<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/fs/orangefs/devorangefs-req.c, branch linux-4.9.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>orangefs: initialize op on loop restart in orangefs_devreq_read</title>
<updated>2018-01-31T11:55:50+00:00</updated>
<author>
<name>Martin Brandenburg</name>
<email>martin@omnibond.com</email>
</author>
<published>2018-01-22T20:44:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=5c26ee198fcacda157918a9b211ba1f111e1ed9b'/>
<id>5c26ee198fcacda157918a9b211ba1f111e1ed9b</id>
<content type='text'>
commit a0ec1ded22e6a6bc41981fae22406835b006a66e upstream.

In orangefs_devreq_read, there is a loop which picks an op off the list
of pending ops.  If the loop fails to find an op, there is nothing to
read, and it returns EAGAIN.  If the op has been given up on, the loop
is restarted via a goto.  The bug is that the variable which the found
op is written to is not reinitialized, so if there are no more eligible
ops on the list, the code runs again on the already handled op.

This is triggered by interrupting a process while the op is being copied
to the client-core.  It's a fairly small window, but it's there.

Signed-off-by: Martin Brandenburg &lt;martin@omnibond.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit a0ec1ded22e6a6bc41981fae22406835b006a66e upstream.

In orangefs_devreq_read, there is a loop which picks an op off the list
of pending ops.  If the loop fails to find an op, there is nothing to
read, and it returns EAGAIN.  If the op has been given up on, the loop
is restarted via a goto.  The bug is that the variable which the found
op is written to is not reinitialized, so if there are no more eligible
ops on the list, the code runs again on the already handled op.

This is triggered by interrupting a process while the op is being copied
to the client-core.  It's a fairly small window, but it's there.

Signed-off-by: Martin Brandenburg &lt;martin@omnibond.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>orangefs: free superblock when mount fails</title>
<updated>2017-04-21T07:31:19+00:00</updated>
<author>
<name>Martin Brandenburg</name>
<email>martin@omnibond.com</email>
</author>
<published>2017-04-14T18:22:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=975a7ea950c6d9bcb3666505c6ca9df9b404105c'/>
<id>975a7ea950c6d9bcb3666505c6ca9df9b404105c</id>
<content type='text'>
commit 1ec1688c5360e14dde4094d6acbf7516bf6db37e upstream.

Otherwise lockdep says:

[ 1337.483798] ================================================
[ 1337.483999] [ BUG: lock held when returning to user space! ]
[ 1337.484252] 4.11.0-rc6 #19 Not tainted
[ 1337.484423] ------------------------------------------------
[ 1337.484626] mount/14766 is leaving the kernel with locks still held!
[ 1337.484841] 1 lock held by mount/14766:
[ 1337.485017]  #0:  (&amp;type-&gt;s_umount_key#33/1){+.+.+.}, at: [&lt;ffffffff8124171f&gt;] sget_userns+0x2af/0x520

Caught by xfstests generic/413 which tried to mount with the unsupported
mount option dax.  Then xfstests generic/422 ran sync which deadlocks.

Signed-off-by: Martin Brandenburg &lt;martin@omnibond.com&gt;
Acked-by: Mike Marshall &lt;hubcap@omnibond.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 1ec1688c5360e14dde4094d6acbf7516bf6db37e upstream.

Otherwise lockdep says:

[ 1337.483798] ================================================
[ 1337.483999] [ BUG: lock held when returning to user space! ]
[ 1337.484252] 4.11.0-rc6 #19 Not tainted
[ 1337.484423] ------------------------------------------------
[ 1337.484626] mount/14766 is leaving the kernel with locks still held!
[ 1337.484841] 1 lock held by mount/14766:
[ 1337.485017]  #0:  (&amp;type-&gt;s_umount_key#33/1){+.+.+.}, at: [&lt;ffffffff8124171f&gt;] sget_userns+0x2af/0x520

Caught by xfstests generic/413 which tried to mount with the unsupported
mount option dax.  Then xfstests generic/422 ran sync which deadlocks.

Signed-off-by: Martin Brandenburg &lt;martin@omnibond.com&gt;
Acked-by: Mike Marshall &lt;hubcap@omnibond.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>orangefs: Dan Carpenter influenced cleanups...</title>
<updated>2017-04-18T05:11:46+00:00</updated>
<author>
<name>Mike Marshall</name>
<email>hubcap@omnibond.com</email>
</author>
<published>2017-02-09T19:38:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=1b9921866dc5b7d1a1bfdc6236e671ca59d61623'/>
<id>1b9921866dc5b7d1a1bfdc6236e671ca59d61623</id>
<content type='text'>
commit 05973c2efb40122f2a9ecde2d065f7ea5068d024 upstream.

This patch is simlar to one Dan Carpenter sent me, cleans
up some return codes and whitespace errors. There was one
place where he thought inserting an error message into
the ring buffer might be too chatty, I hope I convinced him
othewise. As a consolation &lt;g&gt; I changed a truly chatty
error message in another location into a debug message,
system-admins had already yelled at me about that one...

Signed-off-by: Mike Marshall &lt;hubcap@omnibond.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 05973c2efb40122f2a9ecde2d065f7ea5068d024 upstream.

This patch is simlar to one Dan Carpenter sent me, cleans
up some return codes and whitespace errors. There was one
place where he thought inserting an error message into
the ring buffer might be too chatty, I hope I convinced him
othewise. As a consolation &lt;g&gt; I changed a truly chatty
error message in another location into a debug message,
system-admins had already yelled at me about that one...

Signed-off-by: Mike Marshall &lt;hubcap@omnibond.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>Merge branch 'misc' into for-next</title>
<updated>2016-09-28T18:50:46+00:00</updated>
<author>
<name>Martin Brandenburg</name>
<email>martin@omnibond.com</email>
</author>
<published>2016-09-28T18:50:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=b78b11985a36bfe768add17ffb70bbaf9d8d7627'/>
<id>b78b11985a36bfe768add17ffb70bbaf9d8d7627</id>
<content type='text'>
Pull in an OrangeFS branch containing miscellaneous improvements.

- clean up debugfs globals
- remove dead code in sysfs
- reorganize duplicated sysfs attribute structs
- consolidate sysfs show and store functions
- remove duplicated sysfs_ops structures
- describe organization of sysfs
- make devreq_mutex static
- g_orangefs_stats -&gt; orangefs_stats for consistency
- rename most remaining global variables
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull in an OrangeFS branch containing miscellaneous improvements.

- clean up debugfs globals
- remove dead code in sysfs
- reorganize duplicated sysfs attribute structs
- consolidate sysfs show and store functions
- remove duplicated sysfs_ops structures
- describe organization of sysfs
- make devreq_mutex static
- g_orangefs_stats -&gt; orangefs_stats for consistency
- rename most remaining global variables
</pre>
</div>
</content>
</entry>
<entry>
<title>orangefs: rename most remaining global variables</title>
<updated>2016-08-16T15:41:24+00:00</updated>
<author>
<name>Martin Brandenburg</name>
<email>martin@omnibond.com</email>
</author>
<published>2016-08-16T15:38:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=1d503617884ed43af1c03685e73ce23f155d3fa4'/>
<id>1d503617884ed43af1c03685e73ce23f155d3fa4</id>
<content type='text'>
Only op_timeout_secs, slot_timeout_secs, and hash_table_size are left
because they are exposed as module parameters. All other global
variables have the orangefs_ prefix.

Signed-off-by: Martin Brandenburg &lt;martin@omnibond.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Only op_timeout_secs, slot_timeout_secs, and hash_table_size are left
because they are exposed as module parameters. All other global
variables have the orangefs_ prefix.

Signed-off-by: Martin Brandenburg &lt;martin@omnibond.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>orangefs: make devreq_mutex static</title>
<updated>2016-08-15T19:21:16+00:00</updated>
<author>
<name>Martin Brandenburg</name>
<email>martin@omnibond.com</email>
</author>
<published>2016-08-15T19:21:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a0fe051592f1d31db491bb6cdcc87f512c5b6eaa'/>
<id>a0fe051592f1d31db491bb6cdcc87f512c5b6eaa</id>
<content type='text'>
Signed-off-by: Martin Brandenburg &lt;martin@omnibond.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: Martin Brandenburg &lt;martin@omnibond.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>orangefs: clean up debugfs globals</title>
<updated>2016-08-15T15:38:36+00:00</updated>
<author>
<name>Martin Brandenburg</name>
<email>martin@omnibond.com</email>
</author>
<published>2016-08-15T15:38:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=44f4641073f132429e1e9a53412600206e8f7d06'/>
<id>44f4641073f132429e1e9a53412600206e8f7d06</id>
<content type='text'>
Mostly this is moving code into orangefs-debugfs.c so that globals turn
into static globals.

Then gossip_debug_mask is renamed orangefs_gossip_debug_mask but keeps
global visibility, so it can be used from a macro.

Signed-off-by: Martin Brandenburg &lt;martin@omnibond.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Mostly this is moving code into orangefs-debugfs.c so that globals turn
into static globals.

Then gossip_debug_mask is renamed orangefs_gossip_debug_mask but keeps
global visibility, so it can be used from a macro.

Signed-off-by: Martin Brandenburg &lt;martin@omnibond.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>orangefs: add features op</title>
<updated>2016-08-12T19:12:54+00:00</updated>
<author>
<name>Martin Brandenburg</name>
<email>martin@omnibond.com</email>
</author>
<published>2016-08-12T16:02:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=482664ddba81b3a5404fd083bb9697dfffc0b6a4'/>
<id>482664ddba81b3a5404fd083bb9697dfffc0b6a4</id>
<content type='text'>
This is a new userspace operation, which will be done if the client-core
version is greater than or equal to 2.9.6. This will provide a way to
implement optional features and to determine which features are
supported by the client-core. If the client-core version is older than
2.9.6, no optional features are supported and the op will not be done.

The intent is to allow protocol extensions without relying on the
client-core's current behavior of ignoring what it doesn't understand.

Signed-off-by: Martin Brandenburg &lt;martin@omnibond.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This is a new userspace operation, which will be done if the client-core
version is greater than or equal to 2.9.6. This will provide a way to
implement optional features and to determine which features are
supported by the client-core. If the client-core version is older than
2.9.6, no optional features are supported and the op will not be done.

The intent is to allow protocol extensions without relying on the
client-core's current behavior of ignoring what it doesn't understand.

Signed-off-by: Martin Brandenburg &lt;martin@omnibond.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>orangefs: record userspace version for feature compatbility</title>
<updated>2016-08-09T20:25:51+00:00</updated>
<author>
<name>Martin Brandenburg</name>
<email>martin@omnibond.com</email>
</author>
<published>2016-08-09T19:59:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f2ee3b759593c184f1249e03d613a84b4b69db2b'/>
<id>f2ee3b759593c184f1249e03d613a84b4b69db2b</id>
<content type='text'>
The client reports its version to the kernel on startup. We already test
that it is above the minimum version. Now we record it in a global
variable so code elsewhere can consult it before making a request the
client may not understand.

Signed-off-by: Martin Brandenburg &lt;martin@omnibond.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The client reports its version to the kernel on startup. We already test
that it is above the minimum version. Now we record it in a global
variable so code elsewhere can consult it before making a request the
client may not understand.

Signed-off-by: Martin Brandenburg &lt;martin@omnibond.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>orangefs: fix namespace handling</title>
<updated>2016-07-05T19:47:43+00:00</updated>
<author>
<name>Jann Horn</name>
<email>jannh@google.com</email>
</author>
<published>2016-06-24T23:51:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=78fee0b6846f27872321338db6afe280f059ae99'/>
<id>78fee0b6846f27872321338db6afe280f059ae99</id>
<content type='text'>
In orangefs_inode_getxattr(), an fsuid is written to dmesg. The kuid is
converted to a userspace uid via from_kuid(current_user_ns(), [...]), but
since dmesg is global, init_user_ns should be used here instead.

In copy_attributes_from_inode(), op_alloc() and fill_default_sys_attrs(),
upcall structures are populated with uids/gids that have been mapped into
the caller's namespace. However, those upcall structures are read by
another process (the userspace filesystem driver), and that process might
be running in another namespace. This effectively lets any user spoof its
uid and gid as seen by the userspace filesystem driver.

To fix the second issue, I just construct the opcall structures with
init_user_ns uids/gids and require the filesystem server to run in the
init namespace. Since orangefs is full of global state anyway (as the error
message in DUMP_DEVICE_ERROR explains, there can only be one userspace
orangefs filesystem driver at once), that shouldn't be a problem.

[
Why does orangefs even exist in the kernel if everything does upcalls into
userspace? What does orangefs do that couldn't be done with the FUSE
interface? If there is no good answer to those questions, I'd prefer to see
orangefs kicked out of the kernel. Can that be done for something that
shipped in a release?

According to commit f7ab093f74bf ("Orangefs: kernel client part 1"), they
even already have a FUSE daemon, and the only rational reason (apart from
"but most of our users report preferring to use our kernel module instead")
given for not wanting to use FUSE is one "in-the-works" feature that could
probably be integated into FUSE instead.
]

This patch has been compile-tested.

Signed-off-by: Jann Horn &lt;jannh@google.com&gt;
Signed-off-by: Mike Marshall &lt;hubcap@omnibond.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
In orangefs_inode_getxattr(), an fsuid is written to dmesg. The kuid is
converted to a userspace uid via from_kuid(current_user_ns(), [...]), but
since dmesg is global, init_user_ns should be used here instead.

In copy_attributes_from_inode(), op_alloc() and fill_default_sys_attrs(),
upcall structures are populated with uids/gids that have been mapped into
the caller's namespace. However, those upcall structures are read by
another process (the userspace filesystem driver), and that process might
be running in another namespace. This effectively lets any user spoof its
uid and gid as seen by the userspace filesystem driver.

To fix the second issue, I just construct the opcall structures with
init_user_ns uids/gids and require the filesystem server to run in the
init namespace. Since orangefs is full of global state anyway (as the error
message in DUMP_DEVICE_ERROR explains, there can only be one userspace
orangefs filesystem driver at once), that shouldn't be a problem.

[
Why does orangefs even exist in the kernel if everything does upcalls into
userspace? What does orangefs do that couldn't be done with the FUSE
interface? If there is no good answer to those questions, I'd prefer to see
orangefs kicked out of the kernel. Can that be done for something that
shipped in a release?

According to commit f7ab093f74bf ("Orangefs: kernel client part 1"), they
even already have a FUSE daemon, and the only rational reason (apart from
"but most of our users report preferring to use our kernel module instead")
given for not wanting to use FUSE is one "in-the-works" feature that could
probably be integated into FUSE instead.
]

This patch has been compile-tested.

Signed-off-by: Jann Horn &lt;jannh@google.com&gt;
Signed-off-by: Mike Marshall &lt;hubcap@omnibond.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
