that prepare the code to handle different types of SMB2 leases.
Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
This simplifies the RCU to refcounting code in particular.
I was originally intending to leave this for later, but walking through
all the dput() logic (see previous commit), I realized that the dput()
"might_sleep()" check was misleadingly weak. And I removed it as
misleading, both for performance profiling and for debugging.
However, the might_sleep() debugging case is actually true: the final
dput() can indeed sleep, if the inode of the dentry that you are
releasing ends up sleeping at iput time (see dentry_iput()). So the
problem with the might_sleep() in dput() wasn't that it wasn't true, it
was that it wasn't actually testing and triggering on the interesting
case.
In particular, just about *any* dput() can indeed sleep, if you happen
to race with another thread deleting the file in question, and you then
lose the race to the be the last dput() for that file. But because it's
a very rare race, the debugging code would never trigger it in practice.
Why is this problematic? The new d_rcu_to_refcount() (see commit
15570086b5: "vfs: reimplement d_rcu_to_refcount() using
lockref_get_or_lock()") does a dput() for the failure case, and it does
it under the RCU lock. So potentially sleeping really is a bug.
But there's no way I'm going to fix this with the previous complicated
"lockref_get_or_lock()" interface. And rather than revert to the old
and crufty nested dentry locking code (which did get this right by
delaying the reference count updates until they were verified to be
safe), let's make forward progress.
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This is me being a bit OCD after all the dentry optimization work this
merge window: profiles end up showing 'dput()' as a rather expensive
operation, and there were two unrelated bad reasons for that.
The first reason was reading d_lockref.count for debugging purposes,
which touches the lockref cacheline (for reads) before really need to.
More importantly, the debugging test in question is _wrong_, and has
hidden bugs. It's true that we can only sleep when the count goes down
to zero, but the test as-is hides the much more subtle bug that happens
if we race with somebody else deleting the file.
Anyway we _will_ touch that cacheline, but let's do it for a write and
in the right routine (ie in "lockref_put_or_lock()") which annotates the
costs better. So remove the misleading debug code.
The other was an unnecessary access to the cacheline that contains the
d_lru list, just to check whether we already were on the LRU list or
not. This is exactly what we have d_flags for, so that we can avoid
touching extra cache lines for the common case. So just add another bit
for "is this dentry on the LRU".
Finally, mark the tests properly likely/unlikely, so that the common
fast-paths are dense in the instruction stream.
This makes the profiles look much saner.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jeff's patchset introduced trivial sparse warning on new cifs toupper routine
Signed-off-by: Steve French <smfrench@gmail.com>
CC: Jeff Layton <jlayton@redhat.com>
Switch smb2 code to use per session session key and smb3 code to
use per session signing key instead of per connection key to
generate signatures.
For that, we need to find a session to fetch the session key to
generate signature to match for every request and response packet.
We also forgo checking signature for a session setup response
from the server.
Acked-by: Jeff Layton <jlayton@samba.org>
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Add a variable specific to NTLMSSP authentication to determine
whether to exchange keys during negotiation and authentication phases.
Since session key for smb1 is per smb connection, once a very first
sesion is established, there is no need for key exchange during
subsequent session setups. As a result, smb1 session setup code sets this
variable as false.
Since session key for smb2 and smb3 is per smb connection, we need to
exchange keys to generate session key for every sesion being established.
As a result, smb2/3 session setup code sets this variable as true.
Acked-by: Jeff Layton <jlayton@samba.org>
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Move the post (successful) session setup code to respective dialect routines.
For smb1, session key is per smb connection.
For smb2/smb3, session key is per smb session.
If client and server do not require signing, free session key for smb1/2/3.
If client and server require signing
smb1 - Copy (kmemdup) session key for the first session to connection.
Free session key of that and subsequent sessions on this connection.
smb2 - For every session, keep the session key and free it when the
session is being shutdown.
smb3 - For every session, generate the smb3 signing key using the session key
and then free the session key.
There are two unrelated line formatting changes as well.
Reviewed-by: Jeff Layton <jlayton@samba.org>
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Convert cpu_to_le32(le32_to_cpu(E1) + E2) to use le32_add_cpu().
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <smfrench@gmail.com>
If a server sends a lease break to a connection that doesn't have
opens with a lease key specified in the server response, we can't
find an open file to send an ack. Fix this by walking through
all connections we have.
Cc: <stable@vger.kernel.org>
Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
This happens when we receive a lease break from a server, then
find an appropriate lease key in opened files and schedule the
oplock_break slow work. lw pointer isn't freed in this case.
Cc: <stable@vger.kernel.org>
Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
Add the script used to generate the case-conversion tables to the
Documentation/ directory, in case we ever need to update or regenerate
these tables in the future.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Have the case-insensitive d_compare and d_hash routines convert each
character in the filenames to wchar_t's and then use the new
cifs_toupper routine to convert those into uppercase.
With this scheme we should more closely emulate the case conversion that
the servers will do.
Reported-and-Tested-by: Jan-Marek Glogowski <glogow@fbihome.de>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
The existing NLS case conversion routines do not appropriately handle
the (now common) case where the local host is using UTF8. This is
because nls_utf8 has no support at all for converting a utf8 string
between cases and the NLS infrastructure in general cannot handle
a multibyte input character.
In any case, what we really need for cifs is to emulate how we expect
the server to convert the character to upper or lowercase. Thus, even
if we had routines that could handle utf8 case conversion, we likely
would end up with the wrong result if the name ends up being in the
upper planes.
This patch adds a new scheme for doing unicode case conversion. The
case conversion tables that Microsoft has published for Windows 8
have been converted to a set of lookup tables, and a routine is
added to convert a wchar_t from lower to uppercase using those
tables.
Reported-and-Tested-by: Jan-Marek Glogowski <glogow@fbihome.de>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
MAX_SERVER_SIZE has been moved to cifs_mount.h and renamed
CIFS_NI_MAXHOST for clarity. It has been expanded to 1024 as the
previous value of 16 was very short.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
The old max share name length limit was 80 due to Windows NET SHARE
command not allowing more than that. However, share names can be much
longer. This is a more reasonable maximum share name length.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
The max string length definitions for user name, domain name, password,
and share name have been moved into their own header file in uapi so the
mount helper can use autoconf to define them instead of keeping the
kernel side and userland side definitions in sync manually. The names
have also been standardized with a "CIFS" prefix and "LEN" suffix.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
Reviewed-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Steve French <smfrench@gmail.com>
by using a query reparse ioctl request.
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
that allows to access files through symlink created on a server.
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
Currently, we have a number of documentation files that live under
fs/cifs/. Generally, these don't get picked up by distro packagers,
since they're in a non-standard location. Move them to a new spot
under Documentation/ instead.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
The S/PDIF driver needs regmap so select it to make sure it gets
included in the build.
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Acked-by: Nicolin Chen <b42378@freescale.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
crypto_larval_lookup should only return a larval if it created one.
Any larval created by another entity must be processed through
crypto_larval_wait before being returned.
Otherwise this will lead to a larval being killed twice, which
will most likely lead to a crash.
Cc: stable@vger.kernel.org
Reported-by: Kees Cook <keescook@chromium.org>
Tested-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Pull NVM Express driver update from Matthew Wilcox.
* git://git.infradead.org/users/willy/linux-nvme:
NVMe: Merge issue on character device bring-up
NVMe: Handle ioremap failure
NVMe: Add pci suspend/resume driver callbacks
NVMe: Use normal shutdown
NVMe: Separate controller init from disk discovery
NVMe: Separate queue alloc/free from create/delete
NVMe: Group pci related actions in functions
NVMe: Disk stats for read/write commands only
NVMe: Bring up cdev on set feature failure
NVMe: Fix checkpatch issues
NVMe: Namespace IDs are unsigned
NVMe: Update nvme_id_power_state with latest spec
NVMe: Split header file into user-visible and kernel-visible pieces
NVMe: Call nvme_process_cq from submission path
NVMe: Remove "process_cq did something" message
NVMe: Return correct value from interrupt handler
NVMe: Disk IO statistics
NVMe: Restructure MSI / MSI-X setup
NVMe: Use kzalloc instead of kmalloc+memset
debugfs, and USD/DSD identification. Add a workaround on Xeon NTB
devices for b2bdoorbell errata. Also, add new NTB driver features to
support 32bit x86, DMA engine support, and NTB-RP support. Finally, a
few clean-ups and update to MAINTAINERS for the NTB git tree and wiki
location.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJSKQrVAAoJEG5mS6x6i9IjuHIQAIfX6IpgC+si59vYg/RqTyqI
fulDSoVeasMGEwUNvQhFxq27enPmpDqfRXcG276piSh4ujVL0t9O87QP+ZNHLVUh
9jwLjnJCNYqwRy6VgMZBmzhVZ4Gu9bjvxHEnhwVmjkXrXxgqExQKOaKk47ivIsUO
dHfkBKO2AYfR27zjdsdO939XHLyWtv4HpxtDKgkp1oH4VEGwei9ctkVDOo/Fxhbo
KWPqkxzWNnB+jg8eQphncDSVlI2iLypV+Sp+3KnbqDfpmjsxrp62nfYRLjLnSaF3
Gvt0N6KNXykWNdHnPEyyFPlfOxBRXDGcsPH5BGksjhwVVTTAopJ9wc6hq5sgI+Zc
MWL1v6CB+hz/whVbZiqdkQvlgl2APfTYWJekjYFyHCx7xfY6byeQgIDcqc0KVI//
XZiODGHxVuFkZffc6HPOrCKb2iUfKqtAF3GTfPFnHTrXjFmVWi27gIIT52Ms8F7j
qNwynJbqsiRDu+fldI+fBkLYe2EVoIpIfNfIo9EJAVuvXKIpTVFzuhU4ltkTmscC
Je7OMPaqJMu3MKwP48PUpf7XdmEh+tgYQ0xbfAcNbblyZ+gISW6zJ8jcR8Dm6vfS
gYM5gr2CimwVoBDri0zeW++OPiEAYu0CJ/QU5xycVDXfkVXeejxIfdqHsoajhl1E
XwFkaDlq5zkMevrbt5IF
=Gr+V
-----END PGP SIGNATURE-----
Merge tag 'ntb-3.12' of git://github.com/jonmason/ntb
Pull NTB (non-transparent bridge) updates from Jon Mason:
"NTB driver bug fixes to address issues in NTB-RP enablement, spad,
debugfs, and USD/DSD identification.
Add a workaround on Xeon NTB devices for b2bdoorbell errata. Also,
add new NTB driver features to support 32bit x86, DMA engine support,
and NTB-RP support.
Finally, a few clean-ups and update to MAINTAINERS for the NTB git
tree and wiki location"
* tag 'ntb-3.12' of git://github.com/jonmason/ntb:
ntb: clean up unnecessary MSI/MSI-X capability find
MAINTAINERS: Add Website and Git Tree for NTB
NTB: Update Version
NTB: Comment Fix
NTB: Remove unused variable
NTB: Remove References of non-B2B BWD HW
NTB: NTB-RP support
NTB: Rename Variables for NTB-RP
NTB: Use DMA Engine to Transmit and Receive
NTB: Enable 32bit Support
NTB: Update Device IDs
NTB: BWD Link Recovery
NTB: Xeon Errata Workaround
NTB: Correct debugfs to work with more than 1 NTB Device
NTB: Correct USD/DSD Identification
NTB: Correct Number of Scratch Pad Registers
NTB: Add Error Handling in ntb_device_setup
from Dialog Semiconductor.
Besides that driver we also have:
- Device tree support for the s2mps11 driver
- More devm_* conversion for the pm8921, max89xx, menelaus, tps65010,
wl1273 and pcf50633-adc drivers.
- A conversion to threaded IRQ and IRQ domain for the twl6030 driver.
- A fairly big update for the rtsx driver: Better power saving support,
better vendor settings handling, and a few fixes.
- Support for a couple more boards (COMe-bHL6 and COMe-cTH6) for the
Kontron driver.
- A conversion to the dev_get_platdata() API for all MFD drivers.
- A removal of non-DT (legacy) support for the twl6040 driver.
- A few fixes and additions (Mic detect level) to the wm5110 register tables.
- Regmap support for the davinci_voicecodec driver.
- The usual bunch of minor cleanups and janitorial fixes.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABAgAGBQJSKFnjAAoJEIqAPN1PVmxKU9AP/RAmSYux6c+cd7P7roXL+/lA
qNKy8Op31J51N/n918o7zwbskmRIJJsbd+I6ClBlYdCUB+B8/Oj41uD4F+q35b/H
F5Xm2XRPQAGHx37m5adJMrK/OR3zCTwhPjleJYOJWIFjDP/nDNJIPwTYb13Rqurh
V39icmRtnNR0uDOmv3eELyV4FnWQTpA858dxuhSi+5jbbHFhCcYShEmE9109eexl
RNuyF8d0KPGvnKhK+H1/k4ZYG2XAFFOZfZz9MB+l651nidqDvwJph0Zdj3w1r112
8OR5i7B3vw268nmyjOOUtYqL2vOaUW4lavmLTQiSdQWd1BHv9hEmD0RRR5bSrLeH
6DwCTh0+xWH08ogbMwi4dwZyRhjxMPMpkxeNz51TpRnXKDSZmBgrjovKNJpP8pW6
m7RsgUC9AiEQf/Ac0PBMrU8ABKeJnt3K3ZZp4YN7/H6rAMOhXjLqFD8JLoFvx08z
itKKSzVaIA3pzxpnkWWiTsr+bChaSOrHHy1biWa4ve5pvrFc9ivPz1DhL3PTmXpp
haeeylFG01r5NJIHeJewRsmUJk67aEyeAnnoLwqCRycWjdDmcCBC5bgDBkRRonoS
93tgKVzL9q/NwvT5Uatw3uYqTN0jOuH0t39gAzu9uwnWvivcZK5EBYh789YQL+on
zih4qUICM08yWRDNNDgF
=a7dU
-----END PGP SIGNATURE-----
Merge tag 'mfd-3.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-next
Pull MFD (multi-function device) updates from Samuel Ortiz:
"For the 3.12 merge window we have one new driver for the DA9063 PMIC
from Dialog Semiconductor.
Besides that driver we also have:
- Device tree support for the s2mps11 driver
- More devm_* conversion for the pm8921, max89xx, menelaus, tps65010,
wl1273 and pcf50633-adc drivers.
- A conversion to threaded IRQ and IRQ domain for the twl6030 driver.
- A fairly big update for the rtsx driver: Better power saving
support, better vendor settings handling, and a few fixes.
- Support for a couple more boards (COMe-bHL6 and COMe-cTH6) for the
Kontron driver.
- A conversion to the dev_get_platdata() API for all MFD drivers.
- A removal of non-DT (legacy) support for the twl6040 driver.
- A few fixes and additions (Mic detect level) to the wm5110 register
tables.
- Regmap support for the davinci_voicecodec driver.
- The usual bunch of minor cleanups and janitorial fixes"
* tag 'mfd-3.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-next: (81 commits)
mfd: ucb1x00-core: Rewrite ucb1x00_add_dev()
mfd: ab8500-debugfs: Apply a check for -ENOMEM after allocating memory for event name
mfd: ab8500-debugfs: Apply a check for -ENOMEM after allocating memory for sysfs
mfd: timberdale: Use module_pci_driver
mfd: timberdale: Remove redundant break
mfd: timberdale: Staticize local variables
mfd: ab8500-debugfs: Staticize local variables
mfd: db8500-prcmu: Staticize clk_mgt
mfd: db8500-prcmu: Use ANSI function declaration
mfd: omap-usb-host: Staticize usbhs_driver_name
mfd: 88pm805: Fix potential NULL pdata dereference
mfd: 88pm800: Fix potential NULL pdata dereference
mfd: twl6040: Use regmap for register cache
mfd: davinci_voicecodec: Provide a regmap for register I/O
mfd: davinci_voicecodec: Remove unused read and write functions
mmc: memstick: rtsx: Modify copyright comments
mmc: rtsx: Clear SD_CLK toggle enable bit if switching voltage fail
mfd: mmc: rtsx: Change default tx phase
mfd: pcf50633-adc: Use devm_*() functions
mfd: rtsx: Copyright modifications
...
Pull misc kbuild updates from Michal Marek:
"In the kbuild misc branch, I have:
- make rpm-pkg updates, most importantly the rpm package now calls
/sbin/installkernel
- make deb-pkg: debuginfo split, correct kernel image path for
parisc, mips and powerpc and a couple more minor fixes
- New coccinelle check"
* 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
scripts/checkkconfigsymbols.sh: replace echo -e with printf
Provide version number for Debian firmware package
coccinelle: replace 0/1 with false/true in functions returning bool
deb-pkg: add a hook argument to match debian hooks parameters
deb-pkg: fix installed image path on parisc, mips and powerpc
deb-pkg: split debug symbols in their own package
deb-pkg: use KCONFIG_CONFIG instead of .config file directly
rpm-pkg: add generation of kernel-devel
rpm-pkg: install firmware files in kernel relative directory
rpm-pkg: add %post section to create initramfs and grub hooks
Pull kbuild update from Michal Marek:
"Only these two commits are in the kbuild branch this time:
- Using filechk for include/config/kernel.release
- Cleanup in scripts/sortextable.c"
* 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
kbuild: Do not overwrite include/config/kernel.release needlessly
scripts: remove unused function in sortextable.c
kernel/cgroup.c is the only place in the tree that relies on eventfd.h
pulling file.h; move that include there. Switch from eventfd_fget()/fput()
to fdget()/fdput(), while we are at it - eventfd_ctx_fileget() will fail
on non-eventfd descriptors just fine, no need to do that check twice...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
On some filesystems it's impossible even with fs corruption, but we'd
better not rely on that, what with memcpy() into on-stack array we
are doing there.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
No dentry can get to directory modification methods without
having passed either ->lookup() or ->atomic_open(); if name is
rejected by those two (or by ->d_hash()) with an error, it won't
be seen by anything else.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
The only actual current lockref user (dcache) uses zero reference counts
even for perfectly live dentries, because it's a cache: there may not be
any users, but that doesn't mean that we want to throw away the dentry.
At the same time, the dentry cache does have a notion of a truly "dead"
dentry that we must not even increment the reference count of, because
we have pruned it and it is not valid.
Currently that distinction is not visible in the lockref itself, and the
dentry cache validation uses "lockref_get_or_lock()" to either get a new
reference to a dentry that already had existing references (and thus
cannot be dead), or get the dentry lock so that we can then verify the
dentry and increment the reference count under the lock if that
verification was successful.
That's all somewhat complicated.
This adds the concept of being "dead" to the lockref itself, by simply
using a count that is negative. This allows a usage scenario where we
can increment the refcount of a dentry without having to validate it,
and pushing the special "we killed it" case into the lockref code.
The dentry code itself doesn't actually use this yet, and it's probably
too late in the merge window to do that code (the dentry_kill() code
with its "should I decrement the count" logic really is pretty complex
code), but let's introduce the concept at the lockref level now.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commit 97431204ea introduced a regression
that causes SECINFO_NO_NAME to fail without sending an RPC if:
1) the nfs_client's rpc_client is using krb5i/p (now tried by default)
2) the current user doesn't have valid kerberos credentials
This situation is quite common - as of now a sec=sys mount would use
krb5i for the nfs_client's rpc_client and a user would hardly be faulted
for not having run kinit.
The solution is to use the machine cred when trying to use an integrity
protected auth flavor for SECINFO_NO_NAME.
Older servers may not support using the machine cred or an integrity
protected auth flavor for SECINFO_NO_NAME in every circumstance, so we fall
back to using the user's cred and the filesystem's auth flavor in this case.
We run into another problem when running against linux nfs servers -
they return NFS4ERR_WRONGSEC when using integrity auth flavor (unless the
mount is also that flavor) even though that is not a valid error for
SECINFO*. Even though it's against spec, handle WRONGSEC errors on
SECINFO_NO_NAME by falling back to using the user cred and the
filesystem's auth flavor.
Signed-off-by: Weston Andros Adamson <dros@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
The code got rewritten, but the comments got copied as-is from older
versions, and as a result the argument name in the comment didn't
actually match the code any more.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
In cases where the parent super block was not mounted with a 'sec=' line,
allow autonegotiation of security for the submounts.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Pull vfs pile 2 (of many) from Al Viro:
"Mostly Miklos' series this time"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
constify dcache.c inlined helpers where possible
fuse: drop dentry on failed revalidate
fuse: clean up return in fuse_dentry_revalidate()
fuse: use d_materialise_unique()
sysfs: use check_submounts_and_drop()
nfs: use check_submounts_and_drop()
gfs2: use check_submounts_and_drop()
afs: use check_submounts_and_drop()
vfs: check unlinked ancestors before mount
vfs: check submounts and drop atomically
vfs: add d_walk()
vfs: restructure d_genocide()
Pull namespace changes from Eric Biederman:
"This is an assorted mishmash of small cleanups, enhancements and bug
fixes.
The major theme is user namespace mount restrictions. nsown_capable
is killed as it encourages not thinking about details that need to be
considered. A very hard to hit pid namespace exiting bug was finally
tracked and fixed. A couple of cleanups to the basic namespace
infrastructure.
Finally there is an enhancement that makes per user namespace
capabilities usable as capabilities, and an enhancement that allows
the per userns root to nice other processes in the user namespace"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
userns: Kill nsown_capable it makes the wrong thing easy
capabilities: allow nice if we are privileged
pidns: Don't have unshare(CLONE_NEWPID) imply CLONE_THREAD
userns: Allow PR_CAPBSET_DROP in a user namespace.
namespaces: Simplify copy_namespaces so it is clear what is going on.
pidns: Fix hang in zap_pid_ns_processes by sending a potentially extra wakeup
sysfs: Restrict mounting sysfs
userns: Better restrictions on when proc and sysfs can be mounted
vfs: Don't copy mount bind mounts of /proc/<pid>/ns/mnt between namespaces
kernel/nsproxy.c: Improving a snippet of code.
proc: Restrict mounting the proc filesystem
vfs: Lock in place mounts from more privileged users
Pull security subsystem updates from James Morris:
"Nothing major for this kernel, just maintenance updates"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (21 commits)
apparmor: add the ability to report a sha1 hash of loaded policy
apparmor: export set of capabilities supported by the apparmor module
apparmor: add the profile introspection file to interface
apparmor: add an optional profile attachment string for profiles
apparmor: add interface files for profiles and namespaces
apparmor: allow setting any profile into the unconfined state
apparmor: make free_profile available outside of policy.c
apparmor: rework namespace free path
apparmor: update how unconfined is handled
apparmor: change how profile replacement update is done
apparmor: convert profile lists to RCU based locking
apparmor: provide base for multiple profiles to be replaced at once
apparmor: add a features/policy dir to interface
apparmor: enable users to query whether apparmor is enabled
apparmor: remove minimum size check for vmalloc()
Smack: parse multiple rules per write to load2, up to PAGE_SIZE-1 bytes
Smack: network label match fix
security: smack: add a hash table to quicken smk_find_entry()
security: smack: fix memleak in smk_write_rules_list()
xattr: Constify ->name member of "struct xattr".
...
Pull crypto update from Herbert Xu:
"Here is the crypto update for 3.12:
- Added MODULE_SOFTDEP to allow pre-loading of modules.
- Reinstated crct10dif driver using the module softdep feature.
- Allow via rng driver to be auto-loaded.
- Split large input data when necessary in nx.
- Handle zero length messages correctly for GCM/XCBC in nx.
- Handle SHA-2 chunks bigger than block size properly in nx.
- Handle unaligned lengths in omap-aes.
- Added SHA384/SHA512 to omap-sham.
- Added OMAP5/AM43XX SHAM support.
- Added OMAP4 TRNG support.
- Misc fixes"
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (66 commits)
Reinstate "crypto: crct10dif - Wrap crc_t10dif function all to use crypto transform framework"
hwrng: via - Add MODULE_DEVICE_TABLE
crypto: fcrypt - Fix bitoperation for compilation with clang
crypto: nx - fix SHA-2 for chunks bigger than block size
crypto: nx - fix GCM for zero length messages
crypto: nx - fix XCBC for zero length messages
crypto: nx - fix limits to sg lists for AES-CCM
crypto: nx - fix limits to sg lists for AES-XCBC
crypto: nx - fix limits to sg lists for AES-GCM
crypto: nx - fix limits to sg lists for AES-CTR
crypto: nx - fix limits to sg lists for AES-CBC
crypto: nx - fix limits to sg lists for AES-ECB
crypto: nx - add offset to nx_build_sg_lists()
padata - Register hotcpu notifier after initialization
padata - share code between CPU_ONLINE and CPU_DOWN_FAILED, same to CPU_DOWN_PREPARE and CPU_UP_CANCELED
hwrng: omap - reorder OMAP TRNG driver code
crypto: omap-sham - correct dma burst size
crypto: omap-sham - Enable Polling mode if DMA fails
crypto: tegra-aes - bitwise vs logical and
crypto: sahara - checking the wrong variable
...
Pull networking fixes from David Miller:
"A quick set of fixes, some to deal with fallout from yesterday's
net-next merge.
1) Fix compilation of bnx2x driver with CONFIG_BNX2X_SRIOV disabled,
from Dmitry Kravkov.
2) Fix a bnx2x regression caused by one of Dave Jones's mistaken
braces changes, from Eilon Greenstein.
3) Add some protective filtering in the netlink tap code, from Daniel
Borkmann.
4) Fix TCP congestion window growth regression after timeouts, from
Yuchung Cheng.
5) Correctly adjust TCP's rcv_ssthresh for out of order packets, from
Eric Dumazet"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
tcp: properly increase rcv_ssthresh for ofo packets
net: add documentation for BQL helpers
mlx5: remove unused MLX5_DEBUG param in Kconfig
bnx2x: Restore a call to config_init
bnx2x: fix broken compilation with CONFIG_BNX2X_SRIOV is not set
tcp: fix no cwnd growth after timeout
net: netlink: filter particular protocols from analyzers
NFSv4 security auto-negotiation has been broken since
commit 4580a92d44 (NFS:
Use server-recommended security flavor by default (NFSv3))
because nfs4_try_mount() will automatically select AUTH_SYS
if it sees no auth flavours.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: Chuck Lever <chuck.lever@oracle.com>
What is the point of having a 'auth_flavor_len' field, if it is
always set to 1, and can't be used to determine if the user has
selected an auth flavour?
This cleanup goes back to using auth_flavor_len for its original
intended purpose, and gets rid of the ad-hoc replacements.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
If we have multiple sessions on a system, we normally don't want
background sessions to read input events. Otherwise, it could capture
passwords and more entered by the user on the foreground session. This is
a real world problem as the recent XMir development showed:
http://mjg59.dreamwidth.org/27327.html
We currently rely on sessions to release input devices when being
deactivated. This relies on trust across sessions. But that's not given on
usual systems. We therefore need a way to control which processes have
access to input devices.
With VTs the kernel simply routed them through the active /dev/ttyX. This
is not possible with evdev devices, though. Moreover, we want to avoid
routing input-devices through some dispatcher-daemon in userspace (which
would add some latency).
This patch introduces EVIOCREVOKE. If called on an evdev fd, this revokes
device-access irrecoverably for that *single* open-file. Hence, once you
call EVIOCREVOKE on any dup()ed fd, all fds for that open-file will be
rather useless now (but still valid compared to close()!). This allows us
to pass fds directly to session-processes from a trusted source. The
source keeps a dup()ed fd and revokes access once the session-process is
no longer active.
Compared to the EVIOCMUTE proposal, we can avoid the CAP_SYS_ADMIN
restriction now as there is no way to revive the fd again. Hence, a user
is free to call EVIOCREVOKE themself to kill the fd.
Additionally, this ioctl allows multi-layer access-control (again compared
to EVIOCMUTE which was limited to one layer via CAP_SYS_ADMIN). A middle
layer can simply request a new open-file from the layer above and pass it
to the layer below. Now each layer can call EVIOCREVOKE on the fds to
revoke access for all layers below, at the expense of one fd per layer.
There's already ongoing experimental user-space work which demonstrates
how it can be used:
http://lists.freedesktop.org/archives/systemd-devel/2013-August/012897.html
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Pull hwmon fixes from Jean Delvare.
* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
hwmon: (emc6w201) Do not declare enum variable
hwmon: (w83792d) Update module author
- A new driver for the TZ1090 PDC which is used on the metag
architecture.
- A new driver for the Kontron ETX or COMexpress GPIO block.
This is found on some ETX x86 devices.
- A new driver for the Fintek Super-I/O chips, used on
some x86 boards.
- Added device tree probing on a few select GPIO blocks.
- Drop the Exynos support from the Samsung GPIO driver.
The Samsung maintainers have moved over to use the
modernized pin control driver to provide GPIO for the
modern platforms instead.
- The usual bunch of non-critical fixes and cleanups.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAABAgAGBQJSKZvzAAoJEEEQszewGV1zUg8QAMAqM90/U/0c73fxS28BbN6+
5bO3a/l9JZYWHyk+739oFZqMUoPDKcq/IOSbirxdgpWE3zcF34ogNfIgSoAL77C5
3yGa2Lclkxmngo8ZXXeu6DSTq82rlaVjCcHcXw/qd6lVAZT8YaS364vGYpcENPxI
s1yfrCZy89kZQufX++ytcbIUj75KXHvd9MK9IRE4BVkQMgLXAX/oSbTdB5PhFb79
J5ls0T1c8JRxI4sj32ZDh6dfeKGsRQF20z6OO5o0ZIyQ+ZGLJPlYatdivJelQz9J
P67suwn86RXfABISYle2YbNmy3zX+wEyG2nHASDL7hSfWtGpZ5ANJTXqrKjwFITL
sfqQhMtHDZ7fNbgA0kOyE25kgLybsJZNxR/PJGEHteT1+XZHi2nsP2NTNuxxEKjb
6NyLXrYXb0VK/poG+ZYXH2tt0C02pg3MfN9y+nfh8reG2bfeLvL/cU7DiQgMUGEf
DXwgXQdgow9dHus/ZuCuWz4xqAfqk5VRS8ba6Wg2F8uLaXY1qYM6mNeatzTfP3fg
5jALMy038l7yMBMFnTp8GCb78/iIXWLtEejtgoowBuGbZtOjii8wEExHvl4tCabQ
PbB9pG8+ojjiQPk2t1ZFFUqX6hCGBFrJbYnJj2vfftBHiFnz5bKrcSBOWVdTWgco
YqURqegvZVin4aQNGFF2
=oEK9
-----END PGP SIGNATURE-----
Merge tag 'gpio-v3.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
Pull GPIO updates from Linus Walleij:
"This is the bulk of GPIO changes for the v3.12 series:
- A new driver for the TZ1090 PDC which is used on the metag
architecture.
- A new driver for the Kontron ETX or COMexpress GPIO block. This is
found on some ETX x86 devices.
- A new driver for the Fintek Super-I/O chips, used on some x86
boards.
- Added device tree probing on a few select GPIO blocks.
- Drop the Exynos support from the Samsung GPIO driver.
The Samsung maintainers have moved over to use the modernized pin
control driver to provide GPIO for the modern platforms instead.
- The usual bunch of non-critical fixes and cleanups"
* tag 'gpio-v3.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: (36 commits)
gpio: return -ENOTSUPP if debounce cannot be set
gpio: improve error path in gpiolib
gpio: add GPIO support for F71882FG and F71889F
of: add vendor prefix for Microchip Technology Inc
gpio: mcp23s08: rename the device tree property
gpio: samsung: Drop support for Exynos SoCs
gpio: pcf857x: Remove pdata argument to pcf857x_irq_domain_init()
gpio: pcf857x: Sort headers alphabetically
gpio: max7301: Reverting "Do not force SPI speed when using OF Platform"
gpio: Fix bit masking in Kontron PLD GPIO driver
gpio: pca953x: fix gpio input on gpio offsets >= 8
drivers/gpio: simplify use of devm_ioremap_resource
drivers/gpio/gpio-omap.c: convert comma to semicolon
gpio-lynxpoint: Fix warning about unbalanced pm_runtime_enable
gpio: Fix platform driver name in Kontron PLD GPIO driver
gpio: adnp: Fix segfault if request_threaded_irq fails
gpio: msm: Staticize local variable 'msm_gpio'
gpio: gpiolib-of.c: make error message more meaningful by adding the node name and index
gpio: use dev_get_platdata()
gpio/mxc: add chained_irq_enter/exit() to mx2_gpio_irq_handler
...
