Linux kernel source tree https://git.amat.us/linux/atom/drivers/oprofile?h=v3.9 2013-03-04T03:36:31Z 2013-03-04T03:36:31Z Eric W. Biederman ebiederm@xmission.com 2013-03-03T03:39:14Z urn:sha1:7f78e0351394052e1a6293e175825eb5c7869507 Modify the request_module to prefix the file system type with "fs-" and add aliases to all of the filesystems that can be built as modules to match. A common practice is to build all of the kernel code and leave code that is not commonly needed as modules, with the result that many users are exposed to any bug anywhere in the kernel. Looking for filesystems with a fs- prefix limits the pool of possible modules that can be loaded by mount to just filesystems trivially making things safer with no real cost. Using aliases means user space can control the policy of which filesystem modules are auto-loaded by editing /etc/modprobe.d/*.conf with blacklist and alias directives. Allowing simple, safe, well understood work-arounds to known problematic software. This also addresses a rare but unfortunate problem where the filesystem name is not the same as it's module name and module auto-loading would not work. While writing this patch I saw a handful of such cases. The most significant being autofs that lives in the module autofs4. This is relevant to user namespaces because we can reach the request module in get_fs_type() without having any special permissions, and people get uncomfortable when a user specified string (in this case the filesystem type) goes all of the way to request_module. After having looked at this issue I don't think there is any particular reason to perform any filtering or permission checks beyond making it clear in the module request that we want a filesystem module. The common pattern in the kernel is to call request_module() without regards to the users permissions. In general all a filesystem module does once loaded is call register_filesystem() and go to sleep. Which means there is not much attack surface exposed by loading a filesytem module unless the filesystem is mounted. In a user namespace filesystems are not mounted unless .fs_flags = FS_USERNS_MOUNT, which most filesystems do not set today. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Acked-by: Kees Cook <keescook@chromium.org> Reported-by: Kees Cook <keescook@google.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> 2013-02-23T04:31:38Z Al Viro viro@zeniv.linux.org.uk 2013-01-28T19:42:42Z urn:sha1:3f3834c35466324e3a7d7bf3a950dbcd99645f38 Right now it's safe only during initial mount *and* functions are asking to be abused for dynamic adding of objects. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-10-09T07:22:18Z Konstantin Khlebnikov khlebnikov@openvz.org 2012-10-08T23:28:51Z urn:sha1:2dd8ad81e31d0d36a5d448329c646ab43eb17788 Some security modules and oprofile still uses VM_EXECUTABLE for retrieving a task's executable file. After this patch they will use mm->exe_file directly. mm->exe_file is protected with mm->mmap_sem, so locking stays the same. Signed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org> Acked-by: Chris Metcalf <cmetcalf@tilera.com> [arch/tile] Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> [tomoyo] Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Carsten Otte <cotte@de.ibm.com> Cc: Cyrill Gorcunov <gorcunov@openvz.org> Cc: Eric Paris <eparis@redhat.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Hugh Dickins <hughd@google.com> Cc: Ingo Molnar <mingo@redhat.com> Acked-by: James Morris <james.l.morris@oracle.com> Cc: Jason Baron <jbaron@redhat.com> Cc: Kentaro Takeda <takedakn@nttdata.co.jp> Cc: Matt Helsley <matthltc@us.ibm.com> Cc: Nick Piggin <npiggin@kernel.dk> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Robert Richter <robert.richter@amd.com> Cc: Suresh Siddha <suresh.b.siddha@intel.com> Cc: Venkatesh Pallipadi <venki@google.com> Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2012-08-27T12:49:39Z Robert Richter robert.richter@amd.com 2012-08-22T07:23:51Z urn:sha1:61bccf191fe2d55b8d003b4ea3f94913745aaefa Under certain workloads we see the following warnings: WQ on CPU0, prefer CPU1 WQ on CPU0, prefer CPU2 WQ on CPU0, prefer CPU3 It warns the user that the wq to access a per-cpu buffers runs not on the same cpu. This happens if the wq is rescheduled on a different cpu than where the buffer is located. This was probably implemented to detect performance issues. Not sure if there actually is one as the buffers are copied to a single buffer anyway which should be the actual bottleneck. We wont change WQ implementation. Since a user can do nothing the warning is pointless. Removing it. Cc: Andi Kleen <andi@firstfloor.org> Signed-off-by: Robert Richter <robert.richter@amd.com> 2012-06-22T14:31:20Z Robert Richter robert.richter@amd.com 2012-02-23T16:07:06Z urn:sha1:f8bbfd7d28303967ca4e8597de9bdc9bf8b197e7 This changes oprofile_perf.c to use the per-cpu framework. Using the per-cpu framework should avoid error like the following: arch/arm/oprofile/../../../drivers/oprofile/oprofile_perf.c:28:28: error: variably modified 'perf_events' at file scope Reported-by: William Cohen <wcohen@redhat.com> Cc: Will Deacon <will.deacon@arm.com> Signed-off-by: Robert Richter <robert.richter@amd.com> 2012-06-21T14:15:11Z Will Deacon will.deacon@arm.com 2012-06-08T15:16:04Z urn:sha1:e734568b675c985db2026848fefaac01c22977a5 The OProfile perf backend uses a static array to keep track of the perf events on the system. When compiling with CONFIG_CPUMASK_OFFSTACK=y && SMP, nr_cpumask_bits is not a compile-time constant and the build will fail with: oprofile_perf.c:28: error: variably modified 'perf_events' at file scope This patch uses NR_CPUs instead of nr_cpumask_bits for the array initialisation. If this causes space problems in the future, we can always move to dynamic allocation for the events array. Cc: Matt Fleming <matt@console-pimps.org> Reported-by: Russell King - ARM Linux <linux@arm.linux.org.uk> Signed-off-by: Will Deacon <will.deacon@arm.com> Cc: <stable@vger.kernel.org> # v2.6.37+ Signed-off-by: Robert Richter <robert.richter@amd.com> 2012-04-05T22:25:50Z Stephen Boyd sboyd@codeaurora.org 2012-04-05T21:25:11Z urn:sha1:234e340582901211f40d8c732afc49f0630ecf05 Many users of debugfs copy the implementation of default_open() when they want to support a custom read/write function op. This leads to a proliferation of the default_open() implementation across the entire tree. Now that the common implementation has been consolidated into libfs we can replace all the users of this function with simple_open(). This replacement was done with the following semantic patch: <smpl> @ open @ identifier open_f != simple_open; identifier i, f; @@ -int open_f(struct inode *i, struct file *f) -{ ( -if (i->i_private) -f->private_data = i->i_private; | -f->private_data = i->i_private; ) -return 0; -} @ has_open depends on open @ identifier fops; identifier open.open_f; @@ struct file_operations fops = { ... -.open = open_f, +.open = simple_open, ... }; </smpl> [akpm@linux-foundation.org: checkpatch fixes] Signed-off-by: Stephen Boyd <sboyd@codeaurora.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Julia Lawall <Julia.Lawall@lip6.fr> Acked-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2012-03-21T01:29:37Z Al Viro viro@zeniv.linux.org.uk 2012-02-13T03:08:01Z urn:sha1:318ceed088497d1ca839b1172518ac4cc7096b82 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-03-21T01:29:35Z Al Viro viro@zeniv.linux.org.uk 2012-01-09T03:15:13Z urn:sha1:48fde701aff662559b38d9a609574068f22d00fe Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-01-06T16:02:58Z Linus Torvalds torvalds@linux-foundation.org 2012-01-06T16:02:58Z urn:sha1:35b740e4662ef386f0c60e1b60aaf5b44db9914c * 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (106 commits) perf kvm: Fix copy & paste error in description perf script: Kill script_spec__delete perf top: Fix a memory leak perf stat: Introduce get_ratio_color() helper perf session: Remove impossible condition check perf tools: Fix feature-bits rework fallout, remove unused variable perf script: Add generic perl handler to process events perf tools: Use for_each_set_bit() to iterate over feature flags perf tools: Unify handling of features when writing feature section perf report: Accept fifos as input file perf tools: Moving code in some files perf tools: Fix out-of-bound access to struct perf_session perf tools: Continue processing header on unknown features perf tools: Improve macros for struct feature_ops perf: builtin-record: Document and check that mmap_pages must be a power of two. perf: builtin-record: Provide advice if mmap'ing fails with EPERM. perf tools: Fix truncated annotation perf script: look up thread using tid instead of pid perf tools: Look up thread names for system wide profiling perf tools: Fix comm for processes with named threads ...