1. 09 Dec, 2012 5 commits
    • Jeff Layton's avatar
      cifs: deal with id_to_sid embedded sid reply corner case · 1f630680
      Jeff Layton authored
      A SID could potentially be embedded inside of payload.value if there are
      no subauthorities, and the arch has 8 byte pointers. Allow for that
      possibility there.
      
      While we're at it, rephrase the "embedding" check in terms of
      key->payload to allow for the possibility that the union might change
      size in the future.
      Reviewed-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      1f630680
    • Jeff Layton's avatar
      cifs: fix hardcoded default security descriptor length · 7ee0b4c6
      Jeff Layton authored
      It was hardcoded to 192 bytes, which was not enough when the max number
      of subauthorities went to 15. Redefine this constant in terms of sizeof
      the structs involved, and rename it for better clarity.
      
      While we're at it, remove a couple more unused constants from cifsacl.h.
      Reviewed-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      7ee0b4c6
    • Jeff Layton's avatar
      cifs: extra sanity checking for cifs.idmap keys · 2ae03025
      Jeff Layton authored
      Now that we aren't so rigid about the length of the key being passed
      in, we need to be a bit more rigorous about checking the length of
      the actual data against the claimed length (a'la num_subauths field).
      
      Check for the case where userspace sends us a seemingly valid key
      with a num_subauths field that goes beyond the end of the array. If
      that happens, return -EIO and invalidate the key.
      
      Also change the other places where we check for malformed keys in this
      code to invalidate the key as well.
      Reviewed-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      2ae03025
    • Jeff Layton's avatar
      cifs: avoid extra allocation for small cifs.idmap keys · 41a9f1f6
      Jeff Layton authored
      The cifs.idmap keytype always allocates memory to hold the payload from
      userspace. In the common case where we're translating a SID to a UID or
      GID, we're allocating memory to hold something that's less than or equal
      to the size of a pointer.
      
      When the payload is the same size as a pointer or smaller, just store
      it in the payload.value union member instead. That saves us an extra
      allocation on the sid_to_id upcall.
      
      Note that we have to take extra care to check the datalen when we
      go to dereference the .data pointer in the union, but the callers
      now check that as a matter of course anyway.
      Reviewed-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      41a9f1f6
    • Jeff Layton's avatar
      cifs: simplify id_to_sid and sid_to_id mapping code · faa65f07
      Jeff Layton authored
      The cifs.idmap handling code currently causes the kernel to cache the
      data from userspace twice. It first looks in a rbtree to see if there is
      a matching entry for the given id. If there isn't then it calls
      request_key which then checks its cache and then calls out to userland
      if it doesn't have one. If the userland program establishes a mapping
      and downcalls with that info, it then gets cached in the keyring and in
      this rbtree.
      
      Aside from the double memory usage and the performance penalty in doing
      all of these extra copies, there are some nasty bugs in here too. The
      code declares four rbtrees and spinlocks to protect them, but only seems
      to use two of them. The upshot is that the same tree is used to hold
      (eg) uid:sid and sid:uid mappings. The comparitors aren't equipped to
      deal with that.
      
      I think we'd be best off to remove a layer of caching in this code. If
      this was originally done for performance reasons, then that really seems
      like a premature optimization.
      
      This patch does that -- it removes the rbtrees and the locks that
      protect them and simply has the code do a request_key call on each call
      into sid_to_id and id_to_sid. This greatly simplifies this code and
      should roughly halve the memory utilization from using the idmapping
      code.
      Reviewed-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      faa65f07
  2. 07 Dec, 2012 2 commits
  3. 05 Dec, 2012 30 commits
  4. 04 Dec, 2012 3 commits
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux · df2fc246
      Linus Torvalds authored
      Pull module fixes from Rusty Russell:
       "Module signing build fixes for blackfin and metag"
      
      * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux:
        modsign: add symbol prefix to certificate list
        linux/kernel.h: define SYMBOL_PREFIX
      df2fc246
    • Linus Torvalds's avatar
      Merge tag 'upstream-3.7-rc9' of git://git.infradead.org/linux-ubi · 70dcc535
      Linus Torvalds authored
      Pull UBI changes from Artem Bityutskiy:
       "Fixes for 2 brown-paperbag bugs introduced this merge window by the
        fastmap code:
      
         1.  The UBI background thread got stuck when a bit-flip happened
             because free LEBs was not removed from the "free" tree when we
             started using it.
         2.  I/O debugging checks did not work because we called a sleeping
             function in atomic context."
      
      * tag 'upstream-3.7-rc9' of git://git.infradead.org/linux-ubi:
        UBI: dont call ubi_self_check_all_ff() in __wl_get_peb()
        UBI: remove PEB from free tree in get_peb_for_wl()
      70dcc535
    • Linus Torvalds's avatar
      Merge branch 'for-3.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq · ca50496e
      Linus Torvalds authored
      Pull workqueue fixes from Tejun Heo:
       "So, safe fixes my ass.
      
        Commit 8852aac2 ("workqueue: mod_delayed_work_on() shouldn't queue
        timer on 0 delay") had the side-effect of performing delayed_work
        sanity checks even when @delay is 0, which should be fine for any sane
        use cases.
      
        Unfortunately, megaraid was being overly ingenious.  It seemingly
        wanted to use cancel_delayed_work_sync() before cancel_work_sync() was
        introduced, but didn't want to waste the space for full delayed_work
        as it was only going to use 0 @delay.  So, it only allocated space for
        struct work_struct and then cast it to struct delayed_work and passed
        it into delayed_work functions - truly awesome engineering tradeoff to
        save some bytes.
      
        Xiaotian fixed it by making megraid allocate full delayed_work for
        now.  It should be converted to use work_struct and cancel_work_sync()
        but I think we better do that after 3.7.
      
        I added another commit to change BUG_ON()s in __queue_delayed_work()
        to WARN_ON_ONCE()s so that the kernel doesn't crash even if there are
        more such abuses."
      
      * 'for-3.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
        workqueue: convert BUG_ON()s in __queue_delayed_work() to WARN_ON_ONCE()s
        megaraid: fix BUG_ON() from incorrect use of delayed work
      ca50496e