Eric Lee / smarc-fsl-linux-kernel

24 Nov, 2017

1 commit

  • 71d3850bf   coda: fix 'kernel memory exposure attempt' in fsync ... Browse Code »

    commit d337b66a4c52c7b04eec661d86c2ef6e168965a2 upstream.

    When an application called fsync on a file in Coda a small request with
    just the file identifier was allocated, but the declared length was set
    to the size of union of all possible upcall requests.

    This bug has been around for a very long time and is now caught by the
    extra checking in usercopy that was introduced in Linux-4.8.

    The exposure happens when the Coda cache manager process reads the fsync
    upcall request at which point it is killed. As a result there is nobody
    servicing any further upcalls, trapping any processes that try to access
    the mounted Coda filesystem.

    Signed-off-by: Jan Harkes
    Signed-off-by: Al Viro
    Signed-off-by: Greg Kroah-Hartman

    Jan Harkes
     

02 Nov, 2017

1 commit

  • b24413180   License cleanup: add SPDX GPL-2.0 license identifier to files with no license ... Browse Code »

    Many source files in the tree are missing licensing information, which
    makes it harder for compliance tools to determine the correct license.

    By default all files without license information are under the default
    license of the kernel, which is GPL version 2.

    Update the files which contain no license information with the 'GPL-2.0'
    SPDX license identifier. The SPDX identifier is a legally binding
    shorthand, which can be used instead of the full boiler plate text.

    This patch is based on work done by Thomas Gleixner and Kate Stewart and
    Philippe Ombredanne.

    How this work was done:

    Patches were generated and checked against linux-4.14-rc6 for a subset of
    the use cases:
    - file had no licensing information it it.
    - file was a */uapi/* one with no licensing information in it,
    - file was a */uapi/* one with existing licensing information,

    Further patches will be generated in subsequent months to fix up cases
    where non-standard license headers were used, and references to license
    had to be inferred by heuristics based on keywords.

    The analysis to determine which SPDX License Identifier to be applied to
    a file was done in a spreadsheet of side by side results from of the
    output of two independent scanners (ScanCode & Windriver) producing SPDX
    tag:value files created by Philippe Ombredanne. Philippe prepared the
    base worksheet, and did an initial spot review of a few 1000 files.

    The 4.13 kernel was the starting point of the analysis with 60,537 files
    assessed. Kate Stewart did a file by file comparison of the scanner
    results in the spreadsheet to determine which SPDX license identifier(s)
    to be applied to the file. She confirmed any determination that was not
    immediately clear with lawyers working with the Linux Foundation.

    Criteria used to select files for SPDX license identifier tagging was:
    - Files considered eligible had to be source code files.
    - Make and config files were included as candidates if they contained >5
    lines of source
    - File already had some variant of a license header in it (even if
    Reviewed-by: Philippe Ombredanne
    Reviewed-by: Thomas Gleixner
    Signed-off-by: Greg Kroah-Hartman

    Greg Kroah-Hartman
     

02 Mar, 2017

1 commit

11 Sep, 2015

1 commit

  • 3725e9dd5   fs/coda: fix readlink buffer overflow ... Browse Code »

    Dan Carpenter discovered a buffer overflow in the Coda file system
    readlink code. A userspace file system daemon can return a 4096 byte
    result which then triggers a one byte write past the allocated readlink
    result buffer.

    This does not trigger with an unmodified Coda implementation because Coda
    has a 1024 byte limit for symbolic links, however other userspace file
    systems using the Coda kernel module could be affected.

    Although this is an obvious overflow, I don't think this has to be handled
    as too sensitive from a security perspective because the overflow is on
    the Coda userspace daemon side which already needs root to open Coda's
    kernel device and to mount the file system before we get to the point that
    links can be read.

    [akpm@linux-foundation.org: coding-style fixes]
    Signed-off-by: Jan Harkes
    Reported-by: Dan Carpenter
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Jan Harkes
     

16 Apr, 2015

1 commit

09 Aug, 2014

1 commit

07 Jun, 2014

3 commits

13 Feb, 2013

2 commits

  • d83f5901b   coda: Restrict coda messages to the initial user namespace ... Browse Code »

    Remove the slight chance that uids and gids in coda messages will be
    interpreted in the wrong user namespace.

    - Only allow processes in the initial user namespace to open the coda
    character device to communicate with coda filesystems.
    - Explicitly convert the uids in the coda header into the initial user
    namespace.
    - In coda_vattr_to_attr make kuids and kgids from the initial user
    namespace uids and gids in struct coda_vattr that just came from
    userspace.
    - In coda_iattr_to_vattr convert kuids and kgids into uids and gids
    in the intial user namespace and store them in struct coda_vattr for
    sending to coda userspace programs.

    Nothing needs to be changed with mounts as coda does not support
    being mounted in anything other than the initial user namespace.

    Cc: Jan Harkes
    Signed-off-by: "Eric W. Biederman"

    Eric W. Biederman
     
  • 9fd973e08   coda: Restrict coda messages to the initial pid namespace ... Browse Code »

    Remove the slight chance that pids in coda messages will be
    interpreted in the wrong pid namespace.

    - Explicitly send all pids in coda messages in the initial pid
    namespace.
    - Only allow mounts from processes in the initial pid namespace.
    - Only allow processes in the initial pid namespace to open the coda
    character device to communicate with coda.

    Cc: Jan Harkes
    Signed-off-by: "Eric W. Biederman"

    Eric W. Biederman
     

29 Mar, 2012

1 commit

13 Jan, 2011

1 commit

25 Oct, 2010

2 commits

  • da47c19e5   Coda: replace BKL with mutex ... Browse Code »

    Replace the BKL with a mutex to protect the venus_comm structure which
    binds the mountpoint with the character device and holds the upcall
    queues.

    Signed-off-by: Yoshihisa Abe
    Signed-off-by: Jan Harkes
    Signed-off-by: Linus Torvalds

    Yoshihisa Abe
     
  • f7cc02b87   Coda: push BKL regions into coda_upcall() ... Browse Code »

    Now that shared inode state is locked using the cii->c_lock, the BKL is
    only used to protect the upcall queues used to communicate with the
    userspace cache manager. The remaining state is all local and we can
    push the lock further down into coda_upcall().

    Signed-off-by: Yoshihisa Abe
    Signed-off-by: Jan Harkes
    Signed-off-by: Linus Torvalds

    Yoshihisa Abe
     

08 Aug, 2010

1 commit

30 Mar, 2010

1 commit

  • 5a0e3ad6a   include cleanup: Update gfp.h and slab.h includes to prepare for breaking implic… ... Browse Code »

    …it slab.h inclusion from percpu.h

    percpu.h is included by sched.h and module.h and thus ends up being
    included when building most .c files. percpu.h includes slab.h which
    in turn includes gfp.h making everything defined by the two files
    universally available and complicating inclusion dependencies.

    percpu.h -> slab.h dependency is about to be removed. Prepare for
    this change by updating users of gfp and slab facilities include those
    headers directly instead of assuming availability. As this conversion
    needs to touch large number of source files, the following script is
    used as the basis of conversion.

    http://userweb.kernel.org/~tj/misc/slabh-sweep.py

    The script does the followings.

    * Scan files for gfp and slab usages and update includes such that
    only the necessary includes are there. ie. if only gfp is used,
    gfp.h, if slab is used, slab.h.

    * When the script inserts a new include, it looks at the include
    blocks and try to put the new include such that its order conforms
    to its surrounding. It's put in the include block which contains
    core kernel includes, in the same order that the rest are ordered -
    alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
    doesn't seem to be any matching order.

    * If the script can't find a place to put a new include (mostly
    because the file doesn't have fitting include block), it prints out
    an error message indicating which .h file needs to be added to the
    file.

    The conversion was done in the following steps.

    1. The initial automatic conversion of all .c files updated slightly
    over 4000 files, deleting around 700 includes and adding ~480 gfp.h
    and ~3000 slab.h inclusions. The script emitted errors for ~400
    files.

    2. Each error was manually checked. Some didn't need the inclusion,
    some needed manual addition while adding it to implementation .h or
    embedding .c file was more appropriate for others. This step added
    inclusions to around 150 files.

    3. The script was run again and the output was compared to the edits
    from #2 to make sure no file was left behind.

    4. Several build tests were done and a couple of problems were fixed.
    e.g. lib/decompress_*.c used malloc/free() wrappers around slab
    APIs requiring slab.h to be added manually.

    5. The script was run on all .h files but without automatically
    editing them as sprinkling gfp.h and slab.h inclusions around .h
    files could easily lead to inclusion dependency hell. Most gfp.h
    inclusion directives were ignored as stuff from gfp.h was usually
    wildly available and often used in preprocessor macros. Each
    slab.h inclusion directive was examined and added manually as
    necessary.

    6. percpu.h was updated not to include slab.h.

    7. Build test were done on the following configurations and failures
    were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
    distributed build env didn't work with gcov compiles) and a few
    more options had to be turned off depending on archs to make things
    build (like ipr on powerpc/64 which failed due to missing writeq).

    * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
    * powerpc and powerpc64 SMP allmodconfig
    * sparc and sparc64 SMP allmodconfig
    * ia64 SMP allmodconfig
    * s390 SMP allmodconfig
    * alpha SMP allmodconfig
    * um on x86_64 SMP allmodconfig

    8. percpu.h modifications were reverted so that it could be applied as
    a separate patch and serve as bisection point.

    Given the fact that I had only a couple of failures from tests on step
    6, I'm fairly confident about the coverage of this conversion patch.
    If there is a breakage, it's likely to be something in one of the arch
    headers which should be easily discoverable easily on most builds of
    the specific arch.

    Signed-off-by: Tejun Heo <tj@kernel.org>
    Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>

    Tejun Heo
     

14 Nov, 2008

1 commit

  • 97b7702cd   CRED: Wrap task credential accesses in the Coda filesystem ... Browse Code »

    Wrap access to task credentials so that they can be separated more easily from
    the task_struct during the introduction of COW creds.

    Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().

    Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more
    sense to use RCU directly rather than a convenient wrapper; these will be
    addressed by later patches.

    Signed-off-by: David Howells
    Reviewed-by: James Morris
    Acked-by: Serge Hallyn
    Cc: Jan Harkes
    Cc: codalist@coda.cs.cmu.edu
    Signed-off-by: James Morris

    David Howells
     

26 Jul, 2008

1 commit

  • de0ca06a9   coda: remove CODA_FS_OLD_API ... Browse Code »

    While fixing CONFIG_ leakages to the userspace kernel headers I ran into
    CODA_FS_OLD_API.

    After five years, are there still people using the old API left?
    Especially considering that you have to choose at compile time which API
    to support in the kernel (and distributions tend to offer the new API for
    some time).

    Jan: "The old API can definitely go. Around the time the new
    interface went in there were some non-Coda userspace file system
    implementations that took a while longer to convert to the new API,
    but by now they all switched to the new interface or in some cases
    to a FUSE-based solution."

    Signed-off-by: Adrian Bunk
    Acked-by: Jan Harkes
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Adrian Bunk
     

20 Oct, 2007

1 commit

  • a47afb0f9   pid namespaces: round up the API ... Browse Code »

    The set of functions process_session, task_session, process_group and
    task_pgrp is confusing, as the names can be mixed with each other when looking
    at the code for a long time.

    The proposals are to
    * equip the functions that return the integer with _nr suffix to
    represent that fact,
    * and to make all functions work with task (not process) by making
    the common prefix of the same name.

    For monotony the routines signal_session() and set_signal_session() are
    replaced with task_session_nr() and set_task_session(), especially since they
    are only used with the explicit task->signal dereference.

    Signed-off-by: Pavel Emelianov
    Acked-by: Serge E. Hallyn
    Cc: Kirill Korotaev
    Cc: "Eric W. Biederman"
    Cc: Cedric Le Goater
    Cc: Herbert Poetzl
    Cc: Sukadev Bhattiprolu
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Pavel Emelianov
     

22 Jul, 2007

1 commit

  • d3fec424b   coda: remove CODA_STORE/CODA_RELEASE upcalls ... Browse Code »

    This is an variation on the patch sent by Christoph Hellwig which kills
    file_count abuse by the Coda kernel module by moving the coda_flush
    functionality into coda_release. However part of reason we were using the
    coda_flush callback was to allow Coda to pass errors that occur during
    writeback from the userspace cache manager back to close().

    As Al Viro explained on linux-fsdevel, it is impossible to guarantee that
    such errors can in fact be returned back to the caller. There are many
    cases where the last reference to a file is not released by the close
    system call and it is also impossible to pick some close as a 'last-close'
    and delay it until all other references have been destroyed.

    The CODA_STORE/CODA_RELEASE upcall combination is clearly a broken design,
    and it is better to remove it completely.

    Signed-off-by: Jan Harkes
    Cc: Christoph Hellwig
    Cc: Al Viro
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Jan Harkes
     

20 Jul, 2007

10 commits

22 May, 2007

1 commit

  • e8edc6e03   Detach sched.h from mm.h ... Browse Code »

    First thing mm.h does is including sched.h solely for can_do_mlock() inline
    function which has "current" dereference inside. By dealing with can_do_mlock()
    mm.h can be detached from sched.h which is good. See below, why.

    This patch
    a) removes unconditional inclusion of sched.h from mm.h
    b) makes can_do_mlock() normal function in mm/mlock.c
    c) exports can_do_mlock() to not break compilation
    d) adds sched.h inclusions back to files that were getting it indirectly.
    e) adds less bloated headers to some files (asm/signal.h, jiffies.h) that were
    getting them indirectly

    Net result is:
    a) mm.h users would get less code to open, read, preprocess, parse, ... if
    they don't need sched.h
    b) sched.h stops being dependency for significant number of files:
    on x86_64 allmodconfig touching sched.h results in recompile of 4083 files,
    after patch it's only 3744 (-8.3%).

    Cross-compile tested on

    all arm defconfigs, all mips defconfigs, all powerpc defconfigs,
    alpha alpha-up
    arm
    i386 i386-up i386-defconfig i386-allnoconfig
    ia64 ia64-up
    m68k
    mips
    parisc parisc-up
    powerpc powerpc-up
    s390 s390-up
    sparc sparc-up
    sparc64 sparc64-up
    um-x86_64
    x86_64 x86_64-up x86_64-defconfig x86_64-allnoconfig

    as well as my two usual configs.

    Signed-off-by: Alexey Dobriyan
    Signed-off-by: Linus Torvalds

    Alexey Dobriyan
     

27 Jun, 2006

1 commit

23 Jun, 2006

1 commit

  • 726c33422   [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry ... Browse Code »

    Give the statfs superblock operation a dentry pointer rather than a superblock
    pointer.

    This complements the get_sb() patch. That reduced the significance of
    sb->s_root, allowing NFS to place a fake root there. However, NFS does
    require a dentry to use as a target for the statfs operation. This permits
    the root in the vfsmount to be used instead.

    linux/mount.h has been added where necessary to make allyesconfig build
    successfully.

    Interest has also been expressed for use with the FUSE and XFS filesystems.

    Signed-off-by: David Howells
    Acked-by: Al Viro
    Cc: Nathan Scott
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    David Howells
     

17 Apr, 2005

1 commit

  • 1da177e4c   Linux-2.6.12-rc2 ... Browse Code »

    Initial git repository build. I'm not bothering with the full history,
    even though we have it. We can create a separate "historical" git
    archive of that later if we want to, and in the meantime it's about
    3.2GB when imported into git - space that would just make the early
    git days unnecessarily complicated, when we don't have a lot of good
    infrastructure for it.

    Let it rip!

    Linus Torvalds