linux.git/fs/orangefs/devorangefs-req.c, branch v4.9 Linux kernel source tree Merge branch 'misc' into for-next 2016-09-28T18:50:46+00:00 Martin Brandenburg martin@omnibond.com 2016-09-28T18:50:46+00:00 b78b11985a36bfe768add17ffb70bbaf9d8d7627 Pull in an OrangeFS branch containing miscellaneous improvements. - clean up debugfs globals - remove dead code in sysfs - reorganize duplicated sysfs attribute structs - consolidate sysfs show and store functions - remove duplicated sysfs_ops structures - describe organization of sysfs - make devreq_mutex static - g_orangefs_stats -> orangefs_stats for consistency - rename most remaining global variables 
Pull in an OrangeFS branch containing miscellaneous improvements.

- clean up debugfs globals
- remove dead code in sysfs
- reorganize duplicated sysfs attribute structs
- consolidate sysfs show and store functions
- remove duplicated sysfs_ops structures
- describe organization of sysfs
- make devreq_mutex static
- g_orangefs_stats -> orangefs_stats for consistency
- rename most remaining global variables
orangefs: rename most remaining global variables 2016-08-16T15:41:24+00:00 Martin Brandenburg martin@omnibond.com 2016-08-16T15:38:14+00:00 1d503617884ed43af1c03685e73ce23f155d3fa4 Only op_timeout_secs, slot_timeout_secs, and hash_table_size are left because they are exposed as module parameters. All other global variables have the orangefs_ prefix. Signed-off-by: Martin Brandenburg <martin@omnibond.com> 
Only op_timeout_secs, slot_timeout_secs, and hash_table_size are left
because they are exposed as module parameters. All other global
variables have the orangefs_ prefix.

Signed-off-by: Martin Brandenburg <martin@omnibond.com>
orangefs: make devreq_mutex static 2016-08-15T19:21:16+00:00 Martin Brandenburg martin@omnibond.com 2016-08-15T19:21:16+00:00 a0fe051592f1d31db491bb6cdcc87f512c5b6eaa Signed-off-by: Martin Brandenburg <martin@omnibond.com> 
Signed-off-by: Martin Brandenburg <martin@omnibond.com>
orangefs: clean up debugfs globals 2016-08-15T15:38:36+00:00 Martin Brandenburg martin@omnibond.com 2016-08-15T15:38:36+00:00 44f4641073f132429e1e9a53412600206e8f7d06 Mostly this is moving code into orangefs-debugfs.c so that globals turn into static globals. Then gossip_debug_mask is renamed orangefs_gossip_debug_mask but keeps global visibility, so it can be used from a macro. Signed-off-by: Martin Brandenburg <martin@omnibond.com> 
Mostly this is moving code into orangefs-debugfs.c so that globals turn
into static globals.

Then gossip_debug_mask is renamed orangefs_gossip_debug_mask but keeps
global visibility, so it can be used from a macro.

Signed-off-by: Martin Brandenburg <martin@omnibond.com>
orangefs: add features op 2016-08-12T19:12:54+00:00 Martin Brandenburg martin@omnibond.com 2016-08-12T16:02:31+00:00 482664ddba81b3a5404fd083bb9697dfffc0b6a4 This is a new userspace operation, which will be done if the client-core version is greater than or equal to 2.9.6. This will provide a way to implement optional features and to determine which features are supported by the client-core. If the client-core version is older than 2.9.6, no optional features are supported and the op will not be done. The intent is to allow protocol extensions without relying on the client-core's current behavior of ignoring what it doesn't understand. Signed-off-by: Martin Brandenburg <martin@omnibond.com> 
This is a new userspace operation, which will be done if the client-core
version is greater than or equal to 2.9.6. This will provide a way to
implement optional features and to determine which features are
supported by the client-core. If the client-core version is older than
2.9.6, no optional features are supported and the op will not be done.

The intent is to allow protocol extensions without relying on the
client-core's current behavior of ignoring what it doesn't understand.

Signed-off-by: Martin Brandenburg <martin@omnibond.com>
orangefs: record userspace version for feature compatbility 2016-08-09T20:25:51+00:00 Martin Brandenburg martin@omnibond.com 2016-08-09T19:59:26+00:00 f2ee3b759593c184f1249e03d613a84b4b69db2b The client reports its version to the kernel on startup. We already test that it is above the minimum version. Now we record it in a global variable so code elsewhere can consult it before making a request the client may not understand. Signed-off-by: Martin Brandenburg <martin@omnibond.com> 
The client reports its version to the kernel on startup. We already test
that it is above the minimum version. Now we record it in a global
variable so code elsewhere can consult it before making a request the
client may not understand.

Signed-off-by: Martin Brandenburg <martin@omnibond.com>
orangefs: fix namespace handling 2016-07-05T19:47:43+00:00 Jann Horn jannh@google.com 2016-06-24T23:51:52+00:00 78fee0b6846f27872321338db6afe280f059ae99 In orangefs_inode_getxattr(), an fsuid is written to dmesg. The kuid is converted to a userspace uid via from_kuid(current_user_ns(), [...]), but since dmesg is global, init_user_ns should be used here instead. In copy_attributes_from_inode(), op_alloc() and fill_default_sys_attrs(), upcall structures are populated with uids/gids that have been mapped into the caller's namespace. However, those upcall structures are read by another process (the userspace filesystem driver), and that process might be running in another namespace. This effectively lets any user spoof its uid and gid as seen by the userspace filesystem driver. To fix the second issue, I just construct the opcall structures with init_user_ns uids/gids and require the filesystem server to run in the init namespace. Since orangefs is full of global state anyway (as the error message in DUMP_DEVICE_ERROR explains, there can only be one userspace orangefs filesystem driver at once), that shouldn't be a problem. [ Why does orangefs even exist in the kernel if everything does upcalls into userspace? What does orangefs do that couldn't be done with the FUSE interface? If there is no good answer to those questions, I'd prefer to see orangefs kicked out of the kernel. Can that be done for something that shipped in a release? According to commit f7ab093f74bf ("Orangefs: kernel client part 1"), they even already have a FUSE daemon, and the only rational reason (apart from "but most of our users report preferring to use our kernel module instead") given for not wanting to use FUSE is one "in-the-works" feature that could probably be integated into FUSE instead. ] This patch has been compile-tested. Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Mike Marshall <hubcap@omnibond.com> 
In orangefs_inode_getxattr(), an fsuid is written to dmesg. The kuid is
converted to a userspace uid via from_kuid(current_user_ns(), [...]), but
since dmesg is global, init_user_ns should be used here instead.

In copy_attributes_from_inode(), op_alloc() and fill_default_sys_attrs(),
upcall structures are populated with uids/gids that have been mapped into
the caller's namespace. However, those upcall structures are read by
another process (the userspace filesystem driver), and that process might
be running in another namespace. This effectively lets any user spoof its
uid and gid as seen by the userspace filesystem driver.

To fix the second issue, I just construct the opcall structures with
init_user_ns uids/gids and require the filesystem server to run in the
init namespace. Since orangefs is full of global state anyway (as the error
message in DUMP_DEVICE_ERROR explains, there can only be one userspace
orangefs filesystem driver at once), that shouldn't be a problem.

[
Why does orangefs even exist in the kernel if everything does upcalls into
userspace? What does orangefs do that couldn't be done with the FUSE
interface? If there is no good answer to those questions, I'd prefer to see
orangefs kicked out of the kernel. Can that be done for something that
shipped in a release?

According to commit f7ab093f74bf ("Orangefs: kernel client part 1"), they
even already have a FUSE daemon, and the only rational reason (apart from
"but most of our users report preferring to use our kernel module instead")
given for not wanting to use FUSE is one "in-the-works" feature that could
probably be integated into FUSE instead.
]

This patch has been compile-tested.

Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
orangefs: fix orangefs_superblock locking 2016-03-26T11:22:00+00:00 Al Viro viro@zeniv.linux.org.uk 2016-03-25T23:56:34+00:00 45996492e5c85aa0ac93a95d1b2d1ed56851c865 * switch orangefs_remount() to taking ORANGEFS_SB(sb) instead of sb * remove from the list _before_ orangefs_unmount() - request_mutex in the latter will make sure that nothing observed in the loop in ORANGEFS_DEV_REMOUNT_ALL handling will get freed until the end of loop * on removal, keep the forward pointer and zero the back one. That way we can drop and regain the spinlock in the loop body (again, ORANGEFS_DEV_REMOUNT_ALL one) and still be able to get to the rest of the list. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Mike Marshall <hubcap@omnibond.com> 
* switch orangefs_remount() to taking ORANGEFS_SB(sb) instead of sb
* remove from the list _before_ orangefs_unmount() - request_mutex
in the latter will make sure that nothing observed in the loop in
ORANGEFS_DEV_REMOUNT_ALL handling will get freed until the end
of loop
* on removal, keep the forward pointer and zero the back one.  That
way we can drop and regain the spinlock in the loop body (again,
ORANGEFS_DEV_REMOUNT_ALL one) and still be able to get to the
rest of the list.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
Orangefs: Extra sanity insurance on buffer before using string functions on it. 2016-03-14T19:48:28+00:00 Mike Marshall hubcap@omnibond.com 2016-03-14T19:28:34+00:00 53f57fef43f5b9586c7a78acdeae27e206eae48b Signed-off-by: Mike Marshall <hubcap@omnibond.com> 
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
orangefs: make fs_mount_pending static 2016-03-09T18:26:39+00:00 Martin Brandenburg martin@omnibond.com 2016-03-05T18:17:39+00:00 acfcbaf1925f2dc5c46c61de69d756dec92a2ff8 Signed-off-by: Martin Brandenburg <martin@omnibond.com> Signed-off-by: Mike Marshall <hubcap@omnibond.com> 
Signed-off-by: Martin Brandenburg <martin@omnibond.com>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>