23 Feb, 2018

1 commit

  • Each read from a file in efivarfs results in two calls to EFI
    (one to get the file size, another to get the actual data).

    On X86 these EFI calls result in broadcast system management
    interrupts (SMI) which affect performance of the whole system.
    A malicious user can loop performing reads from efivarfs bringing
    the system to its knees.

    Linus suggested per-user rate limit to solve this.

    So we add a ratelimit structure to "user_struct" and initialize
    it for the root user for no limit. When allocating user_struct for
    other users we set the limit to 100 per second. This could be used
    for other places that want to limit the rate of some detrimental
    user action.

    In efivarfs if the limit is exceeded when reading, we take an
    interruptible nap for 50ms and check the rate limit again.

    Signed-off-by: Tony Luck
    Acked-by: Ard Biesheuvel
    Signed-off-by: Linus Torvalds

    Luck, Tony
     

11 Jul, 2017

1 commit

  • Kill off s_options, save/replace_mount_options() and generic_show_options()
    as all filesystems now implement ->show_options() for themselves. This
    should make it easier to implement a context-based mount where the mount
    options can be passed individually over a file descriptor.

    Signed-off-by: David Howells
    Signed-off-by: Al Viro

    David Howells
     

11 Oct, 2016

1 commit

  • Pull more vfs updates from Al Viro:
    ">rename2() work from Miklos + current_time() from Deepa"

    * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
    fs: Replace current_fs_time() with current_time()
    fs: Replace CURRENT_TIME_SEC with current_time() for inode timestamps
    fs: Replace CURRENT_TIME with current_time() for inode timestamps
    fs: proc: Delete inode time initializations in proc_alloc_inode()
    vfs: Add current_time() api
    vfs: add note about i_op->rename changes to porting
    fs: rename "rename2" i_op to "rename"
    vfs: remove unused i_op->rename
    fs: make remaining filesystems use .rename2
    libfs: support RENAME_NOREPLACE in simple_rename()
    fs: support RENAME_NOREPLACE for local filesystems
    ncpfs: fix unused variable warning

    Linus Torvalds
     

28 Sep, 2016

1 commit

  • CURRENT_TIME macro is not appropriate for filesystems as it
    doesn't use the right granularity for filesystem timestamps.
    Use current_time() instead.

    CURRENT_TIME is also not y2038 safe.

    This is also in preparation for the patch that transitions
    vfs timestamps to use 64 bit time and hence make them
    y2038 safe. As part of the effort current_time() will be
    extended to do range checks. Hence, it is necessary for all
    file system timestamps to use current_time(). Also,
    current_time() will be transitioned along with vfs to be
    y2038 safe.

    Note that whenever a single call to current_time() is used
    to change timestamps in different inodes, it is because they
    share the same time granularity.

    Signed-off-by: Deepa Dinamani
    Reviewed-by: Arnd Bergmann
    Acked-by: Felipe Balbi
    Acked-by: Steven Whitehouse
    Acked-by: Ryusuke Konishi
    Acked-by: David Sterba
    Signed-off-by: Al Viro

    Deepa Dinamani
     

09 Sep, 2016

2 commits

  • Julia reported that we may double free 'name' in efivarfs_callback(),
    and that this bug was introduced by commit 0d22f33bc37c ("efi: Don't
    use spinlocks for efi vars").

    Move one of the kfree()s until after the point at which we know we are
    definitely on the success path.

    Reported-by: Julia Lawall
    Acked-by: Julia Lawall
    Cc: Ard Biesheuvel
    Cc: Sylvain Chouleur
    Signed-off-by: Matt Fleming

    Matt Fleming
     
  • All efivars operations are protected by a spinlock which prevents
    interruptions and preemption. This is too restricted, we just need a
    lock preventing concurrency.
    The idea is to use a semaphore of count 1 and to have two ways of
    locking, depending on the context:
    - In interrupt context, we call down_trylock(), if it fails we return
    an error
    - In normal context, we call down_interruptible()

    We don't use a mutex here because the mutex_trylock() function must not
    be called from interrupt context, whereas the down_trylock() can.

    Signed-off-by: Sylvain Chouleur
    Signed-off-by: Ard Biesheuvel
    Cc: Leif Lindholm
    Cc: Mark Rutland
    Cc: Sylvain Chouleur
    Signed-off-by: Matt Fleming

    Sylvain Chouleur
     

01 Aug, 2016

1 commit


11 Jun, 2016

1 commit

  • We always mixed in the parent pointer into the dentry name hash, but we
    did it late at lookup time. It turns out that we can simplify that
    lookup-time action by salting the hash with the parent pointer early
    instead of late.

    A few other users of our string hashes also wanted to mix in their own
    pointers into the hash, and those are updated to use the same mechanism.

    Hash users that don't have any particular initial salt can just use the
    NULL pointer as a no-salt.

    Cc: Vegard Nossum
    Cc: George Spelvin
    Cc: Al Viro
    Signed-off-by: Linus Torvalds

    Linus Torvalds
     

21 May, 2016

1 commit

  • Instead of opencoding let's use generic UUID library functions here.

    Signed-off-by: Andy Shevchenko
    Reviewed-by: Matt Fleming
    Cc: Dmitry Kasatkin
    Cc: Mimi Zohar
    Cc: Rasmus Villemoes
    Cc: Arnd Bergmann
    Cc: "Theodore Ts'o"
    Cc: Al Viro
    Cc: Jens Axboe
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Andy Shevchenko
     

07 May, 2016

2 commits

  • There are no callers except through the file_operations struct below
    this, so it should be static like everything else here.

    Signed-off-by: Peter Jones
    Signed-off-by: Matt Fleming
    Cc: Andy Lutomirski
    Cc: Ard Biesheuvel
    Cc: Borislav Petkov
    Cc: Brian Gerst
    Cc: Denys Vlasenko
    Cc: H. Peter Anvin
    Cc: Linus Torvalds
    Cc: Peter Zijlstra
    Cc: Thomas Gleixner
    Cc: linux-efi@vger.kernel.org
    Link: http://lkml.kernel.org/r/1462570771-13324-6-git-send-email-matt@codeblueprint.co.uk
    Signed-off-by: Ingo Molnar

    Peter Jones
     
  • The parameters atomic and duplicates of efivar_init always have opposite
    values. Drop the parameter atomic, replace the uses of !atomic with
    duplicates, and update the call sites accordingly.

    The code using duplicates is slightly reorganized with an 'else', to avoid
    duplicating the lock code.

    Signed-off-by: Julia Lawall
    Signed-off-by: Matt Fleming
    Cc: Andy Lutomirski
    Cc: Ard Biesheuvel
    Cc: Borislav Petkov
    Cc: Brian Gerst
    Cc: Denys Vlasenko
    Cc: H. Peter Anvin
    Cc: Jeremy Kerr
    Cc: Linus Torvalds
    Cc: Matthew Garrett
    Cc: Peter Zijlstra
    Cc: Saurabh Sengar
    Cc: Thomas Gleixner
    Cc: Vaishali Thakkar
    Cc: linux-efi@vger.kernel.org
    Link: http://lkml.kernel.org/r/1462570771-13324-5-git-send-email-matt@codeblueprint.co.uk
    Signed-off-by: Ingo Molnar

    Julia Lawall
     

05 Apr, 2016

1 commit

  • PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} macros were introduced *long* time
    ago with promise that one day it will be possible to implement page
    cache with bigger chunks than PAGE_SIZE.

    This promise never materialized. And unlikely will.

    We have many places where PAGE_CACHE_SIZE assumed to be equal to
    PAGE_SIZE. And it's constant source of confusion on whether
    PAGE_CACHE_* or PAGE_* constant should be used in a particular case,
    especially on the border between fs and mm.

    Global switching to PAGE_CACHE_SIZE != PAGE_SIZE would cause to much
    breakage to be doable.

    Let's stop pretending that pages in page cache are special. They are
    not.

    The changes are pretty straight-forward:

    - << (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> ;

    - >> (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> ;

    - PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} -> PAGE_{SIZE,SHIFT,MASK,ALIGN};

    - page_cache_get() -> get_page();

    - page_cache_release() -> put_page();

    This patch contains automated changes generated with coccinelle using
    script below. For some reason, coccinelle doesn't patch header files.
    I've called spatch for them manually.

    The only adjustment after coccinelle is revert of changes to
    PAGE_CAHCE_ALIGN definition: we are going to drop it later.

    There are few places in the code where coccinelle didn't reach. I'll
    fix them manually in a separate patch. Comments and documentation also
    will be addressed with the separate patch.

    virtual patch

    @@
    expression E;
    @@
    - E << (PAGE_CACHE_SHIFT - PAGE_SHIFT)
    + E

    @@
    expression E;
    @@
    - E >> (PAGE_CACHE_SHIFT - PAGE_SHIFT)
    + E

    @@
    @@
    - PAGE_CACHE_SHIFT
    + PAGE_SHIFT

    @@
    @@
    - PAGE_CACHE_SIZE
    + PAGE_SIZE

    @@
    @@
    - PAGE_CACHE_MASK
    + PAGE_MASK

    @@
    expression E;
    @@
    - PAGE_CACHE_ALIGN(E)
    + PAGE_ALIGN(E)

    @@
    expression E;
    @@
    - page_cache_get(E)
    + get_page(E)

    @@
    expression E;
    @@
    - page_cache_release(E)
    + put_page(E)

    Signed-off-by: Kirill A. Shutemov
    Acked-by: Michal Hocko
    Signed-off-by: Linus Torvalds

    Kirill A. Shutemov
     

11 Feb, 2016

1 commit

  • "rm -rf" is bricking some peoples' laptops because of variables being
    used to store non-reinitializable firmware driver data that's required
    to POST the hardware.

    These are 100% bugs, and they need to be fixed, but in the mean time it
    shouldn't be easy to *accidentally* brick machines.

    We have to have delete working, and picking which variables do and don't
    work for deletion is quite intractable, so instead make everything
    immutable by default (except for a whitelist), and make tools that
    aren't quite so broad-spectrum unset the immutable flag.

    Signed-off-by: Peter Jones
    Tested-by: Lee, Chun-Yi
    Acked-by: Matthew Garrett
    Signed-off-by: Matt Fleming

    Peter Jones
     

10 Feb, 2016

1 commit


23 Jan, 2016

1 commit

  • parallel to mutex_{lock,unlock,trylock,is_locked,lock_nested},
    inode_foo(inode) being mutex_foo(&inode->i_mutex).

    Please, use those for access to ->i_mutex; over the coming cycle
    ->i_mutex will become rwsem, with ->lookup() done with it held
    only shared.

    Signed-off-by: Al Viro

    Al Viro
     

07 May, 2015

1 commit

  • Pull x86 fixes from Ingo Molnar:
    "EFI fixes, and FPU fix, a ticket spinlock boundary condition fix and
    two build fixes"

    * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
    x86/fpu: Always restore_xinit_state() when use_eager_cpu()
    x86: Make cpu_tss available to external modules
    efi: Fix error handling in add_sysfs_runtime_map_entry()
    x86/spinlocks: Fix regression in spinlock contention detection
    x86/mm: Clean up types in xlate_dev_mem_ptr()
    x86/efi: Store upper bits of command line buffer address in ext_cmd_line_ptr
    efivarfs: Ensure VariableName is NUL-terminated

    Linus Torvalds
     

17 Apr, 2015

1 commit

  • Some buggy firmware implementations update VariableNameSize on success
    such that it does not include the final NUL character which results in
    garbage in the efivarfs name entries. Use kzalloc on the efivar_entry
    (as is done in efivars.c) to ensure that the name is always
    NUL-terminated.

    The buggy firmware is:
    BIOS Information
    Vendor: Intel Corp.
    Version: S1200RP.86B.02.02.0005.102320140911
    Release Date: 10/23/2014
    BIOS Revision: 4.6
    System Information
    Manufacturer: Intel Corporation
    Product Name: S1200RP_SE

    Signed-off-by: Ross Lagerwall
    Acked-by: Matthew Garrett
    Cc: Jeremy Kerr
    Cc:
    Signed-off-by: Matt Fleming

    Ross Lagerwall
     

16 Apr, 2015

1 commit


30 Jan, 2015

1 commit

  • Pull EFI updates from Matt Fleming:

    " - Move efivarfs from the misc filesystem section to pseudo filesystem,
    since that's a more logical and accurate place - Leif Lindholm

    - Update efibootmgr URL in Kconfig help - Peter Jones

    - Improve accuracy of EFI guid function names - Borislav Petkov

    - Expose firmware platform size in sysfs for the benefit of EFI boot
    loader installers and other utilities - Steve McIntyre

    - Cleanup __init annotations for arm64/efi code - Ard Biesheuvel

    - Mark the UIE as unsupported for rtc-efi - Ard Biesheuvel

    - Fix memory leak in error code path of runtime map code - Dan Carpenter

    - Improve robustness of get_memory_map() by removing assumptions on the
    size of efi_memory_desc_t (which could change in future spec
    versions) and querying the firmware instead of guessing about the
    memmap size - Ard Biesheuvel

    - Remove superfluous guid unparse calls - Ivan Khoronzhuk

    - Delete unnecessary chosen@0 DT node FDT code since was duplicated
    from code in drivers/of and is entirely unnecessary - Leif Lindholm

    There's nothing super scary, mainly cleanups, and a merge from Ricardo who
    kindly picked up some patches from the linux-efi mailing list while I
    was out on annual leave in December.

    Perhaps the biggest risk is the get_memory_map() change from Ard, which
    changes the way that both the arm64 and x86 EFI boot stub build the
    early memory map. It would be good to have it bake in linux-next for a
    while.
    "

    Signed-off-by: Ingo Molnar

    Ingo Molnar
     

12 Jan, 2015

1 commit


08 Jan, 2015

1 commit


05 Jan, 2015

1 commit

  • efivars is currently enabled under MISC_FILESYSTEMS, which is decribed
    as "such as filesystems that came from other operating systems".
    In reality, it is a pseudo filesystem, providing access to the kernel
    UEFI variable interface.

    Since this is the preferred interface for accessing UEFI variables, over
    the legacy efivars interface, also build it by default as a module if
    CONFIG_EFI.

    Signed-off-by: Leif Lindholm
    Signed-off-by: Matt Fleming

    Leif Lindholm
     

11 Dec, 2014

1 commit

  • Pull VFS changes from Al Viro:
    "First pile out of several (there _definitely_ will be more). Stuff in
    this one:

    - unification of d_splice_alias()/d_materialize_unique()

    - iov_iter rewrite

    - killing a bunch of ->f_path.dentry users (and f_dentry macro).

    Getting that completed will make life much simpler for
    unionmount/overlayfs, since then we'll be able to limit the places
    sensitive to file _dentry_ to reasonably few. Which allows to have
    file_inode(file) pointing to inode in a covered layer, with dentry
    pointing to (negative) dentry in union one.

    Still not complete, but much closer now.

    - crapectomy in lustre (dead code removal, mostly)

    - "let's make seq_printf return nothing" preparations

    - assorted cleanups and fixes

    There _definitely_ will be more piles"

    * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (63 commits)
    copy_from_iter_nocache()
    new helper: iov_iter_kvec()
    csum_and_copy_..._iter()
    iov_iter.c: handle ITER_KVEC directly
    iov_iter.c: convert copy_to_iter() to iterate_and_advance
    iov_iter.c: convert copy_from_iter() to iterate_and_advance
    iov_iter.c: get rid of bvec_copy_page_{to,from}_iter()
    iov_iter.c: convert iov_iter_zero() to iterate_and_advance
    iov_iter.c: convert iov_iter_get_pages_alloc() to iterate_all_kinds
    iov_iter.c: convert iov_iter_get_pages() to iterate_all_kinds
    iov_iter.c: convert iov_iter_npages() to iterate_all_kinds
    iov_iter.c: iterate_and_advance
    iov_iter.c: macros for iterating over iov_iter
    kill f_dentry macro
    dcache: fix kmemcheck warning in switch_names
    new helper: audit_file()
    nfsd_vfs_write(): use file_inode()
    ncpfs: use file_inode()
    kill f_dentry uses
    lockd: get rid of ->f_path.dentry->d_sb
    ...

    Linus Torvalds
     

20 Nov, 2014

1 commit


12 Nov, 2014

1 commit

  • There is no need to keep the module loaded when it serves no function in
    case the EFI runtime services are disabled. Return an error in this case
    so loading the module will fail.

    Also supply a module_exit function to allow unloading the module.

    Last, but not least, set the owner of the file_system_type struct.

    Cc: Jeremy Kerr
    Cc: Matthew Garrett
    Signed-off-by: Mathias Krause
    Signed-off-by: Matt Fleming

    Mathias Krause
     

05 Jun, 2014

1 commit


05 Mar, 2014

1 commit


16 Nov, 2013

1 commit


14 Jul, 2013

1 commit


29 Jun, 2013

1 commit

  • Instances either don't look at it at all (the majority of cases) or
    only want it to find the superblock (which can be had as dentry->d_sb).
    A few cases that want more are actually safe with dentry->d_inode -
    the only precaution needed is the check that it hadn't been replaced with
    NULL by rmdir() or by overwriting rename(), which case should be simply
    treated as cache miss.

    Signed-off-by: Linus Torvalds
    Signed-off-by: Al Viro

    Linus Torvalds
     

14 May, 2013

1 commit

  • Previously in 1fa7e69 efi_status_to_err() translated firmware status
    EFI_NOT_FOUND to -EIO instead of -ENOENT for efivarfs operations to
    avoid confusion. After refactoring in e14ab23, it is also used in other
    places where the translation may be unnecessary.

    So move the translation to efivarfs specific code. Also return EOF
    for reading zero-length files, which is what users would expect.

    Cc: Josh Boyer
    Cc: Jeremy Kerr
    Cc: Lee, Chun-Yi
    Cc: Andy Whitcroft
    Signed-off-by: Lingzhu Xiang
    Signed-off-by: Matt Fleming

    Lingzhu Xiang
     

02 May, 2013

1 commit

  • Pull VFS updates from Al Viro,

    Misc cleanups all over the place, mainly wrt /proc interfaces (switch
    create_proc_entry to proc_create(), get rid of the deprecated
    create_proc_read_entry() in favor of using proc_create_data() and
    seq_file etc).

    7kloc removed.

    * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (204 commits)
    don't bother with deferred freeing of fdtables
    proc: Move non-public stuff from linux/proc_fs.h to fs/proc/internal.h
    proc: Make the PROC_I() and PDE() macros internal to procfs
    proc: Supply a function to remove a proc entry by PDE
    take cgroup_open() and cpuset_open() to fs/proc/base.c
    ppc: Clean up scanlog
    ppc: Clean up rtas_flash driver somewhat
    hostap: proc: Use remove_proc_subtree()
    drm: proc: Use remove_proc_subtree()
    drm: proc: Use minor->index to label things, not PDE->name
    drm: Constify drm_proc_list[]
    zoran: Don't print proc_dir_entry data in debug
    reiserfs: Don't access the proc_dir_entry in r_open(), r_start() r_show()
    proc: Supply an accessor for getting the data from a PDE's parent
    airo: Use remove_proc_subtree()
    rtl8192u: Don't need to save device proc dir PDE
    rtl8187se: Use a dir under /proc/net/r8180/
    proc: Add proc_mkdir_data()
    proc: Move some bits from linux/proc_fs.h to linux/{of.h,signal.h,tty.h}
    proc: Move PDE_NET() to fs/proc/proc_net.c
    ...

    Linus Torvalds
     

30 Apr, 2013

1 commit


21 Apr, 2013

1 commit


17 Apr, 2013

2 commits

  • This registers /sys/firmware/efi/{,systab,efivars/} whenever EFI is enabled
    and the system is booted with EFI.

    This allows
    *) userspace to check for the existence of /sys/firmware/efi as a way
    to determine whether or it is running on an EFI system.
    *) 'mount -t efivarfs none /sys/firmware/efi/efivars' without manually
    loading any modules.

    [ Also, move the efivar API into vars.c and unconditionally compile it.
    This allows us to move efivars.c, which now only contains the sysfs
    variable code, into the firmware/efi directory. Note that the efivars.c
    filename is kept to maintain backwards compatability with the old
    efivars.ko module. With this patch it is now possible for efivarfs
    to be built without CONFIG_EFI_VARS - Matt ]

    Cc: Seiji Aguchi
    Cc: Tony Luck
    Cc: Mike Waychison
    Cc: Kay Sievers
    Cc: Jeremy Kerr
    Cc: Matthew Garrett
    Cc: Chun-Yi Lee
    Cc: Andy Whitcroft
    Cc: Tobias Powalowski
    Signed-off-by: Tom Gundersen
    Signed-off-by: Matt Fleming

    Tom Gundersen
     
  • Now that efivarfs uses the efivar API, move it out of efivars.c and
    into fs/efivarfs where it belongs. This move will eventually allow us
    to enable the efivarfs code without having to also enable
    CONFIG_EFI_VARS built, and vice versa.

    Furthermore, things like,

    mount -t efivarfs none /sys/firmware/efi/efivars

    will now work if efivarfs is built as a module without requiring the
    use of MODULE_ALIAS(), which would have been necessary when the
    efivarfs code was part of efivars.c.

    Cc: Matthew Garrett
    Cc: Jeremy Kerr
    Reviewed-by: Tom Gundersen
    Tested-by: Tom Gundersen
    Signed-off-by: Matt Fleming

    Matt Fleming