<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/fs/f2fs/acl.c, branch v5.2</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>f2fs: Replace spaces with tab</title>
<updated>2019-05-09T04:23:11+00:00</updated>
<author>
<name>Youngjun Yoo</name>
<email>youngjun.willow@gmail.com</email>
</author>
<published>2019-04-20T13:50:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=3a912b773238ae8ba0c03df86361c8b2b9265b3b'/>
<id>3a912b773238ae8ba0c03df86361c8b2b9265b3b</id>
<content type='text'>
Modify coding style
ERROR: code indent should use tabs where possible

Signed-off-by: Youngjun Yoo &lt;youngjun.willow@gmail.com&gt;
Reviewed-by: Chao Yu &lt;yuchao0@huawei.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Modify coding style
ERROR: code indent should use tabs where possible

Signed-off-by: Youngjun Yoo &lt;youngjun.willow@gmail.com&gt;
Reviewed-by: Chao Yu &lt;yuchao0@huawei.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>f2fs: insert space before the open parenthesis '('</title>
<updated>2019-05-09T04:23:11+00:00</updated>
<author>
<name>Youngjun Yoo</name>
<email>youngjun.willow@gmail.com</email>
</author>
<published>2019-04-20T13:51:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=c456362b91a681f1e9a1399cebb4586abc819541'/>
<id>c456362b91a681f1e9a1399cebb4586abc819541</id>
<content type='text'>
Modify coding style
ERROR: space required before the open parenthesis '('

Signed-off-by: Youngjun Yoo &lt;youngjun.willow@gmail.com&gt;
Reviewed-by: Chao Yu &lt;yuchao0@huawei.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Modify coding style
ERROR: space required before the open parenthesis '('

Signed-off-by: Youngjun Yoo &lt;youngjun.willow@gmail.com&gt;
Reviewed-by: Chao Yu &lt;yuchao0@huawei.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>f2fs: use kvmalloc, if kmalloc is failed</title>
<updated>2018-12-26T23:16:53+00:00</updated>
<author>
<name>Jaegeuk Kim</name>
<email>jaegeuk@kernel.org</email>
</author>
<published>2018-12-14T02:38:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=5222595d093ebe80329d38d255d14316257afb3e'/>
<id>5222595d093ebe80329d38d255d14316257afb3e</id>
<content type='text'>
One report says memalloc failure during mount.

 (unwind_backtrace) from [&lt;c010cd4c&gt;] (show_stack+0x10/0x14)
 (show_stack) from [&lt;c049c6b8&gt;] (dump_stack+0x8c/0xa0)
 (dump_stack) from [&lt;c024fcf0&gt;] (warn_alloc+0xc4/0x160)
 (warn_alloc) from [&lt;c0250218&gt;] (__alloc_pages_nodemask+0x3f4/0x10d0)
 (__alloc_pages_nodemask) from [&lt;c0270450&gt;] (kmalloc_order_trace+0x2c/0x120)
 (kmalloc_order_trace) from [&lt;c03fa748&gt;] (build_node_manager+0x35c/0x688)
 (build_node_manager) from [&lt;c03de494&gt;] (f2fs_fill_super+0xf0c/0x16cc)
 (f2fs_fill_super) from [&lt;c02a5864&gt;] (mount_bdev+0x15c/0x188)
 (mount_bdev) from [&lt;c03da624&gt;] (f2fs_mount+0x18/0x20)
 (f2fs_mount) from [&lt;c02a68b8&gt;] (mount_fs+0x158/0x19c)
 (mount_fs) from [&lt;c02c3c9c&gt;] (vfs_kern_mount+0x78/0x134)
 (vfs_kern_mount) from [&lt;c02c76ac&gt;] (do_mount+0x474/0xca4)
 (do_mount) from [&lt;c02c8264&gt;] (SyS_mount+0x94/0xbc)
 (SyS_mount) from [&lt;c0108180&gt;] (ret_fast_syscall+0x0/0x48)

Reviewed-by: Chao Yu &lt;yuchao0@huawei.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
One report says memalloc failure during mount.

 (unwind_backtrace) from [&lt;c010cd4c&gt;] (show_stack+0x10/0x14)
 (show_stack) from [&lt;c049c6b8&gt;] (dump_stack+0x8c/0xa0)
 (dump_stack) from [&lt;c024fcf0&gt;] (warn_alloc+0xc4/0x160)
 (warn_alloc) from [&lt;c0250218&gt;] (__alloc_pages_nodemask+0x3f4/0x10d0)
 (__alloc_pages_nodemask) from [&lt;c0270450&gt;] (kmalloc_order_trace+0x2c/0x120)
 (kmalloc_order_trace) from [&lt;c03fa748&gt;] (build_node_manager+0x35c/0x688)
 (build_node_manager) from [&lt;c03de494&gt;] (f2fs_fill_super+0xf0c/0x16cc)
 (f2fs_fill_super) from [&lt;c02a5864&gt;] (mount_bdev+0x15c/0x188)
 (mount_bdev) from [&lt;c03da624&gt;] (f2fs_mount+0x18/0x20)
 (f2fs_mount) from [&lt;c02a68b8&gt;] (mount_fs+0x158/0x19c)
 (mount_fs) from [&lt;c02c3c9c&gt;] (vfs_kern_mount+0x78/0x134)
 (vfs_kern_mount) from [&lt;c02c76ac&gt;] (do_mount+0x474/0xca4)
 (do_mount) from [&lt;c02c8264&gt;] (SyS_mount+0x94/0xbc)
 (SyS_mount) from [&lt;c0108180&gt;] (ret_fast_syscall+0x0/0x48)

Reviewed-by: Chao Yu &lt;yuchao0@huawei.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>f2fs: fix wrong return value of f2fs_acl_create</title>
<updated>2018-11-26T23:54:37+00:00</updated>
<author>
<name>Tiezhu Yang</name>
<email>kernelpatch@126.com</email>
</author>
<published>2018-11-20T23:21:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=f6176473a0c7472380eef72ebeb330cf9485bf0a'/>
<id>f6176473a0c7472380eef72ebeb330cf9485bf0a</id>
<content type='text'>
When call f2fs_acl_create_masq() failed, the caller f2fs_acl_create()
should return -EIO instead of -ENOMEM, this patch makes it consistent
with posix_acl_create() which has been fixed in commit beaf226b863a
("posix_acl: don't ignore return value of posix_acl_create_masq()").

Fixes: 83dfe53c185e ("f2fs: fix reference leaks in f2fs_acl_create")
Signed-off-by: Tiezhu Yang &lt;kernelpatch@126.com&gt;
Reviewed-by: Chao Yu &lt;yuchao0@huawei.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When call f2fs_acl_create_masq() failed, the caller f2fs_acl_create()
should return -EIO instead of -ENOMEM, this patch makes it consistent
with posix_acl_create() which has been fixed in commit beaf226b863a
("posix_acl: don't ignore return value of posix_acl_create_masq()").

Fixes: 83dfe53c185e ("f2fs: fix reference leaks in f2fs_acl_create")
Signed-off-by: Tiezhu Yang &lt;kernelpatch@126.com&gt;
Reviewed-by: Chao Yu &lt;yuchao0@huawei.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>f2fs: add SPDX license identifiers</title>
<updated>2018-09-12T20:07:10+00:00</updated>
<author>
<name>Chao Yu</name>
<email>yuchao0@huawei.com</email>
</author>
<published>2018-09-12T01:16:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=7c1a000d466235c875a989971cfda344e6bb1166'/>
<id>7c1a000d466235c875a989971cfda344e6bb1166</id>
<content type='text'>
Remove the verbose license text from f2fs files and replace them with
SPDX tags.  This does not change the license of any of the code.

Signed-off-by: Chao Yu &lt;yuchao0@huawei.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Remove the verbose license text from f2fs files and replace them with
SPDX tags.  This does not change the license of any of the code.

Signed-off-by: Chao Yu &lt;yuchao0@huawei.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>f2fs: cache NULL when both default_acl and acl are NULL</title>
<updated>2018-09-11T20:16:03+00:00</updated>
<author>
<name>Chengguang Xu</name>
<email>cgxu519@gmx.com</email>
</author>
<published>2018-08-31T14:33:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=313ed62a3ddc2cbe16087630910b41a87bfd9a1f'/>
<id>313ed62a3ddc2cbe16087630910b41a87bfd9a1f</id>
<content type='text'>
default_acl and acl of newly created inode will be initiated
as ACL_NOT_CACHED in vfs function inode_init_always() and later
will be updated by calling xxx_init_acl() in specific filesystems.
Howerver, when default_acl and acl are NULL then they keep the value
of ACL_NOT_CACHED, this patch tries to cache NULL for acl/default_acl
in this case.

Signed-off-by: Chengguang Xu &lt;cgxu519@gmx.com&gt;
Acked-by: Chao Yu &lt;yuchao0@huawei.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
default_acl and acl of newly created inode will be initiated
as ACL_NOT_CACHED in vfs function inode_init_always() and later
will be updated by calling xxx_init_acl() in specific filesystems.
Howerver, when default_acl and acl are NULL then they keep the value
of ACL_NOT_CACHED, this patch tries to cache NULL for acl/default_acl
in this case.

Signed-off-by: Chengguang Xu &lt;cgxu519@gmx.com&gt;
Acked-by: Chao Yu &lt;yuchao0@huawei.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>f2fs: add additional sanity check in f2fs_acl_from_disk()</title>
<updated>2018-09-05T20:40:31+00:00</updated>
<author>
<name>Chengguang Xu</name>
<email>cgxu519@gmx.com</email>
</author>
<published>2018-08-30T13:33:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=1618e6e297082def6350887e1c6c606749716fac'/>
<id>1618e6e297082def6350887e1c6c606749716fac</id>
<content type='text'>
Add additinal sanity check for irregular case(e.g. corruption).
If size of extended attribution is smaller than size of acl header,
then return -EINVAL.

Signed-off-by: Chengguang Xu &lt;cgxu519@gmx.com&gt;
Reviewed-by: Chao Yu &lt;yuchao0@huawei.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Add additinal sanity check for irregular case(e.g. corruption).
If size of extended attribution is smaller than size of acl header,
then return -EINVAL.

Signed-off-by: Chengguang Xu &lt;cgxu519@gmx.com&gt;
Reviewed-by: Chao Yu &lt;yuchao0@huawei.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>posix_acl: convert posix_acl.a_refcount from atomic_t to refcount_t</title>
<updated>2018-01-03T03:27:28+00:00</updated>
<author>
<name>Elena Reshetova</name>
<email>elena.reshetova@intel.com</email>
</author>
<published>2017-11-29T11:19:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=66717260545b67b04ce6b004fff26de7141b2757'/>
<id>66717260545b67b04ce6b004fff26de7141b2757</id>
<content type='text'>
atomic_t variables are currently used to implement reference
counters with the following properties:
 - counter is initialized to 1 using atomic_set()
 - a resource is freed upon counter reaching zero
 - once counter reaches zero, its further
   increments aren't allowed
 - counter schema uses basic atomic operations
   (set, inc, inc_not_zero, dec_and_test, etc.)

Such atomic variables should be converted to a newly provided
refcount_t type and API that prevents accidental counter overflows
and underflows. This is important since overflows and underflows
can lead to use-after-free situation and be exploitable.

The variable posix_acl.a_refcount is used as pure reference counter.
Convert it to refcount_t and fix up the operations.

**Important note for maintainers:

Some functions from refcount_t API defined in lib/refcount.c
have different memory ordering guarantees than their atomic
counterparts.
The full comparison can be seen in
https://lkml.org/lkml/2017/11/15/57 and it is hopefully soon
in state to be merged to the documentation tree.
Normally the differences should not matter since refcount_t provides
enough guarantees to satisfy the refcounting use cases, but in
some rare cases it might matter.
Please double check that you don't have some undocumented
memory guarantees for this variable usage.

For the posix_acl.a_refcount it might make a difference
in following places:
 - get_cached_acl(): increment in refcount_inc_not_zero() only
   guarantees control dependency on success vs. fully ordered
   atomic counterpart. However this operation is performed under
   rcu_read_lock(), so this should be fine.
 - posix_acl_release(): decrement in refcount_dec_and_test() only
   provides RELEASE ordering and control dependency on success
   vs. fully ordered atomic counterpart

Suggested-by: Kees Cook &lt;keescook@chromium.org&gt;
Reviewed-by: David Windsor &lt;dwindsor@gmail.com&gt;
Reviewed-by: Hans Liljestrand &lt;ishkamiel@gmail.com&gt;
Signed-off-by: Elena Reshetova &lt;elena.reshetova@intel.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
atomic_t variables are currently used to implement reference
counters with the following properties:
 - counter is initialized to 1 using atomic_set()
 - a resource is freed upon counter reaching zero
 - once counter reaches zero, its further
   increments aren't allowed
 - counter schema uses basic atomic operations
   (set, inc, inc_not_zero, dec_and_test, etc.)

Such atomic variables should be converted to a newly provided
refcount_t type and API that prevents accidental counter overflows
and underflows. This is important since overflows and underflows
can lead to use-after-free situation and be exploitable.

The variable posix_acl.a_refcount is used as pure reference counter.
Convert it to refcount_t and fix up the operations.

**Important note for maintainers:

Some functions from refcount_t API defined in lib/refcount.c
have different memory ordering guarantees than their atomic
counterparts.
The full comparison can be seen in
https://lkml.org/lkml/2017/11/15/57 and it is hopefully soon
in state to be merged to the documentation tree.
Normally the differences should not matter since refcount_t provides
enough guarantees to satisfy the refcounting use cases, but in
some rare cases it might matter.
Please double check that you don't have some undocumented
memory guarantees for this variable usage.

For the posix_acl.a_refcount it might make a difference
in following places:
 - get_cached_acl(): increment in refcount_inc_not_zero() only
   guarantees control dependency on success vs. fully ordered
   atomic counterpart. However this operation is performed under
   rcu_read_lock(), so this should be fine.
 - posix_acl_release(): decrement in refcount_dec_and_test() only
   provides RELEASE ordering and control dependency on success
   vs. fully ordered atomic counterpart

Suggested-by: Kees Cook &lt;keescook@chromium.org&gt;
Reviewed-by: David Windsor &lt;dwindsor@gmail.com&gt;
Reviewed-by: Hans Liljestrand &lt;ishkamiel@gmail.com&gt;
Signed-off-by: Elena Reshetova &lt;elena.reshetova@intel.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>f2fs: stop all the operations by cp_error flag</title>
<updated>2017-11-06T00:41:43+00:00</updated>
<author>
<name>Jaegeuk Kim</name>
<email>jaegeuk@kernel.org</email>
</author>
<published>2017-10-23T21:48:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=1f227a3e215d3613ea6cbc2fbe29caafbcaa8f71'/>
<id>1f227a3e215d3613ea6cbc2fbe29caafbcaa8f71</id>
<content type='text'>
This patch replaces to use cp_error flag instead of RDONLY for quota off.

Reviewed-by: Chao Yu &lt;yuchao0@huawei.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This patch replaces to use cp_error flag instead of RDONLY for quota off.

Reviewed-by: Chao Yu &lt;yuchao0@huawei.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>f2fs: preserve i_mode if __f2fs_set_acl() fails</title>
<updated>2017-07-29T00:48:54+00:00</updated>
<author>
<name>Ernesto A. Fernández</name>
<email>ernesto.mnd.fernandez@gmail.com</email>
</author>
<published>2017-07-24T01:32:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=14af20fcb1833dd776822361891963c90f7b0262'/>
<id>14af20fcb1833dd776822361891963c90f7b0262</id>
<content type='text'>
When changing a file's acl mask, __f2fs_set_acl() will first set the
group bits of i_mode to the value of the mask, and only then set the
actual extended attribute representing the new acl.

If the second part fails (due to lack of space, for example) and the
file had no acl attribute to begin with, the system will from now on
assume that the mask permission bits are actual group permission bits,
potentially granting access to the wrong users.

Prevent this by only changing the inode mode after the acl has been set.

Signed-off-by: Ernesto A. Fernández &lt;ernesto.mnd.fernandez@gmail.com&gt;
Reviewed-by: Chao Yu &lt;yuchao0@huawei.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When changing a file's acl mask, __f2fs_set_acl() will first set the
group bits of i_mode to the value of the mask, and only then set the
actual extended attribute representing the new acl.

If the second part fails (due to lack of space, for example) and the
file had no acl attribute to begin with, the system will from now on
assume that the mask permission bits are actual group permission bits,
potentially granting access to the wrong users.

Prevent this by only changing the inode mode after the acl has been set.

Signed-off-by: Ernesto A. Fernández &lt;ernesto.mnd.fernandez@gmail.com&gt;
Reviewed-by: Chao Yu &lt;yuchao0@huawei.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
