Re: [REVIEW][PATCH 0/6] Wrapping up the vfs support for unprivileged mounts

s in my branch: https://github.com/kinvolk/linux/tree/dongsu/fuse-userns-for-4.18 With this branch, I tested sshfs/fuse from non-init user namespace. It works fine as expected. So you can add: Tested-by: Dongsu Park Thanks! Dongsu > These changes are also available at: > git://git.k

Re: [REVIEW][PATCH 0/6] Wrapping up the vfs support for unprivileged mounts

s in my branch: https://github.com/kinvolk/linux/tree/dongsu/fuse-userns-for-4.18 With this branch, I tested sshfs/fuse from non-init user namespace. It works fine as expected. So you can add: Tested-by: Dongsu Park Thanks! Dongsu > These changes are also available at: > git://git.k

[RFC PATCH v5 1/2] ima: force re-appraisal on filesystems with FS_IMA_NO_CACHE

@namei.org> Cc: Christoph Hellwig <h...@infradead.org> Acked-by: "Serge E. Hallyn" <se...@hallyn.com> Acked-by: Seth Forshee <seth.fors...@canonical.com> Tested-by: Dongsu Park <don...@kinvolk.io> Signed-off-by: Alban Crequy <al...@kinvolk.io> Signed-off-by:

[RFC PATCH v5 1/2] ima: force re-appraisal on filesystems with FS_IMA_NO_CACHE

...@vger.kernel.org Cc: linux-fsde...@vger.kernel.org Cc: Alexander Viro Cc: Miklos Szeredi Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: James Morris Cc: Christoph Hellwig Acked-by: "Serge E. Hallyn" Acked-by: Seth Forshee Tested-by: Dongsu Park Signed-off-by: Alban Crequy Signed-off-by: D

[RFC PATCH v5 0/2] ima,fuse: introduce new fs flag FS_IMA_NO_CACHE

This patchset v5 introduces a new fs flag FS_IMA_NO_CACHE and uses it in FUSE. This forces files to be re-measured, re-appraised and re-audited on file systems with the feature flag FS_IMA_NO_CACHE. In that way, cached integrity results won't be used. There was a previous attempt (unmerged) with

[RFC PATCH v5 0/2] ima,fuse: introduce new fs flag FS_IMA_NO_CACHE

This patchset v5 introduces a new fs flag FS_IMA_NO_CACHE and uses it in FUSE. This forces files to be re-measured, re-appraised and re-audited on file systems with the feature flag FS_IMA_NO_CACHE. In that way, cached integrity results won't be used. There was a previous attempt (unmerged) with

[RFC PATCH v5 2/2] fuse: introduce new fs_type flag FS_IMA_NO_CACHE

v.linux.org.uk> Cc: Mimi Zohar <zo...@linux.vnet.ibm.com> Cc: Dmitry Kasatkin <dmitry.kasat...@gmail.com> Cc: James Morris <jmor...@namei.org> Cc: Christoph Hellwig <h...@infradead.org> Acked-by: Miklos Szeredi <mik...@szeredi.hu> Acked-by: "Serge E. Hallyn" <

[RFC PATCH v5 2/2] fuse: introduce new fs_type flag FS_IMA_NO_CACHE

James Morris Cc: Christoph Hellwig Acked-by: Miklos Szeredi Acked-by: "Serge E. Hallyn" Acked-by: Seth Forshee Tested-by: Dongsu Park Signed-off-by: Alban Crequy --- fs/fuse/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/fuse/inode.c b/fs/fuse/inode

Re: [RFC PATCH v3 2/2] ima: force re-appraisal on filesystems with FS_IMA_NO_CACHE

Hi, On Mon, Jan 29, 2018 at 6:40 PM, Dongsu Park <don...@kinvolk.io> wrote: > On Mon, Jan 29, 2018 at 5:33 PM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: >> On Thu, 2018-01-25 at 06:56 -0500, Mimi Zohar wrote: ... >> Did you get a chance to make the change and

Re: [RFC PATCH v3 2/2] ima: force re-appraisal on filesystems with FS_IMA_NO_CACHE

Hi, On Mon, Jan 29, 2018 at 6:40 PM, Dongsu Park wrote: > On Mon, Jan 29, 2018 at 5:33 PM, Mimi Zohar wrote: >> On Thu, 2018-01-25 at 06:56 -0500, Mimi Zohar wrote: ... >> Did you get a chance to make the change and test it? > > Alban has been on holidays, so he will be ba

[RFC PATCH v4 0/2] ima,fuse: introduce new fs flag FS_IMA_NO_CACHE

This patchset v4 introduces a new fs flag FS_IMA_NO_CACHE and uses it in FUSE. This forces files to be re-measured, re-appraised and re-audited on file systems with the feature flag FS_IMA_NO_CACHE. In that way, cached integrity results won't be used. There was a previous attempt (unmerged) with

[RFC PATCH v4 0/2] ima,fuse: introduce new fs flag FS_IMA_NO_CACHE

This patchset v4 introduces a new fs flag FS_IMA_NO_CACHE and uses it in FUSE. This forces files to be re-measured, re-appraised and re-audited on file systems with the feature flag FS_IMA_NO_CACHE. In that way, cached integrity results won't be used. There was a previous attempt (unmerged) with

[RFC PATCH v4 2/2] ima: force re-appraisal on filesystems with FS_IMA_NO_CACHE

inux.vnet.ibm.com> Cc: Dmitry Kasatkin <dmitry.kasat...@gmail.com> Cc: James Morris <jmor...@namei.org> Cc: Christoph Hellwig <h...@infradead.org> Acked-by: "Serge E. Hallyn" <se...@hallyn.com> Acked-by: Seth Forshee <seth.fors...@canonical.com> Tested-by: Dongs

[RFC PATCH v4 2/2] ima: force re-appraisal on filesystems with FS_IMA_NO_CACHE

mmit/cf1f5750cab0 Cc: linux-kernel@vger.kernel.org Cc: linux-integr...@vger.kernel.org Cc: linux-security-mod...@vger.kernel.org Cc: linux-fsde...@vger.kernel.org Cc: Miklos Szeredi Cc: Alexander Viro Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: James Morris Cc: Christoph Hellwig Acked-by: "Serge E. Hallyn"

[RFC PATCH v4 1/2] fuse: introduce new fs_type flag FS_IMA_NO_CACHE

..@linux.vnet.ibm.com> Cc: Dmitry Kasatkin <dmitry.kasat...@gmail.com> Cc: James Morris <jmor...@namei.org> Cc: Christoph Hellwig <h...@infradead.org> Acked-by: "Serge E. Hallyn" <se...@hallyn.com> Acked-by: Seth Forshee <seth.fors...@canonical.com> Tested

[RFC PATCH v4 1/2] fuse: introduce new fs_type flag FS_IMA_NO_CACHE

rge E. Hallyn" Acked-by: Seth Forshee Tested-by: Dongsu Park Signed-off-by: Alban Crequy --- fs/fuse/inode.c| 2 +- include/linux/fs.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c index 624f18bb..0a9e5164 100644 --- a/fs/fuse/inode.

Re: [RFC PATCH v3 2/2] ima: force re-appraisal on filesystems with FS_IMA_NO_CACHE

Hi Mimi, On Mon, Jan 29, 2018 at 5:33 PM, Mimi Zohar wrote: > Hi Alban, > > On Thu, 2018-01-25 at 06:56 -0500, Mimi Zohar wrote: >> > > @@ -228,9 +229,28 @@ static int process_measurement(struct file *file, >> > > char *buf, loff_t size, >> > >

Re: [RFC PATCH v3 2/2] ima: force re-appraisal on filesystems with FS_IMA_NO_CACHE

Hi Mimi, On Mon, Jan 29, 2018 at 5:33 PM, Mimi Zohar wrote: > Hi Alban, > > On Thu, 2018-01-25 at 06:56 -0500, Mimi Zohar wrote: >> > > @@ -228,9 +229,28 @@ static int process_measurement(struct file *file, >> > > char *buf, loff_t size, >> > >IMA_APPRAISE_SUBMASK |

Re: [PATCH 0/2] turn on force option for FUSE in builtin policies

Hi Mimi, On Tue, Jan 16, 2018 at 12:23 PM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: > On Tue, 2018-01-16 at 12:09 +0100, Dongsu Park wrote: >> Since yesterday Alban and I have been working on a different approach >> that does not depend on IMA rules, nor fsmagic.

Re: [PATCH 0/2] turn on force option for FUSE in builtin policies

Hi Mimi, On Tue, Jan 16, 2018 at 12:23 PM, Mimi Zohar wrote: > On Tue, 2018-01-16 at 12:09 +0100, Dongsu Park wrote: >> Since yesterday Alban and I have been working on a different approach >> that does not depend on IMA rules, nor fsmagic. Please see: >> https://www.m

Re: [PATCH 0/2] turn on force option for FUSE in builtin policies

Hi, On Thu, Jan 11, 2018 at 8:51 PM, Dongsu Park <don...@kinvolk.io> wrote: > In case of FUSE filesystem, cached integrity results in IMA could be > reused, when the userspace FUSE process has changed the > underlying files. To be able to avoid such cases, we need to turn on >

Re: [PATCH 0/2] turn on force option for FUSE in builtin policies

Hi, On Thu, Jan 11, 2018 at 8:51 PM, Dongsu Park wrote: > In case of FUSE filesystem, cached integrity results in IMA could be > reused, when the userspace FUSE process has changed the > underlying files. To be able to avoid such cases, we need to turn on > the force option in buil

Re: [PATCH 2/2] ima: turn on force option for FUSE in builtin policies

ystem] As already mentioned in the commit message, this patch depends on patches that are not yet in the mainline, or not even in next-integrity. So please make it excluded from kbuild. Thanks, Dongsu > url: > https://github.com/0day-ci/linux/commits/Dongsu-Park/turn-on-force-option-for-

Re: [PATCH 2/2] ima: turn on force option for FUSE in builtin policies

n the commit message, this patch depends on patches that are not yet in the mainline, or not even in next-integrity. So please make it excluded from kbuild. Thanks, Dongsu > url: > https://github.com/0day-ci/linux/commits/Dongsu-Park/turn-on-force-option-for-FUSE-in-builtin-polici

[PATCH 1/2] fs/fuse: move SUPER_MAGIC definitions to linux/magic.h

: linux-integr...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: Alban Crequy <al...@kinvolk.io> Cc: Miklos Szeredi <mik...@szeredi.hu> Cc: Mimi Zohar <zo...@linux.vnet.ibm.com> Cc: Seth Forshee <seth.fors...@canonical.com> Signed-off-by: Dongsu Park <don...@kinvolk

[PATCH 1/2] fs/fuse: move SUPER_MAGIC definitions to linux/magic.h

: linux-integr...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: Alban Crequy Cc: Miklos Szeredi Cc: Mimi Zohar Cc: Seth Forshee Signed-off-by: Dongsu Park --- fs/fuse/control.c | 3 +-- fs/fuse/inode.c| 3 +-- include/uapi/linux/magic.h | 3 +++ 3 files changed, 5

[PATCH 2/2] ima: turn on force option for FUSE in builtin policies

use-userns-patches/commit/cf1f5750cab0 Cc: linux-integr...@vger.kernel.org Cc: linux-security-mod...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: Miklos Szeredi <mik...@szeredi.hu> Cc: Mimi Zohar <zo...@linux.vnet.ibm.com> Cc: Seth Forshee <seth.fors...@canonical.com> T

[PATCH 2/2] ima: turn on force option for FUSE in builtin policies

use-userns-patches/commit/cf1f5750cab0 Cc: linux-integr...@vger.kernel.org Cc: linux-security-mod...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: Miklos Szeredi Cc: Mimi Zohar Cc: Seth Forshee Tested-by: Alban Crequy Signed-off-by: Dongsu Park --- security/integrity/ima/ima_policy.c | 2

[PATCH 0/2] turn on force option for FUSE in builtin policies

rc.info/?l=linux-integrity=151559360514676=2 Dongsu Park (2): fs/fuse: move SUPER_MAGIC definitions to linux/magic.h ima: turn on force option for FUSE in builtin policies fs/fuse/control.c | 3 +-- fs/fuse/inode.c | 3 +-- include/uapi/linux/magic.h

[PATCH 0/2] turn on force option for FUSE in builtin policies

rc.info/?l=linux-integrity=151559360514676=2 Dongsu Park (2): fs/fuse: move SUPER_MAGIC definitions to linux/magic.h ima: turn on force option for FUSE in builtin policies fs/fuse/control.c | 3 +-- fs/fuse/inode.c | 3 +-- include/uapi/linux/magic.h

Re: [PATCH 03/11] fs: Allow superblock owner to change ownership of inodes

Hi, On Fri, Jan 5, 2018 at 8:24 PM, Luis R. Rodriguez <mcg...@kernel.org> wrote: > On Fri, Dec 22, 2017 at 03:32:27PM +0100, Dongsu Park wrote: >> diff --git a/fs/attr.c b/fs/attr.c >> index 12ffdb6f..bf8e94f3 100644 >> --- a/fs/attr.c >> +++ b/fs/attr.c &

Re: [PATCH 03/11] fs: Allow superblock owner to change ownership of inodes

Hi, On Fri, Jan 5, 2018 at 8:24 PM, Luis R. Rodriguez wrote: > On Fri, Dec 22, 2017 at 03:32:27PM +0100, Dongsu Park wrote: >> diff --git a/fs/attr.c b/fs/attr.c >> index 12ffdb6f..bf8e94f3 100644 >> --- a/fs/attr.c >> +++ b/fs/attr.c >> @@ -18,6 +18

Re: [PATCH v5 00/11] FUSE mounts from non-init user namespaces

Hi, On Mon, Dec 25, 2017 at 8:05 AM, Eric W. Biederman <ebied...@xmission.com> wrote: > Dongsu Park <don...@kinvolk.io> writes: > >> This patchset v5 is based on work by Seth Forshee and Eric Biederman. >> The latest patchset was v4: >> https://www.mail-arch

Re: [PATCH v5 00/11] FUSE mounts from non-init user namespaces

Hi, On Mon, Dec 25, 2017 at 8:05 AM, Eric W. Biederman wrote: > Dongsu Park writes: > >> This patchset v5 is based on work by Seth Forshee and Eric Biederman. >> The latest patchset was v4: >> https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1132206.

Re: [PATCH 04/11] fs: Don't remove suid for CAP_FSETID for userns root

Hi, On Sat, Dec 23, 2017 at 4:26 AM, Serge E. Hallyn <se...@hallyn.com> wrote: > On Fri, Dec 22, 2017 at 03:32:28PM +0100, Dongsu Park wrote: >> From: Seth Forshee <seth.fors...@canonical.com> >> >> Expand the check in should_remove_suid() to keep privileges f

Re: [PATCH 04/11] fs: Don't remove suid for CAP_FSETID for userns root

Hi, On Sat, Dec 23, 2017 at 4:26 AM, Serge E. Hallyn wrote: > On Fri, Dec 22, 2017 at 03:32:28PM +0100, Dongsu Park wrote: >> From: Seth Forshee >> >> Expand the check in should_remove_suid() to keep privileges for > > I realize this description came from Seth, bu

Re: [PATCH 02/11] mtd: Check permissions towards mtd block device inode when mounting

Hi, On Fri, Dec 22, 2017 at 10:06 PM, Richard Weinberger <richard.weinber...@gmail.com> wrote: > Dongsu, > > On Fri, Dec 22, 2017 at 3:32 PM, Dongsu Park <don...@kinvolk.io> wrote: >> From: Seth Forshee <seth.fors...@canonical.com> >> >> Unprivilege

Re: [PATCH 02/11] mtd: Check permissions towards mtd block device inode when mounting

Hi, On Fri, Dec 22, 2017 at 10:06 PM, Richard Weinberger wrote: > Dongsu, > > On Fri, Dec 22, 2017 at 3:32 PM, Dongsu Park wrote: >> From: Seth Forshee >> >> Unprivileged users should not be able to mount mtd block devices >> when they lack sufficient pr

Re: [PATCH 01/11] block_dev: Support checking inode permissions in lookup_bdev()

Hi, On Fri, Dec 22, 2017 at 7:59 PM, Coly Li <i...@coly.li> wrote: > On 22/12/2017 10:32 PM, Dongsu Park wrote: > Hi Dongsu, > > Could you please use a macro like NO_PERMISSION_CHECK to replace hard > coded 0 ? At least for me, I don't need to check what does 0 mean in the &g

Re: [PATCH 01/11] block_dev: Support checking inode permissions in lookup_bdev()

Hi, On Fri, Dec 22, 2017 at 7:59 PM, Coly Li wrote: > On 22/12/2017 10:32 PM, Dongsu Park wrote: > Hi Dongsu, > > Could you please use a macro like NO_PERMISSION_CHECK to replace hard > coded 0 ? At least for me, I don't need to check what does 0 mean in the > new lookup_bdev(

[PATCH 01/11] block_dev: Support checking inode permissions in lookup_bdev()

> Signed-off-by: Seth Forshee <seth.fors...@canonical.com> Signed-off-by: Dongsu Park <don...@kinvolk.io> --- drivers/md/bcache/super.c | 2 +- drivers/md/dm-table.c | 2 +- drivers/mtd/mtdsuper.c| 2 +- fs/block_dev.c| 13 ++--- fs/quota/quota.c |

[PATCH 01/11] block_dev: Support checking inode permissions in lookup_bdev()

...@redhat.com Cc: linux-bca...@vger.kernel.org Cc: linux-fsde...@vger.kernel.org Cc: linux-...@lists.infradead.org Cc: linux-kernel@vger.kernel.org Cc: Alexander Viro Cc: Jan Kara Cc: Serge Hallyn Signed-off-by: Seth Forshee Signed-off-by: Dongsu Park --- drivers/md/bcache/super.c | 2 +- drivers/md/dm

[PATCH 02/11] mtd: Check permissions towards mtd block device inode when mounting

; Signed-off-by: Dongsu Park <don...@kinvolk.io> --- drivers/mtd/mtdsuper.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/mtdsuper.c b/drivers/mtd/mtdsuper.c index 4a4d40c0..3c8734f3 100644 --- a/drivers/mtd/mtdsuper.c +++ b/drivers/mtd/mtdsuper.c @@ -129,

[PATCH 02/11] mtd: Check permissions towards mtd block device inode when mounting

for CAP_SYS_ADMIN, so privileged mounts will continue working as before. Patch v3 is available: https://patchwork.kernel.org/patch/7640011/ Cc: linux-...@lists.infradead.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Seth Forshee Signed-off-by: Dongsu Park --- drivers/mtd/mtdsuper.c | 6 +- 1

[PATCH 11/11] evm: Don't update hmacs in user ns mounts

ty-mod...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: James Morris <james.l.mor...@oracle.com> Cc: Mimi Zohar <zo...@linux.vnet.ibm.com> Cc: "Serge E. Hallyn" <se...@hallyn.com> Signed-off-by: Seth Forshee <seth.fors...@canonical.com> Signed-off-by: Dongsu Park <

[PATCH 11/11] evm: Don't update hmacs in user ns mounts

@vger.kernel.org Cc: James Morris Cc: Mimi Zohar Cc: "Serge E. Hallyn" Signed-off-by: Seth Forshee Signed-off-by: Dongsu Park --- security/integrity/evm/evm_crypto.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/integrity/evm/evm_crypto.c b/security

[PATCH 10/11] fuse: Allow user namespace mounts

el.org Cc: Miklos Szeredi <mszer...@redhat.com> Signed-off-by: Seth Forshee <seth.fors...@canonical.com> [dongsu: add a simple commit messasge] Signed-off-by: Dongsu Park <don...@kinvolk.io> --- fs/fuse/inode.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --gi

[PATCH 10/11] fuse: Allow user namespace mounts

-off-by: Seth Forshee [dongsu: add a simple commit messasge] Signed-off-by: Dongsu Park --- fs/fuse/inode.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c index 7f6b2e55..8c98edee 100644 --- a/fs/fuse/inode.c +++ b/fs/fuse/inode.c @@ -1212,7

[PATCH 09/11] fuse: Restrict allow_other to the superblock's namespace or a descendant

mszer...@redhat.com> Signed-off-by: Seth Forshee <seth.fors...@canonical.com> Signed-off-by: Dongsu Park <don...@kinvolk.io> --- fs/fuse/dir.c | 2 +- kernel/user_namespace.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c

[PATCH 09/11] fuse: Restrict allow_other to the superblock's namespace or a descendant

. Patch v4 is available: https://patchwork.kernel.org/patch/8944671/ Cc: linux-fsde...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: "Eric W. Biederman" Cc: Serge Hallyn Cc: Miklos Szeredi Signed-off-by: Seth Forshee Signed-off-by: Dongsu Park --- fs/fuse/dir.c | 2

[PATCH 07/11] fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems

org Cc: Alexander Viro <v...@zeniv.linux.org.uk> Signed-off-by: Seth Forshee <seth.fors...@canonical.com> Signed-off-by: Dongsu Park <don...@kinvolk.io> --- fs/ioctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ioctl.c b/fs/ioctl.c index 5ace7efb..

[PATCH 07/11] fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems

-by: Seth Forshee Signed-off-by: Dongsu Park --- fs/ioctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ioctl.c b/fs/ioctl.c index 5ace7efb..8c628a8d 100644 --- a/fs/ioctl.c +++ b/fs/ioctl.c @@ -549,7 +549,7 @@ static int ioctl_fsfreeze(struct file *filp

[PATCH 08/11] fuse: Support fuse filesystems outside of init_user_ns

x-fsde...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: Miklos Szeredi <mszer...@redhat.com> Signed-off-by: Seth Forshee <seth.fors...@canonical.com> Signed-off-by: Dongsu Park <don...@kinvolk.io> --- fs/fuse/cuse.c | 3 ++- fs/fuse/dev.c| 11 --- fs/fuse/dir.c| 14

[PATCH 06/11] capabilities: Allow privileged user in s_user_ns to set security.* xattrs

e Hallyn <se...@hallyn.com> Signed-off-by: Seth Forshee <seth.fors...@canonical.com> Signed-off-by: Dongsu Park <don...@kinvolk.io> --- security/commoncap.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/security/commoncap.c b/security/commoncap.c i

[PATCH 06/11] capabilities: Allow privileged user in s_user_ns to set security.* xattrs

check in commoncap is safe in this respect as well. Patch v4 is available: https://patchwork.kernel.org/patch/8944641/ Cc: linux-security-mod...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: James Morris Cc: Serge Hallyn Signed-off-by: Seth Forshee Signed-off-by: Dongsu Park

[PATCH 08/11] fuse: Support fuse filesystems outside of init_user_ns

@vger.kernel.org Cc: Miklos Szeredi Signed-off-by: Seth Forshee Signed-off-by: Dongsu Park --- fs/fuse/cuse.c | 3 ++- fs/fuse/dev.c| 11 --- fs/fuse/dir.c| 14 +++--- fs/fuse/fuse_i.h | 6 +- fs/fuse/inode.c | 31 +++ 5 files changed, 41

[PATCH 05/11] fs: Allow superblock owner to access do_remount_sb()

.@xmission.com> Cc: Serge Hallyn <se...@hallyn.com> Signed-off-by: Seth Forshee <seth.fors...@canonical.com> Signed-off-by: Dongsu Park <don...@kinvolk.io> --- fs/namespace.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/namespace.c b/fs/namesp

[PATCH 03/11] fs: Allow superblock owner to change ownership of inodes

kernel.org> Cc: Kees Cook <keesc...@chromium.org> Inspired-by: Seth Forshee <seth.fors...@canonical.com> Signed-off-by: Eric W. Biederman <ebied...@xmission.com> [saf: Resolve conflicts caused by s/inode_change_ok/setattr_prepare/] Signed-off-by: Dongsu Park <d

[PATCH 05/11] fs: Allow superblock owner to access do_remount_sb()

originally mounted the filesystem. Patch v4 is available: https://patchwork.kernel.org/patch/8944631/ Cc: linux-fsde...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: Alexander Viro Cc: "Eric W. Biederman" Cc: Serge Hallyn Signed-off-by: Seth Forshee Signed-off-by: Dongsu Par

[PATCH 03/11] fs: Allow superblock owner to change ownership of inodes

rman [saf: Resolve conflicts caused by s/inode_change_ok/setattr_prepare/] Signed-off-by: Dongsu Park --- fs/attr.c | 34 ++ fs/proc/base.c| 7 +++ fs/proc/generic.c | 7 +++ fs/proc/proc_sysctl.c | 7 +++ 4 files changed, 47

[PATCH 04/11] fs: Don't remove suid for CAP_FSETID for userns root

s_user_ns, ) to capable_wrt_inode_uidgid Cc: linux-fsde...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: Alexander Viro <v...@zeniv.linux.org.uk> Cc: Serge Hallyn <se...@hallyn.com> Signed-off-by: Seth Forshee <seth.fors...@canonical.com> Signed-off-by: Dongsu Park <don...@kinvolk.io> -

[PATCH 04/11] fs: Don't remove suid for CAP_FSETID for userns root

sde...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: Alexander Viro Cc: Serge Hallyn Signed-off-by: Seth Forshee Signed-off-by: Dongsu Park --- fs/inode.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/inode.c b/fs/inode.c index fd401028..6459a437 100644 --- a

[PATCH v5 00/11] FUSE mounts from non-init user namespaces

This patchset v5 is based on work by Seth Forshee and Eric Biederman. The latest patchset was v4: https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1132206.html At the moment, filesystems backed by physical medium can only be mounted by real root in the initial user namespace. This

[PATCH v5 00/11] FUSE mounts from non-init user namespaces

This patchset v5 is based on work by Seth Forshee and Eric Biederman. The latest patchset was v4: https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1132206.html At the moment, filesystems backed by physical medium can only be mounted by real root in the initial user namespace. This

Re: [PATCH v2] devpts: allow mounting with uid/gid of uint32_t

On 28.08.2015 15:33, Peter Hurley wrote: > On 08/18/2015 11:18 AM, Dongsu Park wrote: > > --- > > fs/devpts/inode.c | 20 > > 1 file changed, 16 insertions(+), 4 deletions(-) > > > > diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c >

Re: [PATCH v2] devpts: allow mounting with uid/gid of uint32_t

On 28.08.2015 15:33, Peter Hurley wrote: On 08/18/2015 11:18 AM, Dongsu Park wrote: --- fs/devpts/inode.c | 20 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c index c35ffdc12bba..49272fae40a7 100644 --- a/fs

Re: [PATCH v2] devpts: allow mounting with uid/gid of uint32_t

Hi, thanks for the review. On 18.08.2015 16:44, Andrew Morton wrote: > On Tue, 18 Aug 2015 17:18:19 +0200 Dongsu Park wrote: > > > To allow devpts to be mounted with options of uid/gid of uint32_t, > > use kstrtouint() instead of match_int(). Doing that, mounting devpts &

Re: [PATCH v2] devpts: allow mounting with uid/gid of uint32_t

Hi, thanks for the review. On 18.08.2015 16:44, Andrew Morton wrote: On Tue, 18 Aug 2015 17:18:19 +0200 Dongsu Park dp...@posteo.net wrote: To allow devpts to be mounted with options of uid/gid of uint32_t, use kstrtouint() instead of match_int(). Doing that, mounting devpts with uid

[PATCH v2] devpts: allow mounting with uid/gid of uint32_t

gid=3598450693 It was originally by reported on systemd github issues: https://github.com/systemd/systemd/issues/956 from v1: fix patch format correctly Reported-by: Alban Crequy Signed-off-by: Dongsu Park --- fs/devpts/inode.c | 20 1 file changed, 16 insertions(+)

[PATCH] devpts: allow mounting with uid/gid of uint32_t

gid=3598450693 It was originally by reported on systemd github issues: https://github.com/systemd/systemd/issues/956 Reported-by: Alban Crequy Signed-off-by: Dongsu Park --- fs/devpts/inode.c | 18 ++ 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/fs/devpts/inode.

[PATCH] devpts: allow mounting with uid/gid of uint32_t

=3598450693 It was originally by reported on systemd github issues: https://github.com/systemd/systemd/issues/956 Reported-by: Alban Crequy al...@endocode.com Signed-off-by: Dongsu Park dp...@posteo.net --- fs/devpts/inode.c | 18 ++ 1 file changed, 14 insertions(+), 4 deletions

[PATCH v2] devpts: allow mounting with uid/gid of uint32_t

=3598450693 It was originally by reported on systemd github issues: https://github.com/systemd/systemd/issues/956 from v1: fix patch format correctly Reported-by: Alban Crequy al...@endocode.com Signed-off-by: Dongsu Park dp...@posteo.net --- fs/devpts/inode.c | 20 1 file

Re: panic with CPU hotplug + blk-mq + scsi-mq

g issue. Yes, it works indeed. Thanks a lot! :-) You can add: Tested-by: Dongsu Park As the original patch didn't apply, I had to change some nitpicks though. (see below) Cheers, Dongsu >From 8c0edcbbdfbab67dc8ae2fd46cca6a86e0cadcba Mon Sep 17 00:00:00 2001 From: Ming Lei Date: Sun, 1

Re: panic with CPU hotplug + blk-mq + scsi-mq

On 20.04.2015 21:12, Ming Lei wrote: > On Mon, Apr 20, 2015 at 4:07 PM, Dongsu Park > wrote: > > Hi Ming, > > > > On 18.04.2015 00:23, Ming Lei wrote: > >> > Does anyone have an idea? > >> > >> As far as I can see, at least two probl

Re: panic with CPU hotplug + blk-mq + scsi-mq

00 00 00 0f 1f 44 00 00 48 8b 87 20 04 00 00 55 48 89 e5 > > <48> 8b 40 98 5d c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 > > [ 47.816324] RIP [] kthread_data+0x10/0x20 > > [ 47.816324] RSP > > [ 47.816324] CR2: ff98 > > [ 47.81632

Re: panic with CPU hotplug + blk-mq + scsi-mq

already from another request_queue. The same situation has to be considered in blk_mq_hctx_cpu_online() too. Cc: sta...@vger.kernel.org Reported-by: Dongsu Park dongsu.p...@profitbricks.com Signed-off-by: Ming Lei ming@canonical.com --- block/blk-mq.c | 17 +++-- 1 file

Re: panic with CPU hotplug + blk-mq + scsi-mq

On 20.04.2015 21:12, Ming Lei wrote: On Mon, Apr 20, 2015 at 4:07 PM, Dongsu Park dongsu.p...@profitbricks.com wrote: Hi Ming, On 18.04.2015 00:23, Ming Lei wrote: Does anyone have an idea? As far as I can see, at least two problems exist: - race between timeout and CPU hotplug

Re: panic with CPU hotplug + blk-mq + scsi-mq

! :-) You can add: Tested-by: Dongsu Park dongsu.p...@profitbricks.com As the original patch didn't apply, I had to change some nitpicks though. (see below) Cheers, Dongsu From 8c0edcbbdfbab67dc8ae2fd46cca6a86e0cadcba Mon Sep 17 00:00:00 2001 From: Ming Lei ming@canonical.com Date: Sun

panic with CPU hotplug + blk-mq + scsi-mq

Hi, there's a critical bug regarding CPU hotplug, blk-mq, and scsi-mq. Every time when a CPU is offlined, some arbitrary range of kernel memory seems to get corrupted. Then after a while, kernel panics at random places when block IOs are issued. (for example, see the call traces below) This bug

panic with CPU hotplug + blk-mq + scsi-mq

Hi, there's a critical bug regarding CPU hotplug, blk-mq, and scsi-mq. Every time when a CPU is offlined, some arbitrary range of kernel memory seems to get corrupted. Then after a while, kernel panics at random places when block IOs are issued. (for example, see the call traces below) This bug

Re: [PATCH] dm: fix multipath regression due to initializing wrong request

On 09.02.2015 10:47, Jens Axboe wrote: > On 02/09/2015 10:35 AM, Mike Snitzer wrote: > >On Mon, Feb 09 2015 at 12:13P -0500, > >Mike Snitzer wrote: > > > >Jens and I discussed this further and given that linux-block breaks > >dm-multipath it is best to fix linux-block and let Linus resolve the >

Re: [PATCH] dm: fix multipath regression due to initializing wrong request

On 09.02.2015 10:47, Jens Axboe wrote: On 02/09/2015 10:35 AM, Mike Snitzer wrote: On Mon, Feb 09 2015 at 12:13P -0500, Mike Snitzer snit...@redhat.com wrote: Jens and I discussed this further and given that linux-block breaks dm-multipath it is best to fix linux-block and let Linus resolve

blk-mq crash with dm-multipath in for-3.20/core

Hi Jens, during testing with the linux-block for-3.20/core branch, I hit a BUG like below. It's reproducible by running xfstests/xfs/279. Bisecting showed that the first bad commit is 6d6285c45f5a ("block: require blk_rq_prep_clone() be given an initialized clone request"). With reverting this

Re: cleanup and refactor BLOCK_PC mapping helpers V2

On 05.02.2015 09:28, Jens Axboe wrote: > On 02/02/2015 06:19 AM, Christoph Hellwig wrote: > >Jens, do these patches look fine to you? Any chance to get them into > >the tree for the 3.20 merge window? > > Yes, I think they look fine. I'll throw them into the testing mix and merge > them for

Re: cleanup and refactor BLOCK_PC mapping helpers V2

On 05.02.2015 09:28, Jens Axboe wrote: On 02/02/2015 06:19 AM, Christoph Hellwig wrote: Jens, do these patches look fine to you? Any chance to get them into the tree for the 3.20 merge window? Yes, I think they look fine. I'll throw them into the testing mix and merge them for 3.20.

blk-mq crash with dm-multipath in for-3.20/core

Hi Jens, during testing with the linux-block for-3.20/core branch, I hit a BUG like below. It's reproducible by running xfstests/xfs/279. Bisecting showed that the first bad commit is 6d6285c45f5a (block: require blk_rq_prep_clone() be given an initialized clone request). With reverting this

Re: [PATCH v2 2/7] block: rewrite __bio_copy_iov()

Hi Christoph, On 16.01.2015 03:31, Christoph Hellwig wrote: > On Thu, Jan 15, 2015 at 10:18:17AM -0800, Christoph Hellwig wrote: > > This breaks booting a simple KVM VM for me: > Seems like the issue actually is in the patch before this one, but > only shows up with this one applied. > The root

Re: [PATCH v2 2/7] block: rewrite __bio_copy_iov()

Hi Christoph, On 16.01.2015 03:31, Christoph Hellwig wrote: On Thu, Jan 15, 2015 at 10:18:17AM -0800, Christoph Hellwig wrote: This breaks booting a simple KVM VM for me: Seems like the issue actually is in the patch before this one, but only shows up with this one applied. The root cause

[PATCH v2 3/9] block: allow __blk_queue_bounce() to handle bios larger than BIO_MAX_PAGES

: Christoph Hellwig Cc: Jens Axboe Signed-off-by: Kent Overstreet [dpark: add more description in commit message] Signed-off-by: Dongsu Park --- block/bounce.c | 60 ++ 1 file changed, 52 insertions(+), 8 deletions(-) diff --git a/block/bounce.c

[PATCH v2 4/9] bcache: clean up hacks around bio_split_pool

: add more description in commit message] Signed-off-by: Dongsu Park --- drivers/md/bcache/bcache.h| 18 drivers/md/bcache/io.c| 100 +- drivers/md/bcache/journal.c | 4 +- drivers/md/bcache/request.c | 16 +++ drivers/md

[PATCH v2 5/9] btrfs: remove bio splitting and merge_bvec_fn() calls

Cc: Chris Mason Cc: Josef Bacik Cc: linux-bt...@vger.kernel.org Signed-off-by: Kent Overstreet Signed-off-by: Chris Mason [dpark: add more description in commit message] Signed-off-by: Dongsu Park --- fs/btrfs/volumes.c | 73 -- 1 file chan

[PATCH v2 6/9] md/raid5: get rid of bio_fits_rdev()

ion in commit message] Signed-off-by: Dongsu Park --- drivers/md/raid5.c | 23 +-- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c index c1b0d52..40e464c 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -4218,25 +421

[PATCH v2 2/9] block: simplify bio_add_page()

couple of comments, make bio_add_page() warn once upon a cloned bio.] Signed-off-by: Dongsu Park --- block/bio.c | 135 +--- 1 file changed, 55 insertions(+), 80 deletions(-) diff --git a/block/bio.c b/block/bio.c index 7ff846d..136b78b

[PATCH v2 8/9] fs: use helper bio_add_page() instead of open coding on bi_io_vec

...@vger.kernel.org Signed-off-by: Kent Overstreet [dpark: add more description in commit message] Signed-off-by: Dongsu Park --- fs/buffer.c | 7 ++- fs/jfs/jfs_logmgr.c | 14 -- mm/page_io.c| 8 +++- 3 files changed, 9 insertions(+), 20 deletions(-) diff

[PATCH v2 7/9] block: kill merge_bvec_fn() completely

treet [dpark: also remove ->merge_bvec_fn() in dm-thin as well as dm-era-target, and resolve merge conflicts] Signed-off-by: Dongsu Park --- block/blk-merge.c | 17 +- block/blk-settings.c | 22 drivers/block/drbd/drbd_int.h | 1 - drivers/block/drbd/d

[PATCH v2 9/9] Documentation: update notes in biovecs about arbitrarily sized bios

Update block/biovecs.txt so that it includes a note on what kind of effects arbitrarily sized bios would bring to the block layer. Also fix a trivial typo, bio_iter_iovec. Cc: Christoph Hellwig Cc: Kent Overstreet Cc: Jonathan Corbet Cc: linux-...@vger.kernel.org Signed-off-by: Dongsu Park

[PATCH v2 2/7] block: rewrite __bio_copy_iov()

repeatedly. This commit should contain only literal replacements, without functional changes. Suggested-by: Christoph Hellwig Cc: Kent Overstreet Cc: Jens Axboe Cc: Al Viro Signed-off-by: Dongsu Park --- block/bio.c | 113 1 file

[RFC PATCH v2 0/9] simplify block layer based on immutable biovecs

1/23/263 [2] https://lkml.org/lkml/2013/11/25/732 [3] https://lkml.org/lkml/2014/2/26/618 [4] https://lkml.org/lkml/2014/12/22/128 [5] https://lkml.org/lkml/2015/1/12/255 Dongsu Park (1): Documentation: update notes in biovecs about arbitrarily sized bios Kent Overstreet (8): block: make g

[PATCH v2 1/9] block: make generic_make_request handle arbitrarily sized bios

Cc: Minchan Kim Cc: Nitin Gupta Cc: Oleg Drokin Cc: Andreas Dilger Signed-off-by: Kent Overstreet [dpark: skip more mq-based drivers, resolve merge conflicts, etc.] Signed-off-by: Dongsu Park --- block/blk-core.c| 19 ++-- block/blk-merge.c

[PATCH v2 4/7] block: refactor bio_get_user_pages() from __bio_map_user_iov()

() take arbitrarily sized bios - we're not using bio_add_page() here. Cc: Christoph Hellwig Cc: Jens Axboe Signed-off-by: Kent Overstreet [dpark: add more description in commit message] Signed-off-by: Dongsu Park --- block/bio.c | 130

  1   2   3   >