GitHub/LineageOS/android_kernel_samsung_universal7580.git
6 years agointroduce ->iterate(), ctx->pos, dir_emit()
Al Viro [Sun, 14 May 2017 09:17:29 +0000 (09:17 +0000)]
introduce ->iterate(), ctx->pos, dir_emit()

New method - ->iterate(file, ctx).  That's the replacement for ->readdir();
it takes callback from ctx->actor, uses ctx->pos instead of file->f_pos and
calls dir_emit(ctx, ...) instead of filldir(data, ...).  It does *not*
update file->f_pos (or look at it, for that matter); iterate_dir() does the
update.

Note that dir_emit() takes the offset from ctx->pos (and eventually
filldir_t will lose that argument).

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
6 years agointroduce iterate_dir() and dir_context
Al Viro [Sun, 14 May 2017 09:05:23 +0000 (09:05 +0000)]
introduce iterate_dir() and dir_context

iterate_dir(): new helper, replacing vfs_readdir().

struct dir_context: contains the readdir callback (and will get more stuff
in it), embedded into whatever data that callback wants to deal with;
eventually, we'll be passing it to ->readdir() replacement instead of
(data,filldir) pair.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
6 years agoANDROID: fix acl leaks
Mark Salyzyn [Mon, 23 Jan 2017 20:56:41 +0000 (12:56 -0800)]
ANDROID: fix acl leaks

Fixes regressions associated with commit
073931017b49d9458aa351605b43a7e34598caef

Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 32458736
Change-Id: I6ee127dfdf3594d24ccd8560541ac554c5b05eb6

6 years agoFROMLIST: 9p: fix a potential acl leak
Cong Wang [Tue, 13 Dec 2016 18:33:34 +0000 (10:33 -0800)]
FROMLIST: 9p: fix a potential acl leak

(https://lkml.org/lkml/2016/12/13/579)

posix_acl_update_mode() could possibly clear 'acl', if so
we leak the memory pointed by 'acl'. Save this pointer
before calling posix_acl_update_mode() and release the memory
if 'acl' really gets cleared.

Reported-by: Mark Salyzyn <salyzyn@android.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Greg Kurz <groug@kaod.org>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Cc: Ron Minnich <rminnich@sandia.gov>
Cc: Latchesar Ionkov <lucho@ionkov.net>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Bug: 32458736
Change-Id: Ia78da401e6fd1bfd569653bd2cd0ebd3f9c737a0

6 years agoBACKPORT: posix_acl: Clear SGID bit when setting file permissions
Jan Kara [Mon, 19 Sep 2016 15:39:09 +0000 (17:39 +0200)]
BACKPORT: posix_acl: Clear SGID bit when setting file permissions

(cherry pick from commit 073931017b49d9458aa351605b43a7e34598caef)

When file permissions are modified via chmod(2) and the user is not in
the owning group or capable of CAP_FSETID, the setgid bit is cleared in
inode_change_ok().  Setting a POSIX ACL via setxattr(2) sets the file
permissions as well as the new ACL, but doesn't clear the setgid bit in
a similar way; this allows to bypass the check in chmod(2).  Fix that.

NB: conflicts resolution included extending the change to all visible
    users of the near deprecated function posix_acl_equiv_mode
    replaced with posix_acl_update_mode. We did not resolve the ACL
    leak in this CL, require additional upstream fixes.

References: CVE-2016-7097
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Bug: 32458736
Change-Id: I19591ad452cc825ac282b3cfd2daaa72aa9a1ac1

6 years agoUpdate f2fs and fscrypto to current f2fs-stable/linux-3.10.y (2016-12-12)
alexax66 [Thu, 26 Jan 2017 18:19:36 +0000 (18:19 +0000)]
Update f2fs and fscrypto to current f2fs-stable/linux-3.10.y (2016-12-12)

https://kernel.googlesource.com/pub/scm/linux/kernel/git/jaegeuk/f2fs-stable/+/linux-3.10.y

6 years agovfs: Add setattr2 for filesystems with per mount permissions
Daniel Rosenberg [Wed, 26 Oct 2016 23:33:11 +0000 (16:33 -0700)]
vfs: Add setattr2 for filesystems with per mount permissions

This allows filesystems to use their mount private data to
influence the permssions they use in setattr2. It has
been separated into a new call to avoid disrupting current
setattr users.

Change-Id: I19959038309284448f1b7f232d579674ef546385
Signed-off-by: Daniel Rosenberg <drosen@google.com>
6 years agovfs: Add permission2 for filesystems with per mount permissions
Daniel Rosenberg [Wed, 26 Oct 2016 23:27:45 +0000 (16:27 -0700)]
vfs: Add permission2 for filesystems with per mount permissions

This allows filesystems to use their mount private data to
influence the permssions they return in permission2. It has
been separated into a new call to avoid disrupting current
permission users.

Change-Id: I9d416e3b8b6eca84ef3e336bd2af89ddd51df6ca
Signed-off-by: Daniel Rosenberg <drosen@google.com>
6 years agovfs: Allow filesystems to access their private mount data
Daniel Rosenberg [Wed, 26 Oct 2016 22:58:22 +0000 (15:58 -0700)]
vfs: Allow filesystems to access their private mount data

Now we pass the vfsmount when mounting and remounting.
This allows the filesystem to actually set up the mount
specific data, although we can't quite do anything with
it yet. show_options is expanded to include data that
lives with the mount.

To avoid changing existing filesystems, these have
been added as new vfs functions.

Change-Id: If80670bfad9f287abb8ac22457e1b034c9697097
Signed-off-by: Daniel Rosenberg <drosen@google.com>
6 years agomnt: Add filesystem private data to mount points
Daniel Rosenberg [Wed, 26 Oct 2016 22:29:51 +0000 (15:29 -0700)]
mnt: Add filesystem private data to mount points

This starts to add private data associated directly
to mount points. The intent is to give filesystems
a sense of where they have come from, as a means of
letting a filesystem take different actions based on
this information.

Change-Id: Ie769d7b3bb2f5972afe05c1bf16cf88c91647ab2
Signed-off-by: Daniel Rosenberg <drosen@google.com>
6 years agofs/proc/task_mmu.c: add user-space support for resetting mm->hiwater_rss (peak RSS)
Petr Cermak [Wed, 18 Feb 2015 10:39:10 +0000 (10:39 +0000)]
fs/proc/task_mmu.c: add user-space support for resetting mm->hiwater_rss (peak RSS)

Peak resident size of a process can be reset back to the process's
current rss value by writing "5" to /proc/pid/clear_refs.  The driving
use-case for this would be getting the peak RSS value, which can be
retrieved from the VmHWM field in /proc/pid/status, per benchmark
iteration or test scenario.

Origin:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=695f055936938c674473ea071ca7359a863551e7

[akpm@linux-foundation.org: clarify behaviour in documentation]
Signed-off-by: Petr Cermak <petrcermak@chromium.org>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Primiano Tucci <primiano@chromium.org>
Cc: Petr Cermak <petrcermak@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: I543a7640639d9916e813af875003fe3ee3a6bfe0

6 years agoUPSTREAM: capabilities: ambient capabilities
Andy Lutomirski [Fri, 4 Sep 2015 22:42:45 +0000 (15:42 -0700)]
UPSTREAM: capabilities: ambient capabilities

Credit where credit is due: this idea comes from Christoph Lameter with
a lot of valuable input from Serge Hallyn.  This patch is heavily based
on Christoph's patch.

===== The status quo =====

On Linux, there are a number of capabilities defined by the kernel.  To
perform various privileged tasks, processes can wield capabilities that
they hold.

Each task has four capability masks: effective (pE), permitted (pP),
inheritable (pI), and a bounding set (X).  When the kernel checks for a
capability, it checks pE.  The other capability masks serve to modify
what capabilities can be in pE.

Any task can remove capabilities from pE, pP, or pI at any time.  If a
task has a capability in pP, it can add that capability to pE and/or pI.
If a task has CAP_SETPCAP, then it can add any capability to pI, and it
can remove capabilities from X.

Tasks are not the only things that can have capabilities; files can also
have capabilities.  A file can have no capabilty information at all [1].
If a file has capability information, then it has a permitted mask (fP)
and an inheritable mask (fI) as well as a single effective bit (fE) [2].
File capabilities modify the capabilities of tasks that execve(2) them.

A task that successfully calls execve has its capabilities modified for
the file ultimately being excecuted (i.e.  the binary itself if that
binary is ELF or for the interpreter if the binary is a script.) [3] In
the capability evolution rules, for each mask Z, pZ represents the old
value and pZ' represents the new value.  The rules are:

  pP' = (X & fP) | (pI & fI)
  pI' = pI
  pE' = (fE ? pP' : 0)
  X is unchanged

For setuid binaries, fP, fI, and fE are modified by a moderately
complicated set of rules that emulate POSIX behavior.  Similarly, if
euid == 0 or ruid == 0, then fP, fI, and fE are modified differently
(primary, fP and fI usually end up being the full set).  For nonroot
users executing binaries with neither setuid nor file caps, fI and fP
are empty and fE is false.

As an extra complication, if you execute a process as nonroot and fE is
set, then the "secure exec" rules are in effect: AT_SECURE gets set,
LD_PRELOAD doesn't work, etc.

This is rather messy.  We've learned that making any changes is
dangerous, though: if a new kernel version allows an unprivileged
program to change its security state in a way that persists cross
execution of a setuid program or a program with file caps, this
persistent state is surprisingly likely to allow setuid or file-capped
programs to be exploited for privilege escalation.

===== The problem =====

Capability inheritance is basically useless.

If you aren't root and you execute an ordinary binary, fI is zero, so
your capabilities have no effect whatsoever on pP'.  This means that you
can't usefully execute a helper process or a shell command with elevated
capabilities if you aren't root.

On current kernels, you can sort of work around this by setting fI to
the full set for most or all non-setuid executable files.  This causes
pP' = pI for nonroot, and inheritance works.  No one does this because
it's a PITA and it isn't even supported on most filesystems.

If you try this, you'll discover that every nonroot program ends up with
secure exec rules, breaking many things.

This is a problem that has bitten many people who have tried to use
capabilities for anything useful.

===== The proposed change =====

This patch adds a fifth capability mask called the ambient mask (pA).
pA does what most people expect pI to do.

pA obeys the invariant that no bit can ever be set in pA if it is not
set in both pP and pI.  Dropping a bit from pP or pI drops that bit from
pA.  This ensures that existing programs that try to drop capabilities
still do so, with a complication.  Because capability inheritance is so
broken, setting KEEPCAPS, using setresuid to switch to nonroot uids, and
then calling execve effectively drops capabilities.  Therefore,
setresuid from root to nonroot conditionally clears pA unless
SECBIT_NO_SETUID_FIXUP is set.  Processes that don't like this can
re-add bits to pA afterwards.

The capability evolution rules are changed:

  pA' = (file caps or setuid or setgid ? 0 : pA)
  pP' = (X & fP) | (pI & fI) | pA'
  pI' = pI
  pE' = (fE ? pP' : pA')
  X is unchanged

If you are nonroot but you have a capability, you can add it to pA.  If
you do so, your children get that capability in pA, pP, and pE.  For
example, you can set pA = CAP_NET_BIND_SERVICE, and your children can
automatically bind low-numbered ports.  Hallelujah!

Unprivileged users can create user namespaces, map themselves to a
nonzero uid, and create both privileged (relative to their namespace)
and unprivileged process trees.  This is currently more or less
impossible.  Hallelujah!

You cannot use pA to try to subvert a setuid, setgid, or file-capped
program: if you execute any such program, pA gets cleared and the
resulting evolution rules are unchanged by this patch.

Users with nonzero pA are unlikely to unintentionally leak that
capability.  If they run programs that try to drop privileges, dropping
privileges will still work.

It's worth noting that the degree of paranoia in this patch could
possibly be reduced without causing serious problems.  Specifically, if
we allowed pA to persist across executing non-pA-aware setuid binaries
and across setresuid, then, naively, the only capabilities that could
leak as a result would be the capabilities in pA, and any attacker
*already* has those capabilities.  This would make me nervous, though --
setuid binaries that tried to privilege-separate might fail to do so,
and putting CAP_DAC_READ_SEARCH or CAP_DAC_OVERRIDE into pA could have
unexpected side effects.  (Whether these unexpected side effects would
be exploitable is an open question.) I've therefore taken the more
paranoid route.  We can revisit this later.

An alternative would be to require PR_SET_NO_NEW_PRIVS before setting
ambient capabilities.  I think that this would be annoying and would
make granting otherwise unprivileged users minor ambient capabilities
(CAP_NET_BIND_SERVICE or CAP_NET_RAW for example) much less useful than
it is with this patch.

===== Footnotes =====

[1] Files that are missing the "security.capability" xattr or that have
unrecognized values for that xattr end up with has_cap set to false.
The code that does that appears to be complicated for no good reason.

[2] The libcap capability mask parsers and formatters are dangerously
misleading and the documentation is flat-out wrong.  fE is *not* a mask;
it's a single bit.  This has probably confused every single person who
has tried to use file capabilities.

[3] Linux very confusingly processes both the script and the interpreter
if applicable, for reasons that elude me.  The results from thinking
about a script's file capabilities and/or setuid bits are mostly
discarded.

Preliminary userspace code is here, but it needs updating:
https://git.kernel.org/cgit/linux/kernel/git/luto/util-linux-playground.git/commit/?h=cap_ambient&id=7f5afbd175d2

Here is a test program that can be used to verify the functionality
(from Christoph):

/*
 * Test program for the ambient capabilities. This program spawns a shell
 * that allows running processes with a defined set of capabilities.
 *
 * (C) 2015 Christoph Lameter <cl@linux.com>
 * Released under: GPL v3 or later.
 *
 *
 * Compile using:
 *
 * gcc -o ambient_test ambient_test.o -lcap-ng
 *
 * This program must have the following capabilities to run properly:
 * Permissions for CAP_NET_RAW, CAP_NET_ADMIN, CAP_SYS_NICE
 *
 * A command to equip the binary with the right caps is:
 *
 * setcap cap_net_raw,cap_net_admin,cap_sys_nice+p ambient_test
 *
 *
 * To get a shell with additional caps that can be inherited by other processes:
 *
 * ./ambient_test /bin/bash
 *
 *
 * Verifying that it works:
 *
 * From the bash spawed by ambient_test run
 *
 * cat /proc/$$/status
 *
 * and have a look at the capabilities.
 */

/*
 * Definitions from the kernel header files. These are going to be removed
 * when the /usr/include files have these defined.
 */

static void set_ambient_cap(int cap)
{
int rc;

capng_get_caps_process();
rc = capng_update(CAPNG_ADD, CAPNG_INHERITABLE, cap);
if (rc) {
printf("Cannot add inheritable cap\n");
exit(2);
}
capng_apply(CAPNG_SELECT_CAPS);

/* Note the two 0s at the end. Kernel checks for these */
if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, cap, 0, 0)) {
perror("Cannot set cap");
exit(1);
}
}

int main(int argc, char **argv)
{
int rc;

set_ambient_cap(CAP_NET_RAW);
set_ambient_cap(CAP_NET_ADMIN);
set_ambient_cap(CAP_SYS_NICE);

printf("Ambient_test forking shell\n");
if (execv(argv[1], argv + 1))
perror("Cannot exec");

return 0;
}

Signed-off-by: Christoph Lameter <cl@linux.com> # Original author
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Aaron Jones <aaronmdjones@gmail.com>
Cc: Ted Ts'o <tytso@mit.edu>
Cc: Andrew G. Morgan <morgan@kernel.org>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Austin S Hemmelgarn <ahferroin7@gmail.com>
Cc: Markku Savela <msa@moth.iki.fi>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: James Morris <james.l.morris@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit 58319057b7847667f0c9585b9de0e8932b0fdb08)

Bug: 31038224
Change-Id: I88bc5caa782dc6be23dc7e839ff8e11b9a903f8c
Signed-off-by: Jorge Lucangeli Obes <jorgelo@google.com>
6 years agoUPSTREAM: block: fix use-after-free in sys_ioprio_get()
Omar Sandoval [Fri, 1 Jul 2016 07:39:35 +0000 (00:39 -0700)]
UPSTREAM: block: fix use-after-free in sys_ioprio_get()

(cherry picked from commit 8ba8682107ee2ca3347354e018865d8e1967c5f4)

get_task_ioprio() accesses the task->io_context without holding the task
lock and thus can race with exit_io_context(), leading to a
use-after-free. The reproducer below hits this within a few seconds on
my 4-core QEMU VM:

int main(int argc, char **argv)
{
pid_t pid, child;
long nproc, i;

/* ioprio_set(IOPRIO_WHO_PROCESS, 0, IOPRIO_PRIO_VALUE(IOPRIO_CLASS_IDLE, 0)); */
syscall(SYS_ioprio_set, 1, 0, 0x6000);

nproc = sysconf(_SC_NPROCESSORS_ONLN);

for (i = 0; i < nproc; i++) {
pid = fork();
assert(pid != -1);
if (pid == 0) {
for (;;) {
pid = fork();
assert(pid != -1);
if (pid == 0) {
_exit(0);
} else {
child = wait(NULL);
assert(child == pid);
}
}
}

pid = fork();
assert(pid != -1);
if (pid == 0) {
for (;;) {
/* ioprio_get(IOPRIO_WHO_PGRP, 0); */
syscall(SYS_ioprio_get, 2, 0);
}
}
}

for (;;) {
/* ioprio_get(IOPRIO_WHO_PGRP, 0); */
syscall(SYS_ioprio_get, 2, 0);
}

return 0;
}

This gets us KASAN dumps like this:

[   35.526914] ==================================================================
[   35.530009] BUG: KASAN: out-of-bounds in get_task_ioprio+0x7b/0x90 at addr ffff880066f34e6c
[   35.530009] Read of size 2 by task ioprio-gpf/363
[   35.530009] =============================================================================
[   35.530009] BUG blkdev_ioc (Not tainted): kasan: bad access detected
[   35.530009] -----------------------------------------------------------------------------

[   35.530009] Disabling lock debugging due to kernel taint
[   35.530009] INFO: Allocated in create_task_io_context+0x2b/0x370 age=0 cpu=0 pid=360
[   35.530009]  ___slab_alloc+0x55d/0x5a0
[   35.530009]  __slab_alloc.isra.20+0x2b/0x40
[   35.530009]  kmem_cache_alloc_node+0x84/0x200
[   35.530009]  create_task_io_context+0x2b/0x370
[   35.530009]  get_task_io_context+0x92/0xb0
[   35.530009]  copy_process.part.8+0x5029/0x5660
[   35.530009]  _do_fork+0x155/0x7e0
[   35.530009]  SyS_clone+0x19/0x20
[   35.530009]  do_syscall_64+0x195/0x3a0
[   35.530009]  return_from_SYSCALL_64+0x0/0x6a
[   35.530009] INFO: Freed in put_io_context+0xe7/0x120 age=0 cpu=0 pid=1060
[   35.530009]  __slab_free+0x27b/0x3d0
[   35.530009]  kmem_cache_free+0x1fb/0x220
[   35.530009]  put_io_context+0xe7/0x120
[   35.530009]  put_io_context_active+0x238/0x380
[   35.530009]  exit_io_context+0x66/0x80
[   35.530009]  do_exit+0x158e/0x2b90
[   35.530009]  do_group_exit+0xe5/0x2b0
[   35.530009]  SyS_exit_group+0x1d/0x20
[   35.530009]  entry_SYSCALL_64_fastpath+0x1a/0xa4
[   35.530009] INFO: Slab 0xffffea00019bcd00 objects=20 used=4 fp=0xffff880066f34ff0 flags=0x1fffe0000004080
[   35.530009] INFO: Object 0xffff880066f34e58 @offset=3672 fp=0x0000000000000001
[   35.530009] ==================================================================

Fix it by grabbing the task lock while we poke at the io_context.

Cc: stable@vger.kernel.org
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Omar Sandoval <osandov@fb.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Change-Id: I3f5858cc9a1b9d4124ae7a6578660dec219d2c57
Bug: 30946378

6 years agomnt: Fail collect_mounts when applied to unmounted mounts
Eric W. Biederman [Wed, 7 Jan 2015 20:28:26 +0000 (14:28 -0600)]
mnt: Fail collect_mounts when applied to unmounted mounts

The only users of collect_mounts are in audit_tree.c

In audit_trim_trees and audit_add_tree_rule the path passed into
collect_mounts is generated from kern_path passed an audit_tree
pathname which is guaranteed to be an absolute path.   In those cases
collect_mounts is obviously intended to work on mounted paths and
if a race results in paths that are unmounted when collect_mounts
it is reasonable to fail early.

The paths passed into audit_tag_tree don't have the absolute path
check.  But are used to play with fsnotify and otherwise interact with
the audit_trees, so again operating only on mounted paths appears
reasonable.

Avoid having to worry about what happens when we try and audit
unmounted filesystems by restricting collect_mounts to mounts
that appear in the mount tree.

Change-Id: I4a41beaaf80165b9bffb12983cb16799247c4d92
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
6 years agofuse: break infinite loop in fuse_fill_write_pages()
Roman Gushchin [Mon, 12 Oct 2015 13:33:44 +0000 (16:33 +0300)]
fuse: break infinite loop in fuse_fill_write_pages()

I got a report about unkillable task eating CPU. Further
investigation shows, that the problem is in the fuse_fill_write_pages()
function. If iov's first segment has zero length, we get an infinite
loop, because we never reach iov_iter_advance() call.

Fix this by calling iov_iter_advance() before repeating an attempt to
copy data from userspace.

A similar problem is described in 124d3b7041f ("fix writev regression:
pan hanging unkillable and un-straceable"). If zero-length segmend
is followed by segment with invalid address,
iov_iter_fault_in_readable() checks only first segment (zero-length),
iov_iter_copy_from_user_atomic() skips it, fails at second and
returns zero -> goto again without skipping zero-length segment.

Patch calls iov_iter_advance() before goto again: we'll skip zero-length
segment at second iteraction and iov_iter_fault_in_readable() will detect
invalid address.

Special thanks to Konstantin Khlebnikov, who helped a lot with the commit
description.

Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Maxim Patlasov <mpatlasov@parallels.com>
Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Signed-off-by: Roman Gushchin <klamm@yandex-team.ru>
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Fixes: ea9b9907b82a ("fuse: implement perform_write")
Cc: <stable@vger.kernel.org>
Conflicts:
fs/fuse/file.c

Change-Id: Id37193373294dd43191469389cfe68ca1736a54b

6 years agoext4: make orphan functions be no-op in no-journal mode
Anatol Pomozov [Tue, 18 Sep 2012 17:38:59 +0000 (13:38 -0400)]
ext4: make orphan functions be no-op in no-journal mode

Instead of checking whether the handle is valid, we check if journal
is enabled. This avoids taking the s_orphan_lock mutex in all cases
when there is no journal in use, including the error paths where
ext4_orphan_del() is called with a handle set to NULL.

Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Conflicts:
fs/ext4/namei.c

Change-Id: I734ccb8069fceb12b864e7b9dceb37e27ab94c61

6 years agovfs: read file_handle only once in handle_to_path
Sasha Levin [Thu, 29 Jan 2015 02:30:43 +0000 (20:30 -0600)]
vfs: read file_handle only once in handle_to_path

We used to read file_handle twice. Once to get the amount of extra bytes, and
once to fetch the entire structure.

This may be problematic since we do size verifications only after the first
read, so if the number of extra bytes changes in userspace between the first
and second calls, we'll have an incoherent view of file_handle.

Instead, read the constant size once, and copy that over to the final
structure without having to re-read it again.

Change-Id: Ib05e5129629e27d5a05953098c5bc470fae40d2a
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
6 years agotools: Remove Gator deamon
Apavayan Sinha [Sun, 24 Jul 2016 09:34:53 +0000 (15:04 +0530)]
tools: Remove Gator deamon

6 years agogpu: arm: r15p0/r12p0: fix compilation without MALI_EXYNOS_TRACE
Christopher N. Hesse [Sat, 30 Jul 2016 20:00:05 +0000 (22:00 +0200)]
gpu: arm: r15p0/r12p0: fix compilation without MALI_EXYNOS_TRACE

Change-Id: Iba1d6d5929a1511b021ed2a25267d2af582dbdde

6 years agodisable maybe-uninitialized warnings
Stricted [Sat, 31 Mar 2018 22:55:46 +0000 (00:55 +0200)]
disable maybe-uninitialized warnings

6 years agoANDROID: vfs: Missed updating truncate to truncate2
Daniel Rosenberg [Wed, 28 Dec 2016 00:36:40 +0000 (16:36 -0800)]
ANDROID: vfs: Missed updating truncate to truncate2

Bug: 30954918
Change-Id: I8163d3f86dd7aadb2ab3fc11816754f331986f05
Signed-off-by: Daniel Rosenberg <drosen@google.com>
6 years agoANDROID: sdcardfs: Hold i_mutex for i_size_write
Daniel Rosenberg [Wed, 21 Feb 2018 04:25:45 +0000 (20:25 -0800)]
ANDROID: sdcardfs: Hold i_mutex for i_size_write

When we call i_size_write, we must be holding i_mutex to avoid
possible lockups on 32 bit/SMP architectures. This is not
necessary on 64 bit architectures.

Change-Id: Ic3b946507c54d81b5c9046f9b57d25d4b0f9feef
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 73287721

6 years agoANDROID: sdcardfs: Set num in extension_details during make_item
Ritesh Harjani [Mon, 4 Dec 2017 04:21:07 +0000 (09:51 +0530)]
ANDROID: sdcardfs: Set num in extension_details during make_item

Without this patch when you delete an extension from configfs
it still exists in the hash table data structures and we are
unable to delete it or change it's group.
This happens because during deletion the key & value is taken from
extension_details, and was not properly set.

Fix it by this patch.

Change-Id: I7c20cb1ab4d99e6aceadcb5ef850f0bb47f18be8
Signed-off-by: Ritesh Harjani <riteshh@codeaurora.org>
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 73055997

6 years agoANDROID: sdcardfs: Protect set_top
Daniel Rosenberg [Fri, 2 Feb 2018 00:52:22 +0000 (16:52 -0800)]
ANDROID: sdcardfs: Protect set_top

If the top is changed while we're attempting to use it, it's
possible that the reference will be put while we are in the
process of grabbing a reference.

Now we grab a spinlock to protect grabbing our reference count.

Additionally, we now set the inode_info's top value to point to
it's own data when initializing, which makes tracking changes
easier.

Change-Id: If15748c786ce4c0480ab8c5051a92523aff284d2
Signed-off-by: Daniel Rosenberg <drosen@google.com>
6 years agoRevert "ANDROID: sdcardfs: notify lower file of opens"
Daniel Rosenberg [Wed, 24 Jan 2018 01:51:26 +0000 (17:51 -0800)]
Revert "ANDROID: sdcardfs: notify lower file of opens"

This reverts commit f18c44dc552e2ed0655ed5ec49b578da4dd30588.

Instead of calling notify within sdcardfs, which reverse the
order of notifications during an open with truncate, we'll
make fs_notify worry about it.

Change-Id: Ic634401c0f223500066300a4df8b1453a0b35b60
Bug: 70706497
Signed-off-by: Daniel Rosenberg <drosen@google.com>
6 years agoANDROID: sdcardfs: Use lower getattr times/size
Daniel Rosenberg [Tue, 30 Jan 2018 05:31:21 +0000 (21:31 -0800)]
ANDROID: sdcardfs: Use lower getattr times/size

We now use the lower filesystem's getattr for time and size related
information.

Change-Id: I3dd05614a0c2837a13eeb033444fbdf070ddce2a
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 72007585

6 years agoANDROID: xattr: Pass EOPNOTSUPP to permission2
Daniel Rosenberg [Tue, 23 Jan 2018 22:34:38 +0000 (14:34 -0800)]
ANDROID: xattr: Pass EOPNOTSUPP to permission2

The permission call for xattr operations happens regardless of
whether or not the xattr functions are implemented.

The xattr functions currently don't have support for permission2.
Passing EOPNOTSUPP as the mount point in xattr_permission allows
us to return EOPNOTSUPP early in permission2, if the filesystem
supports it.

Change-Id: I9d07e4cd633cf40af60450ffbff7ac5c1b4e8c2c
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35848445

6 years agoANDROID: sdcardfs: Move default_normal to superblock
Daniel Rosenberg [Fri, 19 Jan 2018 00:17:16 +0000 (16:17 -0800)]
ANDROID: sdcardfs: Move default_normal to superblock

Moving default_normal from mount info to superblock info
as it doesn't need to change between mount points.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 72158116
Change-Id: I16c6a0577c601b4f7566269f7e189fcf697afd4e

6 years agoANDROID: sdcardfs: Fix missing break on default_normal
Daniel Rosenberg [Mon, 8 Jan 2018 21:57:36 +0000 (13:57 -0800)]
ANDROID: sdcardfs: Fix missing break on default_normal

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 64672411
Change-Id: I98796df95dc9846adb77a11f49a1a254fb1618b1

6 years agoANDROID: sdcardfs: Add default_normal option
Daniel Rosenberg [Tue, 2 Jan 2018 22:44:49 +0000 (14:44 -0800)]
ANDROID: sdcardfs: Add default_normal option

The default_normal option causes mounts with the gid set to
AID_SDCARD_RW to have user specific gids, as in the normal case.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Change-Id: I9619b8ac55f41415df943484dc8db1ea986cef6f
Bug: 64672411

6 years agoANDROID: sdcardfs: notify lower file of opens
Daniel Rosenberg [Thu, 21 Dec 2017 00:59:11 +0000 (16:59 -0800)]
ANDROID: sdcardfs: notify lower file of opens

fsnotify_open is not called within dentry_open,
so we need to call it ourselves.

Change-Id: Ia7f323b3d615e6ca5574e114e8a5d7973fb4c119
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 70706497

6 years agoANDROID: sdcardfs: Add missing break
Daniel Rosenberg [Sat, 9 Sep 2017 00:20:06 +0000 (17:20 -0700)]
ANDROID: sdcardfs: Add missing break

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 63245673
Change-Id: I5fc596420301045895e5a9a7e297fd05434babf9

6 years agoANDROID: Sdcardfs: Move gid derivation under flag
Daniel Rosenberg [Thu, 20 Jul 2017 00:25:07 +0000 (17:25 -0700)]
ANDROID: Sdcardfs: Move gid derivation under flag

This moves the code to adjust the gid/uid of lower filesystem
files under the mount flag derive_gid.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Change-Id: I44eaad4ef67c7fcfda3b6ea3502afab94442610c
Bug: 63245673

6 years agosdcardfs: limit stacking depth
Andrew Chant [Wed, 8 Feb 2017 23:33:48 +0000 (15:33 -0800)]
sdcardfs: limit stacking depth

Limit filesystem stacking to prevent stack overflow.

Bug: 32761463
Change-Id: I8b1462b9c0d6c7f00cf110724ffb17e7f307c51e
Signed-off-by: Andrew Chant <achant@google.com>
6 years agoANDROID: sdcardfs: override credential for ioctl to lower fs
Jaegeuk Kim [Fri, 7 Jul 2017 02:12:22 +0000 (19:12 -0700)]
ANDROID: sdcardfs: override credential for ioctl to lower fs

Otherwise, lower_fs->ioctl() fails due to inode_owner_or_capable().

Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Bug: 63260873
Change-Id: I623a6c7c5f8a3cbd7ec73ef89e18ddb093c43805

6 years agosdcardfs: change d_u.d_child to d_child
Nathan Chancellor [Sat, 5 Nov 2016 09:42:21 +0000 (02:42 -0700)]
sdcardfs: change d_u.d_child to d_child

d_u.d_child was switched to just d_child in commit "move d_rcu from overlapping d_child to overlapping d_alias"

Change-Id: I18d6f2fcc0bb93092e82a50dc11193115298ba45
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
6 years agoANDROID: sdcardfs: Remove unnecessary lock
Daniel Rosenberg [Thu, 20 Jul 2017 00:16:43 +0000 (17:16 -0700)]
ANDROID: sdcardfs: Remove unnecessary lock

The mmap_sem lock does not appear to be protecting
anything, and has been removed in Samsung's more
recent versions of sdcardfs.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Change-Id: I76ff3e33002716b8384fc8be368028ed63dffe4e
Bug: 63785372

6 years agoANDROID: sdcardfs: use mount_nodev and fix a issue in sdcardfs_kill_sb
Gao Xiang [Tue, 9 May 2017 04:30:56 +0000 (12:30 +0800)]
ANDROID: sdcardfs: use mount_nodev and fix a issue in sdcardfs_kill_sb

Use the VFS mount_nodev instead of customized mount_nodev_with_options
and fix generic_shutdown_super to kill_anon_super because of set_anon_super

Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
Change-Id: Ibe46647aa2ce49d79291aa9d0295e9625cfccd80

6 years agoANDROID: sdcardfs: remove dead function open_flags_to_access_mode()
Greg Hackmann [Tue, 16 May 2017 23:48:49 +0000 (16:48 -0700)]
ANDROID: sdcardfs: remove dead function open_flags_to_access_mode()

smatch warns about the suspicious formatting in the last line of
open_flags_to_access_mode().  It turns out the only caller was deleted
over a year ago by "ANDROID: sdcardfs: Bring up to date with Android M
permissions:", so we can "fix" the function's formatting by deleting it.

Change-Id: Id85946f3eb01722eef35b1815f405a6fda3aa4ff
Signed-off-by: Greg Hackmann <ghackmann@google.com>
6 years agoANDROID: sdcardfs: d_splice_alias can return error values
Daniel Rosenberg [Wed, 7 Jun 2017 19:44:50 +0000 (12:44 -0700)]
ANDROID: sdcardfs: d_splice_alias can return error values

We must check that d_splice_alias was successful before using its
output.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 62390017
Change-Id: Ifda0a052fb3f67e35c635a4e5e907876c5400978

6 years agoANDROID: sdcardfs: Check for NULL in revalidate
Daniel Rosenberg [Mon, 22 May 2017 20:23:56 +0000 (13:23 -0700)]
ANDROID: sdcardfs: Check for NULL in revalidate

If the inode is in the process of being evicted,
the top value may be NULL.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 38502532
Change-Id: I0b9d04aab621e0398d44d1c5dc53293106aa5f89

6 years agoANDROID: sdcardfs: Add linux/kref.h include
Dmitry Shmidt [Wed, 17 May 2017 20:05:20 +0000 (13:05 -0700)]
ANDROID: sdcardfs: Add linux/kref.h include

Change-Id: I8be0f6fc7aa6dc1d639d2d22b230783c68574389
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
6 years agoANDROID: sdcardfs: Move top to its own struct
Daniel Rosenberg [Mon, 15 May 2017 21:03:15 +0000 (14:03 -0700)]
ANDROID: sdcardfs: Move top to its own struct

Move top, and the associated data, to its own struct.
This way, we can properly track refcounts on top
without interfering with the inode's accounting.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 38045152
Change-Id: I1968e480d966c3f234800b72e43670ca11e1d3fd

Conflicts:
fs/sdcardfs/super.c

6 years agoANDROID: sdcardfs: fix sdcardfs_destroy_inode for the inode RCU approach
Gao Xiang [Wed, 10 May 2017 15:01:15 +0000 (23:01 +0800)]
ANDROID: sdcardfs: fix sdcardfs_destroy_inode for the inode RCU approach

According to the following commits,
fs: icache RCU free inodes
vfs: fix the stupidity with i_dentry in inode destructors

sdcardfs_destroy_inode should be fixed for the fast path safety.

Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
Change-Id: I84f43c599209d23737c7e28b499dd121cb43636d

6 years agoANDROID: sdcardfs: Don't iput if we didn't igrab
Daniel Roseberg [Tue, 9 May 2017 20:36:35 +0000 (13:36 -0700)]
ANDROID: sdcardfs: Don't iput if we didn't igrab

If we fail to get top, top is either NULL, or igrab found
that we're in the process of freeing that inode, and did
not grab it. Either way, we didn't grab it, and have no
business putting it.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 38117720
Change-Id: Ie2f587483b9abb5144263156a443e89bc69b767b

6 years agoANDROID: sdcardfs: Call lower fs's revalidate
Daniel Rosenberg [Tue, 25 Apr 2017 02:49:02 +0000 (19:49 -0700)]
ANDROID: sdcardfs: Call lower fs's revalidate

We should be calling the lower filesystem's revalidate
inside of sdcardfs's revalidate, as wrapfs does.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35766959
Change-Id: I939d1c4192fafc1e21678aeab43fe3d588b8e2f4

6 years agoANDROID: sdcardfs: Avoid setting GIDs outside of valid ranges
Daniel Rosenberg [Mon, 24 Apr 2017 23:11:03 +0000 (16:11 -0700)]
ANDROID: sdcardfs: Avoid setting GIDs outside of valid ranges

When setting up the ownership of files on the lower filesystem,
ensure that these values are in reasonable ranges for apps. If
they aren't, default to AID_MEDIA_RW

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 37516160
Change-Id: I0bec76a61ac72aff0b993ab1ad04be8382178a00

6 years agoRevert "Android: sdcardfs: Don't do d_add for lower fs"
Daniel Rosenberg [Thu, 20 Apr 2017 19:00:30 +0000 (12:00 -0700)]
Revert "Android: sdcardfs: Don't do d_add for lower fs"

This reverts commit 60df9f12992bc067216078ae756066c5d7c74d87.

This change caused issues for sdcardfs on top of vfat

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Change-Id: Ie56a91fda582af27921cc1a9de7ae19a9a988f2a

6 years agoAndroid: sdcardfs: Don't complain in fixup_lower_ownership
Daniel Rosenberg [Wed, 19 Apr 2017 05:49:38 +0000 (22:49 -0700)]
Android: sdcardfs: Don't complain in fixup_lower_ownership

Not all filesystems support changing the owner of a file.
We shouldn't complain if it doesn't happen.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 37488099
Change-Id: I403e44ab7230f176e6df82f6adb4e5c82ce57f33

6 years agoAndroid: sdcardfs: Don't do d_add for lower fs
Daniel Rosenberg [Wed, 19 Apr 2017 05:25:15 +0000 (22:25 -0700)]
Android: sdcardfs: Don't do d_add for lower fs

For file based encryption, ext4 explicitly does not
create negative dentries for encrypted files. If you
force one over it, the decrypted file will be hidden
until the cache is cleared. Instead, just fail out.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 37231161
Change-Id: Id2a9708dfa75e1c22f89915c529789caadd2ca4b

6 years agoANDROID: sdcardfs: ->iget fixes
Daniel Rosenberg [Tue, 18 Apr 2017 19:45:48 +0000 (12:45 -0700)]
ANDROID: sdcardfs: ->iget fixes

Adapted from wrapfs
commit 8c49eaa0sb9c ("Wrapfs: ->iget fixes")

Change where we igrab/iput to ensure we always hold a valid lower_inode.
Return ENOMEM (not EACCES) if iget5_locked returns NULL.

Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu>
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35766959

Change-Id: Id8d4e0c0cbc685a0a77685ce73c923e9a3ddc094

6 years agoAndroid: sdcardfs: Change cache GID value
Daniel Rosenberg [Tue, 18 Apr 2017 00:11:38 +0000 (17:11 -0700)]
Android: sdcardfs: Change cache GID value

Change-Id: Ieb955dd26493da26a458bc20fbbe75bca32b094f
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 37193650

6 years agoANDROID: sdcardfs: Directly pass lower file for mmap
Daniel Rosenberg [Tue, 11 Apr 2017 03:54:30 +0000 (20:54 -0700)]
ANDROID: sdcardfs: Directly pass lower file for mmap

Instead of relying on a copy hack, pass the lower file
as private data. This lets the kernel find the vma
mapping for pages used by the file, allowing pages
used by mapping to be reclaimed.

This is adapted from following esdfs patches
commit 0647e638d: ("esdfs: store lower file in vm_file for mmap")
commit 064850866: ("esdfs: keep a counter for mmaped file")

Change-Id: I75b74d1e5061db1b8c13be38d184e118c0851a1a
Signed-off-by: Daniel Rosenberg <drosen@google.com>
6 years agoANDROID: sdcardfs: update module info
Daniel Rosenberg [Fri, 10 Mar 2017 04:56:05 +0000 (20:56 -0800)]
ANDROID: sdcardfs: update module info

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Change-Id: I958c7c226d4e9265fea8996803e5b004fb33d8ad

6 years agoANDROID: sdcardfs: use d_splice_alias
Daniel Rosenberg [Fri, 10 Mar 2017 06:11:08 +0000 (22:11 -0800)]
ANDROID: sdcardfs: use d_splice_alias

adapted from wrapfs
commit 9671770ff8b9 ("Wrapfs: use d_splice_alias")

Refactor interpose code to allow lookup to use d_splice_alias.

Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu>
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35766959
Change-Id: Icf51db8658202c48456724275b03dc77f73f585b

6 years agoANDROID: sdcardfs: fix ->llseek to update upper and lower offset
Daniel Rosenberg [Fri, 10 Mar 2017 05:42:01 +0000 (21:42 -0800)]
ANDROID: sdcardfs: fix ->llseek to update upper and lower offset

Adapted from wrapfs
commit 1d1d23a47baa ("Wrapfs: fix ->llseek to update upper and lower
offsets")

Fixes bug: xfstests generic/257. f_pos consistently is required by and
only by dir_ops->wrapfs_readdir, main_ops is not affected.

Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu>
Signed-off-by: Mengyang Li <li.mengyang@stonybrook.edu>
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35766959
Change-Id: I360a1368ac37ea8966910a58972b81504031d437

Conflicts:
fs/sdcardfs/file.c

6 years agoANDROID: sdcardfs: copy lower inode attributes in ->ioctl
Daniel Rosenberg [Fri, 10 Mar 2017 05:24:58 +0000 (21:24 -0800)]
ANDROID: sdcardfs: copy lower inode attributes in ->ioctl

Adapted from wrapfs
commit fbc9c6f83ea6 ("Wrapfs: copy lower inode attributes in ->ioctl")
commit e97d8e26cc9e ("Wrapfs: use file_inode helper")

Some ioctls (e.g., EXT2_IOC_SETFLAGS) can change inode attributes, so copy
them from lower inode.

Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu>
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35766959
Change-Id: I0f12684b9dbd4088b4a622c7ea9c03087f40e572

6 years agoANDROID: sdcardfs: remove unnecessary call to do_munmap
Daniel Rosenberg [Fri, 10 Mar 2017 05:14:45 +0000 (21:14 -0800)]
ANDROID: sdcardfs: remove unnecessary call to do_munmap

Adapted from wrapfs
commit 5be6de9ecf02 ("Wrapfs: use vm_munmap in ->mmap")
commit 2c9f6014a8bb ("Wrapfs: remove unnecessary call
to vm_unmap in ->mmap")

Code is unnecessary and causes deadlocks in newer kernels.

Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu>
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35766959
Change-Id: Ia252d60c60799d7e28fc5f1f0f5b5ec2430a2379

6 years agoANDROID: sdcardfs: Fix style issues in macros
Daniel Rosenberg [Wed, 22 Mar 2017 02:11:38 +0000 (19:11 -0700)]
ANDROID: sdcardfs: Fix style issues in macros

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35331000
Change-Id: I89c4035029dc2236081a7685c55cac595d9e7ebf

6 years agoANDROID: sdcardfs: Use seq_puts over seq_printf
Daniel Rosenberg [Wed, 22 Mar 2017 00:27:40 +0000 (17:27 -0700)]
ANDROID: sdcardfs: Use seq_puts over seq_printf

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35331000
Change-Id: I3795ec61ce61e324738815b1ce3b0e09b25d723f

6 years agoANDROID: sdcardfs: Use to kstrout
Daniel Rosenberg [Fri, 17 Mar 2017 02:32:59 +0000 (19:32 -0700)]
ANDROID: sdcardfs: Use to kstrout

Switch from deprecated simple_strtoul to kstrout

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35331000
Change-Id: If18bd133b4d2877f71e58b58fc31371ff6613ed5

6 years agoANDROID: sdcardfs: Use pr_[...] instead of printk
Daniel Rosenberg [Fri, 17 Mar 2017 00:46:13 +0000 (17:46 -0700)]
ANDROID: sdcardfs: Use pr_[...] instead of printk

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35331000
Change-Id: Ibc635ec865750530d32b87067779f681fe58a003

6 years agoANDROID: sdcardfs: remove unneeded null check
Daniel Rosenberg [Tue, 21 Mar 2017 23:29:13 +0000 (16:29 -0700)]
ANDROID: sdcardfs: remove unneeded null check

As pointed out by checkpatch, these functions already
handle null inputs, so the checks are not needed.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35331000
Change-Id: I189342f032dfcefee36b27648bb512488ad61d20

6 years agoANDROID: sdcardfs: Fix style issues with comments
Daniel Rosenberg [Fri, 17 Mar 2017 02:33:35 +0000 (19:33 -0700)]
ANDROID: sdcardfs: Fix style issues with comments

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35331000
Change-Id: I8791ef7eac527645ecb9407908e7e5ece35b8f80

6 years agoANDROID: sdcardfs: Fix formatting
Daniel Rosenberg [Fri, 17 Mar 2017 00:42:58 +0000 (17:42 -0700)]
ANDROID: sdcardfs: Fix formatting

This fixes various spacing and bracket related issues
pointed out by checkpatch.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35331000
Change-Id: I6e248833a7a04e3899f3ae9462d765cfcaa70c96

6 years agoANDROID: sdcardfs: correct order of descriptors
Daniel Rosenberg [Tue, 21 Mar 2017 23:28:27 +0000 (16:28 -0700)]
ANDROID: sdcardfs: correct order of descriptors

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35331000
Change-Id: Ia6d16b19c8c911f41231d2a12be0740057edfacf

6 years agoANDROID: sdcardfs: Fix gid issue
Daniel Rosenberg [Mon, 13 Mar 2017 22:34:03 +0000 (15:34 -0700)]
ANDROID: sdcardfs: Fix gid issue

We were already calculating most of these values,
and erroring out because the check was confused by this.
Instead of recalculating, adjust it as needed.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 36160015
Change-Id: I9caf3e2fd32ca2e37ff8ed71b1d392f1761bc9a9

6 years agoANDROID: sdcardfs: Use tabs instead of spaces in multiuser.h
Daniel Rosenberg [Mon, 13 Mar 2017 20:53:54 +0000 (13:53 -0700)]
ANDROID: sdcardfs: Use tabs instead of spaces in multiuser.h

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35331000
Change-Id: Ic7801914a7dd377e270647f81070020e1f0bab9b

6 years agoANDROID: sdcardfs: Remove uninformative prints
Daniel Rosenberg [Sat, 11 Mar 2017 02:58:25 +0000 (18:58 -0800)]
ANDROID: sdcardfs: Remove uninformative prints

At best these prints do not provide useful information, and
at worst, some allow userspace to abuse the kernel log.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 36138424
Change-Id: I812c57cc6a22b37262935ab77f48f3af4c36827e

6 years agoANDROID: sdcardfs: move path_put outside of spinlock
Daniel Rosenberg [Fri, 10 Mar 2017 21:54:30 +0000 (13:54 -0800)]
ANDROID: sdcardfs: move path_put outside of spinlock

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35643557
Change-Id: Ib279ebd7dd4e5884d184d67696a93e34993bc1ef

6 years agoANDROID: sdcardfs: Use case insensitive hash function
Daniel Rosenberg [Fri, 10 Mar 2017 20:39:42 +0000 (12:39 -0800)]
ANDROID: sdcardfs: Use case insensitive hash function

Case insensitive comparisons don't help us much if
we hash to different buckets...

Signed-off-by: Daniel Rosenberg <drosen@google.com>
bug: 36004503
Change-Id: I91e00dbcd860a709cbd4f7fd7fc6d855779f3285

6 years agoANDROID: sdcardfs: declare MODULE_ALIAS_FS
Daniel Rosenberg [Fri, 10 Mar 2017 04:59:18 +0000 (20:59 -0800)]
ANDROID: sdcardfs: declare MODULE_ALIAS_FS

From commit ee616b78aa87 ("Wrapfs: declare MODULE_ALIAS_FS")

Signed-off-by: Daniel Rosenberg <drosen@google.com>
bug: 35766959
Change-Id: Ia4728ab49d065b1d2eb27825046f14b97c328cba

6 years agoANDROID: sdcardfs: Get the blocksize from the lower fs
Daniel Rosenberg [Fri, 10 Mar 2017 02:12:16 +0000 (18:12 -0800)]
ANDROID: sdcardfs: Get the blocksize from the lower fs

This changes sdcardfs to be more in line with the
getattr in wrapfs, which calls the lower fs's getattr
to get the block size

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 34723223
Change-Id: I1c9e16604ba580a8cdefa17f02dcc489d7351aed

6 years agoANDROID: sdcardfs: Use d_invalidate instead of drop_recurisve
Daniel Rosenberg [Thu, 9 Mar 2017 01:45:46 +0000 (17:45 -0800)]
ANDROID: sdcardfs: Use d_invalidate instead of drop_recurisve

drop_recursive did not properly remove stale dentries.
Instead, we use the vfs's d_invalidate, which does the proper cleanup.

Additionally, remove the no longer used drop_recursive, and
fixup_top_recursive that that are no longer used.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Change-Id: Ibff61b0c34b725b024a050169047a415bc90f0d8

6 years agoANDROID: sdcardfs: Switch to internal case insensitive compare
Daniel Rosenberg [Thu, 9 Mar 2017 01:20:02 +0000 (17:20 -0800)]
ANDROID: sdcardfs: Switch to internal case insensitive compare

There were still a few places where we called into a case
insensitive lookup that was not defined by sdcardfs.
Moving them all to the same place will allow us to switch
the implementation in the future.

Additionally, the check in fixup_perms_recursive did not
take into account the length of both strings, causing
extraneous matches when the name we were looking for was
a prefix of the child name.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Change-Id: I45ce768cd782cb4ea1ae183772781387c590ecc2

6 years agoANDROID: sdcardfs: Use spin_lock_nested
Daniel Rosenberg [Thu, 9 Mar 2017 01:11:51 +0000 (17:11 -0800)]
ANDROID: sdcardfs: Use spin_lock_nested

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 36007653
Change-Id: I805d5afec797669679853fb2bb993ee38e6276e4

6 years agoANDROID: sdcardfs: Replace get/put with d_lock
Daniel Rosenberg [Thu, 2 Mar 2017 23:11:27 +0000 (15:11 -0800)]
ANDROID: sdcardfs: Replace get/put with d_lock

dput cannot be called with a spin_lock. Instead,
we protect our accesses by holding the d_lock.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35643557
Change-Id: I22cf30856d75b5616cbb0c223724f5ab866b5114

6 years agoANDROID: sdcardfs: rate limit warning print
Daniel Rosenberg [Fri, 3 Mar 2017 02:07:21 +0000 (18:07 -0800)]
ANDROID: sdcardfs: rate limit warning print

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35848445
Change-Id: Ida72ea0ece191b2ae4a8babae096b2451eb563f6

6 years agoANDROID: sdcardfs: Fix case insensitive lookup
Daniel Rosenberg [Thu, 2 Mar 2017 01:04:41 +0000 (17:04 -0800)]
ANDROID: sdcardfs: Fix case insensitive lookup

The previous case insensitive lookup relied on the
entry being present in the dcache. This instead uses
iterate_dir to find the correct case.

Signed-off-by: Daniel Rosenberg <drosen@google.com
bug: 35633782
Change-Id: I556f7090773468c1943c89a5e2aa07f746ba49c5

6 years agoRevert "sdcardfs: limit stacking depth"
alexax66 [Sat, 9 Sep 2017 13:07:13 +0000 (13:07 +0000)]
Revert "sdcardfs: limit stacking depth"

This reverts commit 1d9ff6b31bd797409085ddeb606d8654979be7dc.

6 years agoRevert "sdcardfs: Fix build for linux-3.10.y"
alexax66 [Sat, 9 Sep 2017 13:04:47 +0000 (13:04 +0000)]
Revert "sdcardfs: Fix build for linux-3.10.y"

This reverts commit 86cb714606711a06109eb7c973dc585f993202c9.

6 years agosdcardfs: Fix build for linux-3.10.y
Parth Bhatia [Sun, 21 May 2017 15:03:58 +0000 (15:03 +0000)]
sdcardfs: Fix build for linux-3.10.y

* Fix compilation after 6637ecd

6 years agosdcardfs: limit stacking depth
Andrew Chant [Wed, 8 Feb 2017 23:33:48 +0000 (15:33 -0800)]
sdcardfs: limit stacking depth

Limit filesystem stacking to prevent stack overflow.

Bug: 32761463
Change-Id: I8b1462b9c0d6c7f00cf110724ffb17e7f307c51e
Signed-off-by: Andrew Chant <achant@google.com>
6 years agoANDROID: sdcardfs: Don't bother deleting freelist
Daniel Rosenberg [Wed, 22 Feb 2017 22:41:58 +0000 (14:41 -0800)]
ANDROID: sdcardfs: Don't bother deleting freelist

There is no point deleting entries from dlist, as
that is a temporary list on the stack from which
contains only entries that are being deleted.

Not all code paths set up dlist, so those that
don't were performing invalid accesses in
hash_del_rcu. As an additional means to prevent
any other issue, we null out the list entries when
we allocate from the cache.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35666680
Change-Id: Ibb1e28c08c3a600c29418d39ba1c0f3db3bf31e5

6 years agoANDROID: sdcardfs: Add missing path_put
Daniel Rosenberg [Fri, 17 Feb 2017 01:55:22 +0000 (17:55 -0800)]
ANDROID: sdcardfs: Add missing path_put

"ANDROID: sdcardfs: Add GID Derivation to sdcardfs" introduced
an unbalanced pat_get, leading to storage space not being freed
after deleting a file until rebooting. This adds the missing path_put.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 34691169
Change-Id: Ia7ef97ec2eca2c555cc06b235715635afc87940e

6 years agoANDROID: sdcardfs: Fix incorrect hash
Daniel Rosenberg [Wed, 15 Feb 2017 04:47:17 +0000 (20:47 -0800)]
ANDROID: sdcardfs: Fix incorrect hash

This adds back the hash calculation removed as part of
the previous patch, as it is in fact necessary.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35307857
Change-Id: Ie607332bcf2c5d2efdf924e4060ef3f576bf25dc

6 years agoANDROID: sdcardfs: Switch strcasecmp for internal call
Daniel Rosenberg [Wed, 1 Feb 2017 04:07:51 +0000 (20:07 -0800)]
ANDROID: sdcardfs: Switch strcasecmp for internal call

This moves our uses of strcasecmp over to an internal call so we can
easily change implementations later if we so desire. Additionally,
we leverage qstr's where appropriate to save time on comparisons.

Change-Id: I32fdc4fd0cd3b7b735dcfd82f60a2516fd8272a5
Signed-off-by: Daniel Rosenberg <drosen@google.com>
6 years agoANDROID: sdcardfs: switch to full_name_hash and qstr
Daniel Rosenberg [Sat, 28 Jan 2017 03:35:08 +0000 (19:35 -0800)]
ANDROID: sdcardfs: switch to full_name_hash and qstr

Use the kernel's string hash function instead of rolling
our own. Additionally, save a bit of calculation by using
the qstr struct in place of strings.

Change-Id: I0bbeb5ec2a9233f40135ad632e6f22c30ffa95c1
Signed-off-by: Daniel Rosenberg <drosen@google.com>
6 years agoANDROID: sdcardfs: Add GID Derivation to sdcardfs
Daniel Rosenberg [Wed, 25 Jan 2017 21:48:45 +0000 (13:48 -0800)]
ANDROID: sdcardfs: Add GID Derivation to sdcardfs

This changes sdcardfs to modify the user and group in the
underlying filesystem depending on its usage. Ownership is
set by Android user, and package, as well as if the file is
under obb or cache. Other files can be labeled by extension.
Those values are set via the configfs interace.

To add an entry,
mkdir -p [configfs root]/sdcardfs/extensions/[gid]/[ext]

Bug: 34262585
Change-Id: I4e030ce84f094a678376349b1a96923e5076a0f4
Signed-off-by: Daniel Rosenberg <drosen@google.com>
6 years agoANDROID: sdcardfs: Remove redundant operation
Daniel Rosenberg [Fri, 27 Jan 2017 04:10:34 +0000 (20:10 -0800)]
ANDROID: sdcardfs: Remove redundant operation

We call get_derived_permission_new unconditionally, so we don't need
to call update_derived_permission_lock, which does the same thing.

Change-Id: I0748100828c6af806da807241a33bf42be614935
Signed-off-by: Daniel Rosenberg <drosen@google.com>
6 years agoANDROID: sdcardfs: add support for user permission isolation
Daniel Rosenberg [Sun, 22 Jan 2017 23:32:49 +0000 (15:32 -0800)]
ANDROID: sdcardfs: add support for user permission isolation

This allows you to hide the existence of a package from
a user by adding them to an exclude list. If a user
creates that package's folder and is on the exclude list,
they will not see that package's id.

Bug: 34542611
Change-Id: I9eb82e0bf2457d7eb81ee56153b9c7d2f6646323
Signed-off-by: Daniel Rosenberg <drosen@google.com>
6 years agoANDROID: sdcardfs: Refactor configfs interface
Daniel Rosenberg [Sat, 21 Jan 2017 08:35:26 +0000 (00:35 -0800)]
ANDROID: sdcardfs: Refactor configfs interface

This refactors the configfs code to be more easily extended.
It will allow additional files to be added easily.

Bug: 34542611
Bug: 34262585
Change-Id: I73c9b0ae5ca7eb27f4ebef3e6807f088b512d539
Signed-off-by: Daniel Rosenberg <drosen@google.com>
6 years agoANDROID: sdcardfs: Allow non-owners to touch
Daniel Rosenberg [Fri, 20 Jan 2017 23:19:13 +0000 (15:19 -0800)]
ANDROID: sdcardfs: Allow non-owners to touch

This modifies the permission checks in setattr to
allow for non-owners to modify the timestamp of
files to things other than the current time.
This still requires write access, as enforced by
the permission call, but relaxes the requirement
that the caller must be the owner, allowing those
with group permissions to change it as well.

Bug: 11118565
Change-Id: Ied31f0cce2797675c7ef179eeb4e088185adcbad
Signed-off-by: Daniel Rosenberg <drosen@google.com>
6 years agoANDROID: sdcardfs: implement vm_ops->page_mkwrite
Daniel Rosenberg [Fri, 24 Feb 2017 23:41:48 +0000 (15:41 -0800)]
ANDROID: sdcardfs: implement vm_ops->page_mkwrite

This comes from the wrapfs patch
3dfec0ffe5e2 Wrapfs: implement vm_ops->page_mkwrite

Some file systems (e.g., ext4) require it.  Reported by Ted Ts'o.

Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu>
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 34133558
Change-Id: I1a389b2422c654a6d3046bb8ec3e20511aebfa8e

6 years agoANDROID: sdcardfs: support direct-IO (DIO) operations
Daniel Rosenberg [Fri, 24 Feb 2017 23:49:45 +0000 (15:49 -0800)]
ANDROID: sdcardfs: support direct-IO (DIO) operations

This comes from the wrapfs patch
2e346c83b26e Wrapfs: support direct-IO (DIO) operations

Signed-off-by: Li Mengyang <li.mengyang@stonybrook.edu>
Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu>
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 34133558
Change-Id: I3fd779c510ab70d56b1d918f99c20421b524cdc4

6 years agosdcardfs: Flag files as non-mappable
fluxi [Fri, 21 Oct 2016 20:57:35 +0000 (22:57 +0200)]
sdcardfs: Flag files as non-mappable

WARNING: it's not full commit, it just update sdcardfs

Implement Samsung's FMODE_NONMAPPABLE flag from
sdcardfs version 2.1.4 as we hit a BUG on ext4:

[   49.655037]@0 Kernel BUG at ffffffc0001deeec [verbose debug info unavailable]
[   49.655045]@0 Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[   49.655052]@0 Modules linked in:
[   49.655061]@0 CPU: 0 PID: 283 Comm: kworker/u8:7 Tainted: G        W      3.18.20-perf-g3be2054-00086-ga8307fb #1
[   49.655070]@0 Hardware name: Qualcomm Technologies, Inc. MSM 8996 v3 + PMI8996 MTP (DT)
[   49.655077]@0 Workqueue: writeback bdi_writeback_workfn (flush-8:0)
[   49.655096]@0 task: ffffffc174ba8b00 ti: ffffffc174bb4000 task.ti: ffffffc174bb4000
[   49.655108]@0 PC is at mpage_prepare_extent_to_map+0x198/0x218
[   49.655116]@0 LR is at mpage_prepare_extent_to_map+0x110/0x218
[   49.655121]@0 pc : [<ffffffc0001deeec>] lr : [<ffffffc0001dee64>] pstate: 60000145
[   49.655126]@0 sp : ffffffc174bb7800
[   49.655130]@0 x29: ffffffc174bb7800 x28: ffffffc174bb7880
[   49.655140]@0 x27: 000000000000000d x26: ffffffc1245505e8
[   49.655149]@0 x25: 0000000000000000 x24: 0000000000003400
[   49.655160]@0 x23: ffffffffffffffff x22: 0000000000000000
[   49.655172]@0 x21: ffffffc174bb7888 x20: ffffffc174bb79e0
[   49.655182]@0 x19: ffffffbdc4ee7b80 x18: 0000007f92872000
[   49.655191]@0 x17: 0000007f959b6424 x16: ffffffc00016d1ac
[   49.655201]@0 x15: 0000007f9285d158 x14: ffffffc1734796e8
[   49.655210]@0 x13: ffffffbdc1ffa4c0 x12: ffffffbdc4ee7b80
[   49.655220]@0 x11: 0000000000000100 x10: 0000000000000000
[   49.655229]@0 x9 : 0000000000000000 x8 : ffffffc0b444e210
[   49.655237]@0 x7 : 0000000000000000 x6 : ffffffc0b444e1e0
[   49.655246]@0 x5 : 0000000000000000 x4 : 0000000000000001
[   49.655254]@0 x3 : 0000000000000000 x2 : 400000000002003d
[   49.655263]@0 x1 : ffffffbdc4ee7b80 x0 : 400000000002003d
[   49.655271]@0
[   49.656502]@0 Process kworker/u8:7 (pid: 283, stack limit = 0xffffffc174bb4058)
[   49.656509]@0 Call trace:
[   49.656514]@0 [<ffffffc0001deeec>] mpage_prepare_extent_to_map+0x198/0x218
[   49.656526]@0 [<ffffffc0001e28d0>] ext4_writepages+0x270/0xa58
[   49.656533]@0 [<ffffffc00012982c>] do_writepages+0x24/0x40
[   49.656541]@0 [<ffffffc000180160>] __writeback_single_inode+0x40/0x114
[   49.656549]@0 [<ffffffc000180e50>] writeback_sb_inodes+0x1dc/0x34c
[   49.656555]@0 [<ffffffc00018103c>] __writeback_inodes_wb+0x7c/0xc4
[   49.656560]@0 [<ffffffc000181224>] wb_writeback+0x110/0x1a8
[   49.656565]@0 [<ffffffc000181344>] wb_check_old_data_flush+0x88/0x98
[   49.656571]@0 [<ffffffc00018156c>] bdi_writeback_workfn+0xf4/0x1fc
[   49.656576]@0 [<ffffffc0000b14f8>] process_one_work+0x1e0/0x300
[   49.656585]@0 [<ffffffc0000b1e14>] worker_thread+0x318/0x438
[   49.656590]@0 [<ffffffc0000b5da0>] kthread+0xe0/0xec
[   49.656598]@0 Code: f9400260 f9400a63 1ad92063 37580040 (e7f001f2)
[   49.656604]@0 ---[ end trace cbed09f772fd630d ]---

Change-Id: I931da7cb3841db1f130dba298a7d256b6f02d1bc

6 years agoANDROID: sdcardfs: Fix locking issue with permision fix up
Daniel Rosenberg [Tue, 27 Dec 2016 20:36:29 +0000 (12:36 -0800)]
ANDROID: sdcardfs: Fix locking issue with permision fix up

Don't use lookup_one_len so we can grab the spinlock that
protects d_subdirs.

Bug: 30954918
Change-Id: I0c6a393252db7beb467e0d563739a3a14e1b5115
Signed-off-by: Daniel Rosenberg <drosen@google.com>
6 years agosdcardfs: Use per mount permissions
Daniel Rosenberg [Thu, 27 Oct 2016 03:27:20 +0000 (20:27 -0700)]
sdcardfs: Use per mount permissions

This switches sdcardfs over to using permission2.
Instead of mounting several sdcardfs instances onto
the same underlaying directory, you bind mount a
single mount several times, and remount with the
options you want. These are stored in the private
mount data, allowing you to maintain the same tree,
but have different permissions for different mount
points.

Warning functions have been added for permission,
as it should never be called, and the correct
behavior is unclear.

Change-Id: I841b1d70ec60cf2b866fa48edeb74a0b0f8334f5
Signed-off-by: Daniel Rosenberg <drosen@google.com>
6 years agosdcardfs: Add gid and mask to private mount data
Daniel Rosenberg [Thu, 27 Oct 2016 00:36:05 +0000 (17:36 -0700)]
sdcardfs: Add gid and mask to private mount data

Adds support for mount2, remount2, and the functions
to allocate/clone/copy the private data

The next patch will switch over to actually using it.

Change-Id: I8a43da26021d33401f655f0b2784ead161c575e3
Signed-off-by: Daniel Rosenberg <drosen@google.com>
6 years agosdcardfs: User new permission2 functions
Daniel Rosenberg [Wed, 26 Oct 2016 23:48:45 +0000 (16:48 -0700)]
sdcardfs: User new permission2 functions

Change-Id: Ic7e0fb8fdcebb31e657b079fe02ac834c4a50db9
Signed-off-by: Daniel Rosenberg <drosen@google.com>