On Tue, 2008-01-08 at 12:35 +0100, Miklos Szeredi wrote:
plain text document attachment
(unprivileged-mounts-account-user-mounts.patch)
From: Miklos Szeredi [EMAIL PROTECTED]
Add sysctl variables for accounting and limiting the number of user
mounts.
...
+int nr_user_mounts;
+int
On Tue, 2008-01-08 at 12:35 +0100, Miklos Szeredi wrote:
+static int reserve_user_mount(void)
+{
+ int err = 0;
+
+ spin_lock(vfsmount_lock);
+ if (nr_user_mounts = max_user_mounts !capable(CAP_SYS_ADMIN))
+ err = -EPERM;
+ else
+
On Tue, 2008-01-08 at 20:08 +0100, Miklos Szeredi wrote:
The logic behind EPERM, is that this failure is only for unprivileged
callers. ENOMEM is too specifically about OOM. It could be changed
to ENOSPC, ENFILE, EMFILE, or it could remain EPERM. What do others
think?
Since you're
On Thu, 2007-12-06 at 11:01 +0100, Jan Blunck wrote:
Rather than give each _dirent_ an offset, could we give each sub-mount
an offset? Let's say we have three members comprising a union mount
directory. The first has 100 dirents, the second 200, and the third
10,000. When the first
On Wed, 2007-12-05 at 20:07 +0530, Bharata B Rao wrote:
In this approach, the cached dirents are given offsets in the form of
linearly increasing indices/cookies (like 0, 1, 2,...). This helps us to
uniformly define offsets across all the directories of the union
irrespective of the type of
On Wed, 2007-12-05 at 20:08 +0530, Bharata B Rao wrote:
Remove the existing readdir implementation.
You may have had a better description in your 0/5 mail, but this is what
goes into the git log in the end, so I think you need to beef this up a
bit.
-- Dave
-
To unsubscribe from this list:
On Mon, 2007-11-05 at 15:40 +, Hugh Dickins wrote:
The second problem was a hang: all cpus in
handle_write_count_underflow
doing lock_and_coalesce_cpu_mnt_writer_counts: new -mm stuff from Dave
Hansen. At first I thought that was a locking problem in Dave's code,
but I now suspect it's
On Thu, 2007-09-27 at 12:48 -0700, Andrew Morton wrote:
Hi, Dave!
It's fully reproducible.
/home is mounted with the following options:
/dev/mapper/vglinux1-lvhome on /home type reiserfs
(rw,noatime,nodiratime,user_xattr)
This BUG happened with rc8-mm1 too.
rc6-mm1 works
On Thu, 2007-09-27 at 21:26 +0100, Christoph Hellwig wrote:
Dave will probably find a bandaid to work around this, but the
right fix is to stop using a file struct here entirely. If you
look at reiserfs_xattr_set it's not actually used at all except
for passing it to -prepare_write and
On Thu, 2007-09-27 at 22:04 +0100, Christoph Hellwig wrote:
On Thu, Sep 27, 2007 at 01:53:39PM -0700, Dave Hansen wrote:
-int reiserfs_commit_write(struct file *f, struct page *page,
- unsigned from, unsigned to);
-int reiserfs_prepare_write(struct file *f, struct page
operations on the three directories, including ones
that are expected to fail, like creating a file on the r/o
mount.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info
may_open() calls vfs_permission() before it does checks for
IS_RDONLY(inode). It checks _again_ inside of vfs_permission().
The check inside of vfs_permission() is going away eventually.
With the mnt_want/drop_write() functions, all of the r/o
checks (except for this one) are consistently done
I'm going to be modifying nfsd_rename() shortly to support
read-only bind mounts. This #ifdef is around the area I'm
patching, and it starts to get really ugly if I just try
to add my new code by itself. Using this little helper
makes things a lot cleaner to use.
Signed-off-by: Dave Hansen
. When that is complete, we can actually
introduce code that will safely check the counts before
allowing r/w-r/o transitions to occur.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/namespace.c| 46 +
lxc-dave/include/linux/mount.h
This basically audits the callers of xattr_permission(), which
calls permission() and can perform writes to the filesystem.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/nfsd/nfs4proc.c |7 ++-
lxc-dave/fs/xattr.c | 16 ++--
2 files changed, 20
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/namei.c | 10 ++
1 file changed, 10 insertions(+)
diff -puN fs/namei.c~elevate-write-count-for-link-and-symlink-calls fs/namei.c
--- lxc/fs/namei.c~elevate-write-count-for-link-and-symlink-calls
2007-07-10 12:46
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/inode.c | 13 -
1 file changed, 12 insertions(+), 1 deletion(-)
diff -puN fs/inode.c~elevate-write-count-for-file_update_time fs/inode.c
--- lxc/fs/inode.c~elevate-write-count-for-file_update_time 2007-07-10
12:46
This area of code is currently #ifdef'd out, so add a comment
for the time when it is actually used.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/namespace.c |4
1 file changed, 4 insertions(+)
diff -puN fs/namespace.c~mount-is-safe-add-comment fs/namespace.c
--- lxc
Pretty self-explanatory. Fits in with the rest of the series.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/namei.c|5 +
lxc-dave/fs/nfsd/nfs4recover.c |4
2 files changed, 9 insertions(+)
diff -puN fs/namei.c~elevate-mnt-writers-for-callers-of-vfs
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/net/unix/af_unix.c | 16
1 file changed, 12 insertions(+), 4 deletions(-)
diff -puN
net/unix/af_unix.c~unix-find-other-elevate-write-count-for-touch-atime
net/unix/af_unix.c
--- lxc/net/unix/af_unix.c~unix-find
This also uses the little helper in the NFS code to
make an if() a little bit less ugly. We introduced
the helper at the beginning of the series.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/namei.c|4
lxc-dave/fs/nfsd/vfs.c | 15 +++
2 files changed
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/open.c | 16 +---
1 file changed, 9 insertions(+), 7 deletions(-)
diff -puN fs/open.c~elevate-writer-count-for-do-sys-truncate fs/open.c
--- lxc/fs/open.c~elevate-writer-count-for-do-sys-truncate 2007-07-10
12:46
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/inode.c | 20
1 file changed, 12 insertions(+), 8 deletions(-)
diff -puN fs/inode.c~elevate-write-count-for-do-sys-utime-and-touch-atime
fs/inode.c
--- lxc/fs/inode.c~elevate-write-count-for-do-sys-utime
outside of the switch.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/namei.c | 32 +---
lxc-dave/fs/nfsd/vfs.c |4
lxc-dave/net/unix/af_unix.c |4
3 files changed, 29 insertions(+), 11 deletions(-)
diff -puN fs/namei.c
Elevate the write count during the vfs_rmdir() call.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/namei.c |5 +
1 file changed, 5 insertions(+)
diff -puN fs/namei.c~do-rmdir-elevate-write-count fs/namei.c
--- lxc/fs/namei.c~do-rmdir-elevate-write-count 2007-07-10 12:46
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/namei.c |4
lxc-dave/ipc/mqueue.c |5 -
2 files changed, 8 insertions(+), 1 deletion(-)
diff -puN fs/namei.c~elevate-mnt-writers-for-vfs-unlink-callers fs/namei.c
--- lxc/fs/namei.c~elevate-mnt-writers-for-vfs
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/utimes.c | 15 +--
1 file changed, 9 insertions(+), 6 deletions(-)
diff -puN fs/utimes.c~elevate-write-count-for-do-utimes fs/utimes.c
--- lxc/fs/utimes.c~elevate-write-count-for-do-utimes 2007-07-10
12:46
Some ioctls need write access, but others don't. Make a helper
function to decide when write access is needed, and take it.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/ncpfs/ioctl.c | 55 +-
1 file changed, 54 insertions(+), 1
It is OK to let access() go without using a mnt_want/drop_write()
pair because it doesn't actually do writes to the filesystem,
and it is inherently racy anyway. This is a rare case when it is
OK to use __mnt_is_readonly() directly.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs
-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/ext2/ioctl.c | 46 +-
lxc-dave/fs/ext3/ioctl.c | 100 +---
lxc-dave/fs/ext4/ioctl.c | 105 +-
lxc-dave/fs/fat/file.c
a unified place
which the r/o bind mount code may patch.
Also, rename an existing, static-scope init_file() to a less
generic name.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/configfs/dir.c|5 +++--
lxc-dave/fs/file_table.c | 34
file,
while the vfsmount is ro. That is bad.
Some filesystems forego the use of normal vfs calls to create
struct files. Make sure that these users elevate the mnt writer
count because they will get __fput(), and we need to make
sure they're balanced.
Signed-off-by: Dave Hansen [EMAIL PROTECTED
On Sat, 2007-07-07 at 20:25 +0200, Jan Engelhardt wrote:
On Jul 5 2007 15:43, Dave Hansen wrote:
@@ -1911,13 +1911,27 @@ asmlinkage long sys_mknodat(int dfd, con
error = do_path_lookup(dfd, tmp, LOOKUP_PARENT, nd);
if (error)
goto out;
+
dentry = lookup_create
On Sat, 2007-06-23 at 08:46 +0100, Christoph Hellwig wrote:
On Fri, Jun 22, 2007 at 01:03:21PM -0700, Dave Hansen wrote:
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
We really want a guaranteed non-NULL file here, but I don't want to put
this on your plate also. Please add a comment about
On Sat, 2007-06-30 at 10:39 +0100, Christoph Hellwig wrote:
On Mon, Jun 25, 2007 at 08:19:52AM -0700, Dave Hansen wrote:
Should we just take the calls outside the switch statement?
Yeah, that's much better. I assume we don't care whether we're getting
-EROFS or -EPERM/-EINVAL
On Sat, 2007-06-30 at 10:37 +0100, Christoph Hellwig wrote:
--- lxc/fs/namei.c~numa_mnt_want_write 2007-06-25 11:05:50.0 -0700
+++ lxc-dave/fs/namei.c 2007-06-25 11:05:50.0 -0700
@@ -230,10 +230,12 @@ int permission(struct inode *inode, int
int retval, submask;
On Sat, 2007-06-30 at 10:39 +0100, Christoph Hellwig wrote:
On Mon, Jun 25, 2007 at 08:19:52AM -0700, Dave Hansen wrote:
Should we just take the calls outside the switch statement?
Yeah, that's much better. I assume we don't care whether we're getting
-EROFS or -EPERM/-EINVAL
On Sat, 2007-06-23 at 08:38 +0100, Christoph Hellwig wrote:
Note that we've grown more instances of the crap you're fixing here,
e.g. fs/anon_inode.c
Ugh. I'll go clean that one up.
-- Dave
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to
On Sat, 2007-06-23 at 09:52 -0700, Andrew Morton wrote:
On Fri, 22 Jun 2007 13:03:03 -0700 Dave Hansen [EMAIL PROTECTED] wrote:
Why do we need r/o bind mounts?
This feature allows a read-only view into a read-write filesystem.
In the process of doing that, it also provides
ext3_change_inode_journal_flag() is only called from one
location: ext3_ioctl(EXT3_IOC_SETFLAGS). That ioctl
case already has a IS_RDONLY() call in it so this one
is superfluous.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/ext3/inode.c |2 +-
1 file changed, 1 insertion
ext4_change_inode_journal_flag() is only called from one
location: ext4_ioctl(EXT3_IOC_SETFLAGS). That ioctl
case already has a IS_RDONLY() call in it so this one
is superfluous.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/ext4/inode.c |2 +-
1 file changed, 1 insertion
, including ones
that are expected to fail, like creating a file on the r/o
mount.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/ext2/ioctl.c | 46 +-
lxc-dave/fs/ext3/ioctl.c | 100 +---
lxc-dave/fs/ext4/ioctl.c | 105 +-
lxc-dave/fs/fat/file.c
It is OK to let access() go without using a mnt_want/drop_write()
pair because it doesn't actually do writes to the filesystem,
and it is inherently racy anyway. This is a rare case when it is
OK to use __mnt_is_readonly() directly.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs
a unified place
which the r/o bind mount code may patch.
Also, rename two existing, static-scope init_file() to less
generic names.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/configfs/dir.c|5 +++--
lxc-dave/fs/file_table.c | 34
chown/chmod,etc... don't call permission in the same way
that the normal open for write calls do. They still
write to the filesystem, so bump the write count during
these operations.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/open.c | 39
Some ioctls need write access, but others don't. Make a helper
function to decide when write access is needed, and take it.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/ncpfs/ioctl.c | 55 +-
1 file changed, 54 insertions(+), 1
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/namei.c | 10 ++
1 file changed, 10 insertions(+)
diff -puN fs/namei.c~09-24-elevate-write-count-for-link-and-symlink-calls
fs/namei.c
--- lxc/fs/namei.c~09-24-elevate-write-count-for-link-and-symlink-calls
2007-06-21 23
file,
while the vfsmount is ro. That is bad.
Some filesystems forego the use of normal vfs calls to create
struct files. Make sure that these users elevate the mnt writer
count because they will get __fput(), and we need to make
sure they're balanced.
Signed-off-by: Dave Hansen [EMAIL PROTECTED
These should have been documented from the beginning. Fix it.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/include/linux/fs.h | 27 +++
1 file changed, 27 insertions(+)
diff -puN include/linux/fs.h~document-nlink-funcs include/linux/fs.h
--- lxc/include
This area of code is currently #ifdef'd out, so add a comment
for the time when it is actually used.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/namespace.c |4
1 file changed, 4 insertions(+)
diff -puN fs/namespace.c~11-24-mount-is-safe-add-comment fs/namespace.c
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/utimes.c | 27 ---
1 file changed, 16 insertions(+), 11 deletions(-)
diff -puN fs/utimes.c~16-24-elevate-write-count-for-do-utimes fs/utimes.c
--- lxc/fs/utimes.c~16-24-elevate-write-count-for-do-utimes
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/open.c | 16 +---
1 file changed, 9 insertions(+), 7 deletions(-)
diff -puN fs/open.c~15-24-elevate-writer-count-for-do-sys-truncate fs/open.c
--- lxc/fs/open.c~15-24-elevate-writer-count-for-do-sys-truncate
This basically audits the callers of xattr_permission(), which
calls permission() and can perform writes to the filesystem.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/nfsd/nfs4proc.c |7 ++-
lxc-dave/fs/xattr.c | 16 ++--
2 files changed, 20
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/inode.c | 20
1 file changed, 12 insertions(+), 8 deletions(-)
diff -puN fs/inode.c~17-24-elevate-write-count-for-do-sys-utime-and-touch-atime
fs/inode.c
--- lxc/fs/inode.c~17-24-elevate-write-count-for-do
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/namei.c |4
lxc-dave/ipc/mqueue.c |5 -
2 files changed, 8 insertions(+), 1 deletion(-)
diff -puN fs/namei.c~19-24-elevate-mnt-writers-for-vfs-unlink-callers fs/namei.c
--- lxc/fs/namei.c~19-24-elevate-mnt
, but this is an awfully specialized
situation, and I'd be worried that people would try to use it
when it isn't absolutely necessary.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/namei.c|6 +
lxc-dave/fs/namespace.c| 140
' operation.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/namespace.c| 40 ++--
lxc-dave/include/linux/mount.h |7 ++-
2 files changed, 40 insertions(+), 7 deletions(-)
diff -puN fs/namespace.c~23-24-honor-r-w-changes-at-do-remount
Elevate the write count during the vfs_rmdir() call.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/namei.c |5 +
1 file changed, 5 insertions(+)
diff -puN fs/namei.c~20-24-do-rmdir-elevate-write-count fs/namei.c
--- lxc/fs/namei.c~20-24-do-rmdir-elevate-write-count
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/net/unix/af_unix.c | 16
1 file changed, 12 insertions(+), 4 deletions(-)
diff -puN
net/unix/af_unix.c~12-24-unix-find-other-elevate-write-count-for-touch-atime
net/unix/af_unix.c
---
lxc/net/unix/af_unix.c~12-24
This takes care of all of the direct callers of vfs_mknod().
Since a few of these cases also handle normal file creation
as well, this also covers some calls to vfs_create().
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/namei.c | 12
lxc-dave/fs/nfsd
This also creates a little helper in the NFS code to
make an if() a little bit less ugly.
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/namei.c|4
lxc-dave/fs/nfsd/vfs.c | 23 +++
2 files changed, 23 insertions(+), 4 deletions(-)
diff -puN fs
Signed-off-by: Dave Hansen [EMAIL PROTECTED]
---
lxc-dave/fs/inode.c |7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff -puN fs/inode.c~elevate-write-count-for-file_update_time fs/inode.c
--- lxc/fs/inode.c~elevate-write-count-for-file_update_time 2007-06-21
23:23
I've been working on the read-only bind mount patches, and
one of their requirements is that we track the number of
writers to a particular filesystem. This allows us to
quickly determine whether it is OK to make rw-ro
transitions.
It was noted that the previous approach of using a spinlock
to
Most mnt_want/drop_write() pairs are really close in
the code; they aren't held for very long. So, in
practice is hard to get bounced between cpus between
when you mnt_want_write() and mnt_drop_write().
The exception to this is the pair in may_open() and
__fput(). Between those two it is
65 matches
Mail list logo