lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160517062705.GF14480@ZenIV.linux.org.uk>
Date:	Tue, 17 May 2016 07:27:06 +0100
From:	Al Viro <viro@...IV.linux.org.uk>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	linux-fsdevel <linux-fsdevel@...r.kernel.org>
Subject: Re: [git pull] vfs.git

On Mon, May 16, 2016 at 08:43:33AM -0700, Linus Torvalds wrote:
> On Sun, May 15, 2016 at 8:32 PM, Al Viro <viro@...iv.linux.org.uk> wrote:
> > FWIW, I considered sending that pile in several pull requests, but for some
> > reason git request-pull v4.6 vfs work.lookups spews something very odd into
> > diffstat - files that have never been touched by it and, in fact, doing
> > merge with mainline does *not* end up with those files anywhere in the
> > diff.
> 
> This is "normal" if you have multiple merge bases (which in turn
> happens various ways, but all of them involved the branch having
> merges in itself, either back-merges or just merging two or more topic
> branches that had different starting points).

OK...  What happened is that I started these branches off -rc1, then by -rc3
realized that PAGE_CACHE_SIZE->PAGE_SIZE stuff was going to create one hell
of merge noise and rebased work.lookups to it.  I would've done the same to
work.xattr, but by then I had a never-rebase branch on top of it (cifs
xattr stuff) and that meant that work.xattr (including its initial segment
needed in work.lookups) was stuck at -rc1.  Oh, well...

> > If you prefer that stuff to go in separate pulls, please say so.
> 
> This time I'd really prefer it, especially that parallel lookup
> branch. That's such a big fundamental change that it definitely merits
> being merged separately rather than as part of "here's all the vfs
> changes for 4.7"..

OK.  What I've got looks so:

#work.const-path - rc1-based, no conflicts with anything, independent from
everything else

#work.misc - ditto

#work.iov_iter - ditto, but with merge from #for-linus at some point.
No conflicts either (and that #for-linus had also been rc1-based).

#work.preadv2 - rc3-based, no conflicts with anything, independent from
everything else

#sendmsg.cifs - rc1-based, trims quite a bit of now-unneeded crap from cifs.
One obvious conflict with PAGE_CACHE_SIZE->PAGE_SIZE in there.  Independent
from everything else.

#work.xattr - rc1-based, some starts with some acl fixes, then switches
->getxattr to passing inode and dentry separately.  This is the point
where the things start to get tricky - that got merged into the very
beginning of the -rc3-based #work.lookups, to allow untangling the
security_d_instantiate() mess.  That merge actually got one of the
PAGE_CACHE_SIZE conflicts resolved.  #work.xattr itself proceeds to switch
a lot of filesystems to generic_...xattr(); no complications there.

#work.lookups, after that initial merge from #work.xattr does the following:
	* untangle security_d_instantiate()
	* convert a bunch of open-coded lookup_one_len_unlocked() to calls
of that thing; one such place (in overlayfs) actually yields a trivial
conflict with overlayfs fixes later in the cycle - overlayfs ended up
switching to a variant of lookup_one_len_unlocked() sans the permission
checks.  I would've dropped that commit (it gets overridden on merge from
#ovl-fixes in #for-next; proper resolution is to use the variant in mainline
fs/overlayfs/super.c), but I didn't want to rebase the damn thing - it was
fairly late in the cycle...
	* some filesystems had managed to depend on lookup/lookup exclusion
for *fs-internal* data structures in a way that would break if we relaxed the
VFS exclusion.  Fixing hadn't been hard, fortunately.
	* core of that series - parallel lookup machinery, replacing ->i_mutex
with rwsem, making lookup_slow() take it only shared.  At that point lookups
happen in parallel; lookups on the same name wait for the in-progress one
to be done with that dentry.  Surprisingly little code, at that - almost all
of it is in fs/dcache.c, with fs/namei.c changes limited to lookup_slow() -
making it use the new primitive and actually switching to locking shared.
	* parallel readdir stuff - first of all, we provide the exclusion
on per-struct file basis, same as we do for read() vs. lseek() for regular
files.  That takes care of most of the needed exclusion in readdir/readdir;
however, these guys are trickier than lookups, so I went for switching them
one-by-one - new method (->iterate_shared()) is added and filesystems are
switched to it as they are either confirmed to be OK with shared lock on
directory or fixed to be OK with that.  I hope to kill the original method
come next cycle (almost all in-tree filesystems are switched already), but
it's still not quite finished.
	* several filesystems get switched to parallel readdir.  The
interesting part here is dealing with dcache preseeding by readdir; that
needs minor adjustment to be safe with directory locked only shared.
Most of the filesystems doing that got switched to in those commits.
Important exception: NFS.  Turns out that NFS folks, with their, er,
insistence on VFS getting the fuck out of the way of the Smart Filesystem
Code That Knows How And What To Lock(tm) have grown the locking of their
own.  Homegrown rwsem, with lookup/readdir/atomic_open being *writers*
(sillyunlink is the reader there).  Of course, with VFS getting the fuck
out of the way, as requested, the actual smarts of the smart filesystem
code etc. had become exposed...
	* do_last/lookup_open/atomic_open cleanups.  As the result,
open() without O_CREAT locks the directory only shared.  Including the
->atomic_open() case.  Backmerge from #for-linus in the middle of that -
atomic_open() fix got brought in.
	* then comes NFS switch to saner (VFS-based ;-) locking, killing
the homegrown "lookup and readdir are writers" kinda-sorta rwsem.  All
exclusion for sillyunlink/lookup is done by the parallel lookups mechanism.
Exclusion between sillyunlink and rmdir is a real rwsem now - rmdir being
the writer.  Result: NFS lookups/readdirs/O_CREAT-less opens happen in parallel
now.
	* the rest of the series consists of switching a lot of filesystems
to parallel readdir; in a lot of cases ->llseek() gets simplified as well.
One backmerge in there (again, #for-linus - rockridge fix).
That's it for #work.lookups.  There's one conflict in that pile (overlayfs
one mentioned above) and there's a conflict resolved in the first merge
(rc3 vs. beginning of #work.xattr).

FWIW, I think the least PITA would be if I send #work.lookups + backmerge from
#ovl-fixes to resolve the fs/overlay/super.c conflict.  If you think that
it needs to done in even smaller steps (after all, it's about 3/4 of the
entire pile), please say so.  Otherwise, see below:

The following changes since commit 38b78a5f18584db6fa7441e0f4531b283b0e6725:

  ovl: ignore permissions on underlying lookup (2016-05-10 23:58:18 -0400)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git for-linus

for you to fetch changes up to 0e0162bb8c008fa7742f69d4d4982c8a37b88f95:

  Merge branch 'ovl-fixes' into for-linus (2016-05-17 02:17:59 -0400)

----------------------------------------------------------------
Al Viro (75):
      reiserfs_cache_default_acl(): use get_acl()
      don't bother with ->d_inode->i_sb - it's always equal to ->d_sb
      cifs: kill more bogus checks in ->...xattr() methods
      reiserfs: switch to generic_{get,set,remove}xattr()
      xattr_handler: pass dentry and inode as separate arguments of ->get()
      ->getxattr(): pass dentry and inode as separate arguments
      Merge getxattr prototype change into work.lookups
      security_d_instantiate(): move to the point prior to attaching dentry to inode
      kernfs: use lookup_one_len_unlocked()
      configfs_detach_prep(): make sure that wait_mutex won't go away
      ocfs2: don't open-code inode_lock/inode_unlock
      orangefs: don't open-code inode_lock/inode_unlock
      reiserfs: open-code reiserfs_mutex_lock_safe() in reiserfs_unpack()
      reconnect_one(): use lookup_one_len_unlocked()
      ovl_lookup_real(): use lookup_one_len_unlocked()
      make ext2_get_page() and friends work without external serialization
      nfs: missing wakeup in nfs_unblock_sillyrename()
      lookup_slow(): bugger off on IS_DEADDIR() from the very beginning
      __d_add(): don't drop/regain ->d_lock
      beginning of transition to parallel lookups - marking in-lookup dentries
      parallel lookups machinery, part 2
      parallel lookups machinery, part 3
      parallel lookups machinery, part 4 (and last)
      parallel lookups: actual switch to rwsem
      give readdir(2)/getdents(2)/etc. uniform exclusion with lseek()
      introduce a parallel variant of ->iterate()
      proc_fill_cache(): switch to d_alloc_parallel()
      proc_sys_fill_cache(): switch to d_alloc_parallel()
      switch all procfs directories ->iterate_shared()
      fuse: switch to ->iterate_shared()
      cifs: switch to ->iterate_shared()
      dcache_{readdir,dir_lseek}() users: switch to ->iterate_shared
      simple local filesystems: switch to ->iterate_shared()
      path_openat(): take O_PATH handling out of do_last()
      lookup_open(): expand the call of vfs_create()
      Merge branch 'for-linus' into work.lookups
      atomic_open(): don't bother with EEXIST check - it's done in do_last()
      atomic_open(): consolidate "overridden ENOENT" in open-yourself cases
      atomic_open(): massage the create_error logics a bit
      do_last(): get rid of duplicate ELOOP check
      do_last(): take fput() on error after opening to out:
      atomic_open(): delay open_to_namei_flags() until the method call
      atomic_open(): be paranoid about may_open() return value
      lookup_open(): lift the "fallback to !O_CREAT" logics from atomic_open()
      atomic_open(): reorder and clean up a bit
      lookup_open(): expand the call of real_lookup()
      lookup_open(): put the dentry fed to ->lookup() or ->atomic_open() into in-lookup hash
      lookup_open(): lock the parent shared unless O_CREAT is given
      nfs: switch to ->iterate_shared()
      nfs: per-name sillyunlink exclusion
      configfs_readdir(): make safe under shared lock
      kernfs: no point locking directory around that generic_file_llseek()
      lustre: don't need to lock inode in directory lseek
      more trivial ->iterate_shared conversions
      romfs, squashfs: switch to ->iterate_shared()
      fat: switch to ->iterate_shared()
      9p: switch to ->iterate_shared()
      Merge branch 'for-linus' into work.lookups
      switch ecryptfs to ->iterate_shared
      logfs: no need to lock directory in lseek
      btrfs: switch to ->iterate_shared()
      get_acorn_filename(): deobfuscate a bit
      isofs: switch to ->iterate_shared()
      befs: constify stuff a bit
      befs: switch to ->iterate_shared()
      afs: switch to ->iterate_shared()
      f2fs: switch to ->iterate_shared()
      gfs2: switch to ->iterate_shared()
      hpfs: handle allocation failures in hpfs_add_pos()
      hpfs: switch to ->iterate_shared()
      hostfs: switch to ->iterate_shared()
      hfsplus: switch to ->iterate_shared()
      hfs: switch to ->iterate_shared()
      ext4: switch to ->iterate_shared()
      Merge branch 'ovl-fixes' into for-linus

Andreas Gruenbacher (3):
      jfs: Remove unnecessary code in jfs_get_acl
      posix_acl: Inode acl caching fixes
      posix_acl: Unexport acl_by_type and make it static

 Documentation/filesystems/porting                  |  53 +++
 arch/alpha/kernel/osf_sys.c                        |   4 +-
 arch/powerpc/platforms/cell/spufs/inode.c          |   2 +-
 block/blk-map.c                                    |  47 +--
 drivers/staging/lustre/lustre/llite/dir.c          |   4 +-
 .../staging/lustre/lustre/llite/llite_internal.h   |   4 +-
 drivers/staging/lustre/lustre/llite/xattr.c        |   6 +-
 fs/9p/acl.c                                        |   8 +-
 fs/9p/vfs_dir.c                                    |   4 +-
 fs/9p/vfs_inode.c                                  |   2 +-
 fs/9p/xattr.c                                      |   4 +-
 fs/affs/dir.c                                      |   2 +-
 fs/afs/dir.c                                       |  16 +-
 fs/autofs4/root.c                                  |   4 +-
 fs/bad_inode.c                                     |   4 +-
 fs/befs/befs.h                                     |   4 +-
 fs/befs/btree.c                                    |  16 +-
 fs/befs/btree.h                                    |   4 +-
 fs/befs/datastream.c                               |  26 +-
 fs/befs/datastream.h                               |  11 +-
 fs/befs/linuxvfs.c                                 |   6 +-
 fs/bfs/dir.c                                       |   2 +-
 fs/btrfs/acl.c                                     |   3 -
 fs/btrfs/inode.c                                   |   2 +-
 fs/btrfs/ioctl.c                                   |  18 +-
 fs/btrfs/tree-log.c                                |   6 +-
 fs/btrfs/xattr.c                                   |   6 +-
 fs/ceph/acl.c                                      |   2 +
 fs/ceph/super.h                                    |   2 +-
 fs/ceph/xattr.c                                    |   8 +-
 fs/cifs/cifs_dfs_ref.c                             |   2 +-
 fs/cifs/cifsfs.c                                   |   2 +-
 fs/cifs/cifsfs.h                                   |   2 +-
 fs/cifs/inode.c                                    |   3 +-
 fs/cifs/readdir.c                                  |  57 +--
 fs/cifs/xattr.c                                    |  56 +--
 fs/coda/dir.c                                      |  18 +-
 fs/compat.c                                        |  12 +-
 fs/configfs/dir.c                                  |  37 +-
 fs/configfs/inode.c                                |   2 +-
 fs/cramfs/inode.c                                  |   2 +-
 fs/dcache.c                                        | 267 ++++++++++++--
 fs/ecryptfs/crypto.c                               |   5 +-
 fs/ecryptfs/ecryptfs_kernel.h                      |   4 +-
 fs/ecryptfs/file.c                                 |  73 +++-
 fs/ecryptfs/inode.c                                |  23 +-
 fs/ecryptfs/mmap.c                                 |   3 +-
 fs/efs/dir.c                                       |   3 +-
 fs/efs/namei.c                                     |   2 +-
 fs/exofs/dir.c                                     |  16 +-
 fs/exofs/super.c                                   |   2 +-
 fs/exportfs/expfs.c                                |  12 +-
 fs/ext2/acl.c                                      |   3 -
 fs/ext2/dir.c                                      |  16 +-
 fs/ext2/namei.c                                    |   2 +-
 fs/ext2/xattr_security.c                           |   6 +-
 fs/ext2/xattr_trusted.c                            |   6 +-
 fs/ext2/xattr_user.c                               |   8 +-
 fs/ext4/acl.c                                      |   3 -
 fs/ext4/dir.c                                      |   4 +-
 fs/ext4/namei.c                                    |   4 +-
 fs/ext4/xattr_security.c                           |   6 +-
 fs/ext4/xattr_trusted.c                            |   6 +-
 fs/ext4/xattr_user.c                               |   8 +-
 fs/f2fs/acl.c                                      |   3 -
 fs/f2fs/dir.c                                      |   2 +-
 fs/f2fs/namei.c                                    |   2 +-
 fs/f2fs/xattr.c                                    |  14 +-
 fs/fat/dir.c                                       |   6 +-
 fs/file.c                                          |   5 +
 fs/freevxfs/vxfs_lookup.c                          |   2 +-
 fs/fuse/dir.c                                      |  99 +++--
 fs/gfs2/file.c                                     |   4 +-
 fs/gfs2/inode.c                                    |   9 +-
 fs/gfs2/ops_fstype.c                               |   4 +-
 fs/gfs2/super.c                                    |   2 +-
 fs/gfs2/xattr.c                                    |   6 +-
 fs/hfs/attr.c                                      |   5 +-
 fs/hfs/catalog.c                                   |   3 +
 fs/hfs/dir.c                                       |  12 +-
 fs/hfs/hfs_fs.h                                    |   5 +-
 fs/hfs/inode.c                                     |   2 +
 fs/hfsplus/catalog.c                               |   3 +
 fs/hfsplus/dir.c                                   |  12 +-
 fs/hfsplus/hfsplus_fs.h                            |   1 +
 fs/hfsplus/inode.c                                 |   1 +
 fs/hfsplus/posix_acl.c                             |   3 -
 fs/hfsplus/super.c                                 |   1 +
 fs/hfsplus/xattr.c                                 |  10 +-
 fs/hfsplus/xattr.h                                 |   2 +-
 fs/hfsplus/xattr_security.c                        |   6 +-
 fs/hfsplus/xattr_trusted.c                         |   6 +-
 fs/hfsplus/xattr_user.c                            |   6 +-
 fs/hostfs/hostfs_kern.c                            |   2 +-
 fs/hpfs/dir.c                                      |  12 +-
 fs/hpfs/dnode.c                                    |   8 +-
 fs/hpfs/hpfs_fn.h                                  |   2 +-
 fs/inode.c                                         |  17 +-
 fs/isofs/dir.c                                     |   4 +-
 fs/isofs/rock.c                                    |  13 +-
 fs/jffs2/acl.c                                     |   2 -
 fs/jffs2/dir.c                                     |   4 +-
 fs/jffs2/security.c                                |   6 +-
 fs/jffs2/super.c                                   |   2 +-
 fs/jffs2/xattr_trusted.c                           |   6 +-
 fs/jffs2/xattr_user.c                              |   6 +-
 fs/jfs/acl.c                                       |   6 -
 fs/jfs/jfs_xattr.h                                 |   2 +-
 fs/jfs/namei.c                                     |   2 +-
 fs/jfs/xattr.c                                     |   8 +-
 fs/kernfs/dir.c                                    |  17 +-
 fs/kernfs/inode.c                                  |   6 +-
 fs/kernfs/kernfs-internal.h                        |   4 +-
 fs/kernfs/mount.c                                  |   5 +-
 fs/libfs.c                                         |  11 +-
 fs/logfs/dir.c                                     |   4 +-
 fs/minix/dir.c                                     |   2 +-
 fs/namei.c                                         | 399 ++++++++++-----------
 fs/nfs/dir.c                                       |  80 +++--
 fs/nfs/direct.c                                    |   2 +-
 fs/nfs/inode.c                                     |   4 +-
 fs/nfs/nfs3acl.c                                   |  43 ++-
 fs/nfs/nfs4proc.c                                  |  14 +-
 fs/nfs/nfstrace.h                                  |   2 +-
 fs/nfs/unlink.c                                    | 192 +++-------
 fs/nfsd/nfs3proc.c                                 |   4 +-
 fs/nfsd/nfs3xdr.c                                  |   2 +-
 fs/nfsd/nfsfh.c                                    |   2 +-
 fs/nilfs2/dir.c                                    |  16 +-
 fs/nilfs2/namei.c                                  |   2 +-
 fs/ocfs2/aops.c                                    |   4 +-
 fs/ocfs2/dlmglue.c                                 |   3 +
 fs/ocfs2/file.c                                    |   2 +-
 fs/ocfs2/inode.c                                   |   2 +-
 fs/ocfs2/xattr.c                                   |  20 +-
 fs/omfs/dir.c                                      |   2 +-
 fs/open.c                                          |   2 +-
 fs/openpromfs/inode.c                              |   2 +-
 fs/orangefs/file.c                                 |   4 +-
 fs/orangefs/orangefs-kernel.h                      |   4 +-
 fs/orangefs/xattr.c                                |  10 +-
 fs/overlayfs/inode.c                               |   4 +-
 fs/overlayfs/overlayfs.h                           |   4 +-
 fs/overlayfs/readdir.c                             |   4 +-
 fs/overlayfs/super.c                               |   2 +-
 fs/posix_acl.c                                     | 116 +++---
 fs/proc/base.c                                     |  35 +-
 fs/proc/fd.c                                       |   8 +-
 fs/proc/generic.c                                  |   2 +-
 fs/proc/namespaces.c                               |   3 +-
 fs/proc/proc_net.c                                 |   2 +-
 fs/proc/proc_sysctl.c                              |  17 +-
 fs/proc/root.c                                     |   4 +-
 fs/qnx4/dir.c                                      |   2 +-
 fs/qnx6/dir.c                                      |   2 +-
 fs/read_write.c                                    |  12 -
 fs/readdir.c                                       |  37 +-
 fs/reiserfs/dir.c                                  |   2 +-
 fs/reiserfs/file.c                                 |   6 +-
 fs/reiserfs/ioctl.c                                |   6 +-
 fs/reiserfs/namei.c                                |  18 +-
 fs/reiserfs/xattr.c                                |  54 ---
 fs/reiserfs/xattr.h                                |   9 +-
 fs/reiserfs/xattr_acl.c                            |   8 +-
 fs/reiserfs/xattr_security.c                       |  19 +-
 fs/reiserfs/xattr_trusted.c                        |  19 +-
 fs/reiserfs/xattr_user.c                           |  19 +-
 fs/romfs/super.c                                   |   4 +-
 fs/splice.c                                        |   3 +
 fs/squashfs/dir.c                                  |   4 +-
 fs/squashfs/xattr.c                                |   6 +-
 fs/sysv/dir.c                                      |   2 +-
 fs/ubifs/dir.c                                     |   2 +-
 fs/ubifs/ubifs.h                                   |   4 +-
 fs/ubifs/xattr.c                                   |   6 +-
 fs/udf/dir.c                                       |   2 +-
 fs/udf/namei.c                                     |   2 +-
 fs/ufs/dir.c                                       |  16 +-
 fs/ufs/super.c                                     |   2 +-
 fs/xattr.c                                         |  12 +-
 fs/xfs/xfs_acl.c                                   |  20 +-
 fs/xfs/xfs_file.c                                  |   2 +-
 fs/xfs/xfs_xattr.c                                 |   6 +-
 include/linux/dcache.h                             |  26 +-
 include/linux/file.h                               |  13 +
 include/linux/fs.h                                 |  51 ++-
 include/linux/nfs_fs.h                             |  11 +-
 include/linux/nfs_xdr.h                            |   4 +-
 include/linux/posix_acl.h                          |   1 -
 include/linux/uio.h                                |   1 +
 include/linux/xattr.h                              |   5 +-
 include/trace/events/ext4.h                        |   6 +-
 kernel/audit_watch.c                               |   2 +-
 lib/iov_iter.c                                     |  19 +
 mm/shmem.c                                         |   9 +-
 net/socket.c                                       |   2 +-
 security/commoncap.c                               |   6 +-
 security/integrity/evm/evm_main.c                  |   6 +-
 security/selinux/hooks.c                           |  11 +-
 security/smack/smack_lsm.c                         |   6 +-
 200 files changed, 1545 insertions(+), 1300 deletions(-)

Powered by blists - more mailing lists