1. 15 Feb, 2008 1 commit
    • Jan Blunck's avatar
      Embed a struct path into struct nameidata instead of nd->{dentry,mnt} · 4ac91378
      Jan Blunck authored
      This is the central patch of a cleanup series. In most cases there is no good
      reason why someone would want to use a dentry for itself. This series reflects
      that fact and embeds a struct path into nameidata.
      Together with the other patches of this series
      - it enforced the correct order of getting/releasing the reference count on
        <dentry,vfsmount> pairs
      - it prepares the VFS for stacking support since it is essential to have a
        struct path in every place where the stack can be traversed
      - it reduces the overall code size:
      without patch series:
         text    data     bss     dec     hex filename
      5321639  858418  715768 6895825  6938d1 vmlinux
      with patch series:
         text    data     bss     dec     hex filename
      5320026  858418  715768 6894212  693284 vmlinux
      This patch:
      Switch from nd->{dentry,mnt} to nd->path.{dentry,mnt} everywhere.
      [akpm@linux-foundation.org: coding-style fixes]
      [akpm@linux-foundation.org: fix cifs]
      [akpm@linux-foundation.org: fix smack]
      Signed-off-by: default avatarJan Blunck <jblunck@suse.de>
      Signed-off-by: default avatarAndreas Gruenbacher <agruen@suse.de>
      Acked-by: default avatarChristoph Hellwig <hch@lst.de>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Casey Schaufler <casey@schaufler-ca.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  2. 08 Feb, 2008 3 commits
  3. 05 Feb, 2008 2 commits
  4. 28 Nov, 2007 1 commit
  5. 12 Nov, 2007 1 commit
    • Roland McGrath's avatar
      core dump: remain dumpable · 00ec99da
      Roland McGrath authored
      The coredump code always calls set_dumpable(0) when it starts (even
      if RLIMIT_CORE prevents any core from being dumped).  The effect of
      this (via task_dumpable) is to make /proc/pid/* files owned by root
      instead of the user, so the user can no longer examine his own
      process--in a case where there was never any privileged data to
      protect.  This affects e.g. auxv, environ, fd; in Fedora (execshield)
      kernels, also maps.  In practice, you can only notice this when a
      debugger has requested PTRACE_EVENT_EXIT tracing.
      set_dumpable was only used in do_coredump for synchronization and not
      intended for any security purpose.  (It doesn't secure anything that wasn't
      already unsecured when a process dies by SIGTERM instead of SIGQUIT.)
      This changes do_coredump to check the core_waiters count as the means of
      synchronization, which is sufficient.  Now we leave the "dumpable" bits alone.
      Signed-off-by: default avatarRoland McGrath <roland@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  6. 19 Oct, 2007 6 commits
  7. 17 Oct, 2007 11 commits
  8. 20 Sep, 2007 1 commit
    • Davide Libenzi's avatar
      signalfd simplification · b8fceee1
      Davide Libenzi authored
      This simplifies signalfd code, by avoiding it to remain attached to the
      sighand during its lifetime.
      In this way, the signalfd remain attached to the sighand only during
      poll(2) (and select and epoll) and read(2).  This also allows to remove
      all the custom "tsk == current" checks in kernel/signal.c, since
      dequeue_signal() will only be called by "current".
      I think this is also what Ben was suggesting time ago.
      The external effect of this, is that a thread can extract only its own
      private signals and the group ones.  I think this is an acceptable
      behaviour, in that those are the signals the thread would be able to
      fetch w/out signalfd.
      Signed-off-by: default avatarDavide Libenzi <davidel@xmailserver.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  9. 23 Aug, 2007 2 commits
    • Oleg Nesterov's avatar
      exec: kill unsafe BUG_ON(sig->count) checks · abd96ecb
      Oleg Nesterov authored
      	if (atomic_read(&oldsighand->count) <= 1)
      		BUG_ON(atomic_read(&sig->count) != 1);
      This is not safe without the rmb() in between.  The results of two
      correctly ordered __exit_signal()->atomic_dec_and_test()'s could be seen
      out of order on our CPU.
      The same is true for the "thread_group_empty()" case, __unhash_process()'s
      changes could be seen before atomic_dec_and_test(&sig->count).
      On some platforms (including i386) atomic_read() doesn't provide even the
      compiler barrier, in that case these checks are simply racy.
      Remove these BUG_ON()'s. Alternatively, we can do something like
      	BUG_ON( ({ smp_rmb(); atomic_read(&sig->count) != 1; }) );
      Signed-off-by: default avatarOleg Nesterov <oleg@tv-sign.ru>
      Acked-by: default avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Cc: Roland McGrath <roland@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Oleg Nesterov's avatar
      signalfd: make it group-wide, fix posix-timers scheduling · f9ee228b
      Oleg Nesterov authored
      With this patch any thread can dequeue its own private signals via signalfd,
      even if it was created by another sub-thread.
      To do so, we pass "current" to dequeue_signal() if the caller is from the same
      thread group. This also fixes the scheduling of posix timers broken by the
      previous patch.
      If the caller doesn't belong to this thread group, we can't handle __SI_TIMER
      case properly anyway. Perhaps we should forbid the cross-process signalfd usage
      and convert ctx->tsk to ctx->sighand.
      Signed-off-by: default avatarOleg Nesterov <oleg@tv-sign.ru>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Davide Libenzi <davidel@xmailserver.org>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Michael Kerrisk <mtk-manpages@gmx.net>
      Cc: Roland McGrath <roland@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: <stable@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  10. 18 Aug, 2007 1 commit
  11. 19 Jul, 2007 3 commits
  12. 24 May, 2007 1 commit
  13. 17 May, 2007 1 commit
  14. 11 May, 2007 3 commits
    • Davide Libenzi's avatar
      signal/timer/event: signalfd core · fba2afaa
      Davide Libenzi authored
      This patch series implements the new signalfd() system call.
      I took part of the original Linus code (and you know how badly it can be
      broken :), and I added even more breakage ;) Signals are fetched from the same
      signal queue used by the process, so signalfd will compete with standard
      kernel delivery in dequeue_signal().  If you want to reliably fetch signals on
      the signalfd file, you need to block them with sigprocmask(SIG_BLOCK).  This
      seems to be working fine on my Dual Opteron machine.  I made a quick test
      program for it:
      The signalfd() system call implements signal delivery into a file descriptor
      receiver.  The signalfd file descriptor if created with the following API:
      int signalfd(int ufd, const sigset_t *mask, size_t masksize);
      The "ufd" parameter allows to change an existing signalfd sigmask, w/out going
      to close/create cycle (Linus idea).  Use "ufd" == -1 if you want a brand new
      signalfd file.
      The "mask" allows to specify the signal mask of signals that we are interested
      in.  The "masksize" parameter is the size of "mask".
      The signalfd fd supports the poll(2) and read(2) system calls.  The poll(2)
      will return POLLIN when signals are available to be dequeued.  As a direct
      consequence of supporting the Linux poll subsystem, the signalfd fd can use
      used together with epoll(2) too.
      The read(2) system call will return a "struct signalfd_siginfo" structure in
      the userspace supplied buffer.  The return value is the number of bytes copied
      in the supplied buffer, or -1 in case of error.  The read(2) call can also
      return 0, in case the sighand structure to which the signalfd was attached,
      has been orphaned.  The O_NONBLOCK flag is also supported, and read(2) will
      return -EAGAIN in case no signal is available.
      If the size of the buffer passed to read(2) is lower than sizeof(struct
      signalfd_siginfo), -EINVAL is returned.  A read from the signalfd can also
      return -ERESTARTSYS in case a signal hits the process.  The format of the
      struct signalfd_siginfo is, and the valid fields depends of the (->code &
      __SI_MASK) value, in the same way a struct siginfo would:
      struct signalfd_siginfo {
      	__u32 signo;	/* si_signo */
      	__s32 err;	/* si_errno */
      	__s32 code;	/* si_code */
      	__u32 pid;	/* si_pid */
      	__u32 uid;	/* si_uid */
      	__s32 fd;	/* si_fd */
      	__u32 tid;	/* si_fd */
      	__u32 band;	/* si_band */
      	__u32 overrun;	/* si_overrun */
      	__u32 trapno;	/* si_trapno */
      	__s32 status;	/* si_status */
      	__s32 svint;	/* si_int */
      	__u64 svptr;	/* si_ptr */
      	__u64 utime;	/* si_utime */
      	__u64 stime;	/* si_stime */
      	__u64 addr;	/* si_addr */
      [akpm@linux-foundation.org: fix signalfd_copyinfo() on i386]
      Signed-off-by: default avatarDavide Libenzi <davidel@xmailserver.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Sukadev Bhattiprolu's avatar
      attach_pid() with struct pid parameter · e713d0da
      Sukadev Bhattiprolu authored
      attach_pid() currently takes a pid_t and then uses find_pid() to find the
      corresponding struct pid.  Sometimes we already have the struct pid.  We can
      then skip find_pid() if attach_pid() were to take a struct pid parameter.
      Signed-off-by: default avatarSukadev Bhattiprolu <sukadev@us.ibm.com>
      Cc: Cedric Le Goater <clg@fr.ibm.com>
      Cc: Dave Hansen <haveblue@us.ibm.com>
      Cc: Serge Hallyn <serue@us.ibm.com>
      Cc: <containers@lists.osdl.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Steve Grubb's avatar
      [PATCH] Abnormal End of Processes · 0a4ff8c2
      Steve Grubb authored
      I have been working on some code that detects abnormal events based on audit
      system events. One kind of event that we currently have no visibility for is
      when a program terminates due to segfault - which should never happen on a
      production machine. And if it did, you'd want to investigate it. Attached is a
      patch that collects these events and sends them into the audit system.
      Signed-off-by: default avatarSteve Grubb <sgrubb@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
  15. 08 May, 2007 2 commits
    • kalash nainwal's avatar
      (re)register_binfmt returns with -EBUSY · 98701d1b
      kalash nainwal authored
      When a binary format is unregistered and re-registered, register_binfmt
      fails with -EBUSY.  The reason is that unregister_binfmt does not set
      fmt->next to NULL, and seeing (fmt->next != NULL), register_binfmt fails
      with -EBUSY.
      One can find his way around by explicitly setting fmt->next to NULL after
      unregistering, but that is kind of unclean (one should better be using only
      the interfaces, and not the interal members, isn't it?)
      Attached one-liner can fix it.
      Signed-off-by: default avatarKalash Nainwal <kalash.nainwal@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Nick Piggin's avatar
      exec: fix remove_arg_zero · 4fc75ff4
      Nick Piggin authored
      Petr Tesarik discovered a problem in remove_arg_zero(). He writes:
       When a script is loaded, load_script() replaces argv[0] with the
       name of the interpreter and the filename passed to the exec syscall.
       However, there is no guarantee that the length of the interpreter
       name plus the length of the filename is greater than the length of
       the original argv[0]. If the difference happens to cross a page boundary,
       setup_arg_pages() will call put_dirty_page() [aka install_arg_page()]
       with an address outside the VMA.
       Therefore, remove_arg_zero() must free all pages which would be unused
       after the argument is removed.
      So, rewrite the remove_arg_zero function without gotos, with a few comments,
      and with the commonly used explicit index/offset. This fixes the problem
      and makes it easier to understand as well.
      [a.p.zijlstra@chello.nl: add comment]
      Signed-off-by: default avatarNick Piggin <npiggin@suse.de>
      Cc: Petr Tesarik <ptesarik@suse.cz>
      Signed-off-by: default avatarPeter Zijlstra <a.p.zijlstra@chello.nl>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  16. 17 Apr, 2007 1 commit