- 28 Oct, 2010 40 commits
-
-
Stefan Hajnoczi authored
The comments for FAN_CLOSE_WRITE and FAN_CLOSE_NOWRITE do not match FS_CLOSE_WRITE and FS_CLOSE_NOWRITE, respectively. WRITE is for writable files while NOWRITE is for non-writable files. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Eric Paris <eparis@redhat.com>
-
Eric Paris authored
If fanotify sets a new bit in the ignored mask it will cause the generic fsnotify layer to recalculate the real mask. This is stupid since we didn't change that part. Signed-off-by: Eric Paris <eparis@redhat.com>
-
Eric Paris authored
fanotify has a very limited number of events it sends on directories. The usefulness of these events is yet to be seen and still we send them. This is particularly painful for mount marks where one might receive many of these useless events. As such this patch will drop events on IS_DIR() inodes unless they were explictly requested with FAN_ON_DIR. This means that a mark on a directory without FAN_EVENT_ON_CHILD or FAN_ON_DIR is meaningless and will result in no events ever (although it will still be allowed since detecting it is hard) Signed-off-by: Eric Paris <eparis@redhat.com>
-
Eric Paris authored
The _IN_ in the naming is reserved for flags only used by inotify. Since I am about to use this flag for fanotify rename it to be generic like the rest. Signed-off-by: Eric Paris <eparis@redhat.com>
-
Eric Paris authored
fanotify_should_send_event has a test to see if an object is a file or directory and does not send an event otherwise. The problem is that the test is actually checking if the object with a mark is a file or directory, not if the object the event happened on is a file or directory. We should check the latter. Signed-off-by: Eric Paris <eparis@redhat.com>
-
Eric Paris authored
fanotify currently has no limit on the number of listeners a given user can have open. This patch limits the total number of listeners per user to 128. This is the same as the inotify default limit. Signed-off-by: Eric Paris <eparis@redhat.com>
-
Eric Paris authored
Some fanotify groups, especially those like AV scanners, will need to place lots of marks, particularly ignore marks. Since ignore marks do not pin inodes in cache and are cleared if the inode is removed from core (usually under memory pressure) we expose an interface for listeners, with CAP_SYS_ADMIN, to override the maximum number of marks and be allowed to set and 'unlimited' number of marks. Programs which make use of this feature will be able to OOM a machine. Signed-off-by: Eric Paris <eparis@redhat.com>
-
Eric Paris authored
There is currently no limit on the number of marks a given fanotify group can have. Since fanotify is gated on CAP_SYS_ADMIN this was not seen as a serious DoS threat. This patch implements a default of 8192, the same as inotify to work towards removing the CAP_SYS_ADMIN gating and eliminating the default DoS'able status. Signed-off-by: Eric Paris <eparis@redhat.com>
-
Eric Paris authored
fanotify has a defualt max queue depth. This patch allows processes which explicitly request it to have an 'unlimited' queue depth. These processes need to be very careful to make sure they cannot fall far enough behind that they OOM the box. Thus this flag is gated on CAP_SYS_ADMIN. Signed-off-by: Eric Paris <eparis@redhat.com>
-
Eric Paris authored
Currently fanotify has no maximum queue depth. Since fanotify is CAP_SYS_ADMIN only this does not pose a normal user DoS issue, but it certianly is possible that an fanotify listener which can't keep up could OOM the box. This patch implements a default 16k depth. This is the same default depth used by inotify, but given fanotify's better queue merging in many situations this queue will contain many additional useful events by comparison. Signed-off-by: Eric Paris <eparis@redhat.com>
-
Eric Paris authored
fanotify will clear ignore marks if a task changes the contents of an inode. The problem is with the races around when userspace finishes checking a file and when that result is actually attached to the inode. This race was described as such: Consider the following scenario with hostile processes A and B, and victim process C: 1. Process A opens new file for writing. File check request is generated. 2. File check is performed in userspace. Check result is "file has no malware". 3. The "permit" response is delivered to kernel space. 4. File ignored mark set. 5. Process A writes dummy bytes to the file. File ignored flags are cleared. 6. Process B opens the same file for reading. File check request is generated. 7. File check is performed in userspace. Check result is "file has no malware". 8. Process A writes malware bytes to the file. There is no cached response yet. 9. The "permit" response is delivered to kernel space and is cached in fanotify. 10. File ignored mark set. 11. Now any process C will be permitted to open the malware file. There is a race between steps 8 and 10 While fanotify makes no strong guarantees about systems with hostile processes there is no reason we cannot harden against this race. We do that by simply ignoring any ignore marks if the inode has open writers (aka i_writecount > 0). (We actually do not ignore ignore marks if the FAN_MARK_SURV_MODIFY flag is set) Reported-by: Vasily Novikov <vasily.novikov@kaspersky.com> Signed-off-by: Eric Paris <eparis@redhat.com>
-
Eric Paris authored
fanotify is supposed to be able to flush all marks. This is mostly useful for the AV community to flush all cached decisions on a security policy change. This functionality has existed in the kernel but wasn't correctly exposed to userspace. Signed-off-by: Eric Paris <eparis@redhat.com>
-
Eric Paris authored
fsnotify perm events do not call fsnotify parent. That means you cannot register a perm event on a directory and enforce permissions on all inodes in that directory. This patch fixes that situation. Signed-off-by: Eric Paris <eparis@redhat.com>
-
Eric Paris authored
When fsnotify groups return errors they are ignored. For permissions events these should be passed back up the stack, but for most events these should continue to be ignored. Signed-off-by: Eric Paris <eparis@redhat.com>
-
Eric Paris authored
Currently the userspace struct exposed by fanotify uses __attribute__((packed)) to make sure that alignment works on multiarch platforms. Since this causes a severe performance penalty on some platforms we are going to switch to using explicit alignment notation on the 64bit values so we don't have to use 'packed' Signed-off-by: Eric Paris <eparis@redhat.com>
-
Eric Paris authored
The fanotify listeners needs to be able to specify what types of operations they are going to perform so they can be ordered appropriately between other listeners doing other types of operations. They need this to be able to make sure that things like hierarchichal storage managers will get access to inodes before processes which need the data. This patch defines 3 possible uses which groups must indicate in the fanotify_init() flags. FAN_CLASS_PRE_CONTENT FAN_CLASS_CONTENT FAN_CLASS_NOTIF Groups will receive notification in that order. The order between 2 groups in the same class is undeterministic. FAN_CLASS_PRE_CONTENT is intended to be used by listeners which need access to the inode before they are certain that the inode contains it's final data. A hierarchical storage manager should choose to use this class. FAN_CLASS_CONTENT is intended to be used by listeners which need access to the inode after it contains its intended contents. This would be the appropriate level for an AV solution or document control system. FAN_CLASS_NOTIF is intended for normal async notification about access, much the same as inotify and dnotify. Syncronous permissions events are not permitted at this class. Signed-off-by: Eric Paris <eparis@redhat.com>
-
Eric Paris authored
fanotify needs to be able to specify that some groups get events before others. They use this idea to make sure that a hierarchical storage manager gets access to files before programs which actually use them. This is purely infrastructure. Everything will have a priority of 0, but the infrastructure will exist for it to be non-zero. Signed-off-by: Eric Paris <eparis@redhat.com>
-
Eric Paris authored
We disabled the ability to build fanotify in commit 7c534773. This reverts that commit and allows people to build fanotify. Signed-off-by: Eric Paris <eparis@redhat.com>
-
Linus Torvalds authored
Merge branch 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: x86: Move olpc to platform x86: Move uv to platform x86: Move mrst to platform x86: Move scx200 to platform x86: Move visws to platform x86: Move efi to platform x86: Move sfi to platform x86: Add platform directory
-
git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/stagingLinus Torvalds authored
* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging: (68 commits) hwmon: (it87) Add support for the IT8721F/IT8758E hwmon: (it87) Move conversion functions hwmon: Remove many EXPERIMENTAL flags hwmon: (lm85) Add support for ADT7468 high-frequency PWM mode hwmon: (lm85) Document the ADT7468 as supported hwmon: (lm85) Fix ADT7468 frequency table hwmon: I2C addresses are constant Move ams driver to macintosh hwmon: (pcf8591) Don't attempt to detect devices hwmon: (pcf8591) Register as a hwmon device hwmon: (w83795) Use standard attributes for chassis intrusion hwmon: (w83795) Exclude fan control feature by default hwmon: (w83795) Add myself as co-author and maintainer hwmon: (w83795) More style cleanups hwmon: (w83795) Fix LSB reading of voltage limits hwmon: (w83795) Use dev_get_drvdata() where possible hwmon: (w83795) Delay reading pwm config registers hwmon: (w83795) Delay reading limit registers hwmon: (w83795) Move register reads to dedicated functions hwmon: (w83795) Pack similar register reads ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6: (841 commits) Staging: brcm80211: fix usage of roundup in structures Staging: bcm: fix up network device reference counting Staging: keucr: fix up US_ macro change staging: brcm80211: brcmfmac: Removed codeversion from firmware filenames. staging: brcm80211: Remove unnecessary header files. staging: brcm80211: Remove unnecessary includes from bcmutils.c staging: brcm80211: Removed unnecessary pktsetprio() function. Staging: brcm80211: remove typedefs.h Staging: brcm80211: remove uintptr typedef usage Staging: hv: remove struct vmbus_channel_interface Staging: hv: remove Open from struct vmbus_channel_interface Staging: hv: storvsc: call vmbus_open directly Staging: hv: netvsc: call vmbus_open directly Staging: hv: channel: export vmbus_open to modules Staging: hv: remove Close from struct vmbus_channel_interface Staging: hv: netvsc: call vmbus_close directly Staging: hv: storvsc: call vmbus_close directly Staging: hv: channel: export vmbus_close to modules Staging: hv: remove SendPacket from struct vmbus_channel_interface Staging: hv: storvsc: call vmbus_sendpacket directly ... Fix up conflicts in drivers/staging/cx25821/cx25821-audio-upstream.c drivers/staging/cx25821/cx25821-audio.h due to warring whitespace cleanups (neither of which were all that great)
-
git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6: (32 commits) sh: intc: switch irq_desc iteration to new active IRQ iterator. sh: fix up cpu hotplug IRQ migration for irq_data changes. sh: oprofile: Make sure the backtrace op is available for timer-fallback. sh64: oprofile: Fix up kernel stack pointer size mismatch. sh: oprofile: Fix up and extend op_name_from_perf_id(). sh: lockless get_user_pages_fast() sh64: _PAGE_SPECIAL support. sound: sh: ctrl_in/outX to __raw_read/writeX conversion. sh: disable deprecated genirq support. sh: update show_interrupts() for irq_data chip lookup. sh: intc: irq_data conversion. sh64: irq_data conversion. sh64: update for IRQ flag handling naming changes. rtc: rtc-rs5c313: ctrl_in/outX to __raw_read/writeX conversion. sh: mach-se: irq_data conversion. input: hp680_ts_input: ctrl_in/outX to __raw_read/writeX conversion. input: jornada680_kbd: ctrl_in/outX to __raw_read/writeX conversion. sh: hd64461: irq_data conversion. sh: mach-x3proto: irq_data conversion. sh: mach-systemh: irq_data conversion. ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6Linus Torvalds authored
* 'linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6: (27 commits) x86: allocate space within a region top-down x86: update iomem_resource end based on CPU physical address capabilities x86/PCI: allocate space from the end of a region, not the beginning PCI: allocate bus resources from the top down resources: support allocating space within a region from the top down resources: handle overflow when aligning start of available area resources: ensure callback doesn't allocate outside available space resources: factor out resource_clip() to simplify find_resource() resources: add a default alignf to simplify find_resource() x86/PCI: MMCONFIG: fix region end calculation PCI: Add support for polling PME state on suspended legacy PCI devices PCI: Export some PCI PM functionality PCI: fix message typo PCI: log vendor/device ID always PCI: update Intel chipset names and defines PCI: use new ccflags variable in Makefile PCI: add PCI_MSIX_TABLE/PBA defines PCI: add PCI vendor id for STmicroelectronics x86/PCI: irq and pci_ids patch for Intel Patsburg DeviceIDs PCI: OLPC: Only enable PCI configuration type override on XO-1 ...
-
Jean Delvare authored
Add support for the IT8721F/IT8758E. These new chips differ from the older IT87xxF chips in the following ways: * ADC LSB is 12 mV instead of 16 mV. * PWM values are 8-bit instead of 7-bit. There are other minor changes we don't have to care about in the driver. Another change is that we will handle internal voltage scaling in the driver instead of delegating the work to user-space. Signed-off-by: Jean Delvare <khali@linux-fr.org>
-
Jean Delvare authored
Move conversion functions until after structure defintions. This is needed for future changes which make use of the structures in the conversion funtcions. Signed-off-by: Jean Delvare <khali@linux-fr.org>
-
Jean Delvare authored
Remove the dependency on EXPERIMENTAL for all drivers which are in the kernel tree for a long time, are known to work properly and for which we have documentation. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Corentin Labbe <corentin.labbe@geomatys.fr> Cc: Riku Voipio <riku.voipio@iki.fi> Cc: Juerg Haefliger <juergh@gmail.com> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
-
Jean Delvare authored
The ADT7468 supports a high-frequency PWM output mode where all PWM outputs are driven by a 22.5 kHz clock. Add support for this mode, and document it, as it may surprise the user that setting one PWM output frequency also affects the other PWM outputs. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Darrick J. Wong <djwong@us.ibm.com> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
-
Jean Delvare authored
Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Darrick J. Wong <djwong@us.ibm.com> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
-
Jean Delvare authored
The ADT7468 uses the same frequency table as the ADT7463. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: stable@kernel.org Cc: Darrick J. Wong <djwong@us.ibm.com> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
-
Jean Delvare authored
We can mark normal_i2c const. Almost all drivers do that already, so fix the 3 remaining ones before they are used as (bad) examples for new drivers. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: George Joseph <george.joseph@fairview5.com> Reviewed-by: Guenter Roeck <guenter.roeck@ericsson.com>
-
Jean Delvare authored
The ams driver isn't a hardware monitoring driver, so it shouldn't live under driver/hwmon. drivers/macintosh seems much more appropriate, as the driver is only useful on PowerBooks and iBooks. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Guenter Roeck <guenter.roeck@ericsson.com> Cc: Stelian Pop <stelian@popies.net> Cc: Michael Hanselmann <linux-kernel@hansmi.ch> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Grant Likely <grant.likely@secretlab.ca>
-
Jean Delvare authored
The PCF8591 can't be detected, don't even try. There are plenty of other means to instantiate i2c devices these days. Signed-off-by: Jean Delvare <khali@linux-fr.org> Reviewed-by: Guenter Roeck <guenter.roeck@ericsson.com> Cc: Aurelien Jarno <aurelien@aurel32.net>
-
Jean Delvare authored
Register PCF8591 devices as hwmon devices. There's little point in implementing the standard sysfs interface if we don't register it in a way libsensors will pick it. Signed-off-by: Jean Delvare <khali@linux-fr.org> Reviewed-by: Guenter Roeck <guenter.roeck@ericsson.com> Cc: Aurelien Jarno <aurelien@aurel32.net>
-
Jean Delvare authored
Follow the standard attribute naming for the chassis intrusion feature. I couldn't test the beeping (my board apparently doesn't do that) but the alarm works fine. Signed-off-by: Jean Delvare <khali@linux-fr.org> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
-
Jean Delvare authored
The fan control feature of the w83795 driver is insufficiently reviewed and tested for public consumption at this time, so make it optional and disabled by default. We will change the default when review and testing is deemed sufficient. Ultimately the option will go away. Signed-off-by: Jean Delvare <khali@linux-fr.org> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
-
Jean Delvare authored
I've made so many changes to the w83795 driver that it's only fair to list myself as a co-author. I'll also maintain the driver for some time. There's more work needed on the driver for sure. Signed-off-by: Jean Delvare <khali@linux-fr.org> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
-
Jean Delvare authored
Cleanups suggested by Guenter Roeck, falling into 4 categories: * Swapping test orders, because if (var == CONSTANT) is much easier to read than if (CONSTANT == var). * Simplifying comparisons with 0. * Dropping unneeded masks. * Dropping unneeded parentheses and curly braces. Signed-off-by: Jean Delvare <khali@linux-fr.org> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
-
Jean Delvare authored
Wrong index caused the wrong register value to be read, resulting in random LSB for voltage limits. Signed-off-by: Jean Delvare <khali@linux-fr.org>
-
Jean Delvare authored
When we don't need the client pointer, calling dev_get_drvdata() is more efficient that calling to_i2c_client() and then i2c_get_clientdata(). Signed-off-by: Jean Delvare <khali@linux-fr.org>
-
Jean Delvare authored
Wait until we need the pwm config register values, instead of pre-reading them. This saves over 1 second on modprobe on my test system. Obviously this time is added when first accessing pwm config attributes, however not everybody will use them, so it seems unfair to slow down driver loading (and thus boot) for an optional feature. Signed-off-by: Jean Delvare <khali@linux-fr.org>
-