1. 25 Sep, 2013 20 commits
  2. 24 Sep, 2013 14 commits
    • David Howells's avatar
      KEYS: Add per-user_namespace registers for persistent per-UID kerberos caches · f36f8c75
      David Howells authored
      Add support for per-user_namespace registers of persistent per-UID kerberos
      caches held within the kernel.
      
      This allows the kerberos cache to be retained beyond the life of all a user's
      processes so that the user's cron jobs can work.
      
      The kerberos cache is envisioned as a keyring/key tree looking something like:
      
      	struct user_namespace
      	  \___ .krb_cache keyring		- The register
      		\___ _krb.0 keyring		- Root's Kerberos cache
      		\___ _krb.5000 keyring		- User 5000's Kerberos cache
      		\___ _krb.5001 keyring		- User 5001's Kerberos cache
      			\___ tkt785 big_key	- A ccache blob
      			\___ tkt12345 big_key	- Another ccache blob
      
      Or possibly:
      
      	struct user_namespace
      	  \___ .krb_cache keyring		- The register
      		\___ _krb.0 keyring		- Root's Kerberos cache
      		\___ _krb.5000 keyring		- User 5000's Kerberos cache
      		\___ _krb.5001 keyring		- User 5001's Kerberos cache
      			\___ tkt785 keyring	- A ccache
      				\___ krbtgt/REDHAT.COM@REDHAT.COM big_key
      				\___ http/REDHAT.COM@REDHAT.COM user
      				\___ afs/REDHAT.COM@REDHAT.COM user
      				\___ nfs/REDHAT.COM@REDHAT.COM user
      				\___ krbtgt/KERNEL.ORG@KERNEL.ORG big_key
      				\___ http/KERNEL.ORG@KERNEL.ORG big_key
      
      What goes into a particular Kerberos cache is entirely up to userspace.  Kernel
      support is limited to giving you the Kerberos cache keyring that you want.
      
      The user asks for their Kerberos cache by:
      
      	krb_cache = keyctl_get_krbcache(uid, dest_keyring);
      
      The uid is -1 or the user's own UID for the user's own cache or the uid of some
      other user's cache (requires CAP_SETUID).  This permits rpc.gssd or whatever to
      mess with the cache.
      
      The cache returned is a keyring named "_krb.<uid>" that the possessor can read,
      search, clear, invalidate, unlink from and add links to.  Active LSMs get a
      chance to rule on whether the caller is permitted to make a link.
      
      Each uid's cache keyring is created when it first accessed and is given a
      timeout that is extended each time this function is called so that the keyring
      goes away after a while.  The timeout is configurable by sysctl but defaults to
      three days.
      
      Each user_namespace struct gets a lazily-created keyring that serves as the
      register.  The cache keyrings are added to it.  This means that standard key
      search and garbage collection facilities are available.
      
      The user_namespace struct's register goes away when it does and anything left
      in it is then automatically gc'd.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Tested-by: default avatarSimo Sorce <simo@redhat.com>
      cc: Serge E. Hallyn <serge.hallyn@ubuntu.com>
      cc: Eric W. Biederman <ebiederm@xmission.com>
      f36f8c75
    • David Howells's avatar
      KEYS: Implement a big key type that can save to tmpfs · ab3c3587
      David Howells authored
      Implement a big key type that can save its contents to tmpfs and thus
      swapspace when memory is tight.  This is useful for Kerberos ticket caches.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Tested-by: default avatarSimo Sorce <simo@redhat.com>
      ab3c3587
    • David Howells's avatar
      KEYS: Expand the capacity of a keyring · b2a4df20
      David Howells authored
      Expand the capacity of a keyring to be able to hold a lot more keys by using
      the previously added associative array implementation.  Currently the maximum
      capacity is:
      
      	(PAGE_SIZE - sizeof(header)) / sizeof(struct key *)
      
      which, on a 64-bit system, is a little more 500.  However, since this is being
      used for the NFS uid mapper, we need more than that.  The new implementation
      gives us effectively unlimited capacity.
      
      With some alterations, the keyutils testsuite runs successfully to completion
      after this patch is applied.  The alterations are because (a) keyrings that
      are simply added to no longer appear ordered and (b) some of the errors have
      changed a bit.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      b2a4df20
    • David Howells's avatar
      Add a generic associative array implementation. · 3cb98950
      David Howells authored
      Add a generic associative array implementation that can be used as the
      container for keyrings, thereby massively increasing the capacity available
      whilst also speeding up searching in keyrings that contain a lot of keys.
      
      This may also be useful in FS-Cache for tracking cookies.
      
      Documentation is added into Documentation/associative_array.txt
      
      Some of the properties of the implementation are:
      
       (1) Objects are opaque pointers.  The implementation does not care where they
           point (if anywhere) or what they point to (if anything).
      
           [!] NOTE: Pointers to objects _must_ be zero in the two least significant
           	       bits.
      
       (2) Objects do not need to contain linkage blocks for use by the array.  This
           permits an object to be located in multiple arrays simultaneously.
           Rather, the array is made up of metadata blocks that point to objects.
      
       (3) Objects are labelled as being one of two types (the type is a bool value).
           This information is stored in the array, but has no consequence to the
           array itself or its algorithms.
      
       (4) Objects require index keys to locate them within the array.
      
       (5) Index keys must be unique.  Inserting an object with the same key as one
           already in the array will replace the old object.
      
       (6) Index keys can be of any length and can be of different lengths.
      
       (7) Index keys should encode the length early on, before any variation due to
           length is seen.
      
       (8) Index keys can include a hash to scatter objects throughout the array.
      
       (9) The array can iterated over.  The objects will not necessarily come out in
           key order.
      
      (10) The array can be iterated whilst it is being modified, provided the RCU
           readlock is being held by the iterator.  Note, however, under these
           circumstances, some objects may be seen more than once.  If this is a
           problem, the iterator should lock against modification.  Objects will not
           be missed, however, unless deleted.
      
      (11) Objects in the array can be looked up by means of their index key.
      
      (12) Objects can be looked up whilst the array is being modified, provided the
           RCU readlock is being held by the thread doing the look up.
      
      The implementation uses a tree of 16-pointer nodes internally that are indexed
      on each level by nibbles from the index key.  To improve memory efficiency,
      shortcuts can be emplaced to skip over what would otherwise be a series of
      single-occupancy nodes.  Further, nodes pack leaf object pointers into spare
      space in the node rather than making an extra branch until as such time an
      object needs to be added to a full node.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      3cb98950
    • David Howells's avatar
      KEYS: Drop the permissions argument from __keyring_search_one() · e57e8669
      David Howells authored
      Drop the permissions argument from __keyring_search_one() as the only caller
      passes 0 here - which causes all checks to be skipped.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      e57e8669
    • David Howells's avatar
      KEYS: Define a __key_get() wrapper to use rather than atomic_inc() · ccc3e6d9
      David Howells authored
      Define a __key_get() wrapper to use rather than atomic_inc() on the key usage
      count as this makes it easier to hook in refcount error debugging.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      ccc3e6d9
    • David Howells's avatar
      KEYS: Search for auth-key by name rather than target key ID · d0a059ca
      David Howells authored
      Search for auth-key by name rather than by target key ID as, in a future
      patch, we'll by searching directly by index key in preference to iteration
      over all keys.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      d0a059ca
    • David Howells's avatar
      KEYS: Introduce a search context structure · 4bdf0bc3
      David Howells authored
      Search functions pass around a bunch of arguments, each of which gets copied
      with each call.  Introduce a search context structure to hold these.
      
      Whilst we're at it, create a search flag that indicates whether the search
      should be directly to the description or whether it should iterate through all
      keys looking for a non-description match.
      
      This will be useful when keyrings use a generic data struct with generic
      routines to manage their content as the search terms can just be passed
      through to the iterator callback function.
      
      Also, for future use, the data to be supplied to the match function is
      separated from the description pointer in the search context.  This makes it
      clear which is being supplied.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      4bdf0bc3
    • David Howells's avatar
      KEYS: Consolidate the concept of an 'index key' for key access · 16feef43
      David Howells authored
      Consolidate the concept of an 'index key' for accessing keys.  The index key
      is the search term needed to find a key directly - basically the key type and
      the key description.  We can add to that the description length.
      
      This will be useful when turning a keyring into an associative array rather
      than just a pointer block.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      16feef43
    • David Howells's avatar
      KEYS: key_is_dead() should take a const key pointer argument · 7e55ca6d
      David Howells authored
      key_is_dead() should take a const key pointer argument as it doesn't modify
      what it points to.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      7e55ca6d
    • David Howells's avatar
      KEYS: Use bool in make_key_ref() and is_key_possessed() · a5b4bd28
      David Howells authored
      Make make_key_ref() take a bool possession parameter and make
      is_key_possessed() return a bool.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      a5b4bd28
    • David Howells's avatar
      KEYS: Skip key state checks when checking for possession · 61ea0c0b
      David Howells authored
      Skip key state checks (invalidation, revocation and expiration) when checking
      for possession.  Without this, keys that have been marked invalid, revoked
      keys and expired keys are not given a possession attribute - which means the
      possessor is not granted any possession permits and cannot do anything with
      them unless they also have one a user, group or other permit.
      
      This causes failures in the keyutils test suite's revocation and expiration
      tests now that commit 96b5c8fe reduced the
      initial permissions granted to a key.
      
      The failures are due to accesses to revoked and expired keys being given
      EACCES instead of EKEYREVOKED or EKEYEXPIRED.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      61ea0c0b
    • Paul Moore's avatar
    • Eric Paris's avatar
      security: remove erroneous comment about capabilities.o link ordering · a3c9e45d
      Eric Paris authored
      Back when we had half ass LSM stacking we had to link capabilities.o
      after bigger LSMs so that on initialization the bigger LSM would
      register first and the capabilities module would be the one stacked as
      the 'seconday'.  Somewhere around 6f0f0fd4 (back in 2008) we
      finally removed the last of the kinda module stacking code but this
      comment in the makefile still lives today.
      Reported-by: default avatarValdis Kletnieks <Valdis.Kletnieks@vt.edu>
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
      a3c9e45d
  3. 23 Sep, 2013 4 commits
    • Linus Torvalds's avatar
      Linux 3.12-rc2 · 4a10c2ac
      Linus Torvalds authored
      4a10c2ac
    • Linus Torvalds's avatar
      Merge tag 'staging-3.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 9d23108d
      Linus Torvalds authored
      Pull staging fixes from Greg KH:
       "Here are a number of small staging tree and iio driver fixes.  Nothing
        major, just lots of little things"
      
      * tag 'staging-3.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (34 commits)
        iio:buffer_cb: Add missing iio_buffer_init()
        iio: Prevent race between IIO chardev opening and IIO device free
        iio: fix: Keep a reference to the IIO device for open file descriptors
        iio: Stop sampling when the device is removed
        iio: Fix crash when scan_bytes is computed with active_scan_mask == NULL
        iio: Fix mcp4725 dev-to-indio_dev conversion in suspend/resume
        iio: Fix bma180 dev-to-indio_dev conversion in suspend/resume
        iio: Fix tmp006 dev-to-indio_dev conversion in suspend/resume
        iio: iio_device_add_event_sysfs() bugfix
        staging: iio: ade7854-spi: Fix return value
        staging:iio:hmc5843: Fix measurement conversion
        iio: isl29018: Fix uninitialized value
        staging:iio:dummy fix kfifo_buf kconfig dependency issue if kfifo modular and buffer enabled for built in dummy driver.
        iio: at91: fix adc_clk overflow
        staging: line6: add bounds check in snd_toneport_source_put()
        Staging: comedi: Fix dependencies for drivers misclassified as PCI
        staging: r8188eu: Adjust RX gain
        staging: r8188eu: Fix smatch warning in core/rtw_ieee80211.
        staging: r8188eu: Fix smatch error in core/rtw_mlme_ext.c
        staging: r8188eu: Fix Smatch off-by-one warning in hal/rtl8188e_hal_init.c
        ...
      9d23108d
    • Linus Torvalds's avatar
      Merge tag 'usb-3.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · e04a0a5a
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are a number of small USB fixes for 3.12-rc2.
      
        One is a revert of a EHCI change that isn't quite ready for 3.12.
        Others are minor things, gadget fixes, Kconfig fixes, and some quirks
        and documentation updates.
      
        All have been in linux-next for a bit"
      
      * tag 'usb-3.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        USB: pl2303: distinguish between original and cloned HX chips
        USB: Faraday fotg210: fix email addresses
        USB: fix typo in usb serial simple driver Kconfig
        Revert "USB: EHCI: support running URB giveback in tasklet context"
        usb: s3c-hsotg: do not disconnect gadget when receiving ErlySusp intr
        usb: s3c-hsotg: fix unregistration function
        usb: gadget: f_mass_storage: reset endpoint driver data when disabled
        usb: host: fsl-mph-dr-of: Staticize local symbols
        usb: gadget: f_eem: Staticize eem_alloc
        usb: gadget: f_ecm: Staticize ecm_alloc
        usb: phy: omap-usb3: Fix return value
        usb: dwc3: gadget: avoid memory leak when failing to allocate all eps
        usb: dwc3: remove extcon dependency
        usb: gadget: add '__ref' for rndis_config_register() and cdc_config_register()
        usb: dwc3: pci: add support for BayTrail
        usb: gadget: cdc2: fix conversion to new interface of f_ecm
        usb: gadget: fix a bug and a WARN_ON in dummy-hcd
        usb: gadget: mv_u3d_core: fix violation of locking discipline in mv_u3d_ep_disable()
      e04a0a5a
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · d8524ae9
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       - some small fixes for msm and exynos
       - a regression revert affecting nouveau users with old userspace
       - intel pageflip deadlock and gpu hang fixes, hsw modesetting hangs
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (22 commits)
        Revert "drm: mark context support as a legacy subsystem"
        drm/i915: Don't enable the cursor on a disable pipe
        drm/i915: do not update cursor in crtc mode set
        drm/exynos: fix return value check in lowlevel_buffer_allocate()
        drm/exynos: Fix address space warnings in exynos_drm_fbdev.c
        drm/exynos: Fix address space warning in exynos_drm_buf.c
        drm/exynos: Remove redundant OF dependency
        drm/msm: drop unnecessary set_need_resched()
        drm/i915: kill set_need_resched
        drm/msm: fix potential NULL pointer dereference
        drm/i915/dvo: set crtc timings again for panel fixed modes
        drm/i915/sdvo: Robustify the dtd<->drm_mode conversions
        drm/msm: workaround for missing irq
        drm/msm: return -EBUSY if bo still active
        drm/msm: fix return value check in ERR_PTR()
        drm/msm: fix cmdstream size check
        drm/msm: hangcheck harder
        drm/msm: handle read vs write fences
        drm/i915/sdvo: Fully translate sync flags in the dtd->mode conversion
        drm/i915: Use proper print format for debug prints
        ...
      d8524ae9
  4. 22 Sep, 2013 2 commits
    • Linus Torvalds's avatar
      Merge branch 'for-3.12/core' of git://git.kernel.dk/linux-block · 68cf8d0c
      Linus Torvalds authored
      Pull block IO fixes from Jens Axboe:
       "After merge window, no new stuff this time only a collection of neatly
        confined and simple fixes"
      
      * 'for-3.12/core' of git://git.kernel.dk/linux-block:
        cfq: explicitly use 64bit divide operation for 64bit arguments
        block: Add nr_bios to block_rq_remap tracepoint
        If the queue is dying then we only call the rq->end_io callout. This leaves bios setup on the request, because the caller assumes when the blk_execute_rq_nowait/blk_execute_rq call has completed that the rq->bios have been cleaned up.
        bio-integrity: Fix use of bs->bio_integrity_pool after free
        blkcg: relocate root_blkg setting and clearing
        block: Convert kmalloc_node(...GFP_ZERO...) to kzalloc_node(...)
        block: trace all devices plug operation
      68cf8d0c
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs · 0fbf2cc9
      Linus Torvalds authored
      Pull btrfs fixes from Chris Mason:
       "These are mostly bug fixes and a two small performance fixes.  The
        most important of the bunch are Josef's fix for a snapshotting
        regression and Mark's update to fix compile problems on arm"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: (25 commits)
        Btrfs: create the uuid tree on remount rw
        btrfs: change extent-same to copy entire argument struct
        Btrfs: dir_inode_operations should use btrfs_update_time also
        btrfs: Add btrfs: prefix to kernel log output
        btrfs: refuse to remount read-write after abort
        Btrfs: btrfs_ioctl_default_subvol: Revert back to toplevel subvolume when arg is 0
        Btrfs: don't leak transaction in btrfs_sync_file()
        Btrfs: add the missing mutex unlock in write_all_supers()
        Btrfs: iput inode on allocation failure
        Btrfs: remove space_info->reservation_progress
        Btrfs: kill delay_iput arg to the wait_ordered functions
        Btrfs: fix worst case calculator for space usage
        Revert "Btrfs: rework the overcommit logic to be based on the total size"
        Btrfs: improve replacing nocow extents
        Btrfs: drop dir i_size when adding new names on replay
        Btrfs: replay dir_index items before other items
        Btrfs: check roots last log commit when checking if an inode has been logged
        Btrfs: actually log directory we are fsync()'ing
        Btrfs: actually limit the size of delalloc range
        Btrfs: allocate the free space by the existed max extent size when ENOSPC
        ...
      0fbf2cc9