me, it is quite confusing. Either I didn't notice at the time, or the shorter variant is the original. If you want to give me a patch

Re: GPF in keyring_destroy

Does the attached patch fix it for you? David --- commit a7609e0bb3973d6ee3c9f1ecd0b6a382d99d6248 Author: David Howells <dhowe...@redhat.com> Date: Thu Oct 15 17:21:37 2015 +0100 KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring The following se

Re: [PATCH 00/37] Permit filesystem local caching

Daniel Phillips [EMAIL PROTECTED] wrote: I need to respond to this in pieces... first the bit that is bugging me: * two new page flags I need to keep track of two bits of per-cached-page information: (1) This page is known by the cache, and that the cache must be informed if

Re: [PATCH 00/37] Permit filesystem local caching

Daniel Phillips [EMAIL PROTECTED] wrote: This factor of four (even worse on XFS, not quite as bad on Ext3) is worth ruminating upon. Is all of the difference explained by avoiding seeks on the server, which has the files in memory? Here are some more stats for you to consider: (1) Copy

Re: [PATCH 00/37] Permit filesystem local caching

Daniel Phillips [EMAIL PROTECTED] wrote: The way the client works is like this: Thanks for the excellent ascii art, that cleared up the confusion right away. You know what they say about pictures... :-) What are you trying to do exactly? Are you actually playing with it, or just

Re: [PATCH 00/37] Permit filesystem local caching

Chris Mason [EMAIL PROTECTED] wrote: The interesting case is where the disk cache is warm, but the pagecache is cold (ie: just after a reboot after filling the caches). Here, for the two big files case, BTRFS appears quite a bit better than Ext3, showing a 21% reduction in time for the

Re: [PATCH 00/37] Permit filesystem local caching

David Howells [EMAIL PROTECTED] wrote: Have you got before/after benchmark results? See attached. Attached here are results using BTRFS (patched so that it'll work at all) rather than Ext3 on the client on the partition backing the cache. And here are XFS results. Tuning XFS makes

Re: [PATCH 00/37] Permit filesystem local caching

Chris Mason [EMAIL PROTECTED] wrote: Thanks for trying this, of course I'll ask you to try again with the latest v0.13 code, it has a number of optimizations especially for CPU usage. Here you go. The numbers are very similar. David = FEW BIG FILES TEST ON

Re: [PATCH 00/37] Permit filesystem local caching

Daniel Phillips [EMAIL PROTECTED] wrote: I am eventually going to suggest cutting the backing filesystem entirely out of the picture, You still need a database to manage the cache. A filesystem such as Ext3 makes a very handy database for four reasons: (1) It exists and works. (2) It has

Re: [PATCH 00/37] Permit filesystem local caching

Daniel Phillips [EMAIL PROTECTED] wrote: These patches add local caching for network filesystems such as NFS. Have you got before/after benchmark results? I need to get a new hard drive for my test machine before I can go and get some more up to date benchmark results. It does seem,

Re: [PATCH 00/37] Permit filesystem local caching

Daniel Phillips [EMAIL PROTECTED] wrote: Have you got before/after benchmark results? See attached. These show a couple of things: (1) Dealing with lots of metadata slows things down a lot. Note the result of looking and reading lots of small files with tar (the last result). The

Re: [PATCH 00/37] Permit filesystem local caching

David Howells [EMAIL PROTECTED] wrote: Have you got before/after benchmark results? See attached. Attached here are results using BTRFS (patched so that it'll work at all) rather than Ext3 on the client on the partition backing the cache. Note that I didn't bother redoing the tests

Re: [PATCH 00/37] Permit filesystem local caching

Daniel Phillips [EMAIL PROTECTED] wrote: When you say Ext3 cache vs NFS cache is the first on the server and the second on the client? The filesystem on the server is pretty much irrelevant as long as (a) it doesn't change, and (b) all the data is in memory on the server anyway. The way the

[PATCH 00/37] Permit filesystem local caching

These patches add local caching for network filesystems such as NFS. The patches can roughly be broken down into a number of sets: (*) 01-keys-inc-payload.diff (*) 02-keys-search-keyring.diff (*) 03-keys-callout-blob.diff Three patches to the keyring code made to help the CIFS

[PATCH 10/37] Security: Make NFSD work with detached security

(see set_security_override[_from_ctx]()). NOTE! This patch must be rolled in to one of the earlier security patches to make it compile fully. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/nfsd/auth.c| 37 +++- fs/nfsd/nfs4recover.c | 64

[PATCH 05/37] Security: Change current-fs[ug]id to current_fs[ug]id()

Change current-fs[ug]id to current_fs[ug]id() so that fsgid and fsuid can be separated from the task_struct. Signed-off-by: David Howells [EMAIL PROTECTED] --- arch/ia64/kernel/perfmon.c|4 ++-- arch/powerpc/platforms/cell/spufs/inode.c |4 ++-- drivers/isdn/capi

[PATCH 24/37] NFS: Register NFS for caching and retrieve the top-level index

Register NFS for caching and retrieve the top-level cache index object cookie. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/nfs/Makefile|1 + fs/nfs/fscache-index.c | 53 fs/nfs/fscache.h | 35

[PATCH 02/37] KEYS: Check starting keyring as part of search

and 2) check whether that top-level keyring is the thing being searched for Signed-off-by: Kevin Coffman [EMAIL PROTECTED] Signed-off-by: David Howells [EMAIL PROTECTED] --- security/keys/keyring.c | 35 +++ 1 files changed, 31 insertions(+), 4 deletions

[PATCH 23/37] NFS: Permit local filesystem caching to be enabled for NFS

Permit local filesystem caching to be enabled for NFS in the kernel configuration. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/Kconfig |8 1 files changed, 8 insertions(+), 0 deletions(-) diff --git a/fs/Kconfig b/fs/Kconfig index c42ec50..fa8e978 100644 --- a/fs

[PATCH 27/37] NFS: Define and create inode-level cache objects

is checked when a new NFS in-memory inode is set up that matches an already existing data storage object in the cache. If the coherency data is the same, the on-disk object is retained and used; if not, it is scrapped and a new one created. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/nfs

[PATCH 11/37] FS-Cache: Release page-private after failed readahead

) to do the honours. Signed-off-by: David Howells [EMAIL PROTECTED] --- mm/readahead.c | 39 +-- 1 files changed, 37 insertions(+), 2 deletions(-) diff --git a/mm/readahead.c b/mm/readahead.c index c9c50ca..75aa6b6 100644 --- a/mm/readahead.c +++ b/mm/readahead.c

[PATCH 01/37] KEYS: Increase the payload size when instantiating a key

-off-by: David Howells [EMAIL PROTECTED] --- security/keys/keyctl.c | 38 ++ 1 files changed, 30 insertions(+), 8 deletions(-) diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index d9ca15c..8ec8432 100644 --- a/security/keys/keyctl.c +++ b

[PATCH 28/37] NFS: Use local disk inode cache

Bind data storage objects in the local cache to NFS inodes. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/nfs/fscache.c | 131 fs/nfs/fscache.h | 19 +++ fs/nfs/inode.c | 39 -- include/linux

[PATCH 04/37] KEYS: Add keyctl function to get a security label

permission on the key for this function to be successful. Signed-off-by: David Howells [EMAIL PROTECTED] Acked-by: Stephen Smalley [EMAIL PROTECTED] --- Documentation/keys.txt | 21 +++ include/linux/keyctl.h |1 + include/linux/security.h | 20 +- security

[PATCH 26/37] NFS: Define and create superblock-level objects

to share the on-disk cache. It will be possible to manually provide a uniquifier through a mount option with a later patch to avoid the error otherwise produced. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/nfs/fscache-index.c| 34 + fs/nfs/fscache.c | 116

[PATCH 22/37] NFS: Add FS-Cache option bit and debug bit

Add FS-Cache option bit to nfs_server struct. This is set to indicate local on-disk caching is enabled for a particular superblock. Also add debug bit for local caching operations. Signed-off-by: David Howells [EMAIL PROTECTED] --- include/linux/nfs_fs.h|1 + include/linux/nfs_fs_sb.h

[PATCH 16/37] CacheFiles: Be consistent about the use of mapping vs file-f_mapping in Ext3

use of by the generic hook in the next patch, which is used by CacheFiles to write pages to a file without setting up a file struct. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/ext3/inode.c |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/ext3

[PATCH 12/37] FS-Cache: Recruit a couple of page flags for cache management

to make the checks for both PG_private and PG_private_2 at the same time. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/splice.c|2 +- include/linux/page-flags.h | 39 +-- include/linux/pagemap.h| 11 +++ mm/filemap.c

[PATCH 29/37] NFS: Invalidate FsCache page flags when cache removed

Invalidate the FsCache page flags on the pages belonging to an inode when the cache backing that NFS inode is removed. This allows a live cache to be withdrawn. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/nfs/fscache-index.c | 40 1 files

[PATCH 33/37] NFS: nfs_readpage_async() needs to be accessible as a fallback for local caching

nfs_readpage_async() needs to be non-static so that it can be used as a fallback for the local on-disk caching should an EIO crop up when reading the cache. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/nfs/read.c |4 ++-- include/linux/nfs_fs.h |2 ++ 2 files changed

[PATCH 36/37] NFS: Display local caching state

Display the local caching state in /proc/fs/nfsfs/volumes. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/nfs/client.c |7 --- fs/nfs/fscache.h | 15 +++ 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/fs/nfs/client.c b/fs/nfs/client.c index

[PATCH 15/37] CacheFiles: Add missing copy_page export for ia64

This one-line patch fixes the missing export of copy_page introduced by the cachefile patches. This patch is not yet upstream, but is required for cachefile on ia64. It will be pushed upstream when cachefile goes upstream. Signed-off-by: Prarit Bhargava [EMAIL PROTECTED] Signed-off-by: David

[PATCH 34/37] NFS: Read pages from FS-Cache into an NFS inode

Read pages from an FS-Cache data storage object representing an inode into an NFS inode. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/nfs/fscache.c | 112 ++ fs/nfs/fscache.h | 47 +++ fs/nfs/read.c| 18

[PATCH 18/37] CacheFiles: Permit the page lock state to be monitored

-off-by: David Howells [EMAIL PROTECTED] --- include/linux/pagemap.h |5 + mm/filemap.c| 18 ++ 2 files changed, 23 insertions(+), 0 deletions(-) diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h index c8bd762..76b5307 100644 --- a/include/linux

[PATCH 31/37] NFS: FS-Cache page management

FS-Cache page management for NFS. This includes hooking the releasing and invalidation of pages marked with PG_fscache (aka PG_private_2) and waiting for completion of the write-to-cache flag (PG_fscache_write aka PG_owner_priv_2). Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/nfs

[PATCH 35/37] NFS: Store pages from an NFS inode into a local cache

Store pages from an NFS inode into the cache data storage object associated with that inode. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/nfs/fscache.c | 26 ++ fs/nfs/fscache.h | 16 fs/nfs/read.c|5 + 3 files changed, 47

[PATCH 17/37] CacheFiles: Add a hook to write a single page of data to an inode

. Supply a generic implementation for this that uses the write_begin() and write_end() address_space operations to bind a copy directly into the page cache. Hook the Ext2 and Ext3 operations to the generic implementation. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/ext2/inode.c|2

[PATCH 37/37] NFS: Add mount options to enable local caching on NFS

-by: David Howells [EMAIL PROTECTED] --- fs/nfs/client.c |2 ++ fs/nfs/internal.h |1 + fs/nfs/super.c| 25 + 3 files changed, 28 insertions(+), 0 deletions(-) diff --git a/fs/nfs/client.c b/fs/nfs/client.c index d67d52f..8357f68 100644 --- a/fs/nfs/client.c

[PATCH 30/37] NFS: Add some new I/O event counters for FS-Cache events

Add some new NFS I/O event counters for FS-Cache events. They have to be added as byte counters because I may need to be able to increase the numbers by more than 1 at a time. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/nfs/iostat.h |7 +++ 1 files changed, 7 insertions(+), 0

Re: [PATCH 00/37] Permit filesystem local caching

Serge E. Hallyn [EMAIL PROTECTED] wrote: Seems *really* weird that every time you send this, patch 6 doesn't seem to reach me in any of my mailboxes... (did get it from the url you listed) It's the largest of the patches, so that's not entirely surprising. Hence why I included the URL to

[PATCH 34/37] NFS: Read pages from FS-Cache into an NFS inode

Read pages from an FS-Cache data storage object representing an inode into an NFS inode. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/nfs/fscache.c | 112 ++ fs/nfs/fscache.h | 47 +++ fs/nfs/read.c| 18

[PATCH 35/37] NFS: Store pages from an NFS inode into a local cache

Store pages from an NFS inode into the cache data storage object associated with that inode. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/nfs/fscache.c | 26 ++ fs/nfs/fscache.h | 16 fs/nfs/read.c|5 + 3 files changed, 47

[PATCH 23/37] NFS: Permit local filesystem caching to be enabled for NFS

Permit local filesystem caching to be enabled for NFS in the kernel configuration. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/Kconfig |8 1 files changed, 8 insertions(+), 0 deletions(-) diff --git a/fs/Kconfig b/fs/Kconfig index c42ec50..fa8e978 100644 --- a/fs

[PATCH 29/37] NFS: Invalidate FsCache page flags when cache removed

Invalidate the FsCache page flags on the pages belonging to an inode when the cache backing that NFS inode is removed. This allows a live cache to be withdrawn. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/nfs/fscache-index.c | 40 1 files

[PATCH 26/37] NFS: Define and create superblock-level objects

to share the on-disk cache. It will be possible to manually provide a uniquifier through a mount option with a later patch to avoid the error otherwise produced. Signed-off-by: David Howells [EMAIL PROTECTED] --- fs/nfs/fscache-index.c| 34 + fs/nfs/fscache.c | 116

  1   2   3   >