1. 20 Jan, 2016 1 commit
  2. 14 Jan, 2016 1 commit
    • Vladimir Davydov's avatar
      kmemcg: account certain kmem allocations to memcg · 5d097056
      Vladimir Davydov authored
      Mark those kmem allocations that are known to be easily triggered from
      userspace as __GFP_ACCOUNT/SLAB_ACCOUNT, which makes them accounted to
      memcg.  For the list, see below:
      
       - threadinfo
       - task_struct
       - task_delay_info
       - pid
       - cred
       - mm_struct
       - vm_area_struct and vm_region (nommu)
       - anon_vma and anon_vma_chain
       - signal_struct
       - sighand_struct
       - fs_struct
       - files_struct
       - fdtable and fdtable->full_fds_bits
       - dentry and external_name
       - inode for all filesystems. This is the most tedious part, because
         most filesystems overwrite the alloc_inode method.
      
      The list is far from complete, so feel free to add more objects.
      Nevertheless, it should be close to "account everything" approach and
      keep most workloads within bounds.  Malevolent users will be able to
      breach the limit, but this was possible even with the former "account
      everything" approach (simply because it did not account everything in
      fact).
      
      [akpm@linux-foundation.org: coding-style fixes]
      Signed-off-by: default avatarVladimir Davydov <vdavydov@virtuozzo.com>
      Acked-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Acked-by: default avatarMichal Hocko <mhocko@suse.com>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Greg Thelen <gthelen@google.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      5d097056
  3. 06 Dec, 2015 1 commit
  4. 30 Jun, 2015 1 commit
  5. 17 Apr, 2015 1 commit
  6. 15 Apr, 2015 1 commit
  7. 11 Apr, 2015 1 commit
  8. 08 Aug, 2014 3 commits
  9. 06 May, 2014 2 commits
  10. 07 Apr, 2014 1 commit
  11. 13 Mar, 2014 1 commit
    • Theodore Ts'o's avatar
      fs: push sync_filesystem() down to the file system's remount_fs() · 02b9984d
      Theodore Ts'o authored
      Previously, the no-op "mount -o mount /dev/xxx" operation when the
      file system is already mounted read-write causes an implied,
      unconditional syncfs().  This seems pretty stupid, and it's certainly
      documented or guaraunteed to do this, nor is it particularly useful,
      except in the case where the file system was mounted rw and is getting
      remounted read-only.
      
      However, it's possible that there might be some file systems that are
      actually depending on this behavior.  In most file systems, it's
      probably fine to only call sync_filesystem() when transitioning from
      read-write to read-only, and there are some file systems where this is
      not needed at all (for example, for a pseudo-filesystem or something
      like romfs).
      Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
      Cc: linux-fsdevel@vger.kernel.org
      Cc: Christoph Hellwig <hch@infradead.org>
      Cc: Artem Bityutskiy <dedekind1@gmail.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Evgeniy Dushistov <dushistov@mail.ru>
      Cc: Jan Kara <jack@suse.cz>
      Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
      Cc: Anders Larsen <al@alarsen.net>
      Cc: Phillip Lougher <phillip@squashfs.org.uk>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Mikulas Patocka <mikulas@artax.karlin.mff.cuni.cz>
      Cc: Petr Vandrovec <petr@vandrovec.name>
      Cc: xfs@oss.sgi.com
      Cc: linux-btrfs@vger.kernel.org
      Cc: linux-cifs@vger.kernel.org
      Cc: samba-technical@lists.samba.org
      Cc: codalist@coda.cs.cmu.edu
      Cc: linux-ext4@vger.kernel.org
      Cc: linux-f2fs-devel@lists.sourceforge.net
      Cc: fuse-devel@lists.sourceforge.net
      Cc: cluster-devel@redhat.com
      Cc: linux-mtd@lists.infradead.org
      Cc: jfs-discussion@lists.sourceforge.net
      Cc: linux-nfs@vger.kernel.org
      Cc: linux-nilfs@vger.kernel.org
      Cc: linux-ntfs-dev@lists.sourceforge.net
      Cc: ocfs2-devel@oss.oracle.com
      Cc: reiserfs-devel@vger.kernel.org
      02b9984d
  12. 24 Oct, 2013 1 commit
  13. 12 Sep, 2013 1 commit
  14. 29 Jun, 2013 2 commits
  15. 03 Mar, 2013 1 commit
    • Eric W. Biederman's avatar
      fs: Limit sys_mount to only request filesystem modules. · 7f78e035
      Eric W. Biederman authored
      Modify the request_module to prefix the file system type with "fs-"
      and add aliases to all of the filesystems that can be built as modules
      to match.
      
      A common practice is to build all of the kernel code and leave code
      that is not commonly needed as modules, with the result that many
      users are exposed to any bug anywhere in the kernel.
      
      Looking for filesystems with a fs- prefix limits the pool of possible
      modules that can be loaded by mount to just filesystems trivially
      making things safer with no real cost.
      
      Using aliases means user space can control the policy of which
      filesystem modules are auto-loaded by editing /etc/modprobe.d/*.conf
      with blacklist and alias directives.  Allowing simple, safe,
      well understood work-arounds to known problematic software.
      
      This also addresses a rare but unfortunate problem where the filesystem
      name is not the same as it's module name and module auto-loading
      would not work.  While writing this patch I saw a handful of such
      cases.  The most significant being autofs that lives in the module
      autofs4.
      
      This is relevant to user namespaces because we can reach the request
      module in get_fs_type() without having any special permissions, and
      people get uncomfortable when a user specified string (in this case
      the filesystem type) goes all of the way to request_module.
      
      After having looked at this issue I don't think there is any
      particular reason to perform any filtering or permission checks beyond
      making it clear in the module request that we want a filesystem
      module.  The common pattern in the kernel is to call request_module()
      without regards to the users permissions.  In general all a filesystem
      module does once loaded is call register_filesystem() and go to sleep.
      Which means there is not much attack surface exposed by loading a
      filesytem module unless the filesystem is mounted.  In a user
      namespace filesystems are not mounted unless .fs_flags = FS_USERNS_MOUNT,
      which most filesystems do not set today.
      Acked-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
      Acked-by: default avatarKees Cook <keescook@chromium.org>
      Reported-by: default avatarKees Cook <keescook@google.com>
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      7f78e035
  16. 22 Feb, 2013 1 commit
  17. 21 Jan, 2013 1 commit
  18. 20 Dec, 2012 1 commit
  19. 02 Oct, 2012 1 commit
  20. 21 Sep, 2012 1 commit
  21. 14 Jul, 2012 2 commits
  22. 20 Mar, 2012 1 commit
  23. 06 Jan, 2012 1 commit
  24. 02 Nov, 2011 1 commit
  25. 31 Mar, 2011 1 commit
  26. 23 Mar, 2011 1 commit
  27. 22 Mar, 2011 3 commits
    • Stuart Swales's avatar
      adfs: add hexadecimal filetype suffix option · da23ef05
      Stuart Swales authored
      ADFS (FileCore) storage complies with the RISC OS filetype specification
      (12 bits of file type information is stored in the file load address,
      rather than using a file extension).  The existing driver largely ignores
      this information and does not present it to the end user.
      
      It is desirable that stored filetypes be made visible to the end user to
      facilitate a precise copy of data and metadata from a hard disc (or image
      thereof) into a RISC OS emulator (such as RPCEmu) or to a network share
      which can be accessed by real Acorn systems.
      
      This patch implements a per-mount filetype suffix option (use -o
      ftsuffix=1) to present any filetype as a ,xyz hexadecimal suffix on each
      file.  This type suffix is compatible with that used by RISC OS systems
      that access network servers using NFS client software and by RPCemu's host
      filing system.
      Signed-off-by: default avatarStuart Swales <stuart.swales.croftnuisk@gmail.com>
      Cc: Russell King <rmk@arm.linux.org.uk>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      da23ef05
    • Stuart Swales's avatar
      adfs: improve timestamp precision · 7a9730af
      Stuart Swales authored
      ADFS (FileCore) storage complies with the RISC OS timestamp specification
      (40-bit centiseconds since 01 Jan 1900 00:00:00).  It is desirable that
      stored timestamp precision be maintained to facilitate a precise copy of
      data and metadata from a hard disc (or image thereof) into a RISC OS
      emulator (such as RPCEmu).
      
      This patch implements a full-precision conversion from ADFS to Unix
      timestamp as the existing driver, for ease of calculation with old 32-bit
      compilers, uses the common trick of shifting the 40-bits representing
      centiseconds around into 32-bits representing seconds thereby losing
      precision.
      
      Signed-off-by: Stuart Swales<stuart.swales.croftnuisk@gmail.com>
      Cc: Russell King <rmk@arm.linux.org.uk>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7a9730af
    • Stuart Swales's avatar
      adfs: fix E+/F+ dir size > 2048 crashing kernel · 2f09719a
      Stuart Swales authored
      Kernel crashes in fs/adfs module when accessing directories with a large
      number of objects on mounted Acorn ADFS E+/F+ format discs (or images) as
      the existing code writes off the end of the fixed array of struct
      buffer_head pointers.
      
      Additionally, each directory access that didn't crash would leak a buffer
      as nr_buffers was not adjusted correctly for E+/F+ discs (was always left
      as one less than required).
      
      The patch fixes this by allocating a dynamically-sized set of struct
      buffer_head pointers if necessary for the E+/F+ case (many directories
      still do in fact fit in 2048 bytes) and sets the correct nr_buffers so
      that all buffers are released.
      
      Addresses https://bugzilla.kernel.org/show_bug.cgi?id=26072
      
      Tested by tar'ing the contents of my RISC PC's E+ format 20Gb HDD which
      contains a number of large directories that previously crashed the kernel.
      Signed-off-by: default avatarStuart Swales <stuart.swales.croftnuisk@gmail.com>
      Cc: Russell King <rmk@arm.linux.org.uk>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      2f09719a
  28. 10 Mar, 2011 1 commit
  29. 01 Mar, 2011 1 commit
    • Arnd Bergmann's avatar
      adfs: remove the big kernel lock · 4688a066
      Arnd Bergmann authored
      According to Russell King, adfs was written to not require the big
      kernel lock, and all inode updates are done under adfs_dir_lock.
      
      All other metadata in adfs is read-only and does not require locking.
      The use of the BKL is the result of various pushdowns from the VFS
      operations.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Acked-by: default avatarRussell King <rmk@arm.linux.org.uk>
      Cc: Stuart Swales <stuart.swales.croftnuisk@gmail.com>
      4688a066
  30. 12 Jan, 2011 1 commit
  31. 06 Jan, 2011 3 commits
    • Nick Piggin's avatar
      fs: dcache reduce branches in lookup path · fb045adb
      Nick Piggin authored
      Reduce some branches and memory accesses in dcache lookup by adding dentry
      flags to indicate common d_ops are set, rather than having to check them.
      This saves a pointer memory access (dentry->d_op) in common path lookup
      situations, and saves another pointer load and branch in cases where we
      have d_op but not the particular operation.
      
      Patched with:
      
      git grep -E '[.>]([[:space:]])*d_op([[:space:]])*=' | xargs sed -e 's/\([^\t ]*\)->d_op = \(.*\);/d_set_d_op(\1, \2);/' -e 's/\([^\t ]*\)\.d_op = \(.*\);/d_set_d_op(\&\1, \2);/' -i
      Signed-off-by: default avatarNick Piggin <npiggin@kernel.dk>
      fb045adb
    • Nick Piggin's avatar
      fs: icache RCU free inodes · fa0d7e3d
      Nick Piggin authored
      RCU free the struct inode. This will allow:
      
      - Subsequent store-free path walking patch. The inode must be consulted for
        permissions when walking, so an RCU inode reference is a must.
      - sb_inode_list_lock to be moved inside i_lock because sb list walkers who want
        to take i_lock no longer need to take sb_inode_list_lock to walk the list in
        the first place. This will simplify and optimize locking.
      - Could remove some nested trylock loops in dcache code
      - Could potentially simplify things a bit in VM land. Do not need to take the
        page lock to follow page->mapping.
      
      The downsides of this is the performance cost of using RCU. In a simple
      creat/unlink microbenchmark, performance drops by about 10% due to inability to
      reuse cache-hot slab objects. As iterations increase and RCU freeing starts
      kicking over, this increases to about 20%.
      
      In cases where inode lifetimes are longer (ie. many inodes may be allocated
      during the average life span of a single inode), a lot of this cache reuse is
      not applicable, so the regression caused by this patch is smaller.
      
      The cache-hot regression could largely be avoided by using SLAB_DESTROY_BY_RCU,
      however this adds some complexity to list walking and store-free path walking,
      so I prefer to implement this at a later date, if it is shown to be a win in
      real situations. I haven't found a regression in any non-micro benchmark so I
      doubt it will be a problem.
      Signed-off-by: default avatarNick Piggin <npiggin@kernel.dk>
      fa0d7e3d
    • Nick Piggin's avatar
      fs: change d_hash for rcu-walk · b1e6a015
      Nick Piggin authored
      Change d_hash so it may be called from lock-free RCU lookups. See similar
      patch for d_compare for details.
      
      For in-tree filesystems, this is just a mechanical change.
      Signed-off-by: default avatarNick Piggin <npiggin@kernel.dk>
      b1e6a015