Richacl #109

rosellef · 2014-07-25T22:21:50Z

No description provided.

Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

We are going to add more flags and having them in hex format make it simpler Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

Some file permission models differentiate between writing to a file (MAY_WRITE) and appending to it (MAY_WRITE | MAY_APPEND). Pass all the mask flags down to iop->check_acl so that filesystems can distinguish between writing and appending. All users of iop->check_acl pass the mask value back into posix_acl_permission(); strip off the additional mask flags there. Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

When IS_POSIXACL() is true, the vfs does not apply the umask. Other acl models will need the same exception, so introduce a separate IS_ACL() test. The IS_POSIX_ACL() test is still needed so that nfsd can determine when the underlying file system supports POSIX ACLs (as opposed to some other kind). Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

Introduce a new MS_RICHACL super-block flag and a new IS_RICHACL() test which file systems like nfs can use. IS_ACL() is true if IS_POSIXACL() or IS_RICHACL() is true. Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

if CONFIG_FS_RICHACL is not defined optimize out the ACL check function. Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

Some permission models distinguish between the permission to create a non-directory and a directory. Pass this information down to inode_permission() as mask flags Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

Normally, deleting a file requires write access to the parent directory. Some permission models use a different permission on the parent directory to indicate delete access. In addition, a process can have per-file delete access even without delete access on the parent directory. Introduce two new inode_permission() mask flags and use them in may_delete() Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

We will need to call iop->permission and iop->get_acl from inode_change_ok() for additional permission checks, and both take a non-const inode. Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

Some permission models can allow processes to take ownership of a file, change the file permissions, and set the file timestamps. Introduce new permission mask flags and check for those permissions in inode_change_ok(). Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

A richacl consists of an NFSv4 acl and an owner, group, and other mask. These three masks correspond to the owner, group, and other file permission bits, but they contain NFSv4 permissions instead of POSIX permissions. Each entry in the NFSv4 acl applies to the file owner (OWNER@), the owning group (GROUP@), literally everyone (EVERYONE@), or to a specific uid or gid. As in the standard POSIX file permission model, each process is the owner, group, or other file class. A richacl grants a requested access only if the NFSv4 acl in the richacl grants the access (according to the NFSv4 permission check algorithm), and the file mask that applies to the process includes the requested permissions. Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

We need to map from POSIX permissions to NFSv4 permissions when a chmod() is done, from NFSv4 permissions to POSIX permissions when an acl is set (which implicitly sets the file permission bits), and from the MAY_READ/MAY_WRITE/MAY_EXEC/MAY_APPEND flags to NFSv4 permissions when doing an access check in a richacl. Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

Compute upper bound owner, group, and other file masks with as few permissions as possible without denying any permissions that the NFSv4 acl in a richacl grants. This algorithm is used when a file inherits an acl at create time and when an acl is set via a mechanism that does not specify file modes (such as via nfsd). When user-space sets an acl, the file masks are passed in as part of the xattr. When setting a richacl, the file masks determine what the file permission bits will be set to; see richacl_masks_to_mode(). Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

Doing a chmod() sets the file mode, which includes the file permission bits. When a file has a richacl, the permissions that the richacl grants need to be limited to what the new file permission bits allow. This is done by setting the file masks in the richacl to what the file permission bits map to. The richacl access check algorithm takes the file masks into account, which ensures that the richacl cannot grant too many permissions. It is possible to explicitly add permissions to the file masks which go beyond what the file permission bits can grant (like the ACE4_WRITE_ACL permission). The POSIX.1 standard calls this an alternate file access control mechanism. A subsequent chmod() would ensure that those permissions are disabled again. Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

As in the standard POSIX file permission model, each process is the owner, group, or other file class. A process is - in the owner file class if it owns the file, - in the group file class if it is in the file's owning group or it matches any of the user or group entries, and - in the other file class otherwise. Each file class is associated with a file mask. A richacl grants a requested access if the NFSv4 acl in the richacl grants the requested permissions (according to the NFSv4 permission check algorithm) and the file mask that applies to the process includes the requested permissions. Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

When a new file is created, it can inherit an acl from its parent directory; this is similar to how default acls work in POSIX (draft) ACLs. As with POSIX ACLs, if a file inherits an acl from its parent directory, the intersection between the create mode and the permissions granted by the inherited acl determines the file masks and file permission bits, and the umask is ignored. Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

This function is used to avoid storing richacls on disk if the acl can be computed from the file permission bits. Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

Automatic Inheritance (AI) allows changes to the acl of a directory to recursively propagate down to files and directories in the directory. To implement this, the kernel keeps track of which permissions have been inherited, and makes sure that permission propagation is turned off when the file permission bits of a file are changed (upon create or chmod). The actual permission propagation is implemented in user space. AI works as follows: - When the ACL4_AUTO_INHERIT flag in the acl of a file is cleared, the file is not affected by AI. - When the ACL4_AUTO_INHERIT flag in the acl of a directory is set and a file or subdirectory is created in that directory, files created in the directory will have the ACL4_AUTO_INHERIT flag set, and all inherited aces will have the ACE4_INHERITED_ACE flag set. This allows user space to distinguish between aces which have been inherited, and aces which have been explicitly added. - When the ACL4_PROTECTED acl flag in the acl of a file is set, AI will not modify the acl of the file. This does not affect propagation of permissions from the file to its children (if the file is a directory). Linux does not have a way of creating files without setting the file permission bits, so all files created inside a directory with ACL4_AUTO_INHERIT set will also have the ACL4_PROTECTED flag set. This effectively disables AI. Protocols which support creating files without specifying permissions can explicitly clear the ACL4_PROTECTED flag after creating a file (and reset the file masks to "undo" applying the create mode; see richacl_compute_max_masks()). This is a workaround; a per-create or per-process flag indicating to ignore the create mode when AI is in effect would fix this problem. Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

Map between "system.richacl" xattrs and the in-kernel representation. Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

Cache richacls in struct inode so that this doesn't have to be done individually in each filesystem. Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

Use IS_POSIXACL() instead of a file system specific mount flag since we have IS_POSIXACL() in the vfs already, anyway. Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]>

Support the richacl permission model in ext4. The richacls are stored in "system.richacl" xattrs.This need to be enabled by tune2fs or during mkfs.ext4 Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]>

This feature flag can be used to enable richacl on the file system. Once enabled the "acl" mount option will enable richacl instead of posix acl Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

This helps in easy testing of the patchset. The mount option will be later removed in favour of a feature flag. ***Should be folded before merging*** Signed-off-by: Aneesh Kumar K.V <[email protected]>

Turn it into (for example): [ 0.073380] x86: Booting SMP configuration: [ 0.074005] .... node #0, CPUs: #1 #2 #3 #4 #5 torvalds#6 torvalds#7 [ 0.603005] .... node #1, CPUs: torvalds#8 torvalds#9 torvalds#10 torvalds#11 torvalds#12 torvalds#13 torvalds#14 torvalds#15 [ 1.200005] .... node #2, CPUs: torvalds#16 torvalds#17 torvalds#18 torvalds#19 torvalds#20 torvalds#21 torvalds#22 torvalds#23 [ 1.796005] .... node #3, CPUs: torvalds#24 torvalds#25 torvalds#26 torvalds#27 torvalds#28 torvalds#29 torvalds#30 torvalds#31 [ 2.393005] .... node #4, CPUs: torvalds#32 torvalds#33 torvalds#34 torvalds#35 torvalds#36 torvalds#37 torvalds#38 torvalds#39 [ 2.996005] .... node #5, CPUs: torvalds#40 torvalds#41 torvalds#42 torvalds#43 torvalds#44 torvalds#45 torvalds#46 torvalds#47 [ 3.600005] .... node torvalds#6, CPUs: torvalds#48 torvalds#49 torvalds#50 torvalds#51 #52 #53 torvalds#54 torvalds#55 [ 4.202005] .... node torvalds#7, CPUs: torvalds#56 torvalds#57 #58 torvalds#59 torvalds#60 torvalds#61 torvalds#62 torvalds#63 [ 4.811005] .... node torvalds#8, CPUs: torvalds#64 torvalds#65 torvalds#66 torvalds#67 torvalds#68 torvalds#69 #70 torvalds#71 [ 5.421006] .... node torvalds#9, CPUs: torvalds#72 torvalds#73 torvalds#74 torvalds#75 torvalds#76 torvalds#77 torvalds#78 torvalds#79 [ 6.032005] .... node torvalds#10, CPUs: torvalds#80 torvalds#81 torvalds#82 torvalds#83 torvalds#84 torvalds#85 torvalds#86 torvalds#87 [ 6.648006] .... node torvalds#11, CPUs: torvalds#88 torvalds#89 torvalds#90 torvalds#91 torvalds#92 torvalds#93 torvalds#94 torvalds#95 [ 7.262005] .... node torvalds#12, CPUs: torvalds#96 torvalds#97 torvalds#98 torvalds#99 torvalds#100 torvalds#101 torvalds#102 torvalds#103 [ 7.865005] .... node torvalds#13, CPUs: torvalds#104 torvalds#105 torvalds#106 torvalds#107 torvalds#108 torvalds#109 torvalds#110 torvalds#111 [ 8.466005] .... node torvalds#14, CPUs: torvalds#112 torvalds#113 torvalds#114 torvalds#115 torvalds#116 torvalds#117 torvalds#118 torvalds#119 [ 9.073006] .... node torvalds#15, CPUs: torvalds#120 torvalds#121 torvalds#122 torvalds#123 torvalds#124 torvalds#125 torvalds#126 torvalds#127 [ 9.679901] x86: Booted up 16 nodes, 128 CPUs and drop useless elements. Change num_digits() to hpa's division-avoiding, cell-phone-typed version which he went at great lengths and pains to submit on a Saturday evening. Signed-off-by: Borislav Petkov <[email protected]> Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: Linus Torvalds <[email protected]> Cc: Andrew Morton <[email protected]> Cc: Peter Zijlstra <[email protected]> Cc: Thomas Gleixner <[email protected]> Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Ingo Molnar <[email protected]>

(re-) added Docker support

If CONFIG_BPF_JIT_ALWAYS_ON is not set and bpf_jit_enable is 0, there exist 6 failed tests. [root@linux bpf]# echo 0 > /proc/sys/net/core/bpf_jit_enable [root@linux bpf]# echo 0 > /proc/sys/kernel/unprivileged_bpf_disabled [root@linux bpf]# ./test_verifier | grep FAIL torvalds#106/p inline simple bpf_loop call FAIL torvalds#107/p don't inline bpf_loop call, flags non-zero FAIL torvalds#108/p don't inline bpf_loop call, callback non-constant FAIL torvalds#109/p bpf_loop_inline and a dead func FAIL torvalds#110/p bpf_loop_inline stack locations for loop vars FAIL torvalds#111/p inline bpf_loop call in a big program FAIL Summary: 768 PASSED, 15 SKIPPED, 6 FAILED The test log shows that callbacks are not allowed in non-JITed programs, interpreter doesn't support them yet, thus these tests should be skipped if jit is disabled, just handle this case in do_test_single(). With this patch: [root@linux bpf]# echo 0 > /proc/sys/net/core/bpf_jit_enable [root@linux bpf]# echo 0 > /proc/sys/kernel/unprivileged_bpf_disabled [root@linux bpf]# ./test_verifier | grep FAIL Summary: 768 PASSED, 21 SKIPPED, 0 FAILED Signed-off-by: Tiezhu Yang <[email protected]> Acked-by: Hou Tao <[email protected]> Acked-by: Song Liu <[email protected]>

If CONFIG_BPF_JIT_ALWAYS_ON is not set and bpf_jit_enable is 0, there exist 6 failed tests. [root@linux bpf]# echo 0 > /proc/sys/net/core/bpf_jit_enable [root@linux bpf]# echo 0 > /proc/sys/kernel/unprivileged_bpf_disabled [root@linux bpf]# ./test_verifier | grep FAIL torvalds#106/p inline simple bpf_loop call FAIL torvalds#107/p don't inline bpf_loop call, flags non-zero FAIL torvalds#108/p don't inline bpf_loop call, callback non-constant FAIL torvalds#109/p bpf_loop_inline and a dead func FAIL torvalds#110/p bpf_loop_inline stack locations for loop vars FAIL torvalds#111/p inline bpf_loop call in a big program FAIL Summary: 768 PASSED, 15 SKIPPED, 6 FAILED The test log shows that callbacks are not allowed in non-JITed programs, interpreter doesn't support them yet, thus these tests should be skipped if jit is disabled. Add an explicit flag F_NEEDS_JIT_ENABLED to those tests to mark that they require JIT enabled in bpf_loop_inline.c, check the flag and jit_disabled at the beginning of do_test_single() to handle this case. With this patch: [root@linux bpf]# echo 0 > /proc/sys/net/core/bpf_jit_enable [root@linux bpf]# echo 0 > /proc/sys/kernel/unprivileged_bpf_disabled [root@linux bpf]# ./test_verifier | grep FAIL Summary: 768 PASSED, 21 SKIPPED, 0 FAILED Suggested-by: Andrii Nakryiko <[email protected]> Signed-off-by: Tiezhu Yang <[email protected]>

If CONFIG_BPF_JIT_ALWAYS_ON is not set and bpf_jit_enable is 0, there exist 6 failed tests. [root@linux bpf]# echo 0 > /proc/sys/net/core/bpf_jit_enable [root@linux bpf]# echo 0 > /proc/sys/kernel/unprivileged_bpf_disabled [root@linux bpf]# ./test_verifier | grep FAIL torvalds#106/p inline simple bpf_loop call FAIL torvalds#107/p don't inline bpf_loop call, flags non-zero FAIL torvalds#108/p don't inline bpf_loop call, callback non-constant FAIL torvalds#109/p bpf_loop_inline and a dead func FAIL torvalds#110/p bpf_loop_inline stack locations for loop vars FAIL torvalds#111/p inline bpf_loop call in a big program FAIL Summary: 768 PASSED, 15 SKIPPED, 6 FAILED The test log shows that callbacks are not allowed in non-JITed programs, interpreter doesn't support them yet, thus these tests should be skipped if jit is disabled. Add an explicit flag F_NEEDS_JIT_ENABLED to those tests to mark that they require JIT enabled in bpf_loop_inline.c, check the flag and jit_disabled at the beginning of do_test_single() to handle this case. With this patch: [root@linux bpf]# echo 0 > /proc/sys/net/core/bpf_jit_enable [root@linux bpf]# echo 0 > /proc/sys/kernel/unprivileged_bpf_disabled [root@linux bpf]# ./test_verifier | grep FAIL Summary: 768 PASSED, 21 SKIPPED, 0 FAILED Suggested-by: Andrii Nakryiko <[email protected]> Signed-off-by: Tiezhu Yang <[email protected]> Signed-off-by: Andrii Nakryiko <[email protected]> Link: https://lore.kernel.org/bpf/[email protected]

This change adds support for a configurable eir_max_name_len for platforms which requires a larger than 48 bytes complete name in EIR. From bluetoothctl: [bluetooth]# system-alias 012345678901234567890123456789012345678901234567890123456789 Changing 012345678901234567890123456789012345678901234567890123456789 succeeded [CHG] Controller DC:71:96:69:02:89 Alias: 012345678901234567890123456789012345678901234567890123456789 From btmon: < HCI Command: Write Local Name (0x03|0x0013) plen 248 torvalds#109 [hci0] 88.567990 Name: 012345678901234567890123456789012345678901234567890123456789 > HCI Event: Command Complete (0x0e) plen 4 torvalds#110 [hci0] 88.663854 Write Local Name (0x03|0x0013) ncmd 1 Status: Success (0x00) @ MGMT Event: Local Name Changed (0x0008) plen 260 {0x0004} [hci0] 88.663948 Name: 012345678901234567890123456789012345678901234567890123456789 Short name: < HCI Command: Write Extended Inquiry Response (0x03|0x0052) plen 241 torvalds#111 [hci0] 88.663977 FEC: Not required (0x00) Name (complete): 012345678901234567890123456789012345678901234567890123456789 TX power: 12 dBm Device ID: Bluetooth SIG assigned (0x0001) Vendor: Google (224) Product: 0xc405 Version: 0.5.6 (0x0056) 16-bit Service UUIDs (complete): 7 entries Generic Access Profile (0x1800) Generic Attribute Profile (0x1801) Device Information (0x180a) A/V Remote Control (0x110e) A/V Remote Control Target (0x110c) Handsfree Audio Gateway (0x111f) Audio Source (0x110a) > HCI Event: Command Complete (0x0e) plen 4 torvalds#112 [hci0] 88.664874 Write Extended Inquiry Response (0x03|0x0052) ncmd 1 Status: Success (0x00) (am from https://patchwork.kernel.org/patch/11687367/) Reviewed-by: Sonny Sasaka <[email protected]> Reviewed-by: Abhishek Pandit-Subedi <[email protected]> Signed-off-by: Alain Michaud <[email protected]> Backport notes: HDEV_PARAM_U16 is changed from two parameters to one parameter. BUG=none TEST=build Signed-off-by: Zhengping Jiang <[email protected]>

The following bug was triggered on a system built with CONFIG_DEBUG_PREEMPT=y: # echo p > /proc/sysrq-trigger BUG: using smp_processor_id() in preemptible [00000000] code: sh/117 caller is perf_event_print_debug+0x1a/0x4c0 CPU: 3 UID: 0 PID: 117 Comm: sh Not tainted 6.11.0-rc1 torvalds#109 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x4f/0x60 check_preemption_disabled+0xc8/0xd0 perf_event_print_debug+0x1a/0x4c0 __handle_sysrq+0x140/0x180 write_sysrq_trigger+0x61/0x70 proc_reg_write+0x4e/0x70 vfs_write+0xd0/0x430 ? handle_mm_fault+0xc8/0x240 ksys_write+0x9c/0xd0 do_syscall_64+0x96/0x190 entry_SYSCALL_64_after_hwframe+0x4b/0x53 This is because the commit d4b294b ("perf/x86: Hybrid PMU support for counters") took smp_processor_id() outside the irq critical section. If a preemption occurs in perf_event_print_debug() and the task is migrated to another cpu, we may get incorrect pmu debug information. Move smp_processor_id() back inside the irq critical section to fix this issue. Fixes: d4b294b ("perf/x86: Hybrid PMU support for counters") Signed-off-by: Li Huafei <[email protected]> Reviewed-and-tested-by: K Prateek Nayak <[email protected]> Signed-off-by: Peter Zijlstra (Intel) <[email protected]> Reviewed-by: Kan Liang <[email protected]> Link: https://lore.kernel.org/r/[email protected]

[ Upstream commit f73cefa ] The following bug was triggered on a system built with CONFIG_DEBUG_PREEMPT=y: # echo p > /proc/sysrq-trigger BUG: using smp_processor_id() in preemptible [00000000] code: sh/117 caller is perf_event_print_debug+0x1a/0x4c0 CPU: 3 UID: 0 PID: 117 Comm: sh Not tainted 6.11.0-rc1 torvalds#109 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x4f/0x60 check_preemption_disabled+0xc8/0xd0 perf_event_print_debug+0x1a/0x4c0 __handle_sysrq+0x140/0x180 write_sysrq_trigger+0x61/0x70 proc_reg_write+0x4e/0x70 vfs_write+0xd0/0x430 ? handle_mm_fault+0xc8/0x240 ksys_write+0x9c/0xd0 do_syscall_64+0x96/0x190 entry_SYSCALL_64_after_hwframe+0x4b/0x53 This is because the commit d4b294b ("perf/x86: Hybrid PMU support for counters") took smp_processor_id() outside the irq critical section. If a preemption occurs in perf_event_print_debug() and the task is migrated to another cpu, we may get incorrect pmu debug information. Move smp_processor_id() back inside the irq critical section to fix this issue. Fixes: d4b294b ("perf/x86: Hybrid PMU support for counters") Signed-off-by: Li Huafei <[email protected]> Reviewed-and-tested-by: K Prateek Nayak <[email protected]> Signed-off-by: Peter Zijlstra (Intel) <[email protected]> Reviewed-by: Kan Liang <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Sasha Levin <[email protected]>

There is a race condition generic_shutdown_super() and __btrfs_run_defrag_inode(). Consider the following scenario: umount thread: btrfs-cleaner thread: btrfs_run_delayed_iputs() ->run_delayed_iput_locked() ->iput(inode) // Here the inode (ie ino 261) will be cleared and freed btrfs_kill_super() ->generic_shutdown_super() btrfs_run_defrag_inodes() ->__btrfs_run_defrag_inode() ->btrfs_iget(ino) // The inode 261 was recreated with i_count=1 // and added to the sb list ->evict_inodes(sb) // After some work // inode 261 was added ->iput(inode) // to the dispose list ->iput_funal() ->evict(inode) ->evict(inode) Now, we have two threads simultaneously evicting the same inode, which led to a bug. The above behavior can be confirmed by the log I added for debugging and the log printed when BUG was triggered. Due to space limitations, I cannot paste the full diff and here is a brief describtion. First, within __btrfs_run_defrag_inode(), set inode->i_state |= (1<<19) just before calling iput(). Within the dispose_list(), check the flag, if the flag was set, then pr_info("bug! double evict! crash will happen! state is 0x%lx\n", inode->i_state); Here is the printed log when the BUG was triggered: [ 190.686726][ T2336] bug! double evict! crash will happen! state is 0x80020 [ 190.687647][ T2336] ------------[ cut here ]------------ [ 190.688294][ T2336] kernel BUG at fs/inode.c:626! [ 190.688939][ T2336] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 190.689792][ T2336] CPU: 1 PID: 2336 Comm: a.out Not tainted 6.10.0-rc2-00223-g0c529ab65ef8-dirty torvalds#109 [ 190.690894][ T2336] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 190.692111][ T2336] RIP: 0010:clear_inode+0x15b/0x190 // some logs... [ 190.704501][ T2336] btrfs_evict_inode+0x529/0xe80 [ 190.706966][ T2336] evict+0x2ed/0x6c0 [ 190.707209][ T2336] dispose_list+0x62/0x260 [ 190.707490][ T2336] evict_inodes+0x34e/0x450 To prevent this behavior, we need to set BTRFS_FS_CLOSING_START before kill_anon_super() to ensure that btrfs_run_defrag_inodes() doesn't continue working after unmount. Reported-and-tested-by: [email protected] Closes: https://syzkaller.appspot.com/bug?extid=67ba3c42bcbb4665d3ad CC: [email protected] Fixes: c146afa ("Btrfs: mount ro and remount support") Signed-off-by: Julian Sun <[email protected]>

This change adds support for a configurable eir_max_name_len for platforms which requires a larger than 48 bytes complete name in EIR. From bluetoothctl: [bluetooth]# system-alias 012345678901234567890123456789012345678901234567890123456789 Changing 012345678901234567890123456789012345678901234567890123456789 succeeded [CHG] Controller DC:71:96:69:02:89 Alias: 012345678901234567890123456789012345678901234567890123456789 From btmon: < HCI Command: Write Local Name (0x03|0x0013) plen 248 torvalds#109 [hci0] 88.567990 Name: 012345678901234567890123456789012345678901234567890123456789 > HCI Event: Command Complete (0x0e) plen 4 torvalds#110 [hci0] 88.663854 Write Local Name (0x03|0x0013) ncmd 1 Status: Success (0x00) @ MGMT Event: Local Name Changed (0x0008) plen 260 {0x0004} [hci0] 88.663948 Name: 012345678901234567890123456789012345678901234567890123456789 Short name: < HCI Command: Write Extended Inquiry Response (0x03|0x0052) plen 241 torvalds#111 [hci0] 88.663977 FEC: Not required (0x00) Name (complete): 012345678901234567890123456789012345678901234567890123456789 TX power: 12 dBm Device ID: Bluetooth SIG assigned (0x0001) Vendor: Google (224) Product: 0xc405 Version: 0.5.6 (0x0056) 16-bit Service UUIDs (complete): 7 entries Generic Access Profile (0x1800) Generic Attribute Profile (0x1801) Device Information (0x180a) A/V Remote Control (0x110e) A/V Remote Control Target (0x110c) Handsfree Audio Gateway (0x111f) Audio Source (0x110a) > HCI Event: Command Complete (0x0e) plen 4 torvalds#112 [hci0] 88.664874 Write Extended Inquiry Response (0x03|0x0052) ncmd 1 Status: Success (0x00) (am from https://patchwork.kernel.org/patch/11687367/) Reviewed-by: Sonny Sasaka <[email protected]> Reviewed-by: Abhishek Pandit-Subedi <[email protected]> Signed-off-by: Alain Michaud <[email protected]> Backport notes: HDEV_PARAM_U16 is changed from two parameters to one parameter. BUG=none TEST=build Signed-off-by: Zhengping Jiang <[email protected]>

The function verify_perf_link_info() accepts a 'long' address to perform validation, which can sign-extend on 32-bit systems and fail checks. Use an 'unsigned long' type to avoid errors like: test_fill_link_info:PASS:skel_open 0 nsec test_fill_link_info:PASS:load_kallsyms 0 nsec test_kprobe_fill_link_info:PASS:attach_kprobe 0 nsec verify_perf_link_info:PASS:get_link_info 0 nsec verify_perf_link_info:PASS:link_type 0 nsec verify_perf_link_info:PASS:perf_type_match 0 nsec verify_perf_link_info:PASS:kprobe_offset 0 nsec verify_perf_link_info:FAIL:kprobe_addr unexpected kprobe_addr: actual 3231513376 != expected -1063453920 verify_perf_link_info:PASS:kprobe_cookie 0 nsec verify_perf_link_info:PASS:name_len 0 nsec verify_perf_link_info:PASS:get_link_info 0 nsec verify_perf_link_info:PASS:link_type 0 nsec verify_perf_link_info:PASS:perf_type_match 0 nsec verify_perf_link_info:PASS:kprobe_offset 0 nsec verify_perf_link_info:FAIL:kprobe_addr unexpected kprobe_addr: actual 3231513376 != expected -1063453920 verify_perf_link_info:PASS:kprobe_cookie 0 nsec verify_perf_link_info:PASS:name_len 0 nsec verify_perf_link_info:PASS:cmp_kprobe_func_name 0 nsec test_kprobe_fill_link_info:PASS:verify_perf_link_info 0 nsec torvalds#109/1 fill_link_info/kprobe_link_info:FAIL [...] torvalds#109/2 fill_link_info/kretprobe_link_info:FAIL torvalds#109 fill_link_info:FAIL Fixes: 23cf7aa ("selftests/bpf: Add selftest for fill_link_info") Signed-off-by: Tony Ambardar <[email protected]>

Andreas Gruenbacher and others added 27 commits October 23, 2011 19:15

vfs: Indicate that the permission functions take all the MAY_* flags

d5d1fb4

Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

vfs: Add hex format for MAY_* flag values

0f69c40

We are going to add more flags and having them in hex format make it simpler Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

vfs: Add a comment to inode_permission()

518cbba

Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

vfs: Make acl_permission_check() work for richacls

26dc449

Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

vfs: Add richacl permission check

e86e410

Acked-by: J. Bruce Fields <[email protected]> Acked-by: David Howells <[email protected]> Signed-off-by: Aneesh Kumar K.V <[email protected]>

ext4: Add temporary richacl mount option for ext4

13fc237

This helps in easy testing of the patchset. The mount option will be later removed in favour of a feature flag. ***Should be folded before merging*** Signed-off-by: Aneesh Kumar K.V <[email protected]>

rosellef closed this Jul 29, 2014

tobetter pushed a commit to tobetter/linux that referenced this pull request Sep 22, 2015

Merge pull request torvalds#109 from umiddelb/odroidc-3.10.y

90a0b3a

(re-) added Docker support

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Richacl #109

Richacl #109

Uh oh!

rosellef commented Jul 25, 2014

Uh oh!

Uh oh!

Richacl #109

Richacl #109

Uh oh!

Conversation

rosellef commented Jul 25, 2014

Uh oh!

Uh oh!