On Wed, Apr 25, 2007 at 04:03:44PM -0700, Valerie Henson wrote:
> On Wed, Apr 25, 2007 at 08:54:34PM +1000, David Chinner wrote:
> > On Tue, Apr 24, 2007 at 04:53:11PM -0500, Amit Gud wrote:
> > >
> > > The structure looks like this:
> > >
> > > -- --
> > > | cnode
On Wed, Apr 25, 2007 at 05:38:34AM -0600, Andreas Dilger wrote:
>
> The case where only a fsck of the corrupt chunk is done would not find the
> cnode references. Maybe there needs to be per-chunk info which contains
> a list/bitmap of other chunks that have cnodes shared with each chunk?
Yes, e
On Wed, Apr 25, 2007 at 08:54:34PM +1000, David Chinner wrote:
> On Tue, Apr 24, 2007 at 04:53:11PM -0500, Amit Gud wrote:
> >
> > The structure looks like this:
> >
> > -- --
> > | cnode 0 |-->| cnode 0 |--> to another cnode or NULL
> > --
On Wed, Apr 25, 2007 at 03:34:03PM +0400, Nikita Danilov wrote:
>
> What is more important, design puts (as far as I can see) no upper limit
> on the number of continuation inodes, and hence, even if _average_ fsck
> time is greatly reduced, occasionally it can take more time than ext2 of
> the sa
On Tue, Apr 24, 2007 at 11:34:48PM +0400, Nikita Danilov wrote:
>
> Maybe I failed to describe the problem presicely.
>
> Suppose that all chunks have been checked. After that, for every inode
> I0 having continuations I1, I2, ... In, one has to check that every
> logical block is presented in at
From: David Howells <[EMAIL PROTECTED]>
Date: Wed, 25 Apr 2007 20:56:47 +0100
> David Miller <[EMAIL PROTECTED]> wrote:
>
> > Then please generate your patches against my net-2.6.21 GIT
> > tree. Most of your initial patches in the series (the SKB
> > routine one for example) are already in my t
David Miller <[EMAIL PROTECTED]> wrote:
> Then please generate your patches against my net-2.6.21 GIT
> tree. Most of your initial patches in the series (the SKB
> routine one for example) are already in my tree.
Do you mean your net-2.6.22 GIT tree?
Do you want me to make it available as a GIT
> I'll be dropping all the unprivileged-mounts stuff - it looks like
> it was a bit early, and that a new patch series against 2.6.27-rc1
Yeah, I guess we can wait a few more years ;) -^^^
Miklos
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body
From: David Howells <[EMAIL PROTECTED]>
Date: Wed, 25 Apr 2007 14:38:32 +0100
> I think the idea is for them (or at least some of them) to go
> through one of DaveM's net git trees anyway.
Then please generate your patches against my net-2.6.21 GIT
tree. Most of your initial patches in the serie
> Right, I figure if the normal action is to always do
> mnt->user = current->fsuid, then for the special case we
> pass a uid in someplace. Of course... do we not have a
> place to do that? Would it be a no-no to use 'data' for
> a non-fs-specific arg?
I guess it would be OK for bind, but not
On Wed, 25 Apr 2007 17:18:12 +0200 Miklos Szeredi <[EMAIL PROTECTED]> wrote:
> > From: Miklos Szeredi <[EMAIL PROTECTED]>
> >
> > - refine adding "nosuid" and "nodev" flags for unprivileged mounts:
> > o add "nosuid", only if mounter doesn't have CAP_SETUID capability
> > o add "nodev", o
Quoting Eric W. Biederman ([EMAIL PROTECTED]):
> "Serge E. Hallyn" <[EMAIL PROTECTED]> writes:
>
> > Quoting Eric W. Biederman ([EMAIL PROTECTED]):
> >>
> >> Are there other permission checks that mount is doing that we
> >> care about.
> >
> > Not mount itself, but in looking up /share/fa/root/h
"Serge E. Hallyn" <[EMAIL PROTECTED]> writes:
> Quoting Eric W. Biederman ([EMAIL PROTECTED]):
>>
>> Are there other permission checks that mount is doing that we
>> care about.
>
> Not mount itself, but in looking up /share/fa/root/home/fa,
> user fa doesn't have the rights to read /share, and b
Quoting Eric W. Biederman ([EMAIL PROTECTED]):
> "Serge E. Hallyn" <[EMAIL PROTECTED]> writes:
>
> > Quoting H. Peter Anvin ([EMAIL PROTECTED]):
> >> Miklos Szeredi wrote:
> >> >
> >> > Andrew, please skip this patch, for now.
> >> >
> >> > Serge found a problem with the fsuid approach: setfsuid
Andreas Dilger wrote:
How do you recover if fsfuzzer takes out a cnode in the chain? The
chunk is marked clean, but clearly corrupted and needs fixing and
you don't know what it was pointing at. Hence you have a pointer to
a trashed cnode *somewhere* that you need to find and fix, and a
bunch of
"Serge E. Hallyn" <[EMAIL PROTECTED]> writes:
> Quoting H. Peter Anvin ([EMAIL PROTECTED]):
>> Miklos Szeredi wrote:
>> >
>> > Andrew, please skip this patch, for now.
>> >
>> > Serge found a problem with the fsuid approach: setfsuid(nonzero) will
>> > remove filesystem related capabilities. So
Quoting Eric W. Biederman ([EMAIL PROTECTED]):
> Miklos Szeredi <[EMAIL PROTECTED]> writes:
>
> >> From: Miklos Szeredi <[EMAIL PROTECTED]>
> >>
> >> - refine adding "nosuid" and "nodev" flags for unprivileged mounts:
> >> o add "nosuid", only if mounter doesn't have CAP_SETUID capability
> >
Miklos Szeredi <[EMAIL PROTECTED]> writes:
>> From: Miklos Szeredi <[EMAIL PROTECTED]>
>>
>> - refine adding "nosuid" and "nodev" flags for unprivileged mounts:
>> o add "nosuid", only if mounter doesn't have CAP_SETUID capability
>> o add "nodev", only if mounter doesn't have CAP_MKNOD c
Quoting H. Peter Anvin ([EMAIL PROTECTED]):
> Miklos Szeredi wrote:
> >
> > Andrew, please skip this patch, for now.
> >
> > Serge found a problem with the fsuid approach: setfsuid(nonzero) will
> > remove filesystem related capabilities. So even if root is trying to
> > set the "user=UID" flag
On Wed, 25 Apr 2007, Nikita Danilov wrote:
David Lang writes:
> On Tue, 24 Apr 2007, Nikita Danilov wrote:
>
> > David Lang writes:
> > > On Tue, 24 Apr 2007, Nikita Danilov wrote:
> > >
> > > > Amit Gud writes:
> > > >
> > > > Hello,
> > > >
> > > > >
> > > > > This is an initial implementation
Miklos Szeredi wrote:
>
> Andrew, please skip this patch, for now.
>
> Serge found a problem with the fsuid approach: setfsuid(nonzero) will
> remove filesystem related capabilities. So even if root is trying to
> set the "user=UID" flag on a mount, access to the target (and in case
> of bind, t
Move generic skbuff stuff from XFRM code to generic code so that AF_RXRPC can
use it too.
The kdoc comments I've attached to the functions needs to be checked by whoever
wrote them as I had to make some guesses about the workings of these functions.
Signed-Off-By: David Howells <[EMAIL PROTECTED]
Export try_to_del_timer_sync() for use by the AF_RXRPC module.
Signed-Off-By: David Howells <[EMAIL PROTECTED]>
---
kernel/timer.c |2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/kernel/timer.c b/kernel/timer.c
index dd6c2c1..b22bd39 100644
--- a/kernel/timer.c
+++ b/ke
Add support for the CB.GetCapabilities operation with which the fileserver can
ask the client for the following information:
(1) The list of network interfaces it has available as IPv4 address + netmask
plus the MTUs.
(2) The client's UUID.
(3) The extended capabilities of the client, fo
Update the AFS fs documentation.
Signed-Off-By: David Howells <[EMAIL PROTECTED]>
---
Documentation/filesystems/afs.txt | 214 +++--
1 files changed, 154 insertions(+), 60 deletions(-)
diff --git a/Documentation/filesystems/afs.txt
b/Documentation/filesystems/a
Export the keyring key type definition and document its availability.
Add alternative types into the key's type_data union to make it more useful.
Not all users necessarily want to use it as a list_head (AF_RXRPC doesn't, for
example), so make it clear that it can be used in other ways.
Signed-Of
[NETLINK]: Mirror UDP MSG_TRUNC semantics.
If the user passes MSG_TRUNC in via msg_flags, return
the full packet size not the truncated size.
Idea from Herbert Xu and Thomas Graf.
Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
---
net/netlink/af_netlink.c |3 +++
1 file
Implement the CB.InitCallBackState3 operation for the fileserver to call.
This reduces the amount of network traffic because if this op is aborted, the
fileserver will then attempt an CB.InitCallBackState operation.
Signed-Off-By: David Howells <[EMAIL PROTECTED]>
---
fs/afs/afs_cm.h|1 +
Handle multiple mounts of an AFS superblock correctly, checking to see whether
the superblock is already initialised after calling sget() rather than just
unconditionally stamping all over it.
Also delete the "silent" parameter to afs_fill_super() as it's not used and
can, in any case, be obtained
del_timer_sync() buys nothing for cancel_delayed_work(), but it is less
efficient since it locks the timer unconditionally, and may wait for the
completion of the delayed_work_timer_fn().
cancel_delayed_work() == 0 means:
before this patch:
work->func may still be running
The first of these patches together provide secure client-side RxRPC
connectivity as a Linux kernel socket family. Only the RxRPC transport/session
side is supplied - the presentation side (marshalling the data) is left to the
client. Copies of the patches can be found here:
http://peop
> From: Miklos Szeredi <[EMAIL PROTECTED]>
>
> - refine adding "nosuid" and "nodev" flags for unprivileged mounts:
> o add "nosuid", only if mounter doesn't have CAP_SETUID capability
> o add "nodev", only if mounter doesn't have CAP_MKNOD capability
>
> - allow unprivileged forced unmoun
Andrew Morton <[EMAIL PROTECTED]> wrote:
> I'm ducking all feature and cleanup patches now, and probably shall
> continue to do so for some weeks. The priority (which I believe to be
> increasingly urgent) is to fix the 2.6.21 regressions and to stabilise
> the things which we presently have queu
On Apr 25, 2007 20:54 +1000, David Chinner wrote:
> On Tue, Apr 24, 2007 at 04:53:11PM -0500, Amit Gud wrote:
> > Right now, there is no distinction between an inode and continuation
> > inode (also referred to as 'cnode' below), except for the
> > EXT2_IS_CONT_FL flag. Every inode holds a list
David Lang writes:
> On Tue, 24 Apr 2007, Nikita Danilov wrote:
>
> > David Lang writes:
> > > On Tue, 24 Apr 2007, Nikita Danilov wrote:
> > >
> > > > Amit Gud writes:
> > > >
> > > > Hello,
> > > >
> > > > >
> > > > > This is an initial implementation of ChunkFS technique, briefly
>
On 4/23/07, Avishay Traeger <[EMAIL PROTECTED]> wrote:
On Mon, 2007-04-23 at 02:16 +0530, Karuna sagar K wrote:
You may want to check out the paper "EXPLODE: A Lightweight, General
System for Finding Serious Storage System Errors" from OSDI 2006 (if you
haven't already). The idea sounds very s
Implement the CB.InitCallBackState3 operation for the fileserver to call.
This reduces the amount of network traffic because if this op is aborted, the
fileserver will then attempt an CB.InitCallBackState operation.
Signed-Off-By: David Howells <[EMAIL PROTECTED]>
---
fs/afs/AFS_CM.h|1 +
Add support for the CB.GetCapabilities operation with which the fileserver can
ask the client for the following information:
(1) The list of network interfaces it has available as IPv4 address + netmask
plus the MTUs.
(2) The client's UUID.
(3) The extended capabilities of the client, fo
Update the AFS fs documentation.
Signed-Off-By: David Howells <[EMAIL PROTECTED]>
---
Documentation/filesystems/afs.txt | 214 +++--
1 files changed, 154 insertions(+), 60 deletions(-)
diff --git a/Documentation/filesystems/afs.txt
b/Documentation/filesystems/a
On Tue, Apr 24, 2007 at 04:53:11PM -0500, Amit Gud wrote:
> Nikita Danilov wrote:
> >Maybe I failed to describe the problem presicely.
> >
> >Suppose that all chunks have been checked. After that, for every inode
> >I0 having continuations I1, I2, ... In, one has to check that every
> >logical bloc
[NETLINK]: Mirror UDP MSG_TRUNC semantics.
If the user passes MSG_TRUNC in via msg_flags, return
the full packet size not the truncated size.
Idea from Herbert Xu and Thomas Graf.
Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
---
net/netlink/af_netlink.c |3 +++
1 file
Handle multiple mounts of an AFS superblock correctly, checking to see whether
the superblock is already initialised after calling sget() rather than just
unconditionally stamping all over it.
Also delete the "silent" parameter to afs_fill_super() as it's not used and
can, in any case, be obtained
The first of these patches together provide secure client-side RxRPC
connectivity as a Linux kernel socket family. Only the RxRPC transport/session
side is supplied - the presentation side (marshalling the data) is left to the
client. Copies of the patches can be found here:
http://peop
del_timer_sync() buys nothing for cancel_delayed_work(), but it is less
efficient since it locks the timer unconditionally, and may wait for the
completion of the delayed_work_timer_fn().
cancel_delayed_work() == 0 means:
before this patch:
work->func may still be running
Export try_to_del_timer_sync() for use by the AF_RXRPC module.
Signed-Off-By: David Howells <[EMAIL PROTECTED]>
---
kernel/timer.c |2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/kernel/timer.c b/kernel/timer.c
index dd6c2c1..b22bd39 100644
--- a/kernel/timer.c
+++ b/ke
Export the keyring key type definition and document its availability.
Add alternative types into the key's type_data union to make it more useful.
Not all users necessarily want to use it as a list_head (AF_RXRPC doesn't, for
example), so make it clear that it can be used in other ways.
Signed-Of
Move generic skbuff stuff from XFRM code to generic code so that AF_RXRPC can
use it too.
The kdoc comments I've attached to the functions needs to be checked by whoever
wrote them as I had to make some guesses about the workings of these functions.
Signed-Off-By: David Howells <[EMAIL PROTECTED]
On Wed, Apr 25, 2007 at 05:50:55AM +0530, Karuna sagar K wrote:
> On 4/24/07, Theodore Tso <[EMAIL PROTECTED]> wrote:
> >On Mon, Apr 23, 2007 at 02:53:33PM -0600, Andreas Dilger wrote:
> .
> >It would also be good to distinguish between directories referencing
> >files in another chunk, and
On Wed, Apr 25, 2007 at 09:18:28AM +0200, Miklos Szeredi wrote:
> > > The following extra security measures are taken for unprivileged
> > > mounts:
> > >
> > > - usermounts are limited by a sysctl tunable
> > > - force "nosuid,nodev" mount options on the created mount
> >
> > The original use
From: Miklos Szeredi <[EMAIL PROTECTED]>
- refine adding "nosuid" and "nodev" flags for unprivileged mounts:
o add "nosuid", only if mounter doesn't have CAP_SETUID capability
o add "nodev", only if mounter doesn't have CAP_MKNOD capability
- allow unprivileged forced unmount, but only fo
> > The following extra security measures are taken for unprivileged
> > mounts:
> >
> > - usermounts are limited by a sysctl tunable
> > - force "nosuid,nodev" mount options on the created mount
>
> The original userspace "user=" solution also implies the "noexec"
> option by default (you ca
51 matches
Mail list logo