I have take a moment and read this thread, and have been completely
unenlightend. People are upset but it is totally unclear why.
There is no explanation why it is ok to ignore the suid-exec case, as
the posted patches do. Which ultimately means the patches provide
little to no security benefit
Kees Cook writes:
> On Wed, Aug 28, 2013 at 5:26 PM, Eric W. Biederman
> wrote:
>> Can someome please state what they are worried about in simple language
>> step by step?
>> [...]
>> The closest I saw in the thread was people were worried about ASLR being
>
Joe Perches writes:
> On Wed, 2013-08-28 at 13:09 -0600, Tim Gardner wrote:
>> On 08/28/2013 12:51 PM, Joe Perches wrote:
>> > On Wed, 2013-08-28 at 12:24 -0600, Tim Gardner wrote:
>> >> Drop a couple of ifdef/endif pairs by moving the ifdef
>> >> surrounding neigh_app_ns() to the interior of nei
Kees Cook writes:
> On Wed, Aug 28, 2013 at 6:08 PM, Eric W. Biederman
> wrote:
>> Kees Cook writes:
>>
>>> On Wed, Aug 28, 2013 at 5:26 PM, Eric W. Biederman
>>> wrote:
>>>> Can someome please state what they are worried about in simple languag
only modifications.
This is a change in user visible semantics, so I want to be very careful
about this. Are there any reasons to not make this change?
All of this happens under a full pile of vfs locks so this shouldn't
affect the vfs scalabilitiy work that is on-going.
Eric W. Biederm
Signed-off-by: Eric W. Biederman
---
fs/mount.h |1 +
fs/namespace.c | 24
2 files changed, 25 insertions(+), 0 deletions(-)
diff --git a/fs/mount.h b/fs/mount.h
index e4342b8dfab1..7a6a2bb3f290 100644
--- a/fs/mount.h
+++ b/fs/mount.h
@@ -79,6 +79,7
Signed-off-by: Eric W. Biederman
---
fs/mount.h |2 ++
fs/namespace.c |5 +
2 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/fs/mount.h b/fs/mount.h
index 64a858143ff9..e4342b8dfab1 100644
--- a/fs/mount.h
+++ b/fs/mount.h
@@ -21,6 +21,7 @@ struct mnt_pcp {
struct
on unlink
behavior will not cause problems.
Signed-off-by: "Eric W. Biederman"
---
fs/afs/dir.c |3 +-
fs/dcache.c| 80
fs/fuse/dir.c |3 +-
fs/gfs2/dentry.c |4 +--
fs/namei.
Andy Lutomirski writes:
> On Fri, Oct 4, 2013 at 12:41 PM, Djalal Harouni wrote:
>> On Fri, Oct 04, 2013 at 12:32:09PM -0700, Andy Lutomirski wrote:
>>> On Fri, Oct 4, 2013 at 12:27 PM, Djalal Harouni wrote:
>>> > So sorry Andy, I don't follow what you are describing.
>>>
>>> And what paramete
Linus Torvalds writes:
> On Fri, Oct 4, 2013 at 3:41 PM, Eric W. Biederman
> wrote:
>>
>> After thinking about it removing the restrictions on mount points
>> appears safe, because it is just plain dumb to have a mount point
>> in a directory that is not restric
Andy Lutomirski writes:
> On Fri, Oct 4, 2013 at 3:55 PM, Eric W. Biederman
> wrote:
>> Andy Lutomirski writes:
>>
>>> On Fri, Oct 4, 2013 at 12:41 PM, Djalal Harouni wrote:
>>>> On Fri, Oct 04, 2013 at 12:32:09PM -0700, Andy Lutomirski wrote:
>&g
ebied...@xmission.com (Eric W. Biederman) writes:
> I just noticed that Al's latest vfs changes posted yesterday mean I need
> to rebase and possibly respin these patches, as all of the locking and
> interesting bits of the dcache have changed. I don't think the
> con
m -rf from eating your system.
Signed-off-by: "Eric W. Biederman"
---
fs/namei.c | 21 +
1 files changed, 21 insertions(+), 0 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index b18b017c946b..b9cae480ac27 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3547,6 +
Rob Landley writes:
> On 10/04/2013 07:03:23 PM, Eric W. Biederman wrote:
>>
>> In principle I have no problems tweaking rmdir to check for that case.
>>
>> At the same time the real reason that this is safe is that mount
>> points
>> are almost always p
"Serge E. Hallyn" writes:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>>
>> Signed-off-by: Eric W. Biederman
>> ---
>> fs/mount.h |1 +
>> fs/namespace.c | 24
>> 2 files changed, 25 insertions(+), 0
"Serge E. Hallyn" writes:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>>
>> Programs have been known to test for empty directories by attempting
>> to remove them. To keep from violating the principle of least
>> surprise don't let di
machine_kexec could never return and so could never return -EINVAL.
It is not ok to have an image loaded that we can not kexec. kexec_load
should fail not machine_shutdown or machine_kexec.
The only time that machine_kexec can validly return is in the kexec_jump
case, and that is a success
Stephen Mell writes:
> Currently, the proc mount options hidepid and pidgid are stored on the
> pid_namespace struct that serves as proc's superblock info. As a
> result, mounting proc from the same pid namespace with different mount
> options will change the behaviour of any existing mounts.
>
Stephen Warren writes:
> On 07/10/2013 08:36 AM, Eric W. Biederman wrote:
>> Simon Horman writes:
>>
>>> From: Stephen Warren
>>>
>>> Prior to commit 3ab8352 "kexec jump", if machine_kexec() returned,
>>> sys_reboot() would retur
tion().
Reviewed-by: "Eric W. Biederman"
> Signed-off-by: Oleg Nesterov
> ---
I am not really setup to do deal with bug fixes, inbetween releases but
if Andrew doesn't grab this I will toss this in my tree for 3.13.
Eric
> kernel/pid.c |5 +
> 1 files cha
Tejun Heo writes:
> Hello,
>
> Currently, there are multiple variants of internal sysfs removal
> functions and the directory removal behavior is a bit weird in that
> while it does remove the files contained immediately in the directory
> it wouldn't recurse into its subdirectories, even the gro
I am running from memory right now. But the short version is.
Al Viro has complained about the sysfs removal antics of sysfs, and
I have seen Al get confused and "fix" filesystems that depart too far
from normal filesystem semantics.
I have gone down this path both ways and "rm -rf" semantics a
Jan Kaluza writes:
> Server-like processes in many cases need credentials and other
> metadata of the peer, to decide if the calling process is allowed to
> request a specific action, or the server just wants to log away this
> type of information for auditing tasks.
>
> The current practice to r
Jan Kaluza writes:
> Hi,
>
> this patchset against net-next (applies also to linux-next) adds 3 new types
> of "Socket"-level control message (SCM_AUDIT, SCM_PROCINFO and SCM_CGROUP).
>
> Server-like processes in many cases need credentials and other
> metadata of the peer, to decide if the calli
of cleanups to the basic namespace
infrastructure.
Finally there is an enhancement that makes per user namespace
capabilities usable as capabilities, and an enhancement that allows the
per userns root to nice other processes in the user namespace.
Eric W. Biederman (10):
vfs: Lock in place
Michal Hocko writes:
> It seems that this one fell though the cracks?
Not completely, but it happened just as I was doing my initial triage of
memcg problems and I haven't quite made it back to this.
I have an even nastier memcg hang (without yet an easy reproducer).
During mkdir ext3 can add a
Oleg Nesterov writes:
> On 09/08, Oleg Nesterov wrote:
>>
>> Off topic. What if the first alloc_pid() succeeds and then later
>> copy_process() fails. In this case free_pid() is called but
>> PIDNS_HASH_ADDING was not cleared, we miss kern_unmount(), no?
>
> Perhaps something like below?
I am th
Ramkumar Ramachandra writes:
> Eric W. Biederman wrote:
>
> Serge Hallyn writes:
> > Since commit af4b8a83add95ef40716401395b44a1b579965f4 it's been
> > possible to get into a situation where a pidns reaper is
> > , reparented to host
Christian Kujau writes:
> Hi,
>
> I was wondering why I cannot see processes that were started from SGID
> programs:
I don't have a clue why anyone would want to hide processes, and make
their own lives more difficult.
The check with hidepid is can you ptrace the process. I expect there
is so
Jan Kaluza writes:
Nacked-by: "Eric W. Biederman"
Whatever the benefits of the other pieces of information sending the
process command line is absolutely wrong. It is a just a random string
from user space and there is absolutely no benefit in sending it in a
kernel verified way. T
Oleg Nesterov writes:
> On 09/08, Eric W. Biederman wrote:
>>
>> Oleg Nesterov writes:
>>
>> > On 09/08, Oleg Nesterov wrote:
>> >>
>> >> Off topic. What if the first alloc_pid() succeeds and then later
>> >> copy_process() fa
Christian Kujau writes:
> On Sun, 8 Sep 2013 at 23:42, Eric W. Biederman wrote:
>> The check with hidepid is can you ptrace the process. I expect there
>> is something with those sgid processes that keeps you from ptracing
>> them.
>
> Indeed, I cannot strace the proc
s almost at least one stupid bug if not something
worse.
So until I have the energy to review these.
Nacked-by: "Eric W. Biederman"
I am sorry but I don't have time to clean up after any more people
touching sysfs when the break something. It does look like there are so
possibly g
Greg KH writes:
> On Wed, Sep 11, 2013 at 10:29:02PM -0400, Tejun Heo wrote:
>> Hello,
>>
>> I'll send out multiple patchsets to separate out sysfs from driver
>> core and kobject. The eventual goal is making sysfs modular enough so
>> that cgroup can replace its nightmarish cgroupfs implementa
interchanged without
> causing compilation warning.
>
> Swap the positions of @name and @ns in the following internal
> functions.
Nacked-by: "Eric W. Biederman"
@ns is more significant so it should come first.
Where do we have the backwards convention of putting @name first?
Andy Lutomirski writes:
> On Mon, Oct 7, 2013 at 7:55 AM, Eric W. Biederman
> wrote:
>> "Serge E. Hallyn" writes:
>>
>>> Quoting Eric W. Biederman (ebied...@xmission.com):
>>>>
>>>> Programs have been known to test for empty
Matthias Schniedermeyer writes:
> On 06.10.2013 23:55, Eric W. Biederman wrote:
>> "Serge E. Hallyn" writes:
>>
>> So if we can feel safe just depending on the parent directory
>> permissions (which are not hidden by a mount) protecting our mount
>
Miklos Szeredi writes:
>> @@ -691,6 +693,7 @@ static void detach_mnt(struct mount *mnt, struct path
>> *old_path)
>> list_del_init(&mnt->mnt_hash);
>> put_mountpoint(mnt->mnt_mp);
>> mnt->mnt_mp = NULL;
>> +list_del_init(&mnt->mnt_mp_list);
>
> Should be done *before* put_moun
Miklos Szeredi writes:
> On Fri, Oct 04, 2013 at 03:43:18PM -0700, Eric W. Biederman wrote:
>>
>> +void detach_mounts(struct dentry *dentry)
>> +{
>> +struct mount *mnt, *next;
>> +struct mountpoint *mp;
>> +
>> +names
Miklos Szeredi writes:
> On Tue, Oct 08, 2013 at 09:06:29AM -0700, Andy Lutomirski wrote:
>
>> > I think the risks of changing behavior outweigh the benefits. How many
>> > times did you have to remove or rename a mounted file or directory? It's
>> > very rarely needed.
>>
>> I do this every t
Miklos Szeredi writes:
> On Fri, Oct 04, 2013 at 03:43:56PM -0700, Eric W. Biederman wrote:
>> +/**
>> + * shrink_submounts_and_drop - detach submounts, prune dcache, and drop
>> + *
>> + * All done as a single atomic operation reletaive to d_set_mounted().
>&
ebied...@xmission.com (Eric W. Biederman) writes:
> But I will go through and read the old fusermount code before I get too
> much farther just so I understand what I am potentially breaking.
Grr.
So I have just read the fusermount umount code and the hack that it uses
before the
Andy Lutomirski writes:
> On Wed, Oct 9, 2013 at 12:12 PM, Eric W. Biederman
> wrote:
>> ebied...@xmission.com (Eric W. Biederman) writes:
>>
>>> But I will go through and read the old fusermount code before I get too
>>> much farther just so I under
Miklos Szeredi writes:
> On Tue, Oct 8, 2013 at 10:50 PM, Eric W. Biederman
> wrote:
>
>> If we are going to fix the VFS deficiency we have to let these changes
>> happen in other mount namespaces. To make that safe it has to be
>> sufficient to rely on the di
Sebastian Capella writes:
> Quoting Sebastian Capella (2013-10-03 16:47:35)
>> Quoting Sebastian Capella (2013-10-03 14:42:46)
>> > Quoting Andrew Morton (2013-10-03 14:15:23)
>> > > On Thu, 3 Oct 2013 14:10:37 -0700 Sebastian Capella
>> > > wrote:
>> > >
>> > > > Enhance name_to_dev_t to han
Joe Perches writes:
> Some setuid binaries will allow reading of files which have read
> permission by the real user id. This is problematic with files which
> use %pK because the file access permission is checked at open() time,
> but the kptr_restrict setting is checked at read() time. If a set
Ryan Mallon writes:
> On 11/10/13 13:20, Eric W. Biederman wrote:
>> Joe Perches writes:
>>
>>> Some setuid binaries will allow reading of files which have read
>>> permission by the real user id. This is problematic with files which
>>> use %pK becaus
PF_EXITING test while retaing the previous
nr_hashed == 1 seems a little hacky.
Regardless thank you for all of your hard work to track this one down.
I feel silly for not considering the wakeup side before.
> Signed-off-by: Serge Hallyn
> Cc: "Eric W. Biederman"
> ---
&g
"H. Peter Anvin" writes:
> On 08/29/2013 02:27 AM, HATAYAMA Daisuke wrote:
>> This is the patch series to address the issue that kdump 2nd kernel
>> now fails to wake up multiple CPUs.
>
> Please explain the "now" in the above sentence. Is this a regression?
> If so, what is its fimpact?
This i
er space daemon waiting to receive the notification, i.e.,
> the case for which CONFIG_ARPD was designed anyways.
This looks good to me, and much less magic to maintain.
Eric
> Suggested-by: Eric W. Biederman
Reviewed-by: "Eric W. Biederman"
> Cc: "David S. Miller"
There are a couple of long overdue namespace patches, simple cleanups
and permision grants that have been sitting in my development tree
for far too long. If anyone objects to these please let me know.
Eric W. Biederman (4):
namespaces: Simplify copy_namespaces so it is clear what is
code to drop an unnecessarily acquired nsproxy value.
Signed-off-by: "Eric W. Biederman"
---
kernel/nsproxy.c | 35 +++
1 files changed, 11 insertions(+), 24 deletions(-)
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index d9afd2563..a1ed011 100644
--- a/ker
As the capabilites and capability bounding set are per user namespace
properties it is safe to allow changing them with just CAP_SETPCAP
permission in the user namespace.
Signed-off-by: "Eric W. Biederman"
Tested-by: Richard Weinberger
---
security/commoncap.c |2 +-
1 files
->nsproxy_pid_ns I was not familiar
with, but it is only used when allocating a new pid for a new task,
and in checks to prevent craziness from happening.
Signed-off-by: "Eric W. Biederman"
---
kernel/fork.c |5 -
1 files changed, 0 insertions(+), 5 deletions(-)
diff --git a/kernel/fo
wed-by: "Eric W. Biederman"
Signed-off-by: Eric W. Biederman
---
security/commoncap.c |8
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/security/commoncap.c b/security/commoncap.c
index 9fccf71..b9d613e 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
nsown_capable is a special case of ns_capable essentially for just CAP_SETUID
and
CAP_SETGID. For the existing users it doesn't noticably simplify things and
from the suggested patches I have seen it encourages people to do the wrong
thing. So remove nsown_capable.
Signed-off-by: &q
hat
> __unhash_process() used to do before
> af4b8a83add95ef40716401395b44a1b579965f4.
>
> Signed-off-by: Serge Hallyn
> Cc: "Eric W. Biederman"
> ---
> kernel/pid.c | 4
> 1 file changed, 4 insertions(+)
>
> diff --git a/kernel/pid.c b
"Serge E. Hallyn" writes:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>> Serge Hallyn writes:
>>
>> > Since commit af4b8a83add95ef40716401395b44a1b579965f4 it's been
>> > possible to get into a situation where a pidns reaper is
>>
"Serge E. Hallyn" writes:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>>
>> I goofed when I made unshare(CLONE_NEWPID) only work in a
>> single-threaded process. There is no need for that requirement and in
>> fact I analyzied things right for s
already freed
leading to the fact that the pid will not be used as a session pid or
a process group pid for any other running process.
CC: sta...@vger.kernel.org
Acked-by: Serge Hallyn
Tested-by: Serge Hallyn
Reported-by: Serge Hallyn
Signed-off-by: "Eric W. Biederman"
---
kernel/p
Don Zickus writes:
> On Tue, Aug 27, 2013 at 12:41:51PM +0900, Yoshihiro YUNOMAE wrote:
>> Hi Don,
>>
>> Sorry for the late reply.
>>
>> (2013/08/22 22:11), Don Zickus wrote:
>> >On Thu, Aug 22, 2013 at 05:38:07PM +0900, Yoshihiro YUNOMAE wrote:
>> >>>So, I agree with Eric, let's remove the dis
Djalal Harouni writes:
> (Sorry for my late response)
>
> On Thu, Aug 29, 2013 at 03:14:32PM -0700, Kees Cook wrote:
>> On Thu, Aug 29, 2013 at 2:11 AM, Djalal Harouni wrote:
>> > Hi Eric,
>> >
>> > On Wed, Aug 28, 2013 at 05:26:56PM -0700, Eric W.
ebied...@xmission.com (Eric W. Biederman) writes:
> Andy Lutomirski writes:
>
>> On Tue, Aug 27, 2013 at 2:44 PM, Eric W. Biederman
>> wrote:
>>>
>>> Rely on the fact that another flavor of the filesystem is already
>>> mounted and do not rely on sta
Yoshihiro YUNOMAE writes:
> Hi Eric and Don,
>
> Sorry for the late reply.
>
> (2013/08/31 9:58), Eric W. Biederman wrote:
>> Don Zickus writes:
>>
>>> On Tue, Aug 27, 2013 at 12:41:51PM +0900, Yoshihiro YUNOMAE wrote:
>>>> Hi Don,
>>>
Yoshihiro YUNOMAE writes:
> (2013/09/03 9:12), Eric W. Biederman wrote:
>>>>> Then again looking at the output of the latest dmesg, it seems the IO APIC
>>>>> is initialized way before the tsc is calibrated. So I am not sure what
>>>>> needed to g
Fabio Kung writes:
> On Tue, Jul 30, 2013 at 9:28 AM, Eric W. Biederman
> wrote:
>>
>> ebied...@xmission.com (Eric W. Biederman) writes:
>>
>> Ok. I have been trying for an hour and I have not been able to
>> reproduce the weird hang with the memcg, an
reason to prevent mounting sysfs.
This is a bug-fix to:
commit 7dc5dbc879bd0779924b5132a48b731a0bc04a1e
Author: Eric W. Biederman
Date: Mon Mar 25 20:07:01 2013 -0700
sysfs: Restrict mounting sysfs
Don't allow mounting sysfs unless the caller ha
"H. Peter Anvin" writes:
> On 10/05/2012 02:32 PM, Eric W. Biederman wrote:
>> Yinghai Lu writes:
>>
>>> On Fri, Oct 5, 2012 at 2:04 PM, Eric W. Biederman
>>> wrote:
>>>>>> Is there a git commit that explains what the 'big
"H. Peter Anvin" writes:
> On 10/05/2012 02:41 PM, Eric W. Biederman wrote:
>> Yinghai Lu writes:
>>
>>> with bzImage or vmlinux?
>>
>> bzImage I presume. Certainly the bzImage has lost it's 896M limit,
>> which is where ultimiately the
Changman Lee writes:
>> > +void update_inode(struct inode *inode, struct page *node_page)
>> > +{
>> > + struct f2fs_node *rn;
>> > + struct f2fs_inode *ri;
>> > +
>> > + wait_on_page_writeback(node_page);
>> > +
>> > + rn = page_address(node_page);
>> > + ri = &(rn->i);
>> > +
return 0 when parse the mount options fails.
>>
>
> Ah, it really is a joy to read the parse_options() :). But this fix
> makes sense, thanks for catching it.
>
> Reviewed-by: Lukas Czerner
Ugh. I goofed that up. How annoying that ext4 is different than ext3
and e
"Myklebust, Trond" writes:
> On Tue, 2012-10-09 at 15:35 -0400, J. Bruce Fields wrote:
>> Cc'ing Eric since I seem to recall he suggested doing it this way?
Yes. On second look setting fs->root won't work. We need to change fs.
The problem is that by default all kernel threads share fs so chang
Jan Kara writes:
> On Wed 19-09-12 18:52:18, Eric W. Biederman wrote:
>> From: "Eric W. Biederman"
>>
>> - In setxattr if we are setting a posix acl convert uids and gids from
>> the current user namespace into the initial user namespace, before
>>
Jan Kara writes:
> On Fri 05-10-12 00:34:29, Jiri Kosina wrote:
>> Hi,
>>
>> commit e8a3e4719b7ec19288c56f22623f537cb78885c1
>> Author: Eric W. Biederman
>> Date: Sun Sep 16 01:11:45 2012 -0700
>>
>> userns: Implement struct kqid
>>
"J. Bruce Fields" writes:
> On Tue, Oct 09, 2012 at 01:20:48PM -0700, Eric W. Biederman wrote:
>> "Myklebust, Trond" writes:
>>
>> > On Tue, 2012-10-09 at 15:35 -0400, J. Bruce Fields wrote:
>> >> Cc'ing Eric since I seem to recal
ebied...@xmission.com (Eric W. Biederman) writes:
> "J. Bruce Fields" writes:
>
>> On Tue, Oct 09, 2012 at 01:20:48PM -0700, Eric W. Biederman wrote:
>>> "Myklebust, Trond" writes:
>>>
>>> > On Tue, 2012-10-09 at 15:35 -0400, J. Br
Jan Kara writes:
> On Tue 09-10-12 14:46:28, Eric W. Biederman wrote:
>> Jan Kara writes:
>> >> diff --git a/fs/xattr.c b/fs/xattr.c
>> >> index 4d45b71..c111745 100644
>> >> --- a/fs/xattr.c
>> >> +++ b/fs/xattr.c
>> >>
Andrew Morton writes:
> On Thu, 11 Oct 2012 00:42:56 +0400
> Cyrill Gorcunov wrote:
>
>> The free_pid_ns function done in recursion fashion:
>>
>> free_pid_ns(parent)
>> put_pid_ns(parent)
>> kref_put(&ns->kref, free_pid_ns);
>> free_pid_ns
>>
>> thus if there was a huge nesting of
"Bill Huey (hui)" writes:
> I should add that I encountered this on 3.6.0 with some mild
> modifications to the scheduler path that enqueue/dequeue a task before
> any of the schedule exit logic gets hit. The SCHED_FF/FIFO rebalancer
> does much the same so I can't imagine that being the source o
Zhang Yanfei writes:
> This patch provides a way to VMCLEAR VMCSs related to guests
> on all cpus before executing the VMXOFF when doing kdump. This
> is used to ensure the VMCSs in the vmcore updated and
> non-corrupted.
Apologies for the delay I have been travelling, and I wanted
to at least r
MCSs in the
> vmcore updated and non-corrupted.
Skimming through it looks like the important things have been addressed.
Acked-by: "Eric W. Biederman"
> Changelog from v9 to v10:
> 1. add rcu protect to the callback function
>
> Changelog from v8 to v9:
> 1. KEXEC: use a ca
Matthew Garrett writes:
> On Wed, Dec 05, 2012 at 04:15:56PM -0800, Yinghai Lu wrote:
>
>> at the same time we should export setup_data into /sys, so kexec could
>> append this pointer to command of
>> second kernel, just like kexec append acpi_rsdp.
>> That should address DavidW's concern.
>
> W
Nacked-by: "Eric W. Biederman"
You ignored all of my feedback that the first 7 messages of your
patchset are unnecessary. In particular you did not attempt to focus
your patchset on those operations that are most important.
Upon examination it appears also that the 8th and 9th patc
HATAYAMA Daisuke writes:
> We disable BSP if boot cpu is AP.
>
> INIT-INIT-SIPI sequence, a protocal to initiate AP, cannot be used for
> BSP since it causes BSP jump to BIOS init code; typical visible
> behaviour is hang or immediate reset, depending on the BIOS init code.
>
> INIT can be used t
"H. Peter Anvin" writes:
> On 10/22/2012 01:04 PM, Eric W. Biederman wrote:
>> HATAYAMA Daisuke writes:
>>
>>> We disable BSP if boot cpu is AP.
>>>
>>> INIT-INIT-SIPI sequence, a protocal to initiate AP, cannot be used for
>>> BS
"H. Peter Anvin" writes:
> On 10/22/2012 01:31 PM, Eric W. Biederman wrote:
>>>
>>> IIRC Fenghua experimented with that and it didn't work. Not all BIOSes
>>> use that bit to determine BSP-ness.
>>
>> What does a BIOS have to do with
"H. Peter Anvin" writes:
> On 10/22/2012 01:43 PM, Eric W. Biederman wrote:
>>
>> The reason the BIOSen go wonky is the INIT cause the cpu to go to the
>> reset vector at 4G-16 bytes. So it is very much expected that the
>> BIOSen start acting like you just
anges caused
a lot of churn late into the 3.7 -rc cycle that made a stable starting
place hard to work from hard to find.
Eric W. Biederman (37):
userns: Support autofs4 interacing with multiple user namespaces
userns: Support fuse interacting with multiple user namespaces
Andrew Morton writes:
> On Mon, 12 Nov 2012 21:36:17 +
> Arvid Brodin wrote:
>
>> Adds /proc//text_md5sum which, when read, calculates an md5sum over
>> the process' text segment. This can detect some cases where the system RAM
>> has been disturbed by e.g. ESD or cosmic radiation (on system
Miklos Szeredi writes:
> ebied...@xmission.com (Eric W. Biederman) writes:
>
>> Use kuid_t and kgid_t in struct fuse_conn and struct fuse_mount_data.
>>
>> The connection between between a fuse filesystem and a fuse daemon is
>> established when a fuse filesystem
Vivek Goyal writes:
> On Thu, Nov 08, 2012 at 01:03:17PM -0800, Eric W. Biederman wrote:
>> Vivek Goyal writes:
>>
>> > On Thu, Nov 08, 2012 at 02:40:50PM -0500, Vivek Goyal wrote:
>> >> On Tue, Nov 06, 2012 at 03:51:59PM -0800, Eric W. Biederman wrote:
&g
"J. Bruce Fields" writes:
> On Wed, Nov 14, 2012 at 09:51:33PM +, Myklebust, Trond wrote:
>> On Wed, 2012-11-14 at 16:42 -0500, J. Bruce Fields wrote:
>> > Simo's patches use them for upcalls to svcgssd. Those will always be
>> > done from server threads.
>>
>> Any reason why you can't set
Matthew Garrett writes:
> On Mon, Nov 05, 2012 at 11:16:12AM -0800, Eric W. Biederman wrote:
>> Matthew Garrett writes:
>> > No, in the general case the system will do that once it fails to find a
>> > bootable OS on the drive.
>>
>> In the general
Matthew Garrett writes:
> On Mon, Nov 05, 2012 at 06:46:32PM -0800, Eric W. Biederman wrote:
>> Matthew Garrett writes:
>>
>> > On Mon, Nov 05, 2012 at 11:16:12AM -0800, Eric W. Biederman wrote:
>> >> Matthew Garrett writes:
>> >> > No,
Matthew Garrett writes:
> On Mon, Nov 05, 2012 at 07:36:32PM -0800, Eric W. Biederman wrote:
>
>> For automated installs you don't have to satisfy me. Feel free to
>> deliver a lousy solution to your users. Just don't use your arbitrary
>> design decisi
Vivek Goyal writes:
> On Mon, Nov 05, 2012 at 11:44:48AM -0800, Eric W. Biederman wrote:
>> Vivek Goyal writes:
>>
>> > On Fri, Nov 02, 2012 at 02:32:48PM -0700, Eric W. Biederman wrote:
>> >>
>> >> It needs to be checked but /sbin/kexec sho
Vivek Goyal writes:
> On Thu, Nov 08, 2012 at 02:40:50PM -0500, Vivek Goyal wrote:
>> On Tue, Nov 06, 2012 at 03:51:59PM -0800, Eric W. Biederman wrote:
>>
>> [..]
>>
>> Thnking more about executable signature verification, I have another
>> question.
&
abled.
Cc: Jaegeuk Kim
Cc: Namjae Jeon
Cc: Amit Sahrawat
Signed-off-by: "Eric W. Biederman"
---
Barring other feedback I will push this change to Linus with my other
namespace bug fixes in the next day or two.
fs/f2fs/acl.c |1 -
1 files changed, 0 insertions(+), 1 deletions(-)
s two bug fixes for problems Oleg spotted on his review
of the recent pid namespace work. A small fix to not enable bottom
halves with irqs disabled, and a trivial build fix for f2fs with user
namespaces enabled.
Eric W. Biederman (4):
pidns: Outlaw thread creation after unshare(CLONE_N
Li Zefan writes:
> In a container with its own pid namespace and user namespace, rebooting
> the system won't reboot the host, but terminate all the processes in
> it and thus have the container shutdown, so it's safe.
>
> Signed-off-by: Li Zefan
Applied to my development tree. It will eventau
201 - 300 of 5726 matches
Mail list logo
