Eric Lee / smarc-fsl-linux-kernel

13 Sep, 2013

1 commit

27 Mar, 2013

1 commit

  • 3151527ee   userns: Don't allow creation if the user is chrooted ... Browse Code »

    Guarantee that the policy of which files may be access that is
    established by setting the root directory will not be violated
    by user namespaces by verifying that the root directory points
    to the root of the mount namespace at the time of user namespace
    creation.

    Changing the root is a privileged operation, and as a matter of policy
    it serves to limit unprivileged processes to files below the current
    root directory.

    For reasons of simplicity and comprehensibility the privilege to
    change the root directory is gated solely on the CAP_SYS_CHROOT
    capability in the user namespace. Therefore when creating a user
    namespace we must ensure that the policy of which files may be access
    can not be violated by changing the root directory.

    Anyone who runs a processes in a chroot and would like to use user
    namespace can setup the same view of filesystems with a mount
    namespace instead. With this result that this is not a practical
    limitation for using user namespaces.

    Cc: stable@vger.kernel.org
    Acked-by: Serge Hallyn
    Reported-by: Andy Lutomirski
    Signed-off-by: "Eric W. Biederman"

    Eric W. Biederman
     

02 Mar, 2013

1 commit

29 Nov, 2012

1 commit

07 Jan, 2011

1 commit

  • c28cc3646   fs: fs_struct use seqlock ... Browse Code »

    Use a seqlock in the fs_struct to enable us to take an atomic copy of the
    complete cwd and root paths. Use this in the RCU lookup path to avoid a
    thread-shared spinlock in RCU lookup operations.

    Multi-threaded apps may now perform path lookups with scalability matching
    multi-process apps. Operations such as stat(2) become very scalable for
    multi-threaded workload.

    Signed-off-by: Nick Piggin

    Nick Piggin
     

18 Aug, 2010

1 commit

  • 2a4419b5b   fs: fs_struct rwlock to spinlock ... Browse Code »

    fs: fs_struct rwlock to spinlock

    struct fs_struct.lock is an rwlock with the read-side used to protect root and
    pwd members while taking references to them. Taking a reference to a path
    typically requires just 2 atomic ops, so the critical section is very small.
    Parallel read-side operations would have cacheline contention on the lock, the
    dentry, and the vfsmount cachelines, so the rwlock is unlikely to ever give a
    real parallelism increase.

    Replace it with a spinlock to avoid one or two atomic operations in typical
    path lookup fastpath.

    Signed-off-by: Nick Piggin
    Signed-off-by: Al Viro

    Nick Piggin
     

11 Aug, 2010

1 commit

01 Apr, 2009

2 commits

  • 498052bba   New locking/refcounting for fs_struct ... Browse Code »

    * all changes of current->fs are done under task_lock and write_lock of
    old fs->lock
    * refcount is not atomic anymore (same protection)
    * its decrements are done when removing reference from current; at the
    same time we decide whether to free it.
    * put_fs_struct() is gone
    * new field - ->in_exec. Set by check_unsafe_exec() if we are trying to do
    execve() and only subthreads share fs_struct. Cleared when finishing exec
    (success and failure alike). Makes CLONE_FS fail with -EAGAIN if set.
    * check_unsafe_exec() may fail with -EAGAIN if another execve() from subthread
    is in progress.

    Signed-off-by: Al Viro

    Al Viro
     
  • 3e93cd671   Take fs_struct handling to new file (fs/fs_struct.c) ... Browse Code »

    Pure code move; two new helper functions for nfsd and daemonize
    (unshare_fs_struct() and daemonize_fs_struct() resp.; for now -
    the same code as used to be in callers). unshare_fs_struct()
    exported (for nfsd, as copy_fs_struct()/exit_fs() used to be),
    copy_fs_struct() and exit_fs() don't need exports anymore.

    Signed-off-by: Al Viro

    Al Viro
     

29 Mar, 2009

1 commit

  • 795e2fe0a   Annotate struct fs_struct's usage count restriction ... Browse Code »

    Annotate struct fs_struct's usage count to indicate the restrictions upon it.
    It may not be incremented, except by clone(CLONE_FS), as this affects the
    check in check_unsafe_exec() in fs/exec.c.

    Signed-off-by: David Howells
    Signed-off-by: Hugh Dickins
    Cc: stable@kernel.org
    Signed-off-by: Linus Torvalds

    David Howells
     

01 Jan, 2009

1 commit

27 Jul, 2008

1 commit

15 Feb, 2008

2 commits

  • ac748a09f   Make set_fs_{root,pwd} take a struct path ... Browse Code »

    In nearly all cases the set_fs_{root,pwd}() calls work on a struct
    path. Change the function to reflect this and use path_get() here.

    Signed-off-by: Jan Blunck
    Signed-off-by: Andreas Gruenbacher
    Acked-by: Christoph Hellwig
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Jan Blunck
     
  • 6ac08c39a   Use struct path in fs_struct ... Browse Code »

    * Use struct path in fs_struct.

    Signed-off-by: Andreas Gruenbacher
    Signed-off-by: Jan Blunck
    Acked-by: Christoph Hellwig
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Jan Blunck
     

08 Dec, 2006

1 commit

17 Apr, 2005

1 commit

  • 1da177e4c   Linux-2.6.12-rc2 ... Browse Code »

    Initial git repository build. I'm not bothering with the full history,
    even though we have it. We can create a separate "historical" git
    archive of that later if we want to, and in the meantime it's about
    3.2GB when imported into git - space that would just make the early
    git days unnecessarily complicated, when we don't have a lot of good
    infrastructure for it.

    Let it rip!

    Linus Torvalds