lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 4 Aug 2008 15:52:37 +0200
From:	Thomas Petazzoni <thomas.petazzoni@...e-electrons.com>
To:	"J. Bruce Fields" <bfields@...ldses.org>
Cc:	linux-kernel@...r.kernel.org, linux-embedded@...r.kernel.org,
	michael@...e-electrons.com, Matt Mackall <mpm@...enic.com>,
	matthew@....cx, linux-fsdevel@...r.kernel.org,
	akpm@...ux-foundation.org
Subject: Re: [patch 2/4] Configure out file locking features

Le Sat, 2 Aug 2008 12:38:48 -0400,
"J. Bruce Fields" <bfields@...ldses.org> a écrit :

> Out of curiosity, why does the nfs client need disabling, but not
> nfsd, gfs2, fuse, etc.?

Then also need disabling. Updated patch below.

Thanks!

Thomas

---

Configure out file locking features

This patch adds the CONFIG_FILE_LOCKING option which allows to remove
support for advisory locks. With this patch enabled, the flock()
system call, the F_GETLK, F_SETLK and F_SETLKW operations of fcntl()
and NFS support are disabled. These features are not necessarly needed
on embedded systems. It allows to save ~11 Kb of kernel code and data:

   text	   data	    bss	    dec	    hex	filename
1125436	 118764	 212992	1457192	 163c28	vmlinux.old
1114299	 118564	 212992	1445855	 160fdf	vmlinux
 -11137    -200       0  -11337   -2C49 +/-

This patch has originally been written by Matt Mackall
<mpm@...enic.com>, and is part of the Linux Tiny project.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@...e-electrons.com>
Signed-off-by: Matt Mackall <mpm@...enic.com>
Cc: matthew@....cx
Cc: linux-fsdevel@...r.kernel.org
Cc: mpm@...enic.com
Cc: akpm@...ux-foundation.org

---
 fs/Kconfig          |   15 ++++++++++++++-
 fs/Makefile         |    3 ++-
 fs/dlm/Kconfig      |    1 +
 fs/gfs2/Kconfig     |    1 +
 fs/proc/proc_misc.c |    4 ++++
 include/linux/fs.h  |   52 +++++++++++++++++++++++++++++++++++++++++++++-------
 kernel/sys_ni.c     |    1 +
 kernel/sysctl.c     |    6 +++++-
 8 files changed, 73 insertions(+), 10 deletions(-)

Index: linuxdev/fs/Kconfig
===================================================================
--- linuxdev.orig/fs/Kconfig
+++ linuxdev/fs/Kconfig
@@ -427,12 +427,21 @@
 	bool
 	default n
 
+config FILE_LOCKING
+	bool "Enable POSIX file locking API" if EMBEDDED
+	default y
+	help
+	  This option enables standard file locking support, required
+          for filesystems like NFS and for the flock() system
+          call. Disabling this option saves about 11k.
+
 source "fs/xfs/Kconfig"
 source "fs/gfs2/Kconfig"
 
 config OCFS2_FS
 	tristate "OCFS2 file system support"
 	depends on NET && SYSFS
+	depends on FILE_LOCKING
 	select CONFIGFS_FS
 	select JBD
 	select CRC32
@@ -642,6 +651,7 @@
 
 config FUSE_FS
 	tristate "Filesystem in Userspace support"
+	depends on FILE_LOCKING
 	help
 	  With FUSE it is possible to implement a fully functional filesystem
 	  in a userspace program.
@@ -1567,7 +1577,7 @@
 
 config NFS_FS
 	tristate "NFS client support"
-	depends on INET
+	depends on INET && FILE_LOCKING
 	select LOCKD
 	select SUNRPC
 	select NFS_ACL_SUPPORT if NFS_V3_ACL
@@ -1735,6 +1745,7 @@
 
 config LOCKD
 	tristate
+	depends on FILE_LOCKING
 
 config LOCKD_V4
 	bool
@@ -1870,6 +1881,7 @@
 config CIFS
 	tristate "CIFS support (advanced network filesystem, SMBFS successor)"
 	depends on INET
+	depends on FILE_LOCKING
 	select NLS
 	help
 	  This is the client VFS module for the Common Internet File System
@@ -2059,6 +2071,7 @@
 config AFS_FS
 	tristate "Andrew File System support (AFS) (EXPERIMENTAL)"
 	depends on INET && EXPERIMENTAL
+	depends on FILE_LOCKING
 	select AF_RXRPC
 	help
 	  If you say Y here, you will get an experimental Andrew File System
Index: linuxdev/fs/Makefile
===================================================================
--- linuxdev.orig/fs/Makefile
+++ linuxdev/fs/Makefile
@@ -7,7 +7,7 @@
 
 obj-y :=	open.o read_write.o file_table.o super.o \
 		char_dev.o stat.o exec.o pipe.o namei.o fcntl.o \
-		ioctl.o readdir.o select.o fifo.o locks.o dcache.o inode.o \
+		ioctl.o readdir.o select.o fifo.o dcache.o inode.o \
 		attr.o bad_inode.o file.o filesystems.o namespace.o \
 		seq_file.o xattr.o libfs.o fs-writeback.o \
 		pnode.o drop_caches.o splice.o sync.o utimes.o \
@@ -28,6 +28,7 @@
 obj-$(CONFIG_TIMERFD)		+= timerfd.o
 obj-$(CONFIG_EVENTFD)		+= eventfd.o
 obj-$(CONFIG_AIO)               += aio.o
+obj-$(CONFIG_FILE_LOCKING)      += locks.o
 obj-$(CONFIG_COMPAT)		+= compat.o compat_ioctl.o
 
 nfsd-$(CONFIG_NFSD)		:= nfsctl.o
Index: linuxdev/fs/dlm/Kconfig
===================================================================
--- linuxdev.orig/fs/dlm/Kconfig
+++ linuxdev/fs/dlm/Kconfig
@@ -2,6 +2,7 @@
 	tristate "Distributed Lock Manager (DLM)"
 	depends on EXPERIMENTAL && INET
 	depends on SYSFS && (IPV6 || IPV6=n)
+	depends on FILE_LOCKING
 	select CONFIGFS_FS
 	select IP_SCTP
 	help
Index: linuxdev/fs/gfs2/Kconfig
===================================================================
--- linuxdev.orig/fs/gfs2/Kconfig
+++ linuxdev/fs/gfs2/Kconfig
@@ -1,6 +1,7 @@
 config GFS2_FS
 	tristate "GFS2 file system support"
 	depends on EXPERIMENTAL && (64BIT || (LSF && LBD))
+	depends on FILE_LOCKING
 	select FS_POSIX_ACL
 	select CRC32
 	help
Index: linuxdev/fs/proc/proc_misc.c
===================================================================
--- linuxdev.orig/fs/proc/proc_misc.c
+++ linuxdev/fs/proc/proc_misc.c
@@ -677,6 +677,7 @@
 	return proc_calc_metrics(page, start, off, count, eof, len);
 }
 
+#ifdef CONFIG_FILE_LOCKING
 static int locks_open(struct inode *inode, struct file *filp)
 {
 	return seq_open(filp, &locks_seq_operations);
@@ -688,6 +689,7 @@
 	.llseek		= seq_lseek,
 	.release	= seq_release,
 };
+#endif /* CONFIG_FILE_LOCKING */
 
 static int execdomains_read_proc(char *page, char **start, off_t off,
 				 int count, int *eof, void *data)
@@ -881,7 +883,9 @@
 #ifdef CONFIG_PRINTK
 	proc_create("kmsg", S_IRUSR, NULL, &proc_kmsg_operations);
 #endif
+#ifdef CONFIG_FILE_LOCKING
 	proc_create("locks", 0, NULL, &proc_locks_operations);
+#endif
 	proc_create("devices", 0, NULL, &proc_devinfo_operations);
 	proc_create("cpuinfo", 0, NULL, &proc_cpuinfo_operations);
 #ifdef CONFIG_BLOCK
Index: linuxdev/include/linux/fs.h
===================================================================
--- linuxdev.orig/include/linux/fs.h
+++ linuxdev/include/linux/fs.h
@@ -983,6 +983,13 @@
 
 #include <linux/fcntl.h>
 
+extern void send_sigio(struct fown_struct *fown, int fd, int band);
+
+/* fs/sync.c */
+extern int do_sync_mapping_range(struct address_space *mapping, loff_t offset,
+			loff_t endbyte, unsigned int flags);
+
+#ifdef CONFIG_FILE_LOCKING
 extern int fcntl_getlk(struct file *, struct flock __user *);
 extern int fcntl_setlk(unsigned int, struct file *, unsigned int,
 			struct flock __user *);
@@ -993,14 +1000,9 @@
 			struct flock64 __user *);
 #endif
 
-extern void send_sigio(struct fown_struct *fown, int fd, int band);
 extern int fcntl_setlease(unsigned int fd, struct file *filp, long arg);
 extern int fcntl_getlease(struct file *filp);
 
-/* fs/sync.c */
-extern int do_sync_mapping_range(struct address_space *mapping, loff_t offset,
-			loff_t endbyte, unsigned int flags);
-
 /* fs/locks.c */
 extern void locks_init_lock(struct file_lock *);
 extern void locks_copy_lock(struct file_lock *, struct file_lock *);
@@ -1023,6 +1025,33 @@
 extern int lock_may_read(struct inode *, loff_t start, unsigned long count);
 extern int lock_may_write(struct inode *, loff_t start, unsigned long count);
 extern struct seq_operations locks_seq_operations;
+#else /* !CONFIG_FILE_LOCKING */
+#define fcntl_getlk(a, b) (-EINVAL)
+#define fcntl_setlk(a, b, c, d) (-EACCES)
+#if BITS_PER_LONG == 32
+#define fcntl_getlk64(a, b) (-EINVAL)
+#define fcntl_setlk64(a, b, c, d) (-EACCES)
+#endif
+#define fcntl_setlease(a, b, c) (0)
+#define fcntl_getlease(a) (0)
+#define locks_init_lock(a)
+#define locks_copy_lock(a, b)
+#define locks_remove_posix(a, b)
+#define locks_remove_flock(a)
+#define posix_test_lock(a, b) (0)
+#define posix_lock_file(a, b) (-ENOLCK)
+#define posix_lock_file_wait(a, b) (-ENOLCK)
+#define posix_unblock_lock(a, b) (-ENOENT)
+#define vfs_test_lock(a, b) (0)
+#define vfs_lock_file(a, b, c, d) (-ENOLCK)
+#define vfs_cancel_lock(a, b) (0)
+#define flock_lock_file_wait(a, b) (-ENOLCK)
+#define __break_lease(a, b) (0)
+#define lease_get_mtime(a, b)
+#define lock_may_read(a, b, c) (1)
+#define lock_may_write(a, b, c) (1)
+#endif /* !CONFIG_FILE_LOCKING */
+
 
 struct fasync_struct {
 	int	magic;
@@ -1554,9 +1583,12 @@
 /* /sys/fs */
 extern struct kobject *fs_kobj;
 
+extern int rw_verify_area(int, struct file *, loff_t *, size_t);
+
 #define FLOCK_VERIFY_READ  1
 #define FLOCK_VERIFY_WRITE 2
 
+#ifdef CONFIG_FILE_LOCKING
 extern int locks_mandatory_locked(struct inode *);
 extern int locks_mandatory_area(int, struct inode *, struct file *, loff_t, size_t);
 
@@ -1587,8 +1619,6 @@
 	return 0;
 }
 
-extern int rw_verify_area(int, struct file *, loff_t *, size_t);
-
 static inline int locks_verify_truncate(struct inode *inode,
 				    struct file *filp,
 				    loff_t size)
@@ -1609,6 +1639,14 @@
 		return __break_lease(inode, mode);
 	return 0;
 }
+#else /* !CONFIG_FILE_LOCKING */
+#define locks_mandatory_locked(a) (0)
+#define locks_mandatory_area(a, b, c, d, e) (0)
+#define mandatory_lock(a) (0)
+#define locks_verify_locked(a) (0)
+#define locks_verify_truncate(a, b, c) (0)
+#define break_lease(a, b) (0)
+#endif /* CONFIG_FILE_LOCKING */
 
 /* fs/open.c */
 
Index: linuxdev/kernel/sys_ni.c
===================================================================
--- linuxdev.orig/kernel/sys_ni.c
+++ linuxdev/kernel/sys_ni.c
@@ -130,6 +130,7 @@
 cond_syscall(sys_io_submit);
 cond_syscall(sys_io_cancel);
 cond_syscall(sys_io_getevents);
+cond_syscall(sys_flock);
 
 /* arch-specific weak syscall entries */
 cond_syscall(sys_pciconfig_read);
Index: linuxdev/kernel/sysctl.c
===================================================================
--- linuxdev.orig/kernel/sysctl.c
+++ linuxdev/kernel/sysctl.c
@@ -97,7 +97,7 @@
 static int neg_one = -1;
 #endif
 
-#ifdef CONFIG_MMU
+#if defined(CONFIG_MMU) && defined(CONFIG_FILE_LOCKING)
 static int two = 2;
 #endif
 
@@ -1260,6 +1260,7 @@
 		.extra1		= &minolduid,
 		.extra2		= &maxolduid,
 	},
+#ifdef CONFIG_FILE_LOCKING
 	{
 		.ctl_name	= FS_LEASES,
 		.procname	= "leases-enable",
@@ -1268,6 +1269,7 @@
 		.mode		= 0644,
 		.proc_handler	= &proc_dointvec,
 	},
+#endif
 #ifdef CONFIG_DNOTIFY
 	{
 		.ctl_name	= FS_DIR_NOTIFY,
@@ -1279,6 +1281,7 @@
 	},
 #endif
 #ifdef CONFIG_MMU
+#ifdef CONFIG_FILE_LOCKING
 	{
 		.ctl_name	= FS_LEASE_TIME,
 		.procname	= "lease-break-time",
@@ -1290,6 +1293,7 @@
 		.extra1		= &zero,
 		.extra2		= &two,
 	},
+#endif /* CONFIG_FILE_LOCKING */
 #ifdef CONFIG_AIO
 	{
 		.procname	= "aio-nr",


-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers and embedded Linux development,
consulting, training and support.
http://free-electrons.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ