1. 02 Sep, 2016 24 commits
  2. 01 Sep, 2016 15 commits
    • Linus Torvalds's avatar
      Merge branch 'stable-4.8' of git://git.infradead.org/users/pcmoore/audit · 511a8cdb
      Linus Torvalds authored
      Pull audit fixes from Paul Moore:
       "Two small patches to fix some bugs with the audit-by-executable
        functionality we introduced back in v4.3 (both patches are marked
        for the stable folks)"
      
      * 'stable-4.8' of git://git.infradead.org/users/pcmoore/audit:
        audit: fix exe_file access in audit_exe_compare
        mm: introduce get_task_exe_file
      511a8cdb
    • Linus Torvalds's avatar
      Merge tag 'xfs-iomap-for-linus-4.8-rc5' of... · 7d1ce606
      Linus Torvalds authored
      Merge tag 'xfs-iomap-for-linus-4.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs
      
      Pull xfs and iomap fixes from Dave Chinner:
       "Most of these changes are small regression fixes that address problems
        introduced in the 4.8-rc1 window.  The two fixes that aren't (IO
        completion fix and superblock inprogress check) are fixes for problems
        introduced some time ago and need to be pushed back to stable kernels.
      
        Changes in this update:
         - iomap FIEMAP_EXTENT_MERGED usage fix
         - additional mount-time feature restrictions
         - rmap btree query fixes
         - freeze/unmount io completion workqueue fix
         - memory corruption fix for deferred operations handling"
      
      * tag 'xfs-iomap-for-linus-4.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs:
        xfs: track log done items directly in the deferred pending work item
        iomap: don't set FIEMAP_EXTENT_MERGED for extent based filesystems
        xfs: prevent dropping ioend completions during buftarg wait
        xfs: fix superblock inprogress check
        xfs: simple btree query range should look right if LE lookup fails
        xfs: fix some key handling problems in _btree_simple_query_range
        xfs: don't log the entire end of the AGF
        xfs: disallow mounting of realtime + rmap filesystems
        xfs: don't perform lookups on zero-height btrees
      7d1ce606
    • Miklos Szeredi's avatar
      ovl: update doc · 026e5e0c
      Miklos Szeredi authored
      Some of the documented quirks no longer apply.
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      026e5e0c
    • Miklos Szeredi's avatar
      ovl: listxattr: use strnlen() · 7cb35119
      Miklos Szeredi authored
      Be defensive about what underlying fs provides us in the returned xattr
      list buffer.  If it's not properly null terminated, bail out with a warning
      insead of BUG.
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      Cc: <stable@vger.kernel.org>
      7cb35119
    • Andreas Gruenbacher's avatar
      ovl: Switch to generic_getxattr · 0eb45fc3
      Andreas Gruenbacher authored
      Now that overlayfs has xattr handlers for iop->{set,remove}xattr, use
      those same handlers for iop->getxattr as well.
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      0eb45fc3
    • Miklos Szeredi's avatar
      ovl: copyattr after setting POSIX ACL · ce31513a
      Miklos Szeredi authored
      Setting POSIX acl may also modify the file mode, so need to copy that up to
      the overlay inode.
      Reported-by: default avatarEryu Guan <eguan@redhat.com>
      Fixes: d837a49b ("ovl: fix POSIX ACL setting")
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      ce31513a
    • Andreas Gruenbacher's avatar
      ovl: Switch to generic_removexattr · 0e585ccc
      Andreas Gruenbacher authored
      Commit d837a49b ("ovl: fix POSIX ACL setting") switches from
      iop->setxattr from ovl_setxattr to generic_setxattr, so switch from
      ovl_removexattr to generic_removexattr as well.  As far as permission
      checking goes, the same rules should apply in either case.
      
      While doing that, rename ovl_setxattr to ovl_xattr_set to indicate that
      this is not an iop->setxattr implementation and remove the unused inode
      argument.
      
      Move ovl_other_xattr_set above ovl_own_xattr_set so that they match the
      order of handlers in ovl_xattr_handlers.
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      Fixes: d837a49b ("ovl: fix POSIX ACL setting")
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      0e585ccc
    • Andreas Gruenbacher's avatar
      ovl: Get rid of ovl_xattr_noacl_handlers array · 0c97be22
      Andreas Gruenbacher authored
      Use an ordinary #ifdef to conditionally include the POSIX ACL handlers
      in ovl_xattr_handlers, like the other filesystems do.  Flag the code
      that is now only used conditionally with __maybe_unused.
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      0c97be22
    • Andreas Gruenbacher's avatar
      ovl: Fix OVL_XATTR_PREFIX · fe2b7595
      Andreas Gruenbacher authored
      Make sure ovl_own_xattr_handler only matches attribute names starting
      with "overlay.", not "overlayXXX".
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      Fixes: d837a49b ("ovl: fix POSIX ACL setting")
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      fe2b7595
    • Colin Ian King's avatar
      ovl: fix spelling mistake: "directries" -> "directories" · fd36570a
      Colin Ian King authored
      Trivial fix to spelling mistake in pr_err message.
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      fd36570a
    • Miklos Szeredi's avatar
      ovl: don't cache acl on overlay layer · 2a3a2a3f
      Miklos Szeredi authored
      Some operations (setxattr/chmod) can make the cached acl stale.  We either
      need to clear overlay's acl cache for the affected inode or prevent acl
      caching on the overlay altogether.  Preventing caching has the following
      advantages:
      
       - no double caching, less memory used
      
       - overlay cache doesn't go stale when fs clears it's own cache
      
      Possible disadvantage is performance loss.  If that becomes a problem
      get_acl() can be optimized for overlayfs.
      
      This patch disables caching by pre setting i_*acl to a value that
      
        - has bit 0 set, so is_uncached_acl() will return true
      
        - is not equal to ACL_NOT_CACHED, so get_acl() will not overwrite it
      
      The constant -3 was chosen for this purpose.
      
      Fixes: 39a25b2b ("ovl: define ->get_acl() for overlay inodes")
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      2a3a2a3f
    • Miklos Szeredi's avatar
      ovl: use cached acl on underlying layer · 5201dc44
      Miklos Szeredi authored
      Instead of calling ->get_acl() directly, use get_acl() to get the cached
      value.
      
      We will have the acl cached on the underlying inode anyway, because we do
      permission checking on the both the overlay and the underlying fs.
      
      So, since we already have double caching, this improves performance without
      any cost.
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      5201dc44
    • Miklos Szeredi's avatar
      ovl: proper cleanup of workdir · eea2fb48
      Miklos Szeredi authored
      When mounting overlayfs it needs a clean "work" directory under the
      supplied workdir.
      
      Previously the mount code removed this directory if it already existed and
      created a new one.  If the removal failed (e.g. directory was not empty)
      then it fell back to a read-only mount not using the workdir.
      
      While this has never been reported, it is possible to get a non-empty
      "work" dir from a previous mount of overlayfs in case of crash in the
      middle of an operation using the work directory.
      
      In this case the left over state should be discarded and the overlay
      filesystem will be consistent, guaranteed by the atomicity of operations on
      moving to/from the workdir to the upper layer.
      
      This patch implements cleaning out any files left in workdir.  It is
      implemented using real recursion for simplicity, but the depth is limited
      to 2, because the worst case is that of a directory containing whiteouts
      under "work".
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      Cc: <stable@vger.kernel.org>
      eea2fb48
    • Miklos Szeredi's avatar
      ovl: remove posix_acl_default from workdir · c11b9fdd
      Miklos Szeredi authored
      Clear out posix acl xattrs on workdir and also reset the mode after
      creation so that an inherited sgid bit is cleared.
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      Cc: <stable@vger.kernel.org>
      c11b9fdd
    • Miklos Szeredi's avatar
      ovl: handle umask and posix_acl_default correctly on creation · 38b25697
      Miklos Szeredi authored
      Setting MS_POSIXACL in sb->s_flags has the side effect of passing mode to
      create functions without masking against umask.
      
      Another problem when creating over a whiteout is that the default posix acl
      is not inherited from the parent dir (because the real parent dir at the
      time of creation is the work directory).
      
      Fix these problems by:
      
       a) If upper fs does not have MS_POSIXACL, then mask mode with umask.
      
       b) If creating over a whiteout, call posix_acl_create() to get the
       inherited acls.  After creation (but before moving to the final
       destination) set these acls on the created file.  posix_acl_create() also
       updates the file creation mode as appropriate.
      
      Fixes: 39a25b2b ("ovl: define ->get_acl() for overlay inodes")
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      38b25697
  3. 31 Aug, 2016 1 commit