1. 02 Apr, 2015 1 commit
  2. 20 Dec, 2012 8 commits
  3. 18 Oct, 2012 1 commit
  4. 12 Oct, 2012 1 commit
    • Jeff Layton's avatar
      audit: set the name_len in audit_inode for parent lookups · bfcec708
      Jeff Layton authored
      Currently, this gets set mostly by happenstance when we call into
      audit_inode_child. While that might be a little more efficient, it seems
      wrong. If the syscall ends up failing before audit_inode_child ever gets
      called, then you'll have an audit_names record that shows the full path
      but has the parent inode info attached.
      
      Fix this by passing in a parent flag when we call audit_inode that gets
      set to the value of LOOKUP_PARENT. We can then fix up the pathname for
      the audit entry correctly from the get-go.
      
      While we're at it, clean up the no-op macro for audit_inode in the
      !CONFIG_AUDITSYSCALL case.
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      bfcec708
  5. 27 Sep, 2012 1 commit
  6. 18 Sep, 2012 1 commit
    • Eric W. Biederman's avatar
      userns: Convert vfs posix_acl support to use kuids and kgids · 2f6f0654
      Eric W. Biederman authored
      - In setxattr if we are setting a posix acl convert uids and gids from
        the current user namespace into the initial user namespace, before
        the xattrs are passed to the underlying filesystem.
      
        Untranslatable uids and gids are represented as -1 which
        posix_acl_from_xattr will represent as INVALID_UID or INVALID_GID.
        posix_acl_valid will fail if an acl from userspace has any
        INVALID_UID or INVALID_GID values.  In net this guarantees that
        untranslatable posix acls will not be stored by filesystems.
      
      - In getxattr if we are reading a posix acl convert uids and gids from
        the initial user namespace into the current user namespace.
      
        Uids and gids that can not be tranlsated into the current user namespace
        will be represented as -1.
      
      - Replace e_id in struct posix_acl_entry with an anymouns union of
        e_uid and e_gid.  For the short term retain the e_id field
        until all of the users are converted.
      
      - Don't set struct posix_acl.e_id in the cases where the acl type
        does not use e_id.  Greatly reducing the use of ACL_UNDEFINED_ID.
      
      - Rework the ordering checks in posix_acl_valid so that I use kuid_t
        and kgid_t types throughout the code, and so that I don't need
        arithmetic on uid and gid types.
      
      Cc: Theodore Tso <tytso@mit.edu>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andreas Dilger <adilger.kernel@dilger.ca>
      Cc: Jan Kara <jack@suse.cz>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
      2f6f0654
  7. 13 Sep, 2012 2 commits
  8. 07 Sep, 2012 1 commit
  9. 24 Aug, 2012 1 commit
    • Aristeu Rozanski's avatar
      xattr: extract simple_xattr code from tmpfs · 38f38657
      Aristeu Rozanski authored
      Extract in-memory xattr APIs from tmpfs. Will be used by cgroup.
      
      $ size vmlinux.o
         text    data     bss     dec     hex filename
      4658782  880729 5195032 10734543         a3cbcf vmlinux.o
      $ size vmlinux.o
         text    data     bss     dec     hex filename
      4658957  880729 5195032 10734718         a3cc7e vmlinux.o
      
      v7:
      - checkpatch warnings fixed
      - Implement the changes requested by Hugh Dickins:
      	- make simple_xattrs_init and simple_xattrs_free inline
      	- get rid of locking and list reinitialization in simple_xattrs_free,
      	  they're not needed
      v6:
      - no changes
      v5:
      - no changes
      v4:
      - move simple_xattrs_free() to fs/xattr.c
      v3:
      - in kmem_xattrs_free(), reinitialize the list
      - use simple_xattr_* prefix
      - introduce simple_xattr_add() to prevent direct list usage
      Original-patch-by: default avatarLi Zefan <lizefan@huawei.com>
      Cc: Li Zefan <lizefan@huawei.com>
      Cc: Hillf Danton <dhillf@gmail.com>
      Cc: Lennart Poettering <lpoetter@redhat.com>
      Acked-by: default avatarHugh Dickins <hughd@google.com>
      Signed-off-by: default avatarLi Zefan <lizefan@huawei.com>
      Signed-off-by: default avatarAristeu Rozanski <aris@redhat.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      38f38657
  10. 31 Jul, 2012 1 commit
  11. 30 May, 2012 1 commit
  12. 05 Apr, 2012 3 commits
  13. 29 Feb, 2012 1 commit
  14. 04 Jan, 2012 1 commit
  15. 18 Jul, 2011 2 commits
  16. 28 May, 2011 1 commit
    • Andi Kleen's avatar
      Cache xattr security drop check for write v2 · 69b45732
      Andi Kleen authored
      Some recent benchmarking on btrfs showed that a major scaling bottleneck
      on large systems on btrfs is currently the xattr lookup on every write.
      
      Why xattr lookup on every write I hear you ask?
      
      write wants to drop suid and security related xattrs that could set o
      capabilities for executables.  To do that it currently looks up
      security.capability on EVERY write (even for non executables) to decide
      whether to drop it or not.
      
      In btrfs this causes an additional tree walk, hitting some per file system
      locks and quite bad scalability. In a simple read workload on a 8S
      system I saw over 90% CPU time in spinlocks related to that.
      
      Chris Mason tells me this is also a problem in ext4, where it hits
      the global mbcache lock.
      
      This patch adds a simple per inode to avoid this problem.  We only
      do the lookup once per file and then if there is no xattr cache
      the decision. All xattr changes clear the flag.
      
      I also used the same flag to avoid the suid check, although
      that one is pretty cheap.
      
      A file system can also set this flag when it creates the inode,
      if it has a cheap way to do so.  This is done for some common file systems
      in followon patches.
      
      With this patch a major part of the lock contention disappears
      for btrfs. Some testing on smaller systems didn't show significant
      performance changes, but at least it helps the larger systems
      and is generally more efficient.
      
      v2: Rename is_sgid. add file system helper.
      Cc: chris.mason@oracle.com
      Cc: josef@redhat.com
      Cc: viro@zeniv.linux.org.uk
      Cc: agruen@linbit.com
      Cc: Serge E. Hallyn <serue@us.ibm.com>
      Signed-off-by: default avatarAndi Kleen <ak@linux.intel.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      69b45732
  17. 27 May, 2011 1 commit
  18. 21 Apr, 2011 1 commit
  19. 24 Mar, 2011 1 commit
  20. 21 May, 2010 1 commit
  21. 16 Dec, 2009 1 commit
    • Christoph Hellwig's avatar
      sanitize xattr handler prototypes · 431547b3
      Christoph Hellwig authored
      Add a flags argument to struct xattr_handler and pass it to all xattr
      handler methods.  This allows using the same methods for multiple
      handlers, e.g. for the ACL methods which perform exactly the same action
      for the access and default ACLs, just using a different underlying
      attribute.  With a little more groundwork it'll also allow sharing the
      methods for the regular user/trusted/secure handlers in extN, ocfs2 and
      jffs2 like it's already done for xfs in this patch.
      
      Also change the inode argument to the handlers to a dentry to allow
      using the handlers mechnism for filesystems that require it later,
      e.g. cifs.
      
      [with GFS2 bits updated by Steven Whitehouse <swhiteho@redhat.com>]
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarJames Morris <jmorris@namei.org>
      Acked-by: default avatarJoel Becker <joel.becker@oracle.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      431547b3
  22. 10 Sep, 2009 1 commit
  23. 12 Jun, 2009 1 commit
    • npiggin@suse.de's avatar
      fs: introduce mnt_clone_write · 96029c4e
      npiggin@suse.de authored
      This patch speeds up lmbench lat_mmap test by about another 2% after the
      first patch.
      
      Before:
       avg = 462.286
       std = 5.46106
      
      After:
       avg = 453.12
       std = 9.58257
      
      (50 runs of each, stddev gives a reasonable confidence)
      
      It does this by introducing mnt_clone_write, which avoids some heavyweight
      operations of mnt_want_write if called on a vfsmount which we know already
      has a write count; and mnt_want_write_file, which can call mnt_clone_write
      if the file is open for write.
      
      After these two patches, mnt_want_write and mnt_drop_write go from 7% on
      the profile down to 1.3% (including mnt_clone_write).
      
      [AV: mnt_want_write_file() should take file alone and derive mnt from it;
      not only all callers have that form, but that's the only mnt about which
      we know that it's already held for write if file is opened for write]
      
      Cc: Dave Hansen <haveblue@us.ibm.com>
      Signed-off-by: default avatarNick Piggin <npiggin@suse.de>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      96029c4e
  24. 21 Apr, 2009 1 commit
  25. 14 Jan, 2009 3 commits
  26. 05 Jan, 2009 1 commit
    • Al Viro's avatar
      inode->i_op is never NULL · acfa4380
      Al Viro authored
      We used to have rather schizophrenic set of checks for NULL ->i_op even
      though it had been eliminated years ago.  You'd need to go out of your
      way to set it to NULL explicitly _and_ a bunch of code would die on
      such inodes anyway.  After killing two remaining places that still
      did that bogosity, all that crap can go away.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      acfa4380
  27. 27 Jul, 2008 1 commit
    • Al Viro's avatar
      [PATCH] sanitize __user_walk_fd() et.al. · 2d8f3038
      Al Viro authored
      * do not pass nameidata; struct path is all the callers want.
      * switch to new helpers:
      	user_path_at(dfd, pathname, flags, &path)
      	user_path(pathname, &path)
      	user_lpath(pathname, &path)
      	user_path_dir(pathname, &path)  (fail if not a directory)
        The last 3 are trivial macro wrappers for the first one.
      * remove nameidata in callers.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      2d8f3038