)]}' { "log": [ { "commit": "6559eed8ca7db0531a207cd80be5e28cd6f213c5", "tree": "08d7a42d9eb8e7e9b7aa6930a07f1acecb35a282", "parents": [ "2e4d0924eb0c403ce4014fa139d1d61bf2c44fee" ], "author": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Wed Jan 14 14:14:32 2009 +0100" }, "committer": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Wed Jan 14 14:15:30 2009 +0100" }, "message": "[CVE-2009-0029] System call wrappers part 30\n\nSigned-off-by: Heiko Carstens \u003cheiko.carstens@de.ibm.com\u003e\n" }, { "commit": "3cdad42884bbd95d5aa01297e8236ea1bad70053", "tree": "169b8958b56d5c39a4f437d041baf0412bb53b96", "parents": [ "003d7ab479168132a2b2c6700fe682b08f08ab0c" ], "author": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Wed Jan 14 14:14:22 2009 +0100" }, "committer": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Wed Jan 14 14:15:26 2009 +0100" }, "message": "[CVE-2009-0029] System call wrappers part 20\n\nSigned-off-by: Heiko Carstens \u003cheiko.carstens@de.ibm.com\u003e\n" }, { "commit": "ca013e945b1ba5828b151ee646946f1297b67a4c", "tree": "d277caa7b4581492ab9c4bb42912de3b3d931f50", "parents": [ "002c8976ee537724b20a5e179d9b349309438836" ], "author": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Wed Jan 14 14:14:19 2009 +0100" }, "committer": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Wed Jan 14 14:15:25 2009 +0100" }, "message": "[CVE-2009-0029] System call wrappers part 17\n\nSigned-off-by: Heiko Carstens \u003cheiko.carstens@de.ibm.com\u003e\n" }, { "commit": "002c8976ee537724b20a5e179d9b349309438836", "tree": "272ebe6d0dcb06bb16b978fb9793d266dbc1301a", "parents": [ "a26eab2400f0477bfac0255600552394855016f7" ], "author": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Wed Jan 14 14:14:18 2009 +0100" }, "committer": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Wed Jan 14 14:15:25 2009 +0100" }, "message": "[CVE-2009-0029] System call wrappers part 16\n\nSigned-off-by: Heiko Carstens \u003cheiko.carstens@de.ibm.com\u003e\n" }, { "commit": "a26eab2400f0477bfac0255600552394855016f7", "tree": "f5554eddf4928cc83e572c15c0b314daaa7cba66", "parents": [ "3480b25743cb7404928d57efeaa3d085708b04c2" ], "author": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Wed Jan 14 14:14:17 2009 +0100" }, "committer": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Wed Jan 14 14:15:24 2009 +0100" }, "message": "[CVE-2009-0029] System call wrappers part 15\n\nSigned-off-by: Heiko Carstens \u003cheiko.carstens@de.ibm.com\u003e\n" }, { "commit": "3480b25743cb7404928d57efeaa3d085708b04c2", "tree": "14d7b42301f2e76cea6772c446f3ee920b29a1b6", "parents": [ "6a6160a7b5c27b3c38651baef92a14fa7072b3c1" ], "author": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Wed Jan 14 14:14:16 2009 +0100" }, "committer": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Wed Jan 14 14:15:24 2009 +0100" }, "message": "[CVE-2009-0029] System call wrappers part 14\n\nSigned-off-by: Heiko Carstens \u003cheiko.carstens@de.ibm.com\u003e\n" }, { "commit": "257ac264d69017270fbc3cf5536953525db4076c", "tree": "4638386ef7a5ac2b5140b055807e973e52c47f4d", "parents": [ "bdc480e3bef6eb0e7071770834cbdda7e30a5436" ], "author": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Wed Jan 14 14:14:13 2009 +0100" }, "committer": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Wed Jan 14 14:15:23 2009 +0100" }, "message": "[CVE-2009-0029] System call wrappers part 11\n\nSigned-off-by: Heiko Carstens \u003cheiko.carstens@de.ibm.com\u003e\n" }, { "commit": "bdc480e3bef6eb0e7071770834cbdda7e30a5436", "tree": "2bfea8d2b61ccedc3edea4f78e3250eea7f770cc", "parents": [ "a5f8fa9e9ba5ef3305e147f41ad6e1e84ac1f0bd" ], "author": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Wed Jan 14 14:14:12 2009 +0100" }, "committer": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Wed Jan 14 14:15:22 2009 +0100" }, "message": "[CVE-2009-0029] System call wrappers part 10\n\nSigned-off-by: Heiko Carstens \u003cheiko.carstens@de.ibm.com\u003e\n" }, { "commit": "6673e0c3fbeaed2cd08e2fd4a4aa97382d6fedb0", "tree": "eb33a94f5e4b0e035001f7c96ef44cade0fbb489", "parents": [ "ed6bb6194350dc6ae97a65dbf2d621a3dbe6bbe9" ], "author": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Wed Jan 14 14:14:02 2009 +0100" }, "committer": { "name": "Heiko Carstens", "email": "heiko.carstens@de.ibm.com", "time": "Wed Jan 14 14:15:18 2009 +0100" }, "message": "[CVE-2009-0029] System call wrapper special cases\n\nSystem calls with an unsigned long long argument can\u0027t be converted with\nthe standard wrappers since that would include a cast to long, which in\nturn means that we would lose the upper 32 bit on 32 bit architectures.\nAlso semctl can\u0027t use the standard wrapper since it has a \u0027union\u0027\nparameter.\n\nSo we handle them as special case and add some extra wrappers instead.\n\nSigned-off-by: Heiko Carstens \u003cheiko.carstens@de.ibm.com\u003e\n" }, { "commit": "acfa4380efe77e290d3a96b11cd4c9f24f4fbb18", "tree": "d656232c7ef39c83681c2de4c8e28ba439242f66", "parents": [ "9742df331deb3fce95b321f38d4ea0c4e75edb63" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Dec 04 10:06:33 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jan 05 11:54:28 2009 -0500" }, "message": "inode-\u003ei_op is never NULL\n\nWe used to have rather schizophrenic set of checks for NULL -\u003ei_op even\nthough it had been eliminated years ago. You\u0027d need to go out of your\nway to set it to NULL explicitly _and_ a bunch of code would die on\nsuch inodes anyway. After killing two remaining places that still\ndid that bogosity, all that crap can go away.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "be6d3e56a6b9b3a4ee44a0685e39e595073c6f0d", "tree": "3a770f4cc676efeba443b28caa1ad195eeff49bc", "parents": [ "6a94cb73064c952255336cc57731904174b2c58f" ], "author": { "name": "Kentaro Takeda", "email": "takedakn@nttdata.co.jp", "time": "Wed Dec 17 13:24:15 2008 +0900" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 31 18:07:37 2008 -0500" }, "message": "introduce new LSM hooks where vfsmount is available.\n\nAdd new LSM hooks for path-based checks. Call them on directory-modifying\noperations at the points where we still know the vfsmount involved.\n\nSigned-off-by: Kentaro Takeda \u003ctakedakn@nttdata.co.jp\u003e\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nSigned-off-by: Toshiharu Harada \u003charadats@nttdata.co.jp\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d84f4f992cbd76e8f39c488cf0c5d123843923b1", "tree": "fc4a0349c42995715b93d0f7a3c78e9ea9b3f36e", "parents": [ "745ca2475a6ac596e3d8d37c2759c0fbe2586227" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:39:23 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:39:23 2008 +1100" }, "message": "CRED: Inaugurate COW credentials\n\nInaugurate copy-on-write credentials management. This uses RCU to manage the\ncredentials pointer in the task_struct with respect to accesses by other tasks.\nA process may only modify its own credentials, and so does not need locking to\naccess or modify its own credentials.\n\nA mutex (cred_replace_mutex) is added to the task_struct to control the effect\nof PTRACE_ATTACHED on credential calculations, particularly with respect to\nexecve().\n\nWith this patch, the contents of an active credentials struct may not be\nchanged directly; rather a new set of credentials must be prepared, modified\nand committed using something like the following sequence of events:\n\n\tstruct cred *new \u003d prepare_creds();\n\tint ret \u003d blah(new);\n\tif (ret \u003c 0) {\n\t\tabort_creds(new);\n\t\treturn ret;\n\t}\n\treturn commit_creds(new);\n\nThere are some exceptions to this rule: the keyrings pointed to by the active\ncredentials may be instantiated - keyrings violate the COW rule as managing\nCOW keyrings is tricky, given that it is possible for a task to directly alter\nthe keys in a keyring in use by another task.\n\nTo help enforce this, various pointers to sets of credentials, such as those in\nthe task_struct, are declared const. The purpose of this is compile-time\ndiscouragement of altering credentials through those pointers. Once a set of\ncredentials has been made public through one of these pointers, it may not be\nmodified, except under special circumstances:\n\n (1) Its reference count may incremented and decremented.\n\n (2) The keyrings to which it points may be modified, but not replaced.\n\nThe only safe way to modify anything else is to create a replacement and commit\nusing the functions described in Documentation/credentials.txt (which will be\nadded by a later patch).\n\nThis patch and the preceding patches have been tested with the LTP SELinux\ntestsuite.\n\nThis patch makes several logical sets of alteration:\n\n (1) execve().\n\n This now prepares and commits credentials in various places in the\n security code rather than altering the current creds directly.\n\n (2) Temporary credential overrides.\n\n do_coredump() and sys_faccessat() now prepare their own credentials and\n temporarily override the ones currently on the acting thread, whilst\n preventing interference from other threads by holding cred_replace_mutex\n on the thread being dumped.\n\n This will be replaced in a future patch by something that hands down the\n credentials directly to the functions being called, rather than altering\n the task\u0027s objective credentials.\n\n (3) LSM interface.\n\n A number of functions have been changed, added or removed:\n\n (*) security_capset_check(), -\u003ecapset_check()\n (*) security_capset_set(), -\u003ecapset_set()\n\n \t Removed in favour of security_capset().\n\n (*) security_capset(), -\u003ecapset()\n\n \t New. This is passed a pointer to the new creds, a pointer to the old\n \t creds and the proposed capability sets. It should fill in the new\n \t creds or return an error. All pointers, barring the pointer to the\n \t new creds, are now const.\n\n (*) security_bprm_apply_creds(), -\u003ebprm_apply_creds()\n\n \t Changed; now returns a value, which will cause the process to be\n \t killed if it\u0027s an error.\n\n (*) security_task_alloc(), -\u003etask_alloc_security()\n\n \t Removed in favour of security_prepare_creds().\n\n (*) security_cred_free(), -\u003ecred_free()\n\n \t New. Free security data attached to cred-\u003esecurity.\n\n (*) security_prepare_creds(), -\u003ecred_prepare()\n\n \t New. Duplicate any security data attached to cred-\u003esecurity.\n\n (*) security_commit_creds(), -\u003ecred_commit()\n\n \t New. Apply any security effects for the upcoming installation of new\n \t security by commit_creds().\n\n (*) security_task_post_setuid(), -\u003etask_post_setuid()\n\n \t Removed in favour of security_task_fix_setuid().\n\n (*) security_task_fix_setuid(), -\u003etask_fix_setuid()\n\n \t Fix up the proposed new credentials for setuid(). This is used by\n \t cap_set_fix_setuid() to implicitly adjust capabilities in line with\n \t setuid() changes. Changes are made to the new credentials, rather\n \t than the task itself as in security_task_post_setuid().\n\n (*) security_task_reparent_to_init(), -\u003etask_reparent_to_init()\n\n \t Removed. Instead the task being reparented to init is referred\n \t directly to init\u0027s credentials.\n\n\t NOTE! This results in the loss of some state: SELinux\u0027s osid no\n\t longer records the sid of the thread that forked it.\n\n (*) security_key_alloc(), -\u003ekey_alloc()\n (*) security_key_permission(), -\u003ekey_permission()\n\n \t Changed. These now take cred pointers rather than task pointers to\n \t refer to the security context.\n\n (4) sys_capset().\n\n This has been simplified and uses less locking. The LSM functions it\n calls have been merged.\n\n (5) reparent_to_kthreadd().\n\n This gives the current thread the same credentials as init by simply using\n commit_thread() to point that way.\n\n (6) __sigqueue_alloc() and switch_uid()\n\n __sigqueue_alloc() can\u0027t stop the target task from changing its creds\n beneath it, so this function gets a reference to the currently applicable\n user_struct which it then passes into the sigqueue struct it returns if\n successful.\n\n switch_uid() is now called from commit_creds(), and possibly should be\n folded into that. commit_creds() should take care of protecting\n __sigqueue_alloc().\n\n (7) [sg]et[ug]id() and co and [sg]et_current_groups.\n\n The set functions now all use prepare_creds(), commit_creds() and\n abort_creds() to build and check a new set of credentials before applying\n it.\n\n security_task_set[ug]id() is called inside the prepared section. This\n guarantees that nothing else will affect the creds until we\u0027ve finished.\n\n The calling of set_dumpable() has been moved into commit_creds().\n\n Much of the functionality of set_user() has been moved into\n commit_creds().\n\n The get functions all simply access the data directly.\n\n (8) security_task_prctl() and cap_task_prctl().\n\n security_task_prctl() has been modified to return -ENOSYS if it doesn\u0027t\n want to handle a function, or otherwise return the return value directly\n rather than through an argument.\n\n Additionally, cap_task_prctl() now prepares a new set of credentials, even\n if it doesn\u0027t end up using it.\n\n (9) Keyrings.\n\n A number of changes have been made to the keyrings code:\n\n (a) switch_uid_keyring(), copy_keys(), exit_keys() and suid_keys() have\n \t all been dropped and built in to the credentials functions directly.\n \t They may want separating out again later.\n\n (b) key_alloc() and search_process_keyrings() now take a cred pointer\n \t rather than a task pointer to specify the security context.\n\n (c) copy_creds() gives a new thread within the same thread group a new\n \t thread keyring if its parent had one, otherwise it discards the thread\n \t keyring.\n\n (d) The authorisation key now points directly to the credentials to extend\n \t the search into rather pointing to the task that carries them.\n\n (e) Installing thread, process or session keyrings causes a new set of\n \t credentials to be created, even though it\u0027s not strictly necessary for\n \t process or session keyrings (they\u0027re shared).\n\n(10) Usermode helper.\n\n The usermode helper code now carries a cred struct pointer in its\n subprocess_info struct instead of a new session keyring pointer. This set\n of credentials is derived from init_cred and installed on the new process\n after it has been cloned.\n\n call_usermodehelper_setup() allocates the new credentials and\n call_usermodehelper_freeinfo() discards them if they haven\u0027t been used. A\n special cred function (prepare_usermodeinfo_creds()) is provided\n specifically for call_usermodehelper_setup() to call.\n\n call_usermodehelper_setkeys() adjusts the credentials to sport the\n supplied keyring as the new session keyring.\n\n(11) SELinux.\n\n SELinux has a number of changes, in addition to those to support the LSM\n interface changes mentioned above:\n\n (a) selinux_setprocattr() no longer does its check for whether the\n \t current ptracer can access processes with the new SID inside the lock\n \t that covers getting the ptracer\u0027s SID. Whilst this lock ensures that\n \t the check is done with the ptracer pinned, the result is only valid\n \t until the lock is released, so there\u0027s no point doing it inside the\n \t lock.\n\n(12) is_single_threaded().\n\n This function has been extracted from selinux_setprocattr() and put into\n a file of its own in the lib/ directory as join_session_keyring() now\n wants to use it too.\n\n The code in SELinux just checked to see whether a task shared mm_structs\n with other tasks (CLONE_VM), but that isn\u0027t good enough. We really want\n to know if they\u0027re part of the same thread group (CLONE_THREAD).\n\n(13) nfsd.\n\n The NFS server daemon now has to use the COW credentials to set the\n credentials it is going to use. It really needs to pass the credentials\n down to the functions it calls, but it can\u0027t do that until other patches\n in this series have been applied.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "745ca2475a6ac596e3d8d37c2759c0fbe2586227", "tree": "f87c34bdfbc8542477b16a014bbb4e3b415b286a", "parents": [ "88e67f3b8898c5ea81d2916dd5b8bc9c0c35ba13" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:39:22 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:39:22 2008 +1100" }, "message": "CRED: Pass credentials through dentry_open()\n\nPass credentials through dentry_open() so that the COW creds patch can have\nSELinux\u0027s flush_unauthorized_files() pass the appropriate creds back to itself\nwhen it opens its null chardev.\n\nThe security_dentry_open() call also now takes a creds pointer, as does the\ndentry_open hook in struct security_operations.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b6dff3ec5e116e3af6f537d4caedcad6b9e5082a", "tree": "9e76f972eb7ce9b84e0146c8e4126a3f86acb428", "parents": [ "15a2460ed0af7538ca8e6c610fe607a2cd9da142" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:39:16 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:39:16 2008 +1100" }, "message": "CRED: Separate task security context from task_struct\n\nSeparate the task security context from task_struct. At this point, the\nsecurity data is temporarily embedded in the task_struct with two pointers\npointing to it.\n\nNote that the Alpha arch is altered as it refers to (E)UID and (E)GID in\nentry.S via asm-offsets.\n\nWith comment fixes Signed-off-by: Marc Dionne \u003cmarc.c.dionne@gmail.com\u003e\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1cdcbec1a3372c0c49c59d292e708fd07b509f18", "tree": "d1bd302c8d66862da45b494cbc766fb4caa5e23e", "parents": [ "8bbf4976b59fc9fc2861e79cab7beb3f6d647640" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:39:14 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:39:14 2008 +1100" }, "message": "CRED: Neuter sys_capset()\n\nTake away the ability for sys_capset() to affect processes other than current.\n\nThis means that current will not need to lock its own credentials when reading\nthem against interference by other processes.\n\nThis has effectively been the case for a while anyway, since:\n\n (1) Without LSM enabled, sys_capset() is disallowed.\n\n (2) With file-based capabilities, sys_capset() is neutered.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "aeb5d727062a0238a2f96c9c380fbd2be4640c6f", "tree": "51dae8a071fcf42e4431a66d37c5b843c8e99cf6", "parents": [ "2515ddc6db8eb49a79f0fe5e67ff09ac7c81eab4" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Sep 02 15:28:45 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Oct 21 07:47:06 2008 -0400" }, "message": "[PATCH] introduce fmode_t, do annotations\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "2cb5998b5f0ccc886fdda3509059eef297b49577", "tree": "9113731d3f892c2e164bfd05a7cf1a4b1713a619", "parents": [ "216ba023a96c04e8d3aabf83d5931c35b6e2dbbb" ], "author": { "name": "Alan Cox", "email": "alan@redhat.com", "time": "Mon Oct 13 10:40:30 2008 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 13 09:51:41 2008 -0700" }, "message": "tty: the vhangup syscall is racy\n\nWe now have the infrastructure to sort this out but rather than teaching\nthe syscall tty lock rules we move the hard work into a tty helper\n\nSigned-off-by: Alan Cox \u003calan@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "1027abe8827b47f7e9c4ed6514fde3d44f79963c", "tree": "be6aba7e46176534cc71622de53a8bcbf28a06c4", "parents": [ "a1bc6eb4b499ae67ada9a01660010580b6569403" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jul 30 04:13:04 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Aug 01 11:25:23 2008 -0400" }, "message": "[PATCH] merge locate_fd() and get_unused_fd()\n\n\tNew primitive: alloc_fd(start, flags). get_unused_fd() and\nget_unused_fd_flags() become wrappers on top of it.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4e1e018ecc6f7bfd10fc75b3ff9715cc8164e0a2", "tree": "75404b1269b079a327551f76a9b3f941f5b11a77", "parents": [ "6c5d0512a091480c9f981162227fdb1c9d70e555" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 26 16:01:20 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 26 20:53:45 2008 -0400" }, "message": "[PATCH] fix RLIM_NOFILE handling\n\n* dup2() should return -EBADF on exceeded sysctl_nr_open\n* dup() should *not* return -EINVAL even if you have rlimit set to 0;\n it should get -EMFILE instead.\n\nCheck for orig_start exceeding rlimit taken to sys_fcntl().\nFailing expand_files() in dup{2,3}() now gets -EMFILE remapped to -EBADF.\nConsequently, remaining checks for rlimit are taken to expand_files().\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "2d8f30380ab8c706f4e0a8f1aaa22b5886e9ac8a", "tree": "b798097fd831eab39f35c8c2e5a8ccfd7a850ef5", "parents": [ "256984a83880ff7ac78055cb87baea48137f0b77" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 22 09:59:21 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 26 20:53:34 2008 -0400" }, "message": "[PATCH] sanitize __user_walk_fd() et.al.\n\n* do not pass nameidata; struct path is all the callers want.\n* switch to new helpers:\n\tuser_path_at(dfd, pathname, flags, \u0026path)\n\tuser_path(pathname, \u0026path)\n\tuser_lpath(pathname, \u0026path)\n\tuser_path_dir(pathname, \u0026path) (fail if not a directory)\n The last 3 are trivial macro wrappers for the first one.\n* remove nameidata in callers.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "256984a83880ff7ac78055cb87baea48137f0b77", "tree": "a6a98bd747503df5d302b80aefd691db2a508252", "parents": [ "f419a2e3b64def707e1384ee38abb77f99af5f6d" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 22 08:09:30 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 26 20:53:32 2008 -0400" }, "message": "[PATCH] preparation to __user_walk_fd cleanup\n\nAlmost all users __user_walk_fd() and friends care only about struct path.\nGet rid of the few that do not.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "30524472c2f728c20d6bf35191042a5d455c0a64", "tree": "e9985d3883b45c4a9f5ef8185fa79c7b568bb4bd", "parents": [ "e56b6a5dda1a36ffaa532df6f975ea324298fa4d" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 22 00:02:33 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 26 20:53:30 2008 -0400" }, "message": "[PATCH] take noexec checks to very few callers that care\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "beb29e058c35ab69e96e455a12ccf7505f6de425", "tree": "0da9869b7e0422c34423a02216db1a758a55a95a", "parents": [ "b1da47e29e467f1ec36dc78d009bfb109fd533c7" ], "author": { "name": "Miklos Szeredi", "email": "mszeredi@suse.cz", "time": "Tue Jul 01 15:01:29 2008 +0200" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 26 20:53:28 2008 -0400" }, "message": "[patch 4/4] vfs: immutable inode checking cleanup\n\nMove the immutable and append-only checks from chmod, chown and utimes\ninto notify_change(). Checks for immutable and append-only files are\nalways performed by the VFS and not by the filesystem (see\npermission() and may_...() in namei.c), so these belong in\nnotify_change(), and not in inode_change_ok().\n\nThis should be completely equivalent.\n\nCC: Ulrich Drepper \u003cdrepper@redhat.com\u003e\nCC: Michael Kerrisk \u003cmtk.manpages@gmail.com\u003e\nSigned-off-by: Miklos Szeredi \u003cmszeredi@suse.cz\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a110343f0d6d41f68b7cf8c00b57a3172c67f816", "tree": "04f57e3454e796765a7395d2ece4739cf536ae9f", "parents": [ "7f2da1e7d0330395e5e9e350b879b98a1ea495df" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jul 17 09:19:08 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 26 20:53:21 2008 -0400" }, "message": "[PATCH] fix MAY_CHDIR/MAY_ACCESS/LOOKUP_ACCESS mess\n\n* MAY_CHDIR is redundant - it\u0027s an equivalent of MAY_ACCESS\n* MAY_ACCESS on fuse should affect only the last step of pathname resolution\n* fchdir() and chroot() should pass MAY_ACCESS, for the same reason why\n chdir() needs that.\n* now that we pass MAY_ACCESS explicitly in all cases, LOOKUP_ACCESS can be\n removed; it has no business being in nameidata.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "7f2da1e7d0330395e5e9e350b879b98a1ea495df", "tree": "adc01ced45bb1de10fe58511e7143bbbd138a192", "parents": [ "8bb79224b87aab92071e94d46e70bd160d89bf34" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat May 10 20:44:54 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 26 20:53:20 2008 -0400" }, "message": "[PATCH] kill altroot\n\nlong overdue...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "8bb79224b87aab92071e94d46e70bd160d89bf34", "tree": "dab47cbb434876e5916f18b738ef8bd3fe1e1ce1", "parents": [ "db2e747b14991a4c6a5c98b0e5f552a193237c03" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jul 16 09:51:03 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 26 20:53:19 2008 -0400" }, "message": "[PATCH] permission checks for chdir need special treatment only on the last step\n\n... so we ought to pass MAY_CHDIR to vfs_permission() instead of having\nit triggered on every step of preceding pathname resolution. LOOKUP_CHDIR\nis killed by that.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c82e42da8a6b2f3a85dc4d4278cb8238702f8f64", "tree": "50fb5b52e5c08a20ff4f34f7073e199890f4419e", "parents": [ "e6305c43eda10ebfd2ad9e35d6e172ccc7bb3695" ], "author": { "name": "Miklos Szeredi", "email": "mszeredi@suse.cz", "time": "Tue Jun 24 16:50:12 2008 +0200" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 26 20:53:15 2008 -0400" }, "message": "[patch 1/5] vfs: truncate: dont check immutable twice\n\nvfs_permission(MAY_WRITE) already checked for the inode being\nimmutable, so no need to repeat it.\n\nSigned-off-by: Miklos Szeredi \u003cmszeredi@suse.cz\u003e\nAcked-by: Christoph Hellwig \u003chch@infradead.org\u003e\n" }, { "commit": "f4a67cceee4a6f5ed38011a698c9e34747270ae5", "tree": "6da3eed51a938e1680a6212c56f9383bcf5670e0", "parents": [ "91224346aa8c1cdaa660300a98e0b074a3a95030" ], "author": { "name": "Jon Tollefson", "email": "kniht@linux.vnet.ibm.com", "time": "Wed Jul 23 21:27:55 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jul 24 10:47:19 2008 -0700" }, "message": "fs: check for statfs overflow\n\nAdds a check for an overflow in the filesystem size so if someone is\nchecking with statfs() on a 16G blocksize hugetlbfs in a 32bit binary that\nit will report back EOVERFLOW instead of a size of 0.\n\nAcked-by: Nishanth Aravamudan \u003cnacc@us.ibm.com\u003e\nSigned-off-by: Jon Tollefson \u003ckniht@linux.vnet.ibm.com\u003e\nSigned-off-by: Nick Piggin \u003cnpiggin@suse.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "086f7316f0d400806d76323beefae996bb3849b1", "tree": "679405a89b7f8c7a75d3896e43c837b5a5115d7b", "parents": [ "abbaeff38c00cb7f6817ec1cef406b27081ebedd" ], "author": { "name": "Andrew G. Morgan", "email": "morgan@kernel.org", "time": "Fri Jul 04 09:59:58 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 04 10:40:08 2008 -0700" }, "message": "security: filesystem capabilities: fix fragile setuid fixup code\n\nThis commit includes a bugfix for the fragile setuid fixup code in the\ncase that filesystem capabilities are supported (in access()). The effect\nof this fix is gated on filesystem capability support because changing\nsecurebits is only supported when filesystem capabilities support is\nconfigured.)\n\n[akpm@linux-foundation.org: coding-style fixes]\nSigned-off-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "9f3acc3140444a900ab280de942291959f0f615d", "tree": "0d7f3f9698071ff90fb9a127a4c6e86e1c37c945", "parents": [ "a2dcb44c3c5a8151d2d9f6ac8ad0789efcdbe184" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Apr 24 07:44:08 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 01 13:08:16 2008 -0400" }, "message": "[PATCH] split linux/file.h\n\nInitial splitoff of the low-level stuff; taken to fdtable.h\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "70688e4dd1647f0ceb502bbd5964fa344c5eb411", "tree": "e0bd8c3b4b6050c067a453d800c2e87948d1abaf", "parents": [ "30afcb4bd2762fa4b87b17ada9500aa46dc10b1b" ], "author": { "name": "Nick Piggin", "email": "npiggin@suse.de", "time": "Mon Apr 28 02:13:02 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 28 08:58:23 2008 -0700" }, "message": "xip: support non-struct page backed memory\n\nConvert XIP to support non-struct page backed memory, using VM_MIXEDMAP for\nthe user mappings.\n\nThis requires the get_xip_page API to be changed to an address based one.\nImprove the API layering a little bit too, while we\u0027re here.\n\nThis is required in order to support XIP filesystems on memory that isn\u0027t\nbacked with struct page (but memory with struct page is still supported too).\n\nSigned-off-by: Nick Piggin \u003cnpiggin@suse.de\u003e\nAcked-by: Carsten Otte \u003ccotte@de.ibm.com\u003e\nCc: Jared Hulbert \u003cjaredeh@gmail.com\u003e\nCc: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nCc: Heiko Carstens \u003cheiko.carstens@de.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "ad775f5a8faa5845377f093ca11caf577404add9", "tree": "f124ff1038672b8d2ef004d75c844f740d8fe52b", "parents": [ "2e4b7fcd926006531935a4c79a5e9349fe51125b" ], "author": { "name": "Dave Hansen", "email": "haveblue@us.ibm.com", "time": "Fri Feb 15 14:38:01 2008 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Apr 19 00:29:28 2008 -0400" }, "message": "[PATCH] r/o bind mounts: debugging for missed calls\n\nThere have been a few oopses caused by \u0027struct file\u0027s with NULL f_vfsmnts.\nThere was also a set of potentially missed mnt_want_write()s from\ndentry_open() calls.\n\nThis patch provides a very simple debugging framework to catch these kinds of\nbugs. It will WARN_ON() them, but should stop us from having any oopses or\nmnt_writer count imbalances.\n\nI\u0027m quite convinced that this is a good thing because it found bugs in the\nstuff I was working on as soon as I wrote it.\n\n[hch: made it conditional on a debug option.\n But it\u0027s still a little bit too ugly]\n\n[hch: merged forced remount r/o fix from Dave and akpm\u0027s fix for the fix]\n\nSigned-off-by: Dave Hansen \u003chaveblue@us.ibm.com\u003e\nAcked-by: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "2f676cbc0d60ae806216c7a61c6971bd72dedde8", "tree": "57287366150093260f18bdbe81596492e3e40aa1", "parents": [ "9ac9b8474c39c3ae2c2b37d8e1f08db8a9146124" ], "author": { "name": "Dave Hansen", "email": "haveblue@us.ibm.com", "time": "Fri Feb 15 14:37:55 2008 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Apr 19 00:29:26 2008 -0400" }, "message": "[PATCH] r/o bind mounts: make access() use new r/o helper\n\nIt is OK to let access() go without using a mnt_want/drop_write() pair because\nit doesn\u0027t actually do writes to the filesystem, and it is inherently racy\nanyway. This is a rare case when it is OK to use __mnt_is_readonly()\ndirectly.\n\nAcked-by: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nSigned-off-by: Christoph Hellwig \u003chch@infradead.org\u003e\nSigned-off-by: Dave Hansen \u003chaveblue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9ac9b8474c39c3ae2c2b37d8e1f08db8a9146124", "tree": "e630074f48b8edd7a54805e5fb9b2b15896d052f", "parents": [ "2af482a7edfb8810539cacc2fdd8242611ca43bb" ], "author": { "name": "Dave Hansen", "email": "haveblue@us.ibm.com", "time": "Fri Feb 15 14:37:52 2008 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Apr 19 00:29:25 2008 -0400" }, "message": "[PATCH] r/o bind mounts: write counts for truncate()\n\nAcked-by: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Dave Hansen \u003chaveblue@us.ibm.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "2af482a7edfb8810539cacc2fdd8242611ca43bb", "tree": "a51f65bf608c47dd9e3a061258e6f461f3446349", "parents": [ "4a3fd211ccfc08a88edc824300e25a87785c6a5f" ], "author": { "name": "Dave Hansen", "email": "haveblue@us.ibm.com", "time": "Fri Feb 15 14:37:50 2008 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Apr 19 00:29:25 2008 -0400" }, "message": "[PATCH] r/o bind mounts: elevate write count for chmod/chown callers\n\nchown/chmod,etc... don\u0027t call permission in the same way that the normal\n\"open for write\" calls do. They still write to the filesystem, so bump the\nwrite count during these operations.\n\nAcked-by: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Dave Hansen \u003chaveblue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4a3fd211ccfc08a88edc824300e25a87785c6a5f", "tree": "99f1a76a99fa78464b8de731f7fdb5bcc9667a5e", "parents": [ "42a74f206b914db13ee1f5ae932dcd91a77c8579" ], "author": { "name": "Dave Hansen", "email": "haveblue@us.ibm.com", "time": "Fri Feb 15 14:37:48 2008 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Apr 19 00:29:25 2008 -0400" }, "message": "[PATCH] r/o bind mounts: elevate write count for open()s\n\nThis is the first really tricky patch in the series. It elevates the writer\ncount on a mount each time a non-special file is opened for write.\n\nWe used to do this in may_open(), but Miklos pointed out that __dentry_open()\nis used as well to create filps. This will cover even those cases, while a\ncall in may_open() would not have.\n\nThere is also an elevated count around the vfs_create() call in open_namei().\nSee the comments for more details, but we need this to fix a \u0027create, remount,\nfail r/w open()\u0027 race.\n\nSome filesystems forego the use of normal vfs calls to create\nstruct files. Make sure that these users elevate the mnt\nwriter count because they will get __fput(), and we need\nto make sure they\u0027re balanced.\n\nAcked-by: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Dave Hansen \u003chaveblue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a70e65df8812c52252fa07a2eb92a46451a4427f", "tree": "b8154bebeb898743e89aeeea5971b410c7e49bf7", "parents": [ "d57999e1527f0b0c818846dcba5a23015beb4823" ], "author": { "name": "Christoph Hellwig", "email": "hch@lst.de", "time": "Fri Feb 15 14:37:28 2008 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Apr 19 00:25:32 2008 -0400" }, "message": "[PATCH] merge open_namei() and do_filp_open()\n\nopen_namei() will, in the future, need to take mount write counts\nover its creation and truncation (via may_open()) operations. It\nneeds to keep these write counts until any potential filp that is\ncreated gets __fput()\u0027d.\n\nThis gets complicated in the error handling and becomes very murky\nas to how far open_namei() actually got, and whether or not that\nmount write count was taken. That makes it a bad interface.\n\nAll that the current do_filp_open() really does is allocate the\nnameidata on the stack, then call open_namei().\n\nSo, this merges those two functions and moves filp_open() over\nto namei.c so it can be close to its buddy: do_filp_open(). It\nalso gets a kerneldoc comment in the process.\n\nAcked-by: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Dave Hansen \u003chaveblue@us.ibm.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d57999e1527f0b0c818846dcba5a23015beb4823", "tree": "6cd6f1e773fb19b18531997131b0887f835dcf03", "parents": [ "3925e6fc1f774048404fdd910b0345b06c699eb4" ], "author": { "name": "Dave Hansen", "email": "haveblue@us.ibm.com", "time": "Fri Feb 15 14:37:27 2008 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Apr 19 00:25:31 2008 -0400" }, "message": "[PATCH] do namei_flags calculation inside open_namei()\n\nMy end goal here is to make sure all users of may_open()\nreturn filps. This will ensure that we properly release\nmount write counts which were taken for the filp in\nmay_open().\n\nThis patch moves the sys_open flags to namei flags\ncalculation into fs/namei.c. We\u0027ll shortly be moving\nthe nameidata_to_filp() calls into namei.c, and this\ngets the sys_open flags to a place where we can get\nat them when we need them.\n\nAcked-by: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Dave Hansen \u003chaveblue@us.ibm.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "54a015104136974262afa4b8ddd943ea70dec8a2", "tree": "713f0c1f4d0afe62e5c568a424e309f70388cf7f", "parents": [ "783e391b7b5b273cd20856d8f6f4878da8ec31b3" ], "author": { "name": "Roland McGrath", "email": "roland@redhat.com", "time": "Thu Apr 10 15:37:38 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Apr 10 17:28:26 2008 -0700" }, "message": "asmlinkage_protect replaces prevent_tail_call\n\nThe prevent_tail_call() macro works around the problem of the compiler\nclobbering argument words on the stack, which for asmlinkage functions\nis the caller\u0027s (user\u0027s) struct pt_regs. The tail/sibling-call\noptimization is not the only way that the compiler can decide to use\nstack argument words as scratch space, which we have to prevent.\nOther optimizations can do it too.\n\nUntil we have new compiler support to make \"asmlinkage\" binding on the\ncompiler\u0027s own use of the stack argument frame, we have work around all\nthe manifestations of this issue that crop up.\n\nMore cases seem to be prevented by also keeping the incoming argument\nvariables live at the end of the function. This makes their original\nstack slots attractive places to leave those variables, so the compiler\ntends not clobber them for something else. It\u0027s still no guarantee, but\nit handles some observed cases that prevent_tail_call() did not.\n\nSigned-off-by: Roland McGrath \u003croland@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "322ee5b36eac42e762526b0df7fa432beba6e7a0", "tree": "2499695b67123a8d463a1e59e91aa793f4803c10", "parents": [ "3227e14c3cab5ef7972c72eb13c13de444b5bfbc" ], "author": { "name": "Christoph Hellwig", "email": "hch@lst.de", "time": "Fri Feb 15 14:37:24 2008 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Mar 19 06:50:44 2008 -0400" }, "message": "[PATCH] check for null vfsmount in dentry_open()\n\nMake sure no-one calls dentry_open with a NULL vfsmount argument and crap\nout with a stacktrace otherwise. A NULL file-\u003ef_vfsmnt has always been\nproblematic, but with the per-mount r/o tracking we can\u0027t accept anymore\nat all.\n\n[AV] the last place that passed NULL had been eliminated by the previous\npatch (reiserfs xattr stuff)\n\nAcked-by: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Dave Hansen \u003chaveblue@us.ibm.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ac748a09fc873915254ed69fe83f1a95436ee30a", "tree": "1544b5d5d71e1d4902a1e1255ef8703260a0150e", "parents": [ "6ac08c39a16f72c2d3e845cb6849a1392fa03e80" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:34:39 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:13:33 2008 -0800" }, "message": "Make set_fs_{root,pwd} take a struct path\n\nIn nearly all cases the set_fs_{root,pwd}() calls work on a struct\npath. Change the function to reflect this and use path_get() here.\n\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nSigned-off-by: Andreas Gruenbacher \u003cagruen@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "1d957f9bf87da74f420424d16ece005202bbebd3", "tree": "363d4770c0c74a536524c99ccd2762ce96ee9bbe", "parents": [ "4ac9137858e08a19f29feac4e1f4df7c268b0ba5" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:34:35 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:13:33 2008 -0800" }, "message": "Introduce path_put()\n\n* Add path_put() functions for releasing a reference to the dentry and\n vfsmount of a struct path in the right order\n\n* Switch from path_release(nd) to path_put(\u0026nd-\u003epath)\n\n* Rename dput_path() to path_put_conditional()\n\n[akpm@linux-foundation.org: fix cifs]\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nSigned-off-by: Andreas Gruenbacher \u003cagruen@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@lst.de\u003e\nCc: \u003clinux-fsdevel@vger.kernel.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Steven French \u003csfrench@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4ac9137858e08a19f29feac4e1f4df7c268b0ba5", "tree": "f5b5d84fd12fcc2b0ba0e7ce1a79ff381ad8f5dd", "parents": [ "c5e725f33b733a77de622e91b6ba5645fcf070be" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:34:32 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:13:33 2008 -0800" }, "message": "Embed a struct path into struct nameidata instead of nd-\u003e{dentry,mnt}\n\nThis is the central patch of a cleanup series. In most cases there is no good\nreason why someone would want to use a dentry for itself. This series reflects\nthat fact and embeds a struct path into nameidata.\n\nTogether with the other patches of this series\n- it enforced the correct order of getting/releasing the reference count on\n \u003cdentry,vfsmount\u003e pairs\n- it prepares the VFS for stacking support since it is essential to have a\n struct path in every place where the stack can be traversed\n- it reduces the overall code size:\n\nwithout patch series:\n text data bss dec hex filename\n5321639 858418 715768 6895825 6938d1 vmlinux\n\nwith patch series:\n text data bss dec hex filename\n5320026 858418 715768 6894212 693284 vmlinux\n\nThis patch:\n\nSwitch from nd-\u003e{dentry,mnt} to nd-\u003epath.{dentry,mnt} everywhere.\n\n[akpm@linux-foundation.org: coding-style fixes]\n[akpm@linux-foundation.org: fix cifs]\n[akpm@linux-foundation.org: fix smack]\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nSigned-off-by: Andreas Gruenbacher \u003cagruen@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@lst.de\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "3287629eff75c7323e875b942be82f7ac6ca18da", "tree": "4c8ebbff98b3e7139acf939bf4bfb56f711281ca", "parents": [ "c2fdda0dfbe85ad5d68d4799ff7c5af89db8ac19" ], "author": { "name": "Arjan van de Ven", "email": "arjan@linux.intel.com", "time": "Fri Feb 08 04:20:55 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Feb 08 09:22:36 2008 -0800" }, "message": "remove the unused exports of sys_open/sys_read\n\nThese exports (which aren\u0027t used and which are in fact dangerous to use\nbecause they pretty much form a security hole to use) have been marked\n_UNUSED since 2.6.24 with removal in 2.6.25. This patch is their final\ndeparture from the Linux kernel tree.\n\nSigned-off-by: Arjan van de Ven \u003carjan@linux.intel.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "fc9b52cd8f5f459b88adcf67c47668425ae31a78", "tree": "c29924eaf60d2e73641bf11fa906a23fa81f46c9", "parents": [ "75acb9cd2ef0bbb463098fdd40cbcdda79d45fa3" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Fri Feb 08 04:19:52 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Feb 08 09:22:31 2008 -0800" }, "message": "fs: remove fastcall, it is always empty\n\n[akpm@linux-foundation.org: coding-style fixes]\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "cb51f973bce7aef46452b0c6faea8f791885f5b8", "tree": "167fdcc6754a9b27651f3b76fcb83f74847f396b", "parents": [ "22800a2830ec07e7cc5c837999890ac47cc7f5de" ], "author": { "name": "Arjan van de Ven", "email": "arjan@linux.intel.com", "time": "Wed Nov 14 17:00:10 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Nov 14 18:45:42 2007 -0800" }, "message": "mark sys_open/sys_read exports unused\n\nsys_open / sys_read were used in the early 1.2 days to load firmware from\ndisk inside drivers. Since 2.0 or so this was deprecated behavior, but\nseveral drivers still were using this. Since a few years we have a\nrequest_firmware() API that implements this in a nice, consistent way.\nOnly some old ISA sound drivers (pre-ALSA) still straggled along for some\ntime.... however with commit c2b1239a9f22f19c53543b460b24507d0e21ea0c the\nlast user is now gone.\n\nThis is a good thing, since using sys_open / sys_read etc for firmware is a\nvery buggy to dangerous thing to do; these operations put an fd in the\nprocess file descriptor table.... which then can be tampered with from\nother threads for example. For those who don\u0027t want the firmware loader,\nfilp_open()/vfs_read are the better APIs to use, without this security\nissue.\n\nThe patch below marks sys_open and sys_read unused now that they\u0027re\nreally not used anymore, and for deletion in the 2.6.25 timeframe.\n\nSigned-off-by: Arjan van de Ven \u003carjan@linux.intel.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "5a190ae69766da9a34bf31200c5cea4c0667cf94", "tree": "340c500fe42518abe6d1159a00619b1bd02f07fc", "parents": [ "cfa76f024f7c9e65169425804e5b32e71f66d0ee" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jun 07 12:19:32 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Oct 21 02:37:18 2007 -0400" }, "message": "[PATCH] pass dentry to audit_inode()/audit_inode_child()\n\nmakes caller simpler *and* allows to scan ancestors\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b53767719b6cd8789392ea3e7e2eb7b8906898f0", "tree": "a0279dc93c79b94d3865b0f19f6b7b353e20608c", "parents": [ "57c521ce6125e15e99e56c902cb8da96bee7b36d" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Tue Oct 16 23:31:36 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Oct 17 08:43:07 2007 -0700" }, "message": "Implement file posix capabilities\n\nImplement file posix capabilities. This allows programs to be given a\nsubset of root\u0027s powers regardless of who runs them, without having to use\nsetuid and giving the binary all of root\u0027s powers.\n\nThis version works with Kaigai Kohei\u0027s userspace tools, found at\nhttp://www.kaigai.gr.jp/index.php. For more information on how to use this\npatch, Chris Friedhoff has posted a nice page at\nhttp://www.friedhoff.org/fscaps.html.\n\nChangelog:\n\tNov 27:\n\tIncorporate fixes from Andrew Morton\n\t(security-introduce-file-caps-tweaks and\n\tsecurity-introduce-file-caps-warning-fix)\n\tFix Kconfig dependency.\n\tFix change signaling behavior when file caps are not compiled in.\n\n\tNov 13:\n\tIntegrate comments from Alexey: Remove CONFIG_ ifdef from\n\tcapability.h, and use %zd for printing a size_t.\n\n\tNov 13:\n\tFix endianness warnings by sparse as suggested by Alexey\n\tDobriyan.\n\n\tNov 09:\n\tAddress warnings of unused variables at cap_bprm_set_security\n\twhen file capabilities are disabled, and simultaneously clean\n\tup the code a little, by pulling the new code into a helper\n\tfunction.\n\n\tNov 08:\n\tFor pointers to required userspace tools and how to use\n\tthem, see http://www.friedhoff.org/fscaps.html.\n\n\tNov 07:\n\tFix the calculation of the highest bit checked in\n\tcheck_cap_sanity().\n\n\tNov 07:\n\tAllow file caps to be enabled without CONFIG_SECURITY, since\n\tcapabilities are the default.\n\tHook cap_task_setscheduler when !CONFIG_SECURITY.\n\tMove capable(TASK_KILL) to end of cap_task_kill to reduce\n\taudit messages.\n\n\tNov 05:\n\tAdd secondary calls in selinux/hooks.c to task_setioprio and\n\ttask_setscheduler so that selinux and capabilities with file\n\tcap support can be stacked.\n\n\tSep 05:\n\tAs Seth Arnold points out, uid checks are out of place\n\tfor capability code.\n\n\tSep 01:\n\tDefine task_setscheduler, task_setioprio, cap_task_kill, and\n\ttask_setnice to make sure a user cannot affect a process in which\n\tthey called a program with some fscaps.\n\n\tOne remaining question is the note under task_setscheduler: are we\n\tok with CAP_SYS_NICE being sufficient to confine a process to a\n\tcpuset?\n\n\tIt is a semantic change, as without fsccaps, attach_task doesn\u0027t\n\tallow CAP_SYS_NICE to override the uid equivalence check. But since\n\tit uses security_task_setscheduler, which elsewhere is used where\n\tCAP_SYS_NICE can be used to override the uid equivalence check,\n\tfixing it might be tough.\n\n\t task_setscheduler\n\t\t note: this also controls cpuset:attach_task. Are we ok with\n\t\t CAP_SYS_NICE being used to confine to a cpuset?\n\t task_setioprio\n\t task_setnice\n\t\t sys_setpriority uses this (through set_one_prio) for another\n\t\t process. Need same checks as setrlimit\n\n\tAug 21:\n\tUpdated secureexec implementation to reflect the fact that\n\teuid and uid might be the same and nonzero, but the process\n\tmight still have elevated caps.\n\n\tAug 15:\n\tHandle endianness of xattrs.\n\tEnforce capability version match between kernel and disk.\n\tEnforce that no bits beyond the known max capability are\n\tset, else return -EPERM.\n\tWith this extra processing, it may be worth reconsidering\n\tdoing all the work at bprm_set_security rather than\n\td_instantiate.\n\n\tAug 10:\n\tAlways call getxattr at bprm_set_security, rather than\n\tcaching it at d_instantiate.\n\n[morgan@kernel.org: file-caps clean up for linux/capability.h]\n[bunk@kernel.org: unexport cap_inode_killpriv]\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Andrew Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Andrew Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a9c62a18a291499d15a370d08771e781fbaf91e6", "tree": "5d608ba9dfefce643060c1d9ab18d9f4bff18360", "parents": [ "28e3fed8b79c76450f264e77c58d0f5fbd2dd739" ], "author": { "name": "Alan Cox", "email": "alan@lxorguk.ukuu.org.uk", "time": "Tue Oct 16 23:30:22 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Oct 17 08:43:01 2007 -0700" }, "message": "fs: correct SuS compliance for open of large file without options\n\nThe early LFS work that Linux uses favours EFBIG in various places. SuSv3\nspecifically uses EOVERFLOW for this as noted by Michael (Bug 7253)\n\n[EOVERFLOW]\n The named file is a regular file and the size of the file cannot be\nrepresented correctly in an object of type off_t. We should therefore\ntransition to the proper error return code\n\nSigned-off-by: Alan Cox \u003calan@redhat.com\u003e\nCc: Theodore Tso \u003ctytso@mit.edu\u003e\nCc: Jens Axboe \u003cjens.axboe@oracle.com\u003e\nCc: Arjan van de Ven \u003carjan@infradead.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "788e7dd4c22e6f41b3a118fd8c291f831f6fddbb", "tree": "cbe2d2a360aaf7dc243bef432e1c50507ae6db7b", "parents": [ "3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9" ], "author": { "name": "Yuichi Nakamura", "email": "ynakam@hitachisoft.jp", "time": "Fri Sep 14 09:27:07 2007 +0900" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Oct 17 08:59:31 2007 +1000" }, "message": "SELinux: Improve read/write performance\n\nIt reduces the selinux overhead on read/write by only revalidating\npermissions in selinux_file_permission if the task or inode labels have\nchanged or the policy has changed since the open-time check. A new LSM\nhook, security_dentry_open, is added to capture the necessary state at open\ntime to allow this optimization.\n\n(see http://marc.info/?l\u003dselinux\u0026m\u003d118972995207740\u0026w\u003d2)\n\nSigned-off-by: Yuichi Nakamura\u003cynakam@hitachisoft.jp\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9700382c3c9ff3e673e587084d76eedb3ba88668", "tree": "57ed58d87e765323692e463c8b7ee64f702dff0d", "parents": [ "937472b00b666ecbf1464502f857ec63b024af72" ], "author": { "name": "david m. richter", "email": "richterd@citi.umich.edu", "time": "Tue Jul 31 00:39:12 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Jul 31 15:39:42 2007 -0700" }, "message": "VFS: fix a race in lease-breaking during truncate\n\nIt is possible that another process could acquire a new file lease right\nafter break_lease() is called during a truncate, but before lease-granting\nis disabled by the subsequent get_write_access(). Merely switching the\norder of the break_lease() and get_write_access() calls prevents this race.\n\nSigned-off-by: David M. Richter \u003crichterd@citi.umich.edu\u003e\nSigned-off-by: \"J. Bruce Fields\" \u003cbfields@citi.umich.edu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0d786d4a2773f06a791e8c3730d049077fb81df6", "tree": "de553420b6b1a70b80034385ff94eb706bac12ab", "parents": [ "4f640efb3170dbcf99a37a3cc99060647b95428c" ], "author": { "name": "Ulrich Drepper", "email": "drepper@redhat.com", "time": "Mon Jul 23 18:43:46 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Jul 24 12:24:58 2007 -0700" }, "message": "fallocate syscall interface deficiency\n\nThe fallocate syscall returns ENOSYS in case the filesystem does not support\nthe operation and expects the userlevel code to fill in. This is good in\nconcept.\n\nThe problem is that the libc code for old kernels should be able to\ndistinguish the case where the syscall is not at all available vs not\nfunctioning for a specific mount point. As is this is not possible and we\nalways have to invoke the syscall even if the kernel doesn\u0027t support it.\n\nI suggest the following patch. Using EOPNOTSUPP is IMO the right thing to do.\n\nCc: Amit Arora \u003caarora@in.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "97ac73506c0ba93f30239bb57b4cfc5d73e68a62", "tree": "4d02848d6c792a70b413deadcaffd7bf8c8d61de", "parents": [ "cb32da0416b823b7f4b65e7e85d6cba16ca4d1e1" ], "author": { "name": "Amit Arora", "email": "aarora@in.ibm.com", "time": "Tue Jul 17 21:42:44 2007 -0400" }, "committer": { "name": "Theodore Ts\u0027o", "email": "tytso@mit.edu", "time": "Tue Jul 17 21:42:44 2007 -0400" }, "message": "sys_fallocate() implementation on i386, x86_64 and powerpc\n\nfallocate() is a new system call being proposed here which will allow\napplications to preallocate space to any file(s) in a file system.\nEach file system implementation that wants to use this feature will need\nto support an inode operation called -\u003efallocate().\nApplications can use this feature to avoid fragmentation to certain\nlevel and thus get faster access speed. With preallocation, applications\nalso get a guarantee of space for particular file(s) - even if later the\nthe system becomes full.\n\nCurrently, glibc provides an interface called posix_fallocate() which\ncan be used for similar cause. Though this has the advantage of working\non all file systems, but it is quite slow (since it writes zeroes to\neach block that has to be preallocated). Without a doubt, file systems\ncan do this more efficiently within the kernel, by implementing\nthe proposed fallocate() system call. It is expected that\nposix_fallocate() will be modified to call this new system call first\nand incase the kernel/filesystem does not implement it, it should fall\nback to the current implementation of writing zeroes to the new blocks.\nToDos:\n1. Implementation on other architectures (other than i386, x86_64,\n and ppc). Patches for s390(x) and ia64 are already available from\n previous posts, but it was decided that they should be added later\n once fallocate is in the mainline. Hence not including those patches\n in this take.\n2. Changes to glibc,\n a) to support fallocate() system call\n b) to make posix_fallocate() and posix_fallocate64() call fallocate()\n\nSigned-off-by: Amit Arora \u003caarora@in.ibm.com\u003e\n" }, { "commit": "4a19542e5f694cd408a32c3d9dc593ba9366e2d7", "tree": "12f5fd603b516b4e24ec4850d5589273d24be569", "parents": [ "f23513e8d96cf5e6cf8d2ff0cb5dd6bbc33995e4" ], "author": { "name": "Ulrich Drepper", "email": "drepper@redhat.com", "time": "Sun Jul 15 23:40:34 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:45 2007 -0700" }, "message": "O_CLOEXEC for SCM_RIGHTS\n\nPart two in the O_CLOEXEC saga: adding support for file descriptors received\nthrough Unix domain sockets.\n\nThe patch is once again pretty minimal, it introduces a new flag for recvmsg\nand passes it just like the existing MSG_CMSG_COMPAT flag. I think this bit\nis not used otherwise but the networking people will know better.\n\nThis new flag is not recognized by recvfrom and recv. These functions cannot\nbe used for that purpose and the asymmetry this introduces is not worse than\nthe already existing MSG_CMSG_COMPAT situations.\n\nThe patch must be applied on the patch which introduced O_CLOEXEC. It has to\nremove static from the new get_unused_fd_flags function but since scm.c cannot\nlive in a module the function still hasn\u0027t to be exported.\n\nHere\u0027s a test program to make sure the code works. It\u0027s so much longer than\nthe actual patch...\n\n#include \u003cerrno.h\u003e\n#include \u003cerror.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003csys/un.h\u003e\n\n#ifndef O_CLOEXEC\n# define O_CLOEXEC 02000000\n#endif\n#ifndef MSG_CMSG_CLOEXEC\n# define MSG_CMSG_CLOEXEC 0x40000000\n#endif\n\nint\nmain (int argc, char *argv[])\n{\n if (argc \u003e 1)\n {\n int fd \u003d atol (argv[1]);\n printf (\"child: fd \u003d %d\\n\", fd);\n if (fcntl (fd, F_GETFD) \u003d\u003d 0 || errno !\u003d EBADF)\n {\n puts (\"file descriptor valid in child\");\n return 1;\n }\n return 0;\n\n }\n\n struct sockaddr_un sun;\n strcpy (sun.sun_path, \"./testsocket\");\n sun.sun_family \u003d AF_UNIX;\n\n char databuf[] \u003d \"hello\";\n struct iovec iov[1];\n iov[0].iov_base \u003d databuf;\n iov[0].iov_len \u003d sizeof (databuf);\n\n union\n {\n struct cmsghdr hdr;\n char bytes[CMSG_SPACE (sizeof (int))];\n } buf;\n struct msghdr msg \u003d { .msg_iov \u003d iov, .msg_iovlen \u003d 1,\n .msg_control \u003d buf.bytes,\n .msg_controllen \u003d sizeof (buf) };\n struct cmsghdr *cmsg \u003d CMSG_FIRSTHDR (\u0026msg);\n\n cmsg-\u003ecmsg_level \u003d SOL_SOCKET;\n cmsg-\u003ecmsg_type \u003d SCM_RIGHTS;\n cmsg-\u003ecmsg_len \u003d CMSG_LEN (sizeof (int));\n\n msg.msg_controllen \u003d cmsg-\u003ecmsg_len;\n\n pid_t child \u003d fork ();\n if (child \u003d\u003d -1)\n error (1, errno, \"fork\");\n if (child \u003d\u003d 0)\n {\n int sock \u003d socket (PF_UNIX, SOCK_STREAM, 0);\n if (sock \u003c 0)\n error (1, errno, \"socket\");\n\n if (bind (sock, (struct sockaddr *) \u0026sun, sizeof (sun)) \u003c 0)\n error (1, errno, \"bind\");\n if (listen (sock, SOMAXCONN) \u003c 0)\n error (1, errno, \"listen\");\n\n int conn \u003d accept (sock, NULL, NULL);\n if (conn \u003d\u003d -1)\n error (1, errno, \"accept\");\n\n *(int *) CMSG_DATA (cmsg) \u003d sock;\n if (sendmsg (conn, \u0026msg, MSG_NOSIGNAL) \u003c 0)\n error (1, errno, \"sendmsg\");\n\n return 0;\n }\n\n /* For a test suite this should be more robust like a\n barrier in shared memory. */\n sleep (1);\n\n int sock \u003d socket (PF_UNIX, SOCK_STREAM, 0);\n if (sock \u003c 0)\n error (1, errno, \"socket\");\n\n if (connect (sock, (struct sockaddr *) \u0026sun, sizeof (sun)) \u003c 0)\n error (1, errno, \"connect\");\n unlink (sun.sun_path);\n\n *(int *) CMSG_DATA (cmsg) \u003d -1;\n\n if (recvmsg (sock, \u0026msg, MSG_CMSG_CLOEXEC) \u003c 0)\n error (1, errno, \"recvmsg\");\n\n int fd \u003d *(int *) CMSG_DATA (cmsg);\n if (fd \u003d\u003d -1)\n error (1, 0, \"no descriptor received\");\n\n char fdname[20];\n snprintf (fdname, sizeof (fdname), \"%d\", fd);\n execl (\"/proc/self/exe\", argv[0], fdname, NULL);\n puts (\"execl failed\");\n return 1;\n}\n\n[akpm@linux-foundation.org: Fix fastcall inconsistency noted by Michael Buesch]\n[akpm@linux-foundation.org: build fix]\nSigned-off-by: Ulrich Drepper \u003cdrepper@redhat.com\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Michael Buesch \u003cmb@bu3sch.de\u003e\nCc: Michael Kerrisk \u003cmtk-manpages@gmx.net\u003e\nAcked-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f23513e8d96cf5e6cf8d2ff0cb5dd6bbc33995e4", "tree": "6efce8fb88308ae4f4a65cc35a3669f32ff55248", "parents": [ "4a2d44590a603be292addce9c263982043416666" ], "author": { "name": "Ulrich Drepper", "email": "drepper@redhat.com", "time": "Sun Jul 15 23:40:32 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:45 2007 -0700" }, "message": "Introduce O_CLOEXEC\n\nThe problem is as follows: in multi-threaded code (or more correctly: all\ncode using clone() with CLONE_FILES) we have a race when exec\u0027ing.\n\n thread #1 thread #2\n\n fd\u003dopen()\n\n fork + exec\n\n fcntl(fd,F_SETFD,FD_CLOEXEC)\n\nIn some applications this can happen frequently. Take a web browser. One\nthread opens a file and another thread starts, say, an external PDF viewer.\n The result can even be a security issue if that open file descriptor\nrefers to a sensitive file and the external program can somehow be tricked\ninto using that descriptor.\n\nJust adding O_CLOEXEC support to open() doesn\u0027t solve the whole set of\nproblems. There are other ways to create file descriptors (socket,\nepoll_create, Unix domain socket transfer, etc). These can and should be\naddressed separately though. open() is such an easy case that it makes not\nmuch sense putting the fix off.\n\nThe test program:\n\n#include \u003cerrno.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cunistd.h\u003e\n\n#ifndef O_CLOEXEC\n# define O_CLOEXEC 02000000\n#endif\n\nint\nmain (int argc, char *argv[])\n{\n int fd;\n if (argc \u003e 1)\n {\n fd \u003d atol (argv[1]);\n printf (\"child: fd \u003d %d\\n\", fd);\n if (fcntl (fd, F_GETFD) \u003d\u003d 0 || errno !\u003d EBADF)\n {\n puts (\"file descriptor valid in child\");\n return 1;\n }\n return 0;\n }\n\n fd \u003d open (\"/proc/self/exe\", O_RDONLY | O_CLOEXEC);\n printf (\"in parent: new fd \u003d %d\\n\", fd);\n char buf[20];\n snprintf (buf, sizeof (buf), \"%d\", fd);\n execl (\"/proc/self/exe\", argv[0], buf, NULL);\n puts (\"execl failed\");\n return 1;\n}\n\n[kyle@parisc-linux.org: parisc fix]\nSigned-off-by: Ulrich Drepper \u003cdrepper@redhat.com\u003e\nAcked-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Davide Libenzi \u003cdavidel@xmailserver.org\u003e\nCc: Michael Kerrisk \u003cmtk-manpages@gmx.net\u003e\nCc: Chris Zankel \u003cchris@zankel.net\u003e\nSigned-off-by: Kyle McMartin \u003ckyle@parisc-linux.org\u003e\nAcked-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7b82dc0e64e93f430182f36b46b79fcee87d3532", "tree": "28c61be85dd899cdb096ac15c65b521b0db60ea8", "parents": [ "1efd48b3ae8f89a1d04f1e36be96764d7bf43ae9" ], "author": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue May 08 20:10:00 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue May 08 20:10:00 2007 -0700" }, "message": "Remove suid/sgid bits on [f]truncate()\n\n.. to match what we do on write(). This way, people who write to files\nby using [f]truncate + writable mmap have the same semantics as if they\nwere using the write() family of system calls.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e63340ae6b6205fef26b40a75673d1c9c0c8bb90", "tree": "8d3212705515edec73c3936bb9e23c71d34a7b41", "parents": [ "04c9167f91e309c9c4ea982992aa08e83b2eb42e" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Tue May 08 00:28:08 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue May 08 11:15:07 2007 -0700" }, "message": "header cleaning: don\u0027t include smp_lock.h when not used\n\nRemove includes of \u003clinux/smp_lock.h\u003e where it is not used/needed.\nSuggested by Al Viro.\n\nBuilds cleanly on x86_64, i386, alpha, ia64, powerpc, sparc,\nsparc64, and arm (all 59 defconfigs).\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "bbea9f69668a3d0cf9feba15a724cd02896f8675", "tree": "bc58506e4daba4a04309181a5501ae4eb5424783", "parents": [ "f3d19c90fb117a5f080310a4592929aa8e1ad8e9" ], "author": { "name": "Vadim Lobanov", "email": "vlobanov@speakeasy.net", "time": "Sun Dec 10 02:21:12 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Sun Dec 10 09:57:22 2006 -0800" }, "message": "[PATCH] fdtable: Make fdarray and fdsets equal in size\n\nCurrently, each fdtable supports three dynamically-sized arrays of data: the\nfdarray and two fdsets. The code allows the number of fds supported by the\nfdarray (fdtable-\u003emax_fds) to differ from the number of fds supported by each\nof the fdsets (fdtable-\u003emax_fdset).\n\nIn practice, it is wasteful for these two sizes to differ: whenever we hit a\nlimit on the smaller-capacity structure, we will reallocate the entire fdtable\nand all the dynamic arrays within it, so any delta in the memory used by the\nlarger-capacity structure will never be touched at all.\n\nRather than hogging this excess, we shouldn\u0027t even allocate it in the first\nplace, and keep the capacities of the fdarray and the fdsets equal. This\npatch removes fdtable-\u003emax_fdset. As an added bonus, most of the supporting\ncode becomes simpler.\n\nSigned-off-by: Vadim Lobanov \u003cvlobanov@speakeasy.net\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Dipankar Sarma \u003cdipankar@in.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "0f7fc9e4d03987fe29f6dd4aa67e4c56eb7ecb05", "tree": "51763269e44eb9bf4d0f8c529577489902850cf9", "parents": [ "b65d34fd465f19fbe2f32f2205a9a06ca7c2bdeb" ], "author": { "name": "Josef \"Jeff\" Sipek", "email": "jsipek@cs.sunysb.edu", "time": "Fri Dec 08 02:36:35 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 08 08:28:41 2006 -0800" }, "message": "[PATCH] VFS: change struct file to use struct path\n\nThis patch changes struct file to use struct path instead of having\nindependent pointers to struct dentry and struct vfsmount, and converts all\nusers of f_{dentry,vfsmnt} in fs/ to use f_path.{dentry,mnt}.\n\nAdditionally, it adds two #define\u0027s to make the transition easier for users of\nthe f_dentry and f_vfsmnt.\n\nSigned-off-by: Josef \"Jeff\" Sipek \u003cjsipek@cs.sunysb.edu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "24ec839c431eb79bb8f6abc00c4e1eb3b8c4d517", "tree": "2ff478b1925159eeac007913c2a8f19d5f5e6010", "parents": [ "562f9c574e0707f9159a729ea41faf53b221cd30" ], "author": { "name": "Peter Zijlstra", "email": "a.p.zijlstra@chello.nl", "time": "Fri Dec 08 02:36:04 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 08 08:28:38 2006 -0800" }, "message": "[PATCH] tty: -\u003esignal-\u003etty locking\n\nFix the locking of signal-\u003etty.\n\nUse -\u003esighand-\u003esiglock to protect -\u003esignal-\u003etty; this lock is already used\nby most other members of -\u003esignal/-\u003esighand. And unless we are \u0027current\u0027\nor the tasklist_lock is held we need -\u003esiglock to access -\u003esignal anyway.\n\n(NOTE: sys_unshare() is broken wrt -\u003esighand locking rules)\n\nNote that tty_mutex is held over tty destruction, so while holding\ntty_mutex any tty pointer remains valid. Otherwise the lifetime of ttys\nare governed by their open file handles. This leaves some holes for tty\naccess from signal-\u003etty (or any other non file related tty access).\n\nIt solves the tty SLAB scribbles we were seeing.\n\n(NOTE: the change from group_send_sig_info to __group_send_sig_info needs to\n be examined by someone familiar with the security framework, I think\n it is safe given the SEND_SIG_PRIV from other __group_send_sig_info\n invocations)\n\n[schwidefsky@de.ibm.com: 3270 fix]\n[akpm@osdl.org: various post-viro fixes]\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nAcked-by: Alan Cox \u003calan@redhat.com\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nCc: Prarit Bhargava \u003cprarit@redhat.com\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Roland McGrath \u003croland@redhat.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Jeff Dike \u003cjdike@addtoit.com\u003e\nCc: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nCc: Jan Kara \u003cjack@ucw.cz\u003e\nSigned-off-by: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "6902d925d568cd5bfda8a1a328bf08d26d1bab46", "tree": "02f3cc489d0e47fb688587222d1793bd9298679b", "parents": [ "db5fed26b2e0beed939b773dd5896077a1794d65" ], "author": { "name": "Dave Hansen", "email": "haveblue@us.ibm.com", "time": "Sat Sep 30 23:29:01 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 01 00:39:30 2006 -0700" }, "message": "[PATCH] r/o bind mounts: prepare for write access checks: collapse if()\n\nWe\u0027re shortly going to be adding a bunch more permission checks in these\nfunctions. That requires adding either a bunch of new if() conditions, or\nsome gotos. This patch collapses existing if()s and uses gotos instead to\nprepare for the upcoming changes.\n\nSigned-off-by: Dave Hansen \u003chaveblue@us.ibm.com\u003e\nAcked-by: Christoph Hellwig \u003chch@lst.de\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "82b0547cfae1fb2ee26cad588f6d49a347d24740", "tree": "67575452152d0e51a573f66053c29c2028f3701e", "parents": [ "52978be636374c4bfb61220b37fa12f55a071c46" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Sat Sep 30 23:27:22 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 01 00:39:19 2006 -0700" }, "message": "[PATCH] Create fs/utimes.c\n\n* fs/open.c is getting bit crowdy\n* preparation to lutimes(2)\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "ee731f4f7880b09ca147008ab46ad4e5f72cb8bf", "tree": "a61545ec0a04c7699727dc9e5c5c9a30b1d75ab0", "parents": [ "7bbab9166a82d15442357cfd63ec530b5b5fb62e" ], "author": { "name": "Ernie Petrides", "email": "petrides@redhat.com", "time": "Fri Sep 29 02:00:13 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 29 09:18:13 2006 -0700" }, "message": "[PATCH] fix wrong error code on interrupted close syscalls\n\nThe problem is that close() syscalls can call a file system\u0027s flush\nhandler, which in turn might sleep interruptibly and ultimately pass back\nan -ERESTARTSYS return value. This happens for files backed by an\ninterruptible NFS mount under nfs_file_flush() when a large file has just\nbeen written and nfs_wait_bit_interruptible() detects that there is a\nsignal pending.\n\nI have a test case where the \"strace\" command is used to attach to a\nprocess sleeping in such a close(). Since the SIGSTOP is forced onto the\nvictim process (removing it from the thread\u0027s \"blocked\" mask in\nforce_sig_info()), the RPC wait is interrupted and the close() is\nterminated early.\n\nBut the file table entry has already been cleared before the flush handler\nwas called. Thus, when the syscall is restarted, the file descriptor\nappears closed and an EBADF error is returned (which is wrong). What\u0027s\nworse, there is the hypothetical case where another thread of a\nmulti-threaded application might have reused the file descriptor, in which\ncase that file would be mistakenly closed.\n\nThe bottom line is that close() syscalls are not restartable, and thus\n-ERESTARTSYS return values should be mapped to -EINTR. This is consistent\nwith the close(2) manual page. The fix is below.\n\nSigned-off-by: Ernie Petrides \u003cpetrides@redhat.com\u003e\nCc: Roland McGrath \u003croland@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "650a898342b3fa21c392c06a2b7010fa19823efa", "tree": "e5fc9b3c9590ac82b49755535e1de5e56d2dd6e8", "parents": [ "5b35e8e58a315b16d123e2bc080fcc9981501ac4" ], "author": { "name": "Miklos Szeredi", "email": "miklos@szeredi.hu", "time": "Fri Sep 29 01:59:35 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 29 09:18:08 2006 -0700" }, "message": "[PATCH] vfs: define new lookup flag for chdir\n\nIn the \"operation does permission checking\" model used by fuse, chdir\npermission is not checked, since there\u0027s no chdir method.\n\nFor this case set a lookup flag, which will be passed to -\u003epermission(), so\nfuse can distinguish it from permission checks for other operations.\n\nSigned-off-by: Miklos Szeredi \u003cmiklos@szeredi.hu\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "6e656be899993f450a765056cdc8d87e58906508", "tree": "708037245036b7b3cef3d87299435ea461bed9c4", "parents": [ "838cd153a5250a79a302f6c5d68a4794b70c4ccb" ], "author": { "name": "Peter Staubach", "email": "staubach@redhat.com", "time": "Sun Jun 25 05:48:36 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Jun 25 10:01:15 2006 -0700" }, "message": "[PATCH] ftruncate does not always update m/ctime\n\nIn the course of trying to track down a bug where a file mtime was not\nbeing updated correctly, it was discovered that the m/ctime updates were\nnot quite being handled correctly for ftruncate() calls.\n\nQuoth SUSv3:\n\nopen(2):\n\n If O_TRUNC is set and the file did previously exist, upon\n successful completion, open() shall mark for update the st_ctime\n and st_mtime fields of the file.\n\ntruncate(2):\n\n Upon successful completion, if the file size is changed, this\n function shall mark for update the st_ctime and st_mtime fields\n of the file, and the S_ISUID and S_ISGID bits of the file mode\n may be cleared.\n\nftruncate(2):\n\n Upon successful completion, if fildes refers to a regular file,\n the ftruncate() function shall mark for update the st_ctime and\n st_mtime fields of the file and the S_ISUID and S_ISGID bits of\n the file mode may be cleared. If the ftruncate() function is\n unsuccessful, the file is unaffected.\n\nThe open(O_TRUNC) and truncate cases were being handled correctly, but the\nftruncate case was being handled like the truncate case. The semantics of\ntruncate and ftruncate don\u0027t quite match, so ftruncate needs to be handled\nslightly differently.\n\nThe attached patch addresses this issue for ftruncate(2).\n\nMy thanx to Stephen Tweedie and Trond Myklebust for their help in\nunderstanding the situation and semantics.\n\nSigned-off-by: Peter Staubach \u003cstaubach@redhat.com\u003e\nCc: \"Stephen C. Tweedie\" \u003csct@redhat.com\u003e\nCc: Trond Myklebust \u003ctrond.myklebust@fys.uio.no\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "75e1fcc0b18df0a65ab113198e9dc0e98999a08c", "tree": "3ac0d0d3120cbca4ee9734494e2c9a4e0775ac4f", "parents": [ "ff7b86b82083f24b8637dff1528c7101c18c7f39" ], "author": { "name": "Miklos Szeredi", "email": "miklos@szeredi.hu", "time": "Fri Jun 23 02:05:12 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jun 23 07:43:02 2006 -0700" }, "message": "[PATCH] vfs: add lock owner argument to flush operation\n\nPass the POSIX lock owner ID to the flush operation.\n\nThis is useful for filesystems which don\u0027t want to store any locking state\nin inode-\u003ei_flock but want to handle locking/unlocking POSIX locks\ninternally. FUSE is one such filesystem but I think it possible that some\nnetwork filesystems would need this also.\n\nAlso add a flag to indicate that a POSIX locking request was generated by\nclose(), so filesystems using the above feature won\u0027t send an extra locking\nrequest in this case.\n\nSigned-off-by: Miklos Szeredi \u003cmiklos@szeredi.hu\u003e\nCc: Trond Myklebust \u003ctrond.myklebust@fys.uio.no\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "726c334223180e3c0197cc980a432681370d4baf", "tree": "8327b354bb3dc959a6606051ae6f8d4d035e38a2", "parents": [ "454e2398be9b9fa30433fccc548db34d19aa9958" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Jun 23 02:02:58 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jun 23 07:42:45 2006 -0700" }, "message": "[PATCH] VFS: Permit filesystem to perform statfs with a known root dentry\n\nGive the statfs superblock operation a dentry pointer rather than a superblock\npointer.\n\nThis complements the get_sb() patch. That reduced the significance of\nsb-\u003es_root, allowing NFS to place a fake root there. However, NFS does\nrequire a dentry to use as a target for the statfs operation. This permits\nthe root in the vfsmount to be used instead.\n\nlinux/mount.h has been added where necessary to make allyesconfig build\nsuccessfully.\n\nInterest has also been expressed for use with the FUSE and XFS filesystems.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Nathan Scott \u003cnathans@sgi.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9c937dcc71021f2dbf78f904f03d962dd9bcc130", "tree": "6ab53c1cf1235515307d521cecc4f76afa34e137", "parents": [ "6a2bceec0ea7fdc47aef9a3f2f771c201eaabe5d" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Jun 08 23:19:31 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:28 2006 -0400" }, "message": "[PATCH] log more info for directory entry change events\n\nWhen an audit event involves changes to a directory entry, include\na PATH record for the directory itself. A few other notable changes:\n\n - fixed audit_inode_child() hooks in fsnotify_move()\n - removed unused flags arg from audit_inode()\n - added audit log routines for logging a portion of a string\n\nHere\u0027s some sample output.\n\nbefore patch:\ntype\u003dSYSCALL msg\u003daudit(1149821605.320:26): arch\u003d40000003 syscall\u003d39 success\u003dyes exit\u003d0 a0\u003dbf8d3c7c a1\u003d1ff a2\u003d804e1b8 a3\u003dbf8d3c7c items\u003d1 ppid\u003d739 pid\u003d800 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dttyS0 comm\u003d\"mkdir\" exe\u003d\"/bin/mkdir\" subj\u003droot:system_r:unconfined_t:s0-s0:c0.c255\ntype\u003dCWD msg\u003daudit(1149821605.320:26): cwd\u003d\"/root\"\ntype\u003dPATH msg\u003daudit(1149821605.320:26): item\u003d0 name\u003d\"foo\" parent\u003d164068 inode\u003d164010 dev\u003d03:00 mode\u003d040755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003droot:object_r:user_home_t:s0\n\nafter patch:\ntype\u003dSYSCALL msg\u003daudit(1149822032.332:24): arch\u003d40000003 syscall\u003d39 success\u003dyes exit\u003d0 a0\u003dbfdd9c7c a1\u003d1ff a2\u003d804e1b8 a3\u003dbfdd9c7c items\u003d2 ppid\u003d714 pid\u003d777 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dttyS0 comm\u003d\"mkdir\" exe\u003d\"/bin/mkdir\" subj\u003droot:system_r:unconfined_t:s0-s0:c0.c255\ntype\u003dCWD msg\u003daudit(1149822032.332:24): cwd\u003d\"/root\"\ntype\u003dPATH msg\u003daudit(1149822032.332:24): item\u003d0 name\u003d\"/root\" inode\u003d164068 dev\u003d03:00 mode\u003d040750 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003droot:object_r:user_home_dir_t:s0\ntype\u003dPATH msg\u003daudit(1149822032.332:24): item\u003d1 name\u003d\"foo\" inode\u003d164010 dev\u003d03:00 mode\u003d040755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003droot:object_r:user_home_t:s0\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "6aff5cb8ec270db569800b1bb59bd20003a76f07", "tree": "93e876b49dbbbd9e34b8d8ba99db38b4d51f27d9", "parents": [ "0cccca06f9870eb6daa89357b8a99ad041865553" ], "author": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Mon May 15 09:43:50 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon May 15 11:20:54 2006 -0700" }, "message": "[PATCH] fs/open.c: unexport sys_openat\n\nRemove the unused EXPORT_SYMBOL_GPL(sys_openat).\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "385910f2b275a636238f70844f1b6da9fda6f2da", "tree": "284f31a897d1ae9d02598ccb2f1d108ba62a079c", "parents": [ "0a489cb3b6a7b277030cdbc97c2c65905db94536" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Apr 18 13:22:59 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Apr 18 13:22:59 2006 -0700" }, "message": "x86: be careful about tailcall breakage for sys_open[at] too\n\nCame up through a quick grep for other cases similar to the ftruncate()\none in commit 0a489cb3b6a7b277030cdbc97c2c65905db94536.\n\nAlso, add a comment, so that people who read the code understand why we\ndo what looks like a no-op.\n\n(Again, this won\u0027t actually matter to any sane user, since libc will\nsave and restore the register gcc stomps on, but it\u0027s still wrong to\nstomp on it)\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "0a489cb3b6a7b277030cdbc97c2c65905db94536", "tree": "1a746dc22ed12badc30198c8eb5065535a76bbb0", "parents": [ "ac69e973ff0660e455f4ba1ddd4dcce4ae70ed1a" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Apr 18 13:02:48 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Apr 18 13:02:48 2006 -0700" }, "message": "x86: don\u0027t allow tail-calls in sys_ftruncate[64]()\n\nGcc thinks it owns the incoming argument stack, but that\u0027s not true for\n\"asmlinkage\" functions, and it corrupts the caller-set-up argument stack\nwhen it pushes the third argument onto the stack. Which can result in\n%ebx getting corrupted in user space.\n\nNow, normally nobody sane would ever notice, since libc will save and\nrestore %ebx anyway over the system call, but it\u0027s still wrong.\n\nI\u0027d much rather have \"asmlinkage\" tell gcc directly that it doesn\u0027t own\nthe stack, but no such attribute exists, so we\u0027re stuck with our hacky\nmanual \"prevent_tail_call()\" macro once more (we\u0027ve had the same issue\nbefore with sys_waitpid() and sys_wait4()).\n\nThanks to Hans-Werner Hilse \u003chilse@sub.uni-goettingen.de\u003e for reporting\nthe issue and testing the fix.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1b9a3917366028cc451a98dd22e3bcd537d4e5c1", "tree": "d911058720e0a9aeeaf9f407ccdc6fbf4047f47d", "parents": [ "3661f00e2097676847deb01add1a0918044bd816", "71e1c784b24a026a490b3de01541fc5ee14ebc09" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Mar 25 09:24:53 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Mar 25 09:24:53 2006 -0800" }, "message": "Merge branch \u0027audit.b3\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current\n\n* \u0027audit.b3\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: (22 commits)\n [PATCH] fix audit_init failure path\n [PATCH] EXPORT_SYMBOL patch for audit_log, audit_log_start, audit_log_end and audit_format\n [PATCH] sem2mutex: audit_netlink_sem\n [PATCH] simplify audit_free() locking\n [PATCH] Fix audit operators\n [PATCH] promiscuous mode\n [PATCH] Add tty to syscall audit records\n [PATCH] add/remove rule update\n [PATCH] audit string fields interface + consumer\n [PATCH] SE Linux audit events\n [PATCH] Minor cosmetic cleanups to the code moved into auditfilter.c\n [PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL\n [PATCH] Fix IA64 success/failure indication in syscall auditing.\n [PATCH] Miscellaneous bug and warning fixes\n [PATCH] Capture selinux subject/object context information.\n [PATCH] Exclude messages by message type\n [PATCH] Collect more inode information during syscall processing.\n [PATCH] Pass dentry, not just name, in fsnotify creation hooks.\n [PATCH] Define new range of userspace messages.\n [PATCH] Filter rule comparators\n ...\n\nFixed trivial conflict in security/selinux/hooks.c\n" }, { "commit": "9a56c213929d83139fd1e12727e1037d71b519f8", "tree": "013dd77c7cae23bd8fb821175a0d6fdc35bad9fe", "parents": [ "b500531e6f5f234ed267bd7060ee06d144faf0ca" ], "author": { "name": "Oleg Drokin", "email": "green@linuxhacker.ru", "time": "Sat Mar 25 03:07:02 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Mar 25 08:22:51 2006 -0800" }, "message": "[PATCH] Add lookup_instantiate_filp usage warning\n\nI think it would be nice to put an usage warning in header of\nlookup_instantiate_filp() to indicate it is unsafe to use it on anything\nbut regular files (even that is potentially unsafe, but there your -\u003eopen()\nis usually in your hands anyway), so that others won\u0027t fall into the same\ntrap I did.\n\nSigned-off-by: Oleg Drokin \u003cgreen@linuxhacker.ru\u003e\nCc: Trond Myklebust \u003ctrond.myklebust@fys.uio.no\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "0c9e63fd38a2fb2181668a0cdd622a3c23cfd567", "tree": "8fdb91603347b1da2e83a095ebcaab44b2c3c237", "parents": [ "d8733c2956968a01394a4d2a9e97a8b431a78776" ], "author": { "name": "Eric Dumazet", "email": "dada1@cosmosbay.com", "time": "Thu Mar 23 03:00:12 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Thu Mar 23 07:38:09 2006 -0800" }, "message": "[PATCH] Shrinks sizeof(files_struct) and better layout\n\n1) Reduce the size of (struct fdtable) to exactly 64 bytes on 32bits\n platforms, lowering kmalloc() allocated space by 50%.\n\n2) Reduce the size of (files_struct), using a special 32 bits (or\n 64bits) embedded_fd_set, instead of a 1024 bits fd_set for the\n close_on_exec_init and open_fds_init fields. This save some ram (248\n bytes per task) as most tasks dont open more than 32 files. D-Cache\n footprint for such tasks is also reduced to the minimum.\n\n3) Reduce size of allocated fdset. Currently two full pages are\n allocated, that is 32768 bits on x86 for example, and way too much. The\n minimum is now L1_CACHE_BYTES.\n\nUP and SMP should benefit from this patch, because most tasks will touch\nonly one cache line when open()/close() stdin/stdout/stderr (0/1/2),\n(next_fd, close_on_exec_init, open_fds_init, fd_array[0 .. 2] being in the\nsame cache line)\n\nSigned-off-by: Eric Dumazet \u003cdada1@cosmosbay.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "73241ccca0f7786933f1d31b3d86f2456549953a", "tree": "daa7efabfb7aa2f511a467606786820949e8763e", "parents": [ "f38aa94224c5517a40ba56d453779f70d3229803" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Nov 03 16:00:25 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:53 2006 -0500" }, "message": "[PATCH] Collect more inode information during syscall processing.\n\nThis patch augments the collection of inode info during syscall\nprocessing. It represents part of the functionality that was provided\nby the auditfs patch included in RHEL4.\n\nSpecifically, it:\n\n- Collects information for target inodes created or removed during\n syscalls. Previous code only collects information for the target\n inode\u0027s parent.\n\n- Adds the audit_inode() hook to syscalls that operate on a file\n descriptor (e.g. fchown), enabling audit to do inode filtering for\n these calls.\n\n- Modifies filtering code to check audit context for either an inode #\n or a parent inode # matching a given rule.\n\n- Modifies logging to provide inode # for both parent and child.\n\n- Protect debug info from NULL audit_names.name.\n\n[AV: folded a later typo fix from the same author]\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5590ff0d5528b60153c0b4e7b771472b5a95e297", "tree": "5fdccf2354269702f71beb8e0a2942e4167fd992", "parents": [ "e2f99018eb7b29954747a2dd78e9fc0c36a60f0f" ], "author": { "name": "Ulrich Drepper", "email": "drepper@redhat.com", "time": "Wed Jan 18 17:43:53 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Jan 18 19:20:29 2006 -0800" }, "message": "[PATCH] vfs: *at functions: core\n\nHere is a series of patches which introduce in total 13 new system calls\nwhich take a file descriptor/filename pair instead of a single file\nname. These functions, openat etc, have been discussed on numerous\noccasions. They are needed to implement race-free filesystem traversal,\nthey are necessary to implement a virtual per-thread current working\ndirectory (think multi-threaded backup software), etc.\n\nWe have in glibc today implementations of the interfaces which use the\n/proc/self/fd magic. But this code is rather expensive. Here are some\nresults (similar to what Jim Meyering posted before).\n\nThe test creates a deep directory hierarchy on a tmpfs filesystem. Then\nrm -fr is used to remove all directories. Without syscall support I get\nthis:\n\nreal 0m31.921s\nuser 0m0.688s\nsys 0m31.234s\n\nWith syscall support the results are much better:\n\nreal 0m20.699s\nuser 0m0.536s\nsys 0m20.149s\n\nThe interfaces are for obvious reasons currently not much used. But they\u0027ll\nbe used. coreutils (and Jeff\u0027s posixutils) are already using them.\nFurthermore, code like ftw/fts in libc (maybe even glob) will also start using\nthem. I expect a patch to make follow soon. Every program which is walking\nthe filesystem tree will benefit.\n\nSigned-off-by: Ulrich Drepper \u003cdrepper@redhat.com\u003e\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nCc: Al Viro \u003cviro@ftp.linux.org.uk\u003e\nAcked-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Michael Kerrisk \u003cmtk-manpages@gmx.net\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "16f7e0fe2ecc30f30652e8185e1772cdebe39109", "tree": "e668703267c7b02f1af3cc1581bb4366a5370fdd", "parents": [ "c59ede7b78db329949d9cdcd7064e22d357560ef" ], "author": { "name": "Randy Dunlap", "email": "rdunlap@xenotime.net", "time": "Wed Jan 11 12:17:46 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Jan 11 18:42:13 2006 -0800" }, "message": "[PATCH] capable/capability.h (fs/)\n\nfs: Use \u003clinux/capability.h\u003e where capable() is used.\n\nSigned-off-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nAcked-by: Tim Schmielau \u003ctim@physik3.uni-rostock.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1b1dcc1b57a49136f118a0f16367256ff9994a69", "tree": "b0b36d4f41d28c9d6514fb309d33c1a084d6309b", "parents": [ "794ee1baee1c26be40410233e6c20bceb2b03c08" ], "author": { "name": "Jes Sorensen", "email": "jes@sgi.com", "time": "Mon Jan 09 15:59:24 2006 -0800" }, "committer": { "name": "Ingo Molnar", "email": "mingo@hera.kernel.org", "time": "Mon Jan 09 15:59:24 2006 -0800" }, "message": "[PATCH] mutex subsystem, semaphore to mutex: VFS, -\u003ei_sem\n\nThis patch converts the inode semaphore to a mutex. I have tested it on\nXFS and compiled as much as one can consider on an ia64. Anyway your\nluck with it might be different.\n\nModified-by: Ingo Molnar \u003cmingo@elte.hu\u003e\n\n(finished the conversion)\n\nSigned-off-by: Jes Sorensen \u003cjes@sgi.com\u003e\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\n" }, { "commit": "b01ec0ef63e95570e2463b26333d9c9c854cb941", "tree": "c895cfbeca5443d64075864e4fedbe759b27d0d2", "parents": [ "d960600df3ce3588571e2c1adf1f5f6d8ca9eb5a" ], "author": { "name": "Matt Mackall", "email": "mpm@selenic.com", "time": "Sun Jan 08 01:05:20 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Jan 08 20:14:10 2006 -0800" }, "message": "[PATCH] tiny: Uninline some open.c functions\n\nuninline some open.c functions\n\nadd/remove: 3/0 grow/shrink: 0/6 up/down: 679/-1166 (-487)\nfunction old new delta\ndo_sys_truncate - 336 +336\ndo_sys_ftruncate - 317 +317\n__put_unused_fd - 26 +26\nput_unused_fd 57 49 -8\nsys_close 150 119 -31\nsys_ftruncate64 260 26 -234\nsys_ftruncate 272 24 -248\nsys_truncate 339 25 -314\nsys_truncate64 336 5 -331\n\nSigned-off-by: Matt Mackall \u003cmpm@selenic.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "4a30131e7dbb17e5fec6958bfac9da9aff1fa29b", "tree": "2ff6139b393a9a413e2ea4db4dd2d15eec2201f8", "parents": [ "788540141f4549637e89aadca6e25cf25eb53383" ], "author": { "name": "NeilBrown", "email": "neilb@suse.de", "time": "Sun Jan 08 01:02:39 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Jan 08 20:13:52 2006 -0800" }, "message": "[PATCH] Fix some problems with truncate and mtime semantics.\n\nSUS requires that when truncating a file to the size that it currently\nis:\n truncate and ftruncate should NOT modify ctime or mtime\n O_TRUNC SHOULD modify ctime and mtime.\n\nCurrently mtime and ctime are always modified on most local\nfilesystems (side effect of -\u003etruncate) or never modified (on NFS).\n\nWith this patch:\n ATTR_CTIME|ATTR_MTIME are sent with ATTR_SIZE precisely when\n an update of these times is required whether size changes or not\n (via a new argument to do_truncate). This allows NFS to do\n the right thing for O_TRUNC.\n inode_setattr nolonger forces ATTR_MTIME|ATTR_CTIME when the ATTR_SIZE\n sets the size to it\u0027s current value. This allows local filesystems\n to do the right thing for f?truncate.\n\nAlso, the logic in inode_setattr is changed a bit so there are two return\npoints. One returns the error from vmtruncate if it failed, the other\nreturns 0 (there can be no other failure).\n\nFinally, if vmtruncate succeeds, and ATTR_SIZE is the only change\nrequested, we now fall-through and mark_inode_dirty. If a filesystem did\nnot have a -\u003etruncate function, then vmtruncate will have changed i_size,\nwithout marking the inode as \u0027dirty\u0027, and I think this is wrong.\n\nSigned-off-by: Neil Brown \u003cneilb@suse.de\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nCc: Trond Myklebust \u003ctrond.myklebust@fys.uio.no\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "8c744fb83da0771afa04695028e3550b798dad90", "tree": "670896a1c2594965099853a6c992907abb3a886f", "parents": [ "e4543eddfd3bf3e0d625841377fa695a519edfd4" ], "author": { "name": "Christoph Hellwig", "email": "hch@lst.de", "time": "Tue Nov 08 21:35:04 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Nov 09 07:55:59 2005 -0800" }, "message": "[PATCH] add a file_permission helper\n\nA few more callers of permission() just want to check for a different access\npattern on an already open file. This patch adds a wrapper for permission()\nthat takes a file in preparation of per-mount read-only support and to clean\nup the callers a little. The helper is not intended for new code, everything\nwithout the interface set in stone should use vfs_permission()\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "e4543eddfd3bf3e0d625841377fa695a519edfd4", "tree": "b62546cb0038529bd8cd583333c556ad799f2081", "parents": [ "e4a53cbabc81f04e24a5570b4aa6a6384bdbfc67" ], "author": { "name": "Christoph Hellwig", "email": "hch@lst.de", "time": "Tue Nov 08 21:35:04 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Nov 09 07:55:58 2005 -0800" }, "message": "[PATCH] add a vfs_permission helper\n\nMost permission() calls have a struct nameidata * available. This helper\ntakes that as an argument and thus makes sure we pass it down for lookup\nintents and prepares for per-mount read-only support where we need a struct\nvfsmount for checking whether a file is writeable.\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "cc4e69dee4a080f6eae3f410daec2593f4fa6f00", "tree": "b9be8984a0be5f7997d836603963dcf8f2e728ff", "parents": [ "481bed454247538e9f57d4ea37b153ccba24ba7b" ], "author": { "name": "Miklos Szeredi", "email": "miklos@szeredi.hu", "time": "Mon Nov 07 00:59:49 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Nov 07 07:53:42 2005 -0800" }, "message": "[PATCH] VFS: pass file pointer to filesystem from ftruncate()\n\nThis patch extends the iattr structure with a file pointer memeber, and adds\nan ATTR_FILE validity flag for this member.\n\nThis is set if do_truncate() is invoked from ftruncate() or from\ndo_coredump().\n\nThe change is source and binary compatible.\n\nSigned-off-by: Miklos Szeredi \u003cmiklos@szeredi.hu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "6fdcc2162285a8fc96ab12ff85086c37bceaa494", "tree": "957c0a2c2c273f6f13d8b9f95412f71856b5d449", "parents": [ "5c7ad5104d8ecf2c3a6428d73748126e91b1a250" ], "author": { "name": "Peter Staubach", "email": "staubach@redhat.com", "time": "Mon Nov 07 00:59:42 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Nov 07 07:53:39 2005 -0800" }, "message": "[PATCH] memory leak in dentry_open()\n\nThere is a memory leak possible in dentry_open(). If get_empty_filp()\nfails, then the references to dentry and mnt need to be released. The\nattached patch adds the calls to dput() and mntput() to release these two\nreferences.\n\nSigned-off-by: Peter Staubach \u003cstaubach@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "834f2a4a1554dc5b2598038b3fe8703defcbe467", "tree": "d27a000a2dd03029e6e2472c6e13801688185b51", "parents": [ "039c4d7a82d8268ec71f59679460b41d0dd9b225" ], "author": { "name": "Trond Myklebust", "email": "Trond.Myklebust@netapp.com", "time": "Tue Oct 18 14:20:16 2005 -0700" }, "committer": { "name": "Trond Myklebust", "email": "Trond.Myklebust@netapp.com", "time": "Tue Oct 18 14:20:16 2005 -0700" }, "message": "VFS: Allow the filesystem to return a full file pointer on open intent\n\n This is needed by NFSv4 for atomicity reasons: our open command is in\n fact a lookup+open, so we need to be able to propagate open context\n information from lookup() into the resulting struct file\u0027s\n private_data field.\n\n Signed-off-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\n" }, { "commit": "a1a5b3d93ca45613ec1d920fdb131b69b6553882", "tree": "19b5a05aca27f3f2ef1dc2169ce6c521ddfa8468", "parents": [ "873d3469db66ea08e94b0d04a96b1a4507684824" ], "author": { "name": "Peter Staubach", "email": "staubach@redhat.com", "time": "Tue Sep 13 01:25:12 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 13 08:22:28 2005 -0700" }, "message": "[PATCH] open returns ENFILE but creates file anyway\n\nWhen open(O_CREAT) is called and the error, ENFILE, is returned, the file\nmay be created anyway. This is counter intuitive, against the SUS V3\nspecification, and may cause applications to misbehave if they are not\ncoded correctly to handle this semantic. The SUS V3 specification\nexplicitly states \"No files shall be created or modified if the function\nreturns -1.\".\n\nThe error, ENFILE, is used to indicate the system wide open file table is\nfull and no more file structs can be allocated.\n\nThis is due to an ordering problem. The entry in the directory is created\nbefore the file struct is allocated. If the allocation for the file struct\nfails, then the system call must return an error, but the directory entry\nwas already created and can not be safely removed.\n\nThe solution to this situation is relatively easy. The file struct should\nbe allocated before the directory entry is created. If the allocation\nfails, then the error can be returned directly. If the creation of the\ndirectory entry fails, then the file struct can be easily freed.\n\nSigned-off-by: Peter Staubach \u003cstaubach@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "ab2af1f5005069321c5d130f09cce577b03f43ef", "tree": "73a70ba486f522cd9eeeef376ede2b5a1c1b473b", "parents": [ "6e72ad2c581de121cc7e772469e2a8f6b1fd4379" ], "author": { "name": "Dipankar Sarma", "email": "dipankar@in.ibm.com", "time": "Fri Sep 09 13:04:13 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:55 2005 -0700" }, "message": "[PATCH] files: files struct with RCU\n\nPatch to eliminate struct files_struct.file_lock spinlock on the reader side\nand use rcu refcounting rcuref_xxx api for the f_count refcounter. The\nupdates to the fdtable are done by allocating a new fdtable structure and\nsetting files-\u003efdt to point to the new structure. The fdtable structure is\nprotected by RCU thereby allowing lock-free lookup. For fd arrays/sets that\nare vmalloced, we use keventd to free them since RCU callbacks can\u0027t sleep. A\nglobal list of fdtable to be freed is not scalable, so we use a per-cpu list.\nIf keventd is already handling the current cpu\u0027s work, we use a timer to defer\nqueueing of that work.\n\nSince the last publication, this patch has been re-written to avoid using\nexplicit memory barriers and use rcu_assign_pointer(), rcu_dereference()\npremitives instead. This required that the fd information is kept in a\nseparate structure (fdtable) and updated atomically.\n\nSigned-off-by: Dipankar Sarma \u003cdipankar@in.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "badf16621c1f9d1ac753be056fce11b43d6e0be5", "tree": "3fdf833fdf2e3d3a439090743539680449ec3428", "parents": [ "c0dfb2905126e9e94edebbce8d3e05001301f52d" ], "author": { "name": "Dipankar Sarma", "email": "dipankar@in.ibm.com", "time": "Fri Sep 09 13:04:10 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 09 13:57:55 2005 -0700" }, "message": "[PATCH] files: break up files struct\n\nIn order for the RCU to work, the file table array, sets and their sizes must\nbe updated atomically. Instead of ensuring this through too many memory\nbarriers, we put the arrays and their sizes in a separate structure. This\npatch takes the first step of putting the file table elements in a separate\nstructure fdtable that is embedded withing files_struct. It also changes all\nthe users to refer to the file table using files_fdtable() macro. Subsequent\napplciation of RCU becomes easier after this.\n\nSigned-off-by: Dipankar Sarma \u003cdipankar@in.ibm.com\u003e\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "e922efc342d565a38eed3af377ff403f52148864", "tree": "b9996a96ed1bbb6e387f7ba8216f8e43ca640398", "parents": [ "ab8d11beb46f0bd0617e04205c01f5c1fe845b61" ], "author": { "name": "Miklos Szeredi", "email": "miklos@szeredi.hu", "time": "Tue Sep 06 15:18:25 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Wed Sep 07 16:57:43 2005 -0700" }, "message": "[PATCH] remove duplicated sys_open32() code from 64bit archs\n\n64 bit architectures all implement their own compatibility sys_open(),\nwhen in fact the difference is simply not forcing the O_LARGEFILE\nflag. So use the a common function instead.\n\nSigned-off-by: Miklos Szeredi \u003cmiklos@szeredi.hu\u003e\nCc: \u003cviro@parcelfarce.linux.theplanet.co.uk\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "0eeca28300df110bd6ed54b31193c83b87921443", "tree": "7db42d8a18d80eca538f5b7d25e0532b8fa38b85", "parents": [ "bd4c625c061c2a38568d0add3478f59172455159" ], "author": { "name": "Robert Love", "email": "rml@novell.com", "time": "Tue Jul 12 17:06:03 2005 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Jul 12 20:38:38 2005 -0700" }, "message": "[PATCH] inotify\n\ninotify is intended to correct the deficiencies of dnotify, particularly\nits inability to scale and its terrible user interface:\n\n * dnotify requires the opening of one fd per each directory\n that you intend to watch. This quickly results in too many\n open files and pins removable media, preventing unmount.\n * dnotify is directory-based. You only learn about changes to\n directories. Sure, a change to a file in a directory affects\n the directory, but you are then forced to keep a cache of\n stat structures.\n * dnotify\u0027s interface to user-space is awful. Signals?\n\ninotify provides a more usable, simple, powerful solution to file change\nnotification:\n\n * inotify\u0027s interface is a system call that returns a fd, not SIGIO.\n\t You get a single fd, which is select()-able.\n * inotify has an event that says \"the filesystem that the item\n you were watching is on was unmounted.\"\n * inotify can watch directories or files.\n\nInotify is currently used by Beagle (a desktop search infrastructure),\nGamin (a FAM replacement), and other projects.\n\nSee Documentation/filesystems/inotify.txt.\n\nSigned-off-by: Robert Love \u003crml@novell.com\u003e\nCc: John McCutchan \u003cttb@tentacle.dhs.org\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "ceffc078528befc008c6f2c2c4decda79eabd534", "tree": "a289e10162bdef0c0d9f6533f1a647b0fe1ed7a9", "parents": [ "420edbcc09008342c7b2665453f6b370739aadb0" ], "author": { "name": "Carsten Otte", "email": "cotte@de.ibm.com", "time": "Thu Jun 23 22:05:25 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Fri Jun 24 00:06:41 2005 -0700" }, "message": "[PATCH] xip: fs/mm: execute in place\n\n- generic_file* file operations do no longer have a xip/non-xip split\n- filemap_xip.c implements a new set of fops that require get_xip_page\n aop to work proper. all new fops are exported GPL-only (don\u0027t like to\n see whatever code use those except GPL modules)\n- __xip_unmap now uses page_check_address, which is no longer static\n in rmap.c, and defined in linux/rmap.h\n- mm/filemap.h is now much more clean, plainly having just Linus\u0027\n inline funcs moved here from filemap.c\n- fix includes in filemap_xip to make it build cleanly on i386\n\nSigned-off-by: Carsten Otte \u003ccotte@de.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "fed2fc18a4567d613cd35115322257c6c6c710e9", "tree": "937d8584966661b72cd7f71a6a6e4f0b97350760", "parents": [ "64ccd715d3cf498318b14b646ce5f97e7ab15bb5" ], "author": { "name": "Telemaque Ndizihiwe", "email": "telendiz@eircom.net", "time": "Thu Jun 23 00:10:33 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Thu Jun 23 09:45:36 2005 -0700" }, "message": "[PATCH] sys_open() cleanup\n\nClean up tortured logic in sys_open().\n\nSigned-off-by: Telemaque Ndizihiwe \u003ctelendiz@eircom.net\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "45778ca819accab1a4a3378b3566cab0f189164f", "tree": "9214491346c8d2d91eb1a11cb6c2e6a9387e4290", "parents": [ "280dedb8d64ccfe1166ae03d3b254fc3b65de6a5" ], "author": { "name": "Christoph Lameter", "email": "christoph@graphe.net", "time": "Thu Jun 23 00:10:17 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Thu Jun 23 09:45:33 2005 -0700" }, "message": "[PATCH] Remove f_error field from struct file\n\nThe following patch removes the f_error field and all checks of f_error.\n\nTrond said:\n\n f_error was introduced for NFS, and made sense when we were guaranteed\n always to have a file pointer around when write errors occurred. Since\n then, we have (for various reasons) had to introduce the nfs_open_context in\n order to track the file read/write state, and it made sense to move our\n f_error tracking there too.\n\nSigned-off-by: Christoph Lameter \u003cchristoph@lameter.com\u003e\nAcked-by: Trond Myklebust \u003ctrond.myklebust@fys.uio.no\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "ef3daeda7b58f046f94b26637d500354038d39f4", "tree": "acce3fb6a4ef5fa5c4e6962490d6f0db434fbad3", "parents": [ "44e58a6a0bd604f46be9d808408a1cd880cc9b19" ], "author": { "name": "Yoav Zach", "email": "yoav_zach@yahoo.com", "time": "Thu Jun 23 00:09:58 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Thu Jun 23 09:45:28 2005 -0700" }, "message": "[PATCH] Don\u0027t force O_LARGEFILE for 32 bit processes on ia64\n\nIn ia64 kernel, the O_LARGEFILE flag is forced when opening a file. This\nis problematic for execution of 32 bit processes, which are not largefile\naware, either by SW emulation or by HW execution.\n\nFor such processes, the problem is two-fold:\n\n1) When trying to open a file that is larger than 4G\n the operation should fail, but it\u0027s not\n2) Writing to offset larger than 4G should fail, but\n it\u0027s not\n\nThe proposed patch takes advantage of the way 32 bit processes are\nidentified in ia64 systems. Such processes have PER_LINUX32 for their\npersonality. With the patch, the ia64 kernel will not enforce the\nO_LARGEFILE flag if the current process has PER_LINUX32 set. The behavior\nfor all other architectures remains unchanged.\n\nSigned-off-by: Yoav Zach \u003cyoav.zach@intel.com\u003e\nAcked-by: Tony Luck \u003ctony.luck@intel.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "tree": "0bba044c4ce775e45a88a51686b5d9f90697ea9d", "parents": [], "author": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "message": "Linux-2.6.12-rc2\n\nInitial git repository build. I\u0027m not bothering with the full history,\neven though we have it. We can create a separate \"historical\" git\narchive of that later if we want to, and in the meantime it\u0027s about\n3.2GB when imported into git - space that would just make the early\ngit days unnecessarily complicated, when we don\u0027t have a lot of good\ninfrastructure for it.\n\nLet it rip!\n" } ] }