kernel/linux.git/ipc/mqueue.c, branch v3.8.7

ipc: Restrict mounting the mqueue filesystem

2013-04-05T16:26:02+00:00

commit a636b702ed1805e988ad3d8ff8b52c060f8b341c upstream. Only allow mounting the mqueue filesystem if the caller has CAP_SYS_ADMIN rights over the ipc namespace. The principle here is if you create or have capabilities over it you can mount it, otherwise you get to live with what other people have mounted. This information is not particularly sensitive and mqueue essentially only reports which posix messages queues exist. Still when creating a restricted environment for an application to live any extra information may be of use to someone with sufficient creativity. The historical if imperfect way this information has been restricted has been not to allow mounts and restricting this to ipc namespace creators maintains the spirit of the historical restriction. Acked-by: Serge Hallyn Signed-off-by: "Eric W. Biederman" Signed-off-by: Greg Kroah-Hartman

mqueue: sys_mq_open: do not call mnt_drop_write() if read-only

2013-03-28T19:17:48+00:00

commit 38d78e587d4960d0db94add518d27ee74bad2301 upstream. mnt_drop_write() must be called only if mnt_want_write() succeeded, otherwise the mnt_writers counter will diverge. mnt_writers counters are used to check if remounting FS as read-only is OK, so after an extra mnt_drop_write() call, it would be impossible to remount mqueue FS as read-only. Besides, on umount a warning would be printed like this one: ===================================== [ BUG: bad unlock balance detected! ] 3.9.0-rc3 #5 Not tainted ------------------------------------- a.out/12486 is trying to release lock (sb_writers) at: mnt_drop_write+0x1f/0x30 but there are no more locks to release! Signed-off-by: Vladimir Davydov Cc: Doug Ledford Cc: KOSAKI Motohiro Cc: "Eric W. Biederman" Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman

audit: make audit_inode take struct filename

2012-10-13T00:15:09+00:00

Keep a pointer to the audit_names "slot" in struct filename. Have all of the audit_inode callers pass a struct filename ponter to audit_inode instead of a string pointer. If the aname field is already populated, then we can skip walking the list altogether and just use it directly. Signed-off-by: Jeff Layton Signed-off-by: Al Viro

vfs: define struct filename and have getname() return it

2012-10-13T00:14:55+00:00

getname() is intended to copy pathname strings from userspace into a kernel buffer. The result is just a string in kernel space. It would however be quite helpful to be able to attach some ancillary info to the string. For instance, we could attach some audit-related info to reduce the amount of audit-related processing needed. When auditing is enabled, we could also call getname() on the string more than once and not need to recopy it from userspace. This patchset converts the getname()/putname() interfaces to return a struct instead of a string. For now, the struct just tracks the string in kernel space and the original userland pointer for it. Later, we'll add other information to the struct as it becomes convenient. Signed-off-by: Jeff Layton Signed-off-by: Al Viro

audit: set the name_len in audit_inode for parent lookups

2012-10-12T04:32:01+00:00

Currently, this gets set mostly by happenstance when we call into audit_inode_child. While that might be a little more efficient, it seems wrong. If the syscall ends up failing before audit_inode_child ever gets called, then you'll have an audit_names record that shows the full path but has the parent inode info attached. Fix this by passing in a parent flag when we call audit_inode that gets set to the value of LOOKUP_PARENT. We can then fix up the pathname for the audit entry correctly from the get-go. While we're at it, clean up the no-op macro for audit_inode in the !CONFIG_AUDITSYSCALL case. Signed-off-by: Jeff Layton Signed-off-by: Al Viro

ipc/mqueue: remove unnecessary rb_init_node() calls

2012-10-09T07:22:31+00:00

Commit d6629859b36d ("ipc/mqueue: improve performance of send/recv") and ce2d52cc ("ipc/mqueue: add rbtree node caching support") introduced an rbtree of message priorities, and usage of rb_init_node() to initialize the corresponding nodes. As it turns out, rb_init_node() is unnecessary here, as the nodes are fully initialized on insertion by rb_link_node() and the code doesn't access nodes that aren't inserted on the rbtree. Removing the rb_init_node() calls as I removed that function during rbtree API cleanups (the only other use of it was in a place that similarly didn't require it). Signed-off-by: Michel Lespinasse Acked-by: Doug Ledford Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

switch simple cases of fget_light to fdget

2012-09-27T02:20:08+00:00

Signed-off-by: Al Viro

switch mqueue syscalls to fget_light()

2012-09-27T01:10:09+00:00

Signed-off-by: Al Viro

mqueue: lift mnt_want_write() outside ->i_mutex, clean up a bit

2012-08-18T20:51:26+00:00

the way it abuses ->d_fsdata still needs to be killed, but that's a separate story. Signed-off-by: Al Viro

switch dentry_open() to struct path, make it grab references itself

2012-07-22T20:01:29+00:00

Signed-off-by: Al Viro