)]}'
{
  "log": [
    {
      "commit": "6038f373a3dc1f1c26496e60b6c40b164716f07e",
      "tree": "a0d3bbd026eea41b9fc36b8c722cbaf56cd9f825",
      "parents": [
        "1ec5584e3edf9c4bf2c88c846534d19cf986ba11"
      ],
      "author": {
        "name": "Arnd Bergmann",
        "email": "arnd@arndb.de",
        "time": "Sun Aug 15 18:52:59 2010 +0200"
      },
      "committer": {
        "name": "Arnd Bergmann",
        "email": "arnd@arndb.de",
        "time": "Fri Oct 15 15:53:27 2010 +0200"
      },
      "message": "llseek: automatically add .llseek fop\n\nAll file_operations should get a .llseek operation so we can make\nnonseekable_open the default for future file operations without a\n.llseek pointer.\n\nThe three cases that we can automatically detect are no_llseek, seq_lseek\nand default_llseek. For cases where we can we can automatically prove that\nthe file offset is always ignored, we use noop_llseek, which maintains\nthe current behavior of not returning an error from a seek.\n\nNew drivers should normally not use noop_llseek but instead use no_llseek\nand call nonseekable_open at open time.  Existing drivers can be converted\nto do the same when the maintainer knows for certain that no user code\nrelies on calling seek on the device file.\n\nThe generated code is often incorrectly indented and right now contains\ncomments that clarify for each added line why a specific variant was\nchosen. In the version that gets submitted upstream, the comments will\nbe gone and I will manually fix the indentation, because there does not\nseem to be a way to do that using coccinelle.\n\nSome amount of new code is currently sitting in linux-next that should get\nthe same modifications, which I will do at the end of the merge window.\n\nMany thanks to Julia Lawall for helping me learn to write a semantic\npatch that does all this.\n\n\u003d\u003d\u003d\u003d\u003d begin semantic patch \u003d\u003d\u003d\u003d\u003d\n// This adds an llseek\u003d method to all file operations,\n// as a preparation for making no_llseek the default.\n//\n// The rules are\n// - use no_llseek explicitly if we do nonseekable_open\n// - use seq_lseek for sequential files\n// - use default_llseek if we know we access f_pos\n// - use noop_llseek if we know we don\u0027t access f_pos,\n//   but we still want to allow users to call lseek\n//\n@ open1 exists @\nidentifier nested_open;\n@@\nnested_open(...)\n{\n\u003c+...\nnonseekable_open(...)\n...+\u003e\n}\n\n@ open exists@\nidentifier open_f;\nidentifier i, f;\nidentifier open1.nested_open;\n@@\nint open_f(struct inode *i, struct file *f)\n{\n\u003c+...\n(\nnonseekable_open(...)\n|\nnested_open(...)\n)\n...+\u003e\n}\n\n@ read disable optional_qualifier exists @\nidentifier read_f;\nidentifier f, p, s, off;\ntype ssize_t, size_t, loff_t;\nexpression E;\nidentifier func;\n@@\nssize_t read_f(struct file *f, char *p, size_t s, loff_t *off)\n{\n\u003c+...\n(\n   *off \u003d E\n|\n   *off +\u003d E\n|\n   func(..., off, ...)\n|\n   E \u003d *off\n)\n...+\u003e\n}\n\n@ read_no_fpos disable optional_qualifier exists @\nidentifier read_f;\nidentifier f, p, s, off;\ntype ssize_t, size_t, loff_t;\n@@\nssize_t read_f(struct file *f, char *p, size_t s, loff_t *off)\n{\n... when !\u003d off\n}\n\n@ write @\nidentifier write_f;\nidentifier f, p, s, off;\ntype ssize_t, size_t, loff_t;\nexpression E;\nidentifier func;\n@@\nssize_t write_f(struct file *f, const char *p, size_t s, loff_t *off)\n{\n\u003c+...\n(\n  *off \u003d E\n|\n  *off +\u003d E\n|\n  func(..., off, ...)\n|\n  E \u003d *off\n)\n...+\u003e\n}\n\n@ write_no_fpos @\nidentifier write_f;\nidentifier f, p, s, off;\ntype ssize_t, size_t, loff_t;\n@@\nssize_t write_f(struct file *f, const char *p, size_t s, loff_t *off)\n{\n... when !\u003d off\n}\n\n@ fops0 @\nidentifier fops;\n@@\nstruct file_operations fops \u003d {\n ...\n};\n\n@ has_llseek depends on fops0 @\nidentifier fops0.fops;\nidentifier llseek_f;\n@@\nstruct file_operations fops \u003d {\n...\n .llseek \u003d llseek_f,\n...\n};\n\n@ has_read depends on fops0 @\nidentifier fops0.fops;\nidentifier read_f;\n@@\nstruct file_operations fops \u003d {\n...\n .read \u003d read_f,\n...\n};\n\n@ has_write depends on fops0 @\nidentifier fops0.fops;\nidentifier write_f;\n@@\nstruct file_operations fops \u003d {\n...\n .write \u003d write_f,\n...\n};\n\n@ has_open depends on fops0 @\nidentifier fops0.fops;\nidentifier open_f;\n@@\nstruct file_operations fops \u003d {\n...\n .open \u003d open_f,\n...\n};\n\n// use no_llseek if we call nonseekable_open\n////////////////////////////////////////////\n@ nonseekable1 depends on !has_llseek \u0026\u0026 has_open @\nidentifier fops0.fops;\nidentifier nso ~\u003d \"nonseekable_open\";\n@@\nstruct file_operations fops \u003d {\n...  .open \u003d nso, ...\n+.llseek \u003d no_llseek, /* nonseekable */\n};\n\n@ nonseekable2 depends on !has_llseek @\nidentifier fops0.fops;\nidentifier open.open_f;\n@@\nstruct file_operations fops \u003d {\n...  .open \u003d open_f, ...\n+.llseek \u003d no_llseek, /* open uses nonseekable */\n};\n\n// use seq_lseek for sequential files\n/////////////////////////////////////\n@ seq depends on !has_llseek @\nidentifier fops0.fops;\nidentifier sr ~\u003d \"seq_read\";\n@@\nstruct file_operations fops \u003d {\n...  .read \u003d sr, ...\n+.llseek \u003d seq_lseek, /* we have seq_read */\n};\n\n// use default_llseek if there is a readdir\n///////////////////////////////////////////\n@ fops1 depends on !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier readdir_e;\n@@\n// any other fop is used that changes pos\nstruct file_operations fops \u003d {\n... .readdir \u003d readdir_e, ...\n+.llseek \u003d default_llseek, /* readdir is present */\n};\n\n// use default_llseek if at least one of read/write touches f_pos\n/////////////////////////////////////////////////////////////////\n@ fops2 depends on !fops1 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier read.read_f;\n@@\n// read fops use offset\nstruct file_operations fops \u003d {\n... .read \u003d read_f, ...\n+.llseek \u003d default_llseek, /* read accesses f_pos */\n};\n\n@ fops3 depends on !fops1 \u0026\u0026 !fops2 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier write.write_f;\n@@\n// write fops use offset\nstruct file_operations fops \u003d {\n... .write \u003d write_f, ...\n+\t.llseek \u003d default_llseek, /* write accesses f_pos */\n};\n\n// Use noop_llseek if neither read nor write accesses f_pos\n///////////////////////////////////////////////////////////\n\n@ fops4 depends on !fops1 \u0026\u0026 !fops2 \u0026\u0026 !fops3 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier read_no_fpos.read_f;\nidentifier write_no_fpos.write_f;\n@@\n// write fops use offset\nstruct file_operations fops \u003d {\n...\n .write \u003d write_f,\n .read \u003d read_f,\n...\n+.llseek \u003d noop_llseek, /* read and write both use no f_pos */\n};\n\n@ depends on has_write \u0026\u0026 !has_read \u0026\u0026 !fops1 \u0026\u0026 !fops2 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier write_no_fpos.write_f;\n@@\nstruct file_operations fops \u003d {\n... .write \u003d write_f, ...\n+.llseek \u003d noop_llseek, /* write uses no f_pos */\n};\n\n@ depends on has_read \u0026\u0026 !has_write \u0026\u0026 !fops1 \u0026\u0026 !fops2 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\nidentifier read_no_fpos.read_f;\n@@\nstruct file_operations fops \u003d {\n... .read \u003d read_f, ...\n+.llseek \u003d noop_llseek, /* read uses no f_pos */\n};\n\n@ depends on !has_read \u0026\u0026 !has_write \u0026\u0026 !fops1 \u0026\u0026 !fops2 \u0026\u0026 !has_llseek \u0026\u0026 !nonseekable1 \u0026\u0026 !nonseekable2 \u0026\u0026 !seq @\nidentifier fops0.fops;\n@@\nstruct file_operations fops \u003d {\n...\n+.llseek \u003d noop_llseek, /* no read or write fn */\n};\n\u003d\u003d\u003d\u003d\u003d End semantic patch \u003d\u003d\u003d\u003d\u003d\n\nSigned-off-by: Arnd Bergmann \u003carnd@arndb.de\u003e\nCc: Julia Lawall \u003cjulia@diku.dk\u003e\nCc: Christoph Hellwig \u003chch@infradead.org\u003e\n"
    },
    {
      "commit": "f7ad3c6be90809b53b7f0ae9d4eaa45ce2564a79",
      "tree": "dc9b09188bab35320200f318b5e7b52f24dc43ad",
      "parents": [
        "542ce7a9bc6b3838832ae0f4f8de30c667af8ff3"
      ],
      "author": {
        "name": "Miklos Szeredi",
        "email": "mszeredi@suse.cz",
        "time": "Tue Aug 10 11:41:36 2010 +0200"
      },
      "committer": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Wed Aug 11 00:28:20 2010 -0400"
      },
      "message": "vfs: add helpers to get root and pwd\n\nAdd three helpers that retrieve a refcounted copy of the root and cwd\nfrom the supplied fs_struct.\n\n get_fs_root()\n get_fs_pwd()\n get_fs_root_and_pwd()\n\nSigned-off-by: Miklos Szeredi \u003cmszeredi@suse.cz\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n"
    },
    {
      "commit": "542ce7a9bc6b3838832ae0f4f8de30c667af8ff3",
      "tree": "fd6729805ce4f635ff4fd628fac00163a1e328cf",
      "parents": [
        "6d0b5456e14ec19edae7c18de4d355c58b133bd6"
      ],
      "author": {
        "name": "Miklos Szeredi",
        "email": "mszeredi@suse.cz",
        "time": "Tue Aug 10 11:41:35 2010 +0200"
      },
      "committer": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Wed Aug 11 00:28:20 2010 -0400"
      },
      "message": "cachefiles: use path_get instead of lone dget\n\nDentry references should not be acquired without a corresponding\nvfsmount ref.\n\nSigned-off-by: Miklos Szeredi \u003cmszeredi@suse.cz\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n"
    },
    {
      "commit": "ebabe9a9001af0af56c0c2780ca1576246e7a74b",
      "tree": "b263299f575c650b6e9d95c7c4bdeef958af2fc9",
      "parents": [
        "336fb3b97b78edc65bae0b223b83bf676cfe29e2"
      ],
      "author": {
        "name": "Christoph Hellwig",
        "email": "hch@lst.de",
        "time": "Wed Jul 07 18:53:11 2010 +0200"
      },
      "committer": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Mon Aug 09 16:48:42 2010 -0400"
      },
      "message": "pass a struct path to vfs_statfs\n\nWe\u0027ll need the path to implement the flags field for statvfs support.\nWe do have it available in all callers except:\n\n - ecryptfs_statfs.  This one doesn\u0027t actually need vfs_statfs but just\n   needs to do a caller to the lower filesystem statfs method.\n - sys_ustat.  Add a non-exported statfs_by_dentry helper for it which\n   doesn\u0027t won\u0027t be able to fill out the flags field later on.\n\nIn addition rename the helpers for statfs vs fstatfs to do_*statfs instead\nof the misleading vfs prefix.\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n"
    },
    {
      "commit": "e7d2860b690d4f3bed6824757c540579638e3d1e",
      "tree": "84268ee28893256fd6a6a7e1d4474f61dbee74e7",
      "parents": [
        "84c95c9acf088c99d8793d78036b67faa5d0b851"
      ],
      "author": {
        "name": "André Goddard Rosa",
        "email": "andre.goddard@gmail.com",
        "time": "Mon Dec 14 18:01:06 2009 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Tue Dec 15 08:53:32 2009 -0800"
      },
      "message": "tree-wide: convert open calls to remove spaces to skip_spaces() lib function\n\nMakes use of skip_spaces() defined in lib/string.c for removing leading\nspaces from strings all over the tree.\n\nIt decreases lib.a code size by 47 bytes and reuses the function tree-wide:\n   text    data     bss     dec     hex filename\n  64688     584     592   65864   10148 (TOTALS-BEFORE)\n  64641     584     592   65817   10119 (TOTALS-AFTER)\n\nAlso, while at it, if we see (*str \u0026\u0026 isspace(*str)), we can be sure to\nremove the first condition (*str) as the second one (isspace(*str)) also\nevaluates to 0 whenever *str \u003d\u003d 0, making it redundant. In other words,\n\"a char equals zero is never a space\".\n\nJulia Lawall tried the semantic patch (http://coccinelle.lip6.fr) below,\nand found occurrences of this pattern on 3 more files:\n    drivers/leds/led-class.c\n    drivers/leds/ledtrig-timer.c\n    drivers/video/output.c\n\n@@\nexpression str;\n@@\n\n( // ignore skip_spaces cases\nwhile (*str \u0026\u0026  isspace(*str)) { \\(str++;\\|++str;\\) }\n|\n- *str \u0026\u0026\nisspace(*str)\n)\n\nSigned-off-by: André Goddard Rosa \u003candre.goddard@gmail.com\u003e\nCc: Julia Lawall \u003cjulia@diku.dk\u003e\nCc: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nCc: Jeff Dike \u003cjdike@addtoit.com\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Thomas Gleixner \u003ctglx@linutronix.de\u003e\nCc: \"H. Peter Anvin\" \u003chpa@zytor.com\u003e\nCc: Richard Purdie \u003crpurdie@rpsys.net\u003e\nCc: Neil Brown \u003cneilb@suse.de\u003e\nCc: Kyle McMartin \u003ckyle@mcmartin.ca\u003e\nCc: Henrique de Moraes Holschuh \u003chmh@hmh.eng.br\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nCc: \u003clinux-ext4@vger.kernel.org\u003e\nCc: Samuel Ortiz \u003csamuel@sortiz.org\u003e\nCc: Patrick McHardy \u003ckaber@trash.net\u003e\nCc: Takashi Iwai \u003ctiwai@suse.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n"
    },
    {
      "commit": "9ae326a69004dea8af2dae4fde58de27db700a8d",
      "tree": "3a1d88a6e297989bfbd17648b398c7aa5ef9bf30",
      "parents": [
        "800a964787faef3509d194fa33268628c3d1daa9"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Fri Apr 03 16:42:41 2009 +0100"
      },
      "committer": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Fri Apr 03 16:42:41 2009 +0100"
      },
      "message": "CacheFiles: A cache that backs onto a mounted filesystem\n\nAdd an FS-Cache cache-backend that permits a mounted filesystem to be used as a\nbacking store for the cache.\n\nCacheFiles uses a userspace daemon to do some of the cache management - such as\nreaping stale nodes and culling.  This is called cachefilesd and lives in\n/sbin.  The source for the daemon can be downloaded from:\n\n\thttp://people.redhat.com/~dhowells/cachefs/cachefilesd.c\n\nAnd an example configuration from:\n\n\thttp://people.redhat.com/~dhowells/cachefs/cachefilesd.conf\n\nThe filesystem and data integrity of the cache are only as good as those of the\nfilesystem providing the backing services.  Note that CacheFiles does not\nattempt to journal anything since the journalling interfaces of the various\nfilesystems are very specific in nature.\n\nCacheFiles creates a misc character device - \"/dev/cachefiles\" - that is used\nto communication with the daemon.  Only one thing may have this open at once,\nand whilst it is open, a cache is at least partially in existence.  The daemon\nopens this and sends commands down it to control the cache.\n\nCacheFiles is currently limited to a single cache.\n\nCacheFiles attempts to maintain at least a certain percentage of free space on\nthe filesystem, shrinking the cache by culling the objects it contains to make\nspace if necessary - see the \"Cache Culling\" section.  This means it can be\nplaced on the same medium as a live set of data, and will expand to make use of\nspare space and automatically contract when the set of data requires more\nspace.\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\nREQUIREMENTS\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\nThe use of CacheFiles and its daemon requires the following features to be\navailable in the system and in the cache filesystem:\n\n\t- dnotify.\n\n\t- extended attributes (xattrs).\n\n\t- openat() and friends.\n\n\t- bmap() support on files in the filesystem (FIBMAP ioctl).\n\n\t- The use of bmap() to detect a partial page at the end of the file.\n\nIt is strongly recommended that the \"dir_index\" option is enabled on Ext3\nfilesystems being used as a cache.\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\nCONFIGURATION\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\nThe cache is configured by a script in /etc/cachefilesd.conf.  These commands\nset up cache ready for use.  The following script commands are available:\n\n (*) brun \u003cN\u003e%\n (*) bcull \u003cN\u003e%\n (*) bstop \u003cN\u003e%\n (*) frun \u003cN\u003e%\n (*) fcull \u003cN\u003e%\n (*) fstop \u003cN\u003e%\n\n\tConfigure the culling limits.  Optional.  See the section on culling\n\tThe defaults are 7% (run), 5% (cull) and 1% (stop) respectively.\n\n\tThe commands beginning with a \u0027b\u0027 are file space (block) limits, those\n\tbeginning with an \u0027f\u0027 are file count limits.\n\n (*) dir \u003cpath\u003e\n\n\tSpecify the directory containing the root of the cache.  Mandatory.\n\n (*) tag \u003cname\u003e\n\n\tSpecify a tag to FS-Cache to use in distinguishing multiple caches.\n\tOptional.  The default is \"CacheFiles\".\n\n (*) debug \u003cmask\u003e\n\n\tSpecify a numeric bitmask to control debugging in the kernel module.\n\tOptional.  The default is zero (all off).  The following values can be\n\tOR\u0027d into the mask to collect various information:\n\n\t\t1\tTurn on trace of function entry (_enter() macros)\n\t\t2\tTurn on trace of function exit (_leave() macros)\n\t\t4\tTurn on trace of internal debug points (_debug())\n\n\tThis mask can also be set through sysfs, eg:\n\n\t\techo 5 \u003e/sys/modules/cachefiles/parameters/debug\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\nSTARTING THE CACHE\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\nThe cache is started by running the daemon.  The daemon opens the cache device,\nconfigures the cache and tells it to begin caching.  At that point the cache\nbinds to fscache and the cache becomes live.\n\nThe daemon is run as follows:\n\n\t/sbin/cachefilesd [-d]* [-s] [-n] [-f \u003cconfigfile\u003e]\n\nThe flags are:\n\n (*) -d\n\n\tIncrease the debugging level.  This can be specified multiple times and\n\tis cumulative with itself.\n\n (*) -s\n\n\tSend messages to stderr instead of syslog.\n\n (*) -n\n\n\tDon\u0027t daemonise and go into background.\n\n (*) -f \u003cconfigfile\u003e\n\n\tUse an alternative configuration file rather than the default one.\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\nTHINGS TO AVOID\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\nDo not mount other things within the cache as this will cause problems.  The\nkernel module contains its own very cut-down path walking facility that ignores\nmountpoints, but the daemon can\u0027t avoid them.\n\nDo not create, rename or unlink files and directories in the cache whilst the\ncache is active, as this may cause the state to become uncertain.\n\nRenaming files in the cache might make objects appear to be other objects (the\nfilename is part of the lookup key).\n\nDo not change or remove the extended attributes attached to cache files by the\ncache as this will cause the cache state management to get confused.\n\nDo not create files or directories in the cache, lest the cache get confused or\nserve incorrect data.\n\nDo not chmod files in the cache.  The module creates things with minimal\npermissions to prevent random users being able to access them directly.\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\nCACHE CULLING\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\nThe cache may need culling occasionally to make space.  This involves\ndiscarding objects from the cache that have been used less recently than\nanything else.  Culling is based on the access time of data objects.  Empty\ndirectories are culled if not in use.\n\nCache culling is done on the basis of the percentage of blocks and the\npercentage of files available in the underlying filesystem.  There are six\n\"limits\":\n\n (*) brun\n (*) frun\n\n     If the amount of free space and the number of available files in the cache\n     rises above both these limits, then culling is turned off.\n\n (*) bcull\n (*) fcull\n\n     If the amount of available space or the number of available files in the\n     cache falls below either of these limits, then culling is started.\n\n (*) bstop\n (*) fstop\n\n     If the amount of available space or the number of available files in the\n     cache falls below either of these limits, then no further allocation of\n     disk space or files is permitted until culling has raised things above\n     these limits again.\n\nThese must be configured thusly:\n\n\t0 \u003c\u003d bstop \u003c bcull \u003c brun \u003c 100\n\t0 \u003c\u003d fstop \u003c fcull \u003c frun \u003c 100\n\nNote that these are percentages of available space and available files, and do\n_not_ appear as 100 minus the percentage displayed by the \"df\" program.\n\nThe userspace daemon scans the cache to build up a table of cullable objects.\nThese are then culled in least recently used order.  A new scan of the cache is\nstarted as soon as space is made in the table.  Objects will be skipped if\ntheir atimes have changed or if the kernel module says it is still using them.\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\nCACHE STRUCTURE\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\nThe CacheFiles module will create two directories in the directory it was\ngiven:\n\n (*) cache/\n\n (*) graveyard/\n\nThe active cache objects all reside in the first directory.  The CacheFiles\nkernel module moves any retired or culled objects that it can\u0027t simply unlink\nto the graveyard from which the daemon will actually delete them.\n\nThe daemon uses dnotify to monitor the graveyard directory, and will delete\nanything that appears therein.\n\nThe module represents index objects as directories with the filename \"I...\" or\n\"J...\".  Note that the \"cache/\" directory is itself a special index.\n\nData objects are represented as files if they have no children, or directories\nif they do.  Their filenames all begin \"D...\" or \"E...\".  If represented as a\ndirectory, data objects will have a file in the directory called \"data\" that\nactually holds the data.\n\nSpecial objects are similar to data objects, except their filenames begin\n\"S...\" or \"T...\".\n\nIf an object has children, then it will be represented as a directory.\nImmediately in the representative directory are a collection of directories\nnamed for hash values of the child object keys with an \u0027@\u0027 prepended.  Into\nthis directory, if possible, will be placed the representations of the child\nobjects:\n\n\tINDEX     INDEX      INDEX                             DATA FILES\n\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\tcache/@4a/I03nfs/@30/Ji000000000000000--fHg8hi8400\n\tcache/@4a/I03nfs/@30/Ji000000000000000--fHg8hi8400/@75/Es0g000w...DB1ry\n\tcache/@4a/I03nfs/@30/Ji000000000000000--fHg8hi8400/@75/Es0g000w...N22ry\n\tcache/@4a/I03nfs/@30/Ji000000000000000--fHg8hi8400/@75/Es0g000w...FP1ry\n\nIf the key is so long that it exceeds NAME_MAX with the decorations added on to\nit, then it will be cut into pieces, the first few of which will be used to\nmake a nest of directories, and the last one of which will be the objects\ninside the last directory.  The names of the intermediate directories will have\n\u0027+\u0027 prepended:\n\n\tJ1223/@23/+xy...z/+kl...m/Epqr\n\nNote that keys are raw data, and not only may they exceed NAME_MAX in size,\nthey may also contain things like \u0027/\u0027 and NUL characters, and so they may not\nbe suitable for turning directly into a filename.\n\nTo handle this, CacheFiles will use a suitably printable filename directly and\n\"base-64\" encode ones that aren\u0027t directly suitable.  The two versions of\nobject filenames indicate the encoding:\n\n\tOBJECT TYPE\tPRINTABLE\tENCODED\n\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\tIndex\t\t\"I...\"\t\t\"J...\"\n\tData\t\t\"D...\"\t\t\"E...\"\n\tSpecial\t\t\"S...\"\t\t\"T...\"\n\nIntermediate directories are always \"@\" or \"+\" as appropriate.\n\nEach object in the cache has an extended attribute label that holds the object\ntype ID (required to distinguish special objects) and the auxiliary data from\nthe netfs.  The latter is used to detect stale objects in the cache and update\nor retire them.\n\nNote that CacheFiles will erase from the cache any file it doesn\u0027t recognise or\nany file of an incorrect type (such as a FIFO file or a device file).\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\nSECURITY MODEL AND SELINUX\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\nCacheFiles is implemented to deal properly with the LSM security features of\nthe Linux kernel and the SELinux facility.\n\nOne of the problems that CacheFiles faces is that it is generally acting on\nbehalf of a process, and running in that process\u0027s context, and that includes a\nsecurity context that is not appropriate for accessing the cache - either\nbecause the files in the cache are inaccessible to that process, or because if\nthe process creates a file in the cache, that file may be inaccessible to other\nprocesses.\n\nThe way CacheFiles works is to temporarily change the security context (fsuid,\nfsgid and actor security label) that the process acts as - without changing the\nsecurity context of the process when it the target of an operation performed by\nsome other process (so signalling and suchlike still work correctly).\n\nWhen the CacheFiles module is asked to bind to its cache, it:\n\n (1) Finds the security label attached to the root cache directory and uses\n     that as the security label with which it will create files.  By default,\n     this is:\n\n\tcachefiles_var_t\n\n (2) Finds the security label of the process which issued the bind request\n     (presumed to be the cachefilesd daemon), which by default will be:\n\n\tcachefilesd_t\n\n     and asks LSM to supply a security ID as which it should act given the\n     daemon\u0027s label.  By default, this will be:\n\n\tcachefiles_kernel_t\n\n     SELinux transitions the daemon\u0027s security ID to the module\u0027s security ID\n     based on a rule of this form in the policy.\n\n\ttype_transition \u003cdaemon\u0027s-ID\u003e kernel_t : process \u003cmodule\u0027s-ID\u003e;\n\n     For instance:\n\n\ttype_transition cachefilesd_t kernel_t : process cachefiles_kernel_t;\n\nThe module\u0027s security ID gives it permission to create, move and remove files\nand directories in the cache, to find and access directories and files in the\ncache, to set and access extended attributes on cache objects, and to read and\nwrite files in the cache.\n\nThe daemon\u0027s security ID gives it only a very restricted set of permissions: it\nmay scan directories, stat files and erase files and directories.  It may\nnot read or write files in the cache, and so it is precluded from accessing the\ndata cached therein; nor is it permitted to create new files in the cache.\n\nThere are policy source files available in:\n\n\thttp://people.redhat.com/~dhowells/fscache/cachefilesd-0.8.tar.bz2\n\nand later versions.  In that tarball, see the files:\n\n\tcachefilesd.te\n\tcachefilesd.fc\n\tcachefilesd.if\n\nThey are built and installed directly by the RPM.\n\nIf a non-RPM based system is being used, then copy the above files to their own\ndirectory and run:\n\n\tmake -f /usr/share/selinux/devel/Makefile\n\tsemodule -i cachefilesd.pp\n\nYou will need checkpolicy and selinux-policy-devel installed prior to the\nbuild.\n\nBy default, the cache is located in /var/fscache, but if it is desirable that\nit should be elsewhere, than either the above policy files must be altered, or\nan auxiliary policy must be installed to label the alternate location of the\ncache.\n\nFor instructions on how to add an auxiliary policy to enable the cache to be\nlocated elsewhere when SELinux is in enforcing mode, please see:\n\n\t/usr/share/doc/cachefilesd-*/move-cache.txt\n\nWhen the cachefilesd rpm is installed; alternatively, the document can be found\nin the sources.\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\nA NOTE ON SECURITY\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\nCacheFiles makes use of the split security in the task_struct.  It allocates\nits own task_security structure, and redirects current-\u003eact_as to point to it\nwhen it acts on behalf of another process, in that process\u0027s context.\n\nThe reason it does this is that it calls vfs_mkdir() and suchlike rather than\nbypassing security and calling inode ops directly.  Therefore the VFS and LSM\nmay deny the CacheFiles access to the cache data because under some\ncircumstances the caching code is running in the security context of whatever\nprocess issued the original syscall on the netfs.\n\nFurthermore, should CacheFiles create a file or directory, the security\nparameters with that object is created (UID, GID, security label) would be\nderived from that process that issued the system call, thus potentially\npreventing other processes from accessing the cache - including CacheFiles\u0027s\ncache management daemon (cachefilesd).\n\nWhat is required is to temporarily override the security of the process that\nissued the system call.  We can\u0027t, however, just do an in-place change of the\nsecurity data as that affects the process as an object, not just as a subject.\nThis means it may lose signals or ptrace events for example, and affects what\nthe process looks like in /proc.\n\nSo CacheFiles makes use of a logical split in the security between the\nobjective security (task-\u003esec) and the subjective security (task-\u003eact_as).  The\nobjective security holds the intrinsic security properties of a process and is\nnever overridden.  This is what appears in /proc, and is what is used when a\nprocess is the target of an operation by some other process (SIGKILL for\nexample).\n\nThe subjective security holds the active security properties of a process, and\nmay be overridden.  This is not seen externally, and is used whan a process\nacts upon another object, for example SIGKILLing another process or opening a\nfile.\n\nLSM hooks exist that allow SELinux (or Smack or whatever) to reject a request\nfor CacheFiles to run in a context of a specific security label, or to create\nfiles and directories with another security label.\n\nThis documentation is added by the patch to:\n\n\tDocumentation/filesystems/caching/cachefiles.txt\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Steve Dickson \u003csteved@redhat.com\u003e\nAcked-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\nAcked-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nTested-by: Daire Byrne \u003cDaire.Byrne@framestore.com\u003e\n"
    }
  ]
}