Commit 46c5450c authored by Dave Kleikamp's avatar Dave Kleikamp

Merge bk://linux.bkbits.net/linux-2.5

into bkbits.net:/repos/j/jfs/linux-2.5
parents 5c4ac43f b4895584
...@@ -266,6 +266,18 @@ config JFS_POSIX_ACL ...@@ -266,6 +266,18 @@ config JFS_POSIX_ACL
If you don't know what Access Control Lists are, say N If you don't know what Access Control Lists are, say N
config JFS_SECURITY
bool "JFS Security Labels"
depends on JFS_FS
help
Security labels support alternative access control models
implemented by security modules like SELinux. This option
enables an extended attribute handler for file security
labels in the jfs filesystem.
If you are not using a security module that requires using
extended attributes for file security labels, say N.
config JFS_DEBUG config JFS_DEBUG
bool "JFS debugging" bool "JFS debugging"
depends on JFS_FS depends on JFS_FS
......
...@@ -81,8 +81,7 @@ int jfs_commit_inode(struct inode *inode, int wait) ...@@ -81,8 +81,7 @@ int jfs_commit_inode(struct inode *inode, int wait)
* Don't commit if inode has been committed since last being * Don't commit if inode has been committed since last being
* marked dirty, or if it has been deleted. * marked dirty, or if it has been deleted.
*/ */
if (test_cflag(COMMIT_Nolink, inode) || if (inode->i_nlink == 0 || !test_cflag(COMMIT_Dirty, inode))
!test_cflag(COMMIT_Dirty, inode))
return 0; return 0;
if (isReadOnly(inode)) { if (isReadOnly(inode)) {
...@@ -100,7 +99,13 @@ int jfs_commit_inode(struct inode *inode, int wait) ...@@ -100,7 +99,13 @@ int jfs_commit_inode(struct inode *inode, int wait)
tid = txBegin(inode->i_sb, COMMIT_INODE); tid = txBegin(inode->i_sb, COMMIT_INODE);
down(&JFS_IP(inode)->commit_sem); down(&JFS_IP(inode)->commit_sem);
/*
* Retest inode state after taking commit_sem
*/
if (inode->i_nlink && test_cflag(COMMIT_Dirty, inode))
rc = txCommit(tid, 1, &inode, wait ? COMMIT_SYNC : 0); rc = txCommit(tid, 1, &inode, wait ? COMMIT_SYNC : 0);
txEnd(tid); txEnd(tid);
up(&JFS_IP(inode)->commit_sem); up(&JFS_IP(inode)->commit_sem);
return rc; return rc;
......
/*
* Copyright (c) International Business Machines Corp., 2000-2001
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
* the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef _H_JFS_DEFRAGFS
#define _H_JFS_DEFRAGFS
/*
* defragfs parameter list
*/
struct defragfs {
uint flag; /* 4: */
u8 dev; /* 1: */
u8 pad[3]; /* 3: */
s32 fileset; /* 4: */
u32 inostamp; /* 4: */
u32 ino; /* 4: */
u32 gen; /* 4: */
s64 xoff; /* 8: */
s64 old_xaddr; /* 8: */
s64 new_xaddr; /* 8: */
s32 xlen; /* 4: */
};
/* plist flag */
#define DEFRAGFS_SYNC 0x80000000
#define DEFRAGFS_COMMIT 0x40000000
#define DEFRAGFS_RELOCATE 0x10000000
#define INODE_TYPE 0x0000F000 /* IFREG or IFDIR */
#define EXTENT_TYPE 0x000000ff
#define DTPAGE 0x00000001
#define XTPAGE 0x00000002
#define DATAEXT 0x00000004
#define EAEXT 0x00000008
#endif /* _H_JFS_DEFRAGFS */
...@@ -2604,6 +2604,12 @@ diNewIAG(struct inomap * imap, int *iagnop, int agno, struct metapage ** mpp) ...@@ -2604,6 +2604,12 @@ diNewIAG(struct inomap * imap, int *iagnop, int agno, struct metapage ** mpp)
for (i = 0; i < SMAPSZ; i++) for (i = 0; i < SMAPSZ; i++)
iagp->inosmap[i] = cpu_to_le32(ONES); iagp->inosmap[i] = cpu_to_le32(ONES);
/*
* Invalidate the page after writing and syncing it.
* After it's initialized, we access it in a different
* address space
*/
set_bit(META_discard, &mp->flag);
flush_metapage(mp); flush_metapage(mp);
/* /*
......
...@@ -980,11 +980,15 @@ static int lmLogSync(struct jfs_log * log, int nosyncwait) ...@@ -980,11 +980,15 @@ static int lmLogSync(struct jfs_log * log, int nosyncwait)
* actually make it to disk * actually make it to disk
*/ */
list_for_each_entry(sbi, &log->sb_list, log_list) { list_for_each_entry(sbi, &log->sb_list, log_list) {
if (sbi->flag & JFS_NOINTEGRITY)
continue;
filemap_fdatawrite(sbi->ipbmap->i_mapping); filemap_fdatawrite(sbi->ipbmap->i_mapping);
filemap_fdatawrite(sbi->ipimap->i_mapping); filemap_fdatawrite(sbi->ipimap->i_mapping);
filemap_fdatawrite(sbi->sb->s_bdev->bd_inode->i_mapping); filemap_fdatawrite(sbi->sb->s_bdev->bd_inode->i_mapping);
} }
list_for_each_entry(sbi, &log->sb_list, log_list) { list_for_each_entry(sbi, &log->sb_list, log_list) {
if (sbi->flag & JFS_NOINTEGRITY)
continue;
filemap_fdatawait(sbi->ipbmap->i_mapping); filemap_fdatawait(sbi->ipbmap->i_mapping);
filemap_fdatawait(sbi->ipimap->i_mapping); filemap_fdatawait(sbi->ipimap->i_mapping);
filemap_fdatawait(sbi->sb->s_bdev->bd_inode->i_mapping); filemap_fdatawait(sbi->sb->s_bdev->bd_inode->i_mapping);
......
...@@ -396,14 +396,6 @@ static void __write_metapage(struct metapage * mp) ...@@ -396,14 +396,6 @@ static void __write_metapage(struct metapage * mp)
jfs_info("__write_metapage: mp = 0x%p", mp); jfs_info("__write_metapage: mp = 0x%p", mp);
if (test_bit(META_discard, &mp->flag)) {
/*
* This metadata is no longer valid
*/
clear_bit(META_dirty, &mp->flag);
return;
}
page_index = mp->page->index; page_index = mp->page->index;
page_offset = page_offset =
(mp->index - (page_index << l2BlocksPerPage)) << l2bsize; (mp->index - (page_index << l2BlocksPerPage)) << l2bsize;
...@@ -549,6 +541,7 @@ void __invalidate_metapages(struct inode *ip, s64 addr, int len) ...@@ -549,6 +541,7 @@ void __invalidate_metapages(struct inode *ip, s64 addr, int len)
goto again; goto again;
} }
clear_bit(META_dirty, &mp->flag);
set_bit(META_discard, &mp->flag); set_bit(META_discard, &mp->flag);
spin_unlock(&meta_lock); spin_unlock(&meta_lock);
} else { } else {
......
...@@ -91,6 +91,12 @@ struct ea_buffer { ...@@ -91,6 +91,12 @@ struct ea_buffer {
#define XATTR_OS2_PREFIX "os2." #define XATTR_OS2_PREFIX "os2."
#define XATTR_OS2_PREFIX_LEN (sizeof (XATTR_OS2_PREFIX) - 1) #define XATTR_OS2_PREFIX_LEN (sizeof (XATTR_OS2_PREFIX) - 1)
/* XATTR_SECURITY_PREFIX is defined in include/linux/xattr.h */
#define XATTR_SECURITY_PREFIX_LEN (sizeof (XATTR_SECURITY_PREFIX) - 1)
#define XATTR_TRUSTED_PREFIX "trusted."
#define XATTR_TRUSTED_PREFIX_LEN (sizeof (XATTR_TRUSTED_PREFIX) - 1)
/* /*
* These three routines are used to recognize on-disk extended attributes * These three routines are used to recognize on-disk extended attributes
* that are in a recognized namespace. If the attribute is not recognized, * that are in a recognized namespace. If the attribute is not recognized,
...@@ -110,6 +116,19 @@ static inline int is_os2_xattr(struct jfs_ea *ea) ...@@ -110,6 +116,19 @@ static inline int is_os2_xattr(struct jfs_ea *ea)
if ((ea->namelen >= XATTR_USER_PREFIX_LEN) && if ((ea->namelen >= XATTR_USER_PREFIX_LEN) &&
!strncmp(ea->name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) !strncmp(ea->name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN))
return FALSE; return FALSE;
/*
* Check for "security."
*/
if ((ea->namelen >= XATTR_SECURITY_PREFIX_LEN) &&
!strncmp(ea->name, XATTR_SECURITY_PREFIX,
XATTR_SECURITY_PREFIX_LEN))
return FALSE;
/*
* Check for "trusted."
*/
if ((ea->namelen >= XATTR_TRUSTED_PREFIX_LEN) &&
!strncmp(ea->name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN))
return FALSE;
/* /*
* Add any other valid namespace prefixes here * Add any other valid namespace prefixes here
*/ */
...@@ -770,6 +789,15 @@ static int can_set_xattr(struct inode *inode, const char *name, ...@@ -770,6 +789,15 @@ static int can_set_xattr(struct inode *inode, const char *name,
*/ */
return can_set_system_xattr(inode, name, value, value_len); return can_set_system_xattr(inode, name, value, value_len);
if(strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) != 0)
return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM);
#ifdef CONFIG_JFS_SECURITY
if (strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN)
!= 0)
return 0; /* Leave it to the security module */
#endif
if((strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN) != 0) && if((strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN) != 0) &&
(strncmp(name, XATTR_OS2_PREFIX, XATTR_OS2_PREFIX_LEN) != 0)) (strncmp(name, XATTR_OS2_PREFIX, XATTR_OS2_PREFIX_LEN) != 0))
return -EOPNOTSUPP; return -EOPNOTSUPP;
...@@ -937,8 +965,17 @@ int jfs_setxattr(struct dentry *dentry, const char *name, const void *value, ...@@ -937,8 +965,17 @@ int jfs_setxattr(struct dentry *dentry, const char *name, const void *value,
static int can_get_xattr(struct inode *inode, const char *name) static int can_get_xattr(struct inode *inode, const char *name)
{ {
#ifdef CONFIG_JFS_SECURITY
if(strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) == 0)
return 0;
#endif
if(strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) == 0)
return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM);
if(strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN) == 0) if(strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN) == 0)
return 0; return 0;
return permission(inode, MAY_READ, NULL); return permission(inode, MAY_READ, NULL);
} }
...@@ -1021,6 +1058,16 @@ ssize_t jfs_getxattr(struct dentry *dentry, const char *name, void *data, ...@@ -1021,6 +1058,16 @@ ssize_t jfs_getxattr(struct dentry *dentry, const char *name, void *data,
return err; return err;
} }
/*
* No special permissions are needed to list attributes except for trusted.*
*/
static inline int can_list(struct jfs_ea *ea)
{
return (strncmp(ea->name, XATTR_TRUSTED_PREFIX,
XATTR_TRUSTED_PREFIX_LEN) ||
capable(CAP_SYS_ADMIN));
}
ssize_t jfs_listxattr(struct dentry * dentry, char *data, size_t buf_size) ssize_t jfs_listxattr(struct dentry * dentry, char *data, size_t buf_size)
{ {
struct inode *inode = dentry->d_inode; struct inode *inode = dentry->d_inode;
...@@ -1045,8 +1092,10 @@ ssize_t jfs_listxattr(struct dentry * dentry, char *data, size_t buf_size) ...@@ -1045,8 +1092,10 @@ ssize_t jfs_listxattr(struct dentry * dentry, char *data, size_t buf_size)
ealist = (struct jfs_ea_list *) ea_buf.xattr; ealist = (struct jfs_ea_list *) ea_buf.xattr;
/* compute required size of list */ /* compute required size of list */
for (ea = FIRST_EA(ealist); ea < END_EALIST(ealist); ea = NEXT_EA(ea)) for (ea = FIRST_EA(ealist); ea < END_EALIST(ealist); ea = NEXT_EA(ea)) {
if (can_list(ea))
size += name_size(ea) + 1; size += name_size(ea) + 1;
}
if (!data) if (!data)
goto release; goto release;
...@@ -1059,9 +1108,11 @@ ssize_t jfs_listxattr(struct dentry * dentry, char *data, size_t buf_size) ...@@ -1059,9 +1108,11 @@ ssize_t jfs_listxattr(struct dentry * dentry, char *data, size_t buf_size)
/* Copy attribute names to buffer */ /* Copy attribute names to buffer */
buffer = data; buffer = data;
for (ea = FIRST_EA(ealist); ea < END_EALIST(ealist); ea = NEXT_EA(ea)) { for (ea = FIRST_EA(ealist); ea < END_EALIST(ealist); ea = NEXT_EA(ea)) {
if (can_list(ea)) {
int namelen = copy_name(buffer, ea); int namelen = copy_name(buffer, ea);
buffer += namelen + 1; buffer += namelen + 1;
} }
}
release: release:
ea_release(inode, &ea_buf); ea_release(inode, &ea_buf);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment