1. 13 Feb, 2013 6 commits
    • Eric W. Biederman's avatar
      coda: Allow coda to be built when user namespace support is enabled · 515ee7bd
      Eric W. Biederman authored
      Now that the coda kernel to userspace has been modified to convert
      between kuids and kgids and uids and gids, and all internal
      coda structures have be modified to store uids and gids as
      kuids and kgids it is safe to allow code to be built with
      user namespace support enabled.
      
      Cc: Jan Harkes <jaharkes@cs.cmu.edu>
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      515ee7bd
    • Eric W. Biederman's avatar
      coda: Cache permisions in struct coda_inode_info in a kuid_t. · 17499e33
      Eric W. Biederman authored
      - Change c_uid in struct coda_indoe_info from a vuid_t to a kuid_t.
      - Initialize c_uid to GLOBAL_ROOT_UID instead of 0.
      - Use uid_eq to compare cached kuids.
      
      Cc: Jan Harkes <jaharkes@cs.cmu.edu>
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      17499e33
    • Eric W. Biederman's avatar
      coda: Restrict coda messages to the initial user namespace · d83f5901
      Eric W. Biederman authored
      Remove the slight chance that uids and gids in coda messages will be
      interpreted in the wrong user namespace.
      
      - Only allow processes in the initial user namespace to open the coda
        character device to communicate with coda filesystems.
      - Explicitly convert the uids in the coda header into the initial user
        namespace.
      - In coda_vattr_to_attr make kuids and kgids from the initial user
        namespace uids and gids in struct coda_vattr that just came from
        userspace.
      - In coda_iattr_to_vattr convert kuids and kgids into uids and gids
        in the intial user namespace and store them in struct coda_vattr for
        sending to coda userspace programs.
      
      Nothing needs to be changed with mounts as coda does not support
      being mounted in anything other than the initial user namespace.
      
      Cc: Jan Harkes <jaharkes@cs.cmu.edu>
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      d83f5901
    • Eric W. Biederman's avatar
      coda: Restrict coda messages to the initial pid namespace · 9fd973e0
      Eric W. Biederman authored
      Remove the slight chance that pids in coda messages will be
      interpreted in the wrong pid namespace.
      
      - Explicitly send all pids in coda messages in the initial pid
        namespace.
      - Only allow mounts from processes in the initial pid namespace.
      - Only allow processes in the initial pid namespace to open the coda
        character device to communicate with coda.
      
      Cc: Jan Harkes <jaharkes@cs.cmu.edu>
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      9fd973e0
    • Eric W. Biederman's avatar
      afs: Support interacting with multiple user namespaces · a0a5386a
      Eric W. Biederman authored
      Modify struct afs_file_status to store owner as a kuid_t and group as
      a kgid_t.
      
      In xdr_decode_AFSFetchStatus as owner is now a kuid_t and group is now
      a kgid_t don't use the EXTRACT macro.  Instead perform the work of
      the extract macro explicitly.  Read the value with ntohl and
      convert it to the appropriate type with make_kuid or make_kgid.
      Test if the value is different from what is stored in status and
      update changed.   Update the value in status.
      
      In xdr_encode_AFS_StoreStatus call from_kuid or from_kgid as
      we are computing the on the wire encoding.
      
      Initialize uids with GLOBAL_ROOT_UID instead of 0.
      Initialize gids with GLOBAL_ROOT_GID instead of 0.
      
      Cc: David Howells <dhowells@redhat.com>
      Acked-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
      a0a5386a
    • Eric W. Biederman's avatar
      afs: Only allow mounting afs in the intial network namespace · f74f70f8
      Eric W. Biederman authored
      rxrpc sockets only work in the initial network namespace so it isn't
      possible to support afs in any other network namespace.
      
      Cc: David Howells <dhowells@redhat.com>
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      f74f70f8
  2. 12 Feb, 2013 14 commits
  3. 28 Jan, 2013 1 commit
  4. 27 Jan, 2013 6 commits
    • Eric W. Biederman's avatar
      userns: Allow the userns root to mount tmpfs. · 2b8576cb
      Eric W. Biederman authored
      There is no backing store to tmpfs and file creation rules are the
      same as for any other filesystem so it is semantically safe to allow
      unprivileged users to mount it.  ramfs is safe for the same reasons so
      allow either flavor of tmpfs to be mounted by a user namespace root
      user.
      
      The memory control group successfully limits how much memory tmpfs can
      consume on any system that cares about a user namespace root using
      tmpfs to exhaust memory the memory control group can be deployed.
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      2b8576cb
    • Eric W. Biederman's avatar
      userns: Allow the userns root to mount ramfs. · b3c6761d
      Eric W. Biederman authored
      There is no backing store to ramfs and file creation
      rules are the same as for any other filesystem so
      it is semantically safe to allow unprivileged users
      to mount it.
      
      The memory control group successfully limits how much
      memory ramfs can consume on any system that cares about
      a user namespace root using ramfs to exhaust memory
      the memory control group can be deployed.
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      b3c6761d
    • Eric W. Biederman's avatar
      userns: Allow the userns root to mount of devpts · ec2aa8e8
      Eric W. Biederman authored
      - The context in which devpts is mounted has no effect on the creation
        of ptys as the /dev/ptmx interface has been used by unprivileged
        users for many years.
      
      - Only support unprivileged mounts in combination with the newinstance
        option to ensure that mounting of /dev/pts in a user namespace will
        not allow the options of an existing mount of devpts to be modified.
      
      - Create /dev/pts/ptmx as the root user in the user namespace that
        mounts devpts so that it's permissions to be changed.
      Acked-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      ec2aa8e8
    • Eric W. Biederman's avatar
      userns: Recommend use of memory control groups. · e11f0ae3
      Eric W. Biederman authored
      In the help text describing user namespaces recommend use of memory
      control groups.  In many cases memory control groups are the only
      mechanism there is to limit how much memory a user who can create
      user namespaces can use.
      Acked-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
      e11f0ae3
    • Eric W. Biederman's avatar
      userns: Allow any uid or gid mappings that don't overlap. · 0bd14b4f
      Eric W. Biederman authored
      When I initially wrote the code for /proc/<pid>/uid_map.  I was lazy
      and avoided duplicate mappings by the simple expedient of ensuring the
      first number in a new extent was greater than any number in the
      previous extent.
      
      Unfortunately that precludes a number of valid mappings, and someone
      noticed and complained.  So use a simple check to ensure that ranges
      in the mapping extents don't overlap.
      Acked-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      0bd14b4f
    • Eric W. Biederman's avatar
      userns: Avoid recursion in put_user_ns · c61a2810
      Eric W. Biederman authored
      When freeing a deeply nested user namespace free_user_ns calls
      put_user_ns on it's parent which may in turn call free_user_ns again.
      When -fno-optimize-sibling-calls is passed to gcc one stack frame per
      user namespace is left on the stack, potentially overflowing the
      kernel stack.  CONFIG_FRAME_POINTER forces -fno-optimize-sibling-calls
      so we can't count on gcc to optimize this code.
      
      Remove struct kref and use a plain atomic_t.  Making the code more
      flexible and easier to comprehend.  Make the loop in free_user_ns
      explict to guarantee that the stack does not overflow with
      CONFIG_FRAME_POINTER enabled.
      
      I have tested this fix with a simple program that uses unshare to
      create a deeply nested user namespace structure and then calls exit.
      With 1000 nesteuser namespaces before this change running my test
      program causes the kernel to die a horrible death.  With 10,000,000
      nested user namespaces after this change my test program runs to
      completion and causes no harm.
      Acked-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
      Pointed-out-by: default avatarVasily Kulikov <segoon@openwall.com>
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      c61a2810
  5. 27 Dec, 2012 1 commit
  6. 26 Dec, 2012 3 commits
    • Eric W. Biederman's avatar
      f2fs: Don't assign e_id in f2fs_acl_from_disk · 48c6d121
      Eric W. Biederman authored
      With user namespaces enabled building f2fs fails with:
      
       CC      fs/f2fs/acl.o
      fs/f2fs/acl.c: In function ‘f2fs_acl_from_disk’:
      fs/f2fs/acl.c:85:21: error: ‘struct posix_acl_entry’ has no member named ‘e_id’
      make[2]: *** [fs/f2fs/acl.o] Error 1
      make[2]: Target `__build' not remade because of errors.
      
      e_id is a backwards compatibility field only used for file systems
      that haven't been converted to use kuids and kgids.  When the posix
      acl tag field is neither ACL_USER nor ACL_GROUP assigning e_id is
      unnecessary.  Remove the assignment so f2fs will build with user
      namespaces enabled.
      
      Cc: Namjae Jeon <namjae.jeon@samsung.com>
      Cc: Amit Sahrawat <a.sahrawat@samsung.com>
      Acked-by: default avatarJaegeuk Kim <jaegeuk.kim@samsung.com>
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      48c6d121
    • Eric W. Biederman's avatar
      proc: Allow proc_free_inum to be called from any context · dfb2ea45
      Eric W. Biederman authored
      While testing the pid namespace code I hit this nasty warning.
      
      [  176.262617] ------------[ cut here ]------------
      [  176.263388] WARNING: at /home/eric/projects/linux/linux-userns-devel/kernel/softirq.c:160 local_bh_enable_ip+0x7a/0xa0()
      [  176.265145] Hardware name: Bochs
      [  176.265677] Modules linked in:
      [  176.266341] Pid: 742, comm: bash Not tainted 3.7.0userns+ #18
      [  176.266564] Call Trace:
      [  176.266564]  [<ffffffff810a539f>] warn_slowpath_common+0x7f/0xc0
      [  176.266564]  [<ffffffff810a53fa>] warn_slowpath_null+0x1a/0x20
      [  176.266564]  [<ffffffff810ad9ea>] local_bh_enable_ip+0x7a/0xa0
      [  176.266564]  [<ffffffff819308c9>] _raw_spin_unlock_bh+0x19/0x20
      [  176.266564]  [<ffffffff8123dbda>] proc_free_inum+0x3a/0x50
      [  176.266564]  [<ffffffff8111d0dc>] free_pid_ns+0x1c/0x80
      [  176.266564]  [<ffffffff8111d195>] put_pid_ns+0x35/0x50
      [  176.266564]  [<ffffffff810c608a>] put_pid+0x4a/0x60
      [  176.266564]  [<ffffffff8146b177>] tty_ioctl+0x717/0xc10
      [  176.266564]  [<ffffffff810aa4d5>] ? wait_consider_task+0x855/0xb90
      [  176.266564]  [<ffffffff81086bf9>] ? default_spin_lock_flags+0x9/0x10
      [  176.266564]  [<ffffffff810cab0a>] ? remove_wait_queue+0x5a/0x70
      [  176.266564]  [<ffffffff811e37e8>] do_vfs_ioctl+0x98/0x550
      [  176.266564]  [<ffffffff810b8a0f>] ? recalc_sigpending+0x1f/0x60
      [  176.266564]  [<ffffffff810b9127>] ? __set_task_blocked+0x37/0x80
      [  176.266564]  [<ffffffff810ab95b>] ? sys_wait4+0xab/0xf0
      [  176.266564]  [<ffffffff811e3d31>] sys_ioctl+0x91/0xb0
      [  176.266564]  [<ffffffff810a95f0>] ? task_stopped_code+0x50/0x50
      [  176.266564]  [<ffffffff81939199>] system_call_fastpath+0x16/0x1b
      [  176.266564] ---[ end trace 387af88219ad6143 ]---
      
      It turns out that spin_unlock_bh(proc_inum_lock) is not safe when
      put_pid is called with another spinlock held and irqs disabled.
      
      For now take the easy path and use spin_lock_irqsave(proc_inum_lock)
      in proc_free_inum and spin_loc_irq in proc_alloc_inum(proc_inum_lock).
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      dfb2ea45
    • Eric W. Biederman's avatar
      pidns: Stop pid allocation when init dies · c876ad76
      Eric W. Biederman authored
      Oleg pointed out that in a pid namespace the sequence.
      - pid 1 becomes a zombie
      - setns(thepidns), fork,...
      - reaping pid 1.
      - The injected processes exiting.
      
      Can lead to processes attempting access their child reaper and
      instead following a stale pointer.
      
      That waitpid for init can return before all of the processes in
      the pid namespace have exited is also unfortunate.
      
      Avoid these problems by disabling the allocation of new pids in a pid
      namespace when init dies, instead of when the last process in a pid
      namespace is reaped.
      Pointed-out-by: default avatarOleg Nesterov <oleg@redhat.com>
      Reviewed-by: default avatarOleg Nesterov <oleg@redhat.com>
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      c876ad76
  7. 25 Dec, 2012 1 commit
  8. 22 Dec, 2012 8 commits
    • Linus Torvalds's avatar
      Linux 3.8-rc1 · a49f0d1e
      Linus Torvalds authored
      a49f0d1e
    • Linus Torvalds's avatar
      Merge git://www.linux-watchdog.org/linux-watchdog · 4fe19a13
      Linus Torvalds authored
      Pull watchdog updates from Wim Van Sebroeck:
       "This includes some fixes and code improvements (like
        clk_prepare_enable and clk_disable_unprepare), conversion from the
        omap_wdt and twl4030_wdt drivers to the watchdog framework, addition
        of the SB8x0 chipset support and the DA9055 Watchdog driver and some
        OF support for the davinci_wdt driver."
      
      * git://www.linux-watchdog.org/linux-watchdog: (22 commits)
        watchdog: mei: avoid oops in watchdog unregister code path
        watchdog: Orion: Fix possible null-deference in orion_wdt_probe
        watchdog: sp5100_tco: Add SB8x0 chipset support
        watchdog: davinci_wdt: add OF support
        watchdog: da9052: Fix invalid free of devm_ allocated data
        watchdog: twl4030_wdt: Change TWL4030_MODULE_PM_RECEIVER to TWL_MODULE_PM_RECEIVER
        watchdog: remove depends on CONFIG_EXPERIMENTAL
        watchdog: Convert dev_printk(KERN_<LEVEL> to dev_<level>(
        watchdog: DA9055 Watchdog driver
        watchdog: omap_wdt: eliminate goto
        watchdog: omap_wdt: delete redundant platform_set_drvdata() calls
        watchdog: omap_wdt: convert to devm_ functions
        watchdog: omap_wdt: convert to new watchdog core
        watchdog: WatchDog Timer Driver Core: fix comment
        watchdog: s3c2410_wdt: use clk_prepare_enable and clk_disable_unprepare
        watchdog: imx2_wdt: Select the driver via ARCH_MXC
        watchdog: cpu5wdt.c: add missing del_timer call
        watchdog: hpwdt.c: Increase version string
        watchdog: Convert twl4030_wdt to watchdog core
        davinci_wdt: preparation for switch to common clock framework
        ...
      4fe19a13
    • Linus Torvalds's avatar
      Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 · 769cb858
      Linus Torvalds authored
      Pull CIFS fixes from Steve French:
       "Misc small cifs fixes"
      
      * 'for-next' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: eliminate cifsERROR variable
        cifs: don't compare uniqueids in cifs_prime_dcache unless server inode numbers are in use
        cifs: fix double-free of "string" in cifs_parse_mount_options
      769cb858
    • Linus Torvalds's avatar
      Merge tag 'dm-3.8-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/agk/linux-dm · b49249d1
      Linus Torvalds authored
      Pull dm update from Alasdair G Kergon:
       "Miscellaneous device-mapper fixes, cleanups and performance
        improvements.
      
        Of particular note:
         - Disable broken WRITE SAME support in all targets except linear and
           striped.  Use it when kcopyd is zeroing blocks.
         - Remove several mempools from targets by moving the data into the
           bio's new front_pad area(which dm calls 'per_bio_data').
         - Fix a race in thin provisioning if discards are misused.
         - Prevent userspace from interfering with the ioctl parameters and
           use kmalloc for the data buffer if it's small instead of vmalloc.
         - Throttle some annoying error messages when I/O fails."
      
      * tag 'dm-3.8-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/agk/linux-dm: (36 commits)
        dm stripe: add WRITE SAME support
        dm: remove map_info
        dm snapshot: do not use map_context
        dm thin: dont use map_context
        dm raid1: dont use map_context
        dm flakey: dont use map_context
        dm raid1: rename read_record to bio_record
        dm: move target request nr to dm_target_io
        dm snapshot: use per_bio_data
        dm verity: use per_bio_data
        dm raid1: use per_bio_data
        dm: introduce per_bio_data
        dm kcopyd: add WRITE SAME support to dm_kcopyd_zero
        dm linear: add WRITE SAME support
        dm: add WRITE SAME support
        dm: prepare to support WRITE SAME
        dm ioctl: use kmalloc if possible
        dm ioctl: remove PF_MEMALLOC
        dm persistent data: improve improve space map block alloc failure message
        dm thin: use DMERR_LIMIT for errors
        ...
      b49249d1
    • J. Bruce Fields's avatar
      Revert "nfsd: warn on odd reply state in nfsd_vfs_read" · 10532b56
      J. Bruce Fields authored
      This reverts commit 79f77bf9.
      
      This is obviously wrong, and I have no idea how I missed seeing the
      warning in testing: I must just not have looked at the right logs.  The
      caller bumps rq_resused/rq_next_page, so it will always be hit on a
      large enough read.
      Reported-by: default avatarDave Jones <davej@redhat.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      10532b56
    • Linus Torvalds's avatar
      Merge tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband · 184e2516
      Linus Torvalds authored
      Pull more infiniband changes from Roland Dreier:
       "Second batch of InfiniBand/RDMA changes for 3.8:
         - cxgb4 changes to fix lookup engine hash collisions
         - mlx4 changes to make flow steering usable
         - fix to IPoIB to avoid pinning dst reference for too long"
      
      * tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
        RDMA/cxgb4: Fix bug for active and passive LE hash collision path
        RDMA/cxgb4: Fix LE hash collision bug for passive open connection
        RDMA/cxgb4: Fix LE hash collision bug for active open connection
        mlx4_core: Allow choosing flow steering mode
        mlx4_core: Adjustments to Flow Steering activation logic for SR-IOV
        mlx4_core: Fix error flow in the flow steering wrapper
        mlx4_core: Add QPN enforcement for flow steering rules set by VFs
        cxgb4: Add LE hash collision bug fix path in LLD driver
        cxgb4: Add T4 filter support
        IPoIB: Call skb_dst_drop() once skb is enqueued for sending
      184e2516
    • Linus Torvalds's avatar
      Merge tag 'asm-generic' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic · 0264405b
      Linus Torvalds authored
      Pull asm-generic cleanup from Arnd Bergmann:
       "These are a few cleanups for asm-generic:
      
         - a set of patches from Lars-Peter Clausen to generalize asm/mmu.h
           and use it in the architectures that don't need any special
           handling.
         - A patch from Will Deacon to remove the {read,write}s{b,w,l} as
           discussed during the arm64 review
         - A patch from James Hogan that helps with the meta architecture
           series."
      
      * tag 'asm-generic' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic:
        xtensa: Use generic asm/mmu.h for nommu
        h8300: Use generic asm/mmu.h
        c6x: Use generic asm/mmu.h
        asm-generic/mmu.h: Add support for FDPIC
        asm-generic/mmu.h: Remove unused vmlist field from mm_context_t
        asm-generic: io: remove {read,write} string functions
        asm-generic/io.h: remove asm/cacheflush.h include
      0264405b
    • Kukjin Kim's avatar
      ARM: dts: fix duplicated build target and alphabetical sort out for exynos · 7e65df38
      Kukjin Kim authored
      Commit db5b0ae0 ("Merge tag 'dt' of git://git.kernel.org/.../arm-soc")
      causes a duplicated build target.  This patch fixes it and sorts out the
      build target alphabetically so that we can recognize something wrong
      easily.
      
      Cc: Olof Johansson <olof@lixom.net>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarKukjin Kim <kgene.kim@samsung.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7e65df38