1. 26 May, 2011 1 commit
  2. 25 May, 2011 1 commit
    • Eric Paris's avatar
      tmpfs: implement generic xattr support · b09e0fa4
      Eric Paris authored
      Implement generic xattrs for tmpfs filesystems.  The Feodra project, while
      trying to replace suid apps with file capabilities, realized that tmpfs,
      which is used on the build systems, does not support file capabilities and
      thus cannot be used to build packages which use file capabilities.  Xattrs
      are also needed for overlayfs.
      The xattr interface is a bit odd.  If a filesystem does not implement any
      {get,set,list}xattr functions the VFS will call into some random LSM hooks
      and the running LSM can then implement some method for handling xattrs.
      SELinux for example provides a method to support security.selinux but no
      other security.* xattrs.
      As it stands today when one enables CONFIG_TMPFS_POSIX_ACL tmpfs will have
      xattr handler routines specifically to handle acls.  Because of this tmpfs
      would loose the VFS/LSM helpers to support the running LSM.  To make up
      for that tmpfs had stub functions that did nothing but call into the LSM
      hooks which implement the helpers.
      This new patch does not use the LSM fallback functions and instead just
      implements a native get/set/list xattr feature for the full security.* and
      trusted.* namespace like a normal filesystem.  This means that tmpfs can
      now support both security.selinux and security.capability, which was not
      previously possible.
      The basic implementation is that I attach a:
      struct shmem_xattr {
      	struct list_head list; /* anchored by shmem_inode_info->xattr_list */
      	char *name;
      	size_t size;
      	char value[0];
      Into the struct shmem_inode_info for each xattr that is set.  This
      implementation could easily support the user.* namespace as well, except
      some care needs to be taken to prevent large amounts of unswappable memory
      being allocated for unprivileged users.
      [mszeredi@suse.cz: new config option, suport trusted.*, support symlinks]
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
      Acked-by: default avatarSerge Hallyn <serge.hallyn@ubuntu.com>
      Tested-by: default avatarSerge Hallyn <serge.hallyn@ubuntu.com>
      Cc: Kyle McMartin <kyle@mcmartin.ca>
      Acked-by: default avatarHugh Dickins <hughd@google.com>
      Tested-by: default avatarJordi Pujol <jordipujolp@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  3. 15 Mar, 2011 1 commit
  4. 21 Jan, 2011 1 commit
    • David Rientjes's avatar
      kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT · 6a108a14
      David Rientjes authored
      The meaning of CONFIG_EMBEDDED has long since been obsoleted; the option
      is used to configure any non-standard kernel with a much larger scope than
      only small devices.
      This patch renames the option to CONFIG_EXPERT in init/Kconfig and fixes
      references to the option throughout the kernel.  A new CONFIG_EMBEDDED
      option is added that automatically selects CONFIG_EXPERT when enabled and
      can be used in the future to isolate options that should only be
      considered for embedded systems (RISC architectures, SLOB, etc).
      Calling the option "EXPERT" more accurately represents its intention: only
      expert users who understand the impact of the configuration changes they
      are making should enable it.
      Reviewed-by: default avatarIngo Molnar <mingo@elte.hu>
      Acked-by: default avatarDavid Woodhouse <david.woodhouse@intel.com>
      Signed-off-by: default avatarDavid Rientjes <rientjes@google.com>
      Cc: Greg KH <gregkh@suse.de>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Jens Axboe <axboe@kernel.dk>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Robin Holt <holt@sgi.com>
      Cc: <linux-arch@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  5. 17 Jan, 2011 1 commit
    • Randy Dunlap's avatar
      fs: FS_POSIX_ACL does not depend on BLOCK · 16ebe911
      Randy Dunlap authored
      - Fix a kconfig unmet dependency warning.
      - Remove the comment that identifies which filesystems use POSIX ACL
        utility routines.
      - Move the FS_POSIX_ACL symbol outside of the BLOCK symbol if/endif block
        because its functions do not depend on BLOCK and some of the filesystems
        that use it do not depend on BLOCK.
      warning: (GENERIC_ACL && JFFS2_FS_POSIX_ACL && NFSD_V4 && NFS_ACL_SUPPORT && 9P_FS_POSIX_ACL) selects FS_POSIX_ACL which has unmet direct dependencies (BLOCK)
      Signed-off-by: default avatarRandy Dunlap <randy.dunlap@oracle.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
  6. 28 Dec, 2010 1 commit
    • Tony Luck's avatar
      pstore: new filesystem interface to platform persistent storage · ca01d6dd
      Tony Luck authored
      Some platforms have a small amount of non-volatile storage that
      can be used to store information useful to diagnose the cause of
      a system crash.  This is the generic part of a file system interface
      that presents information from the crash as a series of files in
      /dev/pstore.  Once the information has been seen, the underlying
      storage is freed by deleting the files.
      Signed-off-by: default avatarTony Luck <tony.luck@intel.com>
  7. 27 Oct, 2010 1 commit
  8. 26 Oct, 2010 2 commits
  9. 21 Oct, 2010 1 commit
    • Arnd Bergmann's avatar
      BKL: introduce CONFIG_BKL. · 6de5bd12
      Arnd Bergmann authored
      With all the patches we have queued in the BKL removal tree, only a
      few dozen modules are left that actually rely on the BKL, and even
      there are lots of low-hanging fruit. We need to decide what to do
      about them, this patch illustrates one of the options:
      Every user of the BKL is marked as 'depends on BKL' in Kconfig,
      and the CONFIG_BKL becomes a user-visible option. If it gets
      disabled, no BKL using module can be built any more and the BKL
      code itself is compiled out.
      The one exception is file locking, which is practically always
      enabled and does a 'select BKL' instead. This effectively forces
      CONFIG_BKL to be enabled until we have solved the fs/lockd
      mess and can apply the patch that removes the BKL from fs/locks.c.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
  10. 05 Oct, 2010 2 commits
  11. 20 Jul, 2010 1 commit
  12. 17 Dec, 2009 1 commit
  13. 15 Dec, 2009 1 commit
  14. 20 Nov, 2009 1 commit
  15. 30 Oct, 2009 1 commit
  16. 27 Oct, 2009 1 commit
  17. 26 Oct, 2009 1 commit
    • Paul Mundt's avatar
      sh: Fix hugetlbfs dependencies for SH-3 && MMU configurations. · ffb4a73d
      Paul Mundt authored
      The hugetlb dependencies presently depend on SUPERH && MMU while the
      hugetlb page size definitions depend on CPU_SH4 or CPU_SH5. This
      unfortunately allows SH-3 + MMU configurations to enable hugetlbfs
      without a corresponding HPAGE_SHIFT definition, resulting in the build
      blowing up.
      As SH-3 doesn't support variable page sizes, we tighten up the
      dependenies a bit to prevent hugetlbfs from being enabled. These days
      we also have a shiny new SYS_SUPPORTS_HUGETLBFS, so switch to using
      that rather than adding to the list of corner cases in fs/Kconfig.
      Reported-by: default avatarKristoffer Ericson <kristoffer.ericson@gmail.com>
      Signed-off-by: default avatarPaul Mundt <lethal@linux-sh.org>
  18. 06 Oct, 2009 1 commit
  19. 22 Sep, 2009 1 commit
    • Hugh Dickins's avatar
      tmpfs: depend on shmem · 3f96b79a
      Hugh Dickins authored
      CONFIG_SHMEM off gives you (ramfs masquerading as) tmpfs, even when
      CONFIG_TMPFS is off: that's a little anomalous, and I'd intended to make
      more sense of it by removing CONFIG_TMPFS altogether, always enabling its
      code when CONFIG_SHMEM; but so many defconfigs have CONFIG_SHMEM on
      CONFIG_TMPFS off that we'd better leave that as is.
      But there is no point in asking for CONFIG_TMPFS if CONFIG_SHMEM is off:
      make TMPFS depend on SHMEM, which also prevents TMPFS_POSIX_ACL
      shmem_acl.o being pointlessly built into the kernel when SHMEM is off.
      And a selfish change, to prevent the world from being rebuilt when I
      switch between CONFIG_SHMEM on and off: the only CONFIG_SHMEM in the
      header files is mm.h shmem_lock() - give that a shmem.c stub instead.
      Signed-off-by: default avatarHugh Dickins <hugh.dickins@tiscali.co.uk>
      Acked-by: default avatarMatt Mackall <mpm@selenic.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  20. 14 Sep, 2009 1 commit
    • Ryusuke Konishi's avatar
      fs/Kconfig: move nilfs2 outside misc filesystems · 41f4db0f
      Ryusuke Konishi authored
      Some people asked me questions like the following:
      On Wed, 15 Jul 2009 13:11:21 +0200, Leon Woestenberg wrote:
      > just wondering, any reasons why NILFS2 is one of the miscellaneous
      > filesystems and, for example, btrfs, is not in Kconfig?
      Actually, nilfs is NOT a filesystem came from other operating systems,
      but a filesystem created purely for Linux.  Nor is it a flash
      filesystem but that for generic block devices.
      So, this moves nilfs outside the misc category as I responded in LKML
      "Re: Why does NILFS2 hide under Miscellaneous filesystems?"
      (Message-Id: <20090716.002526.93465395.ryusuke@osrg.net>).
      Signed-off-by: default avatarRyusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
  21. 14 Jul, 2009 1 commit
  22. 17 Jun, 2009 2 commits
  23. 09 Jun, 2009 1 commit
    • Tejun Heo's avatar
      CUSE: implement CUSE - Character device in Userspace · 151060ac
      Tejun Heo authored
      CUSE enables implementing character devices in userspace.  With recent
      additions of ioctl and poll support, FUSE already has most of what's
      necessary to implement character devices.  All CUSE has to do is
      bonding all those components - FUSE, chardev and the driver model -
      When client opens /dev/cuse, kernel starts conversation with
      CUSE_INIT.  The client tells CUSE which device it wants to create.  As
      the previous patch made fuse_file usable without associated
      fuse_inode, CUSE doesn't create super block or inodes.  It attaches
      fuse_file to cdev file->private_data during open and set ff->fi to
      NULL.  The rest of the operation is almost identical to FUSE direct IO
      Each CUSE device has a corresponding directory /sys/class/cuse/DEVNAME
      (which is symlink to /sys/devices/virtual/class/DEVNAME if
      SYSFS_DEPRECATED is turned off) which hosts "waiting" and "abort"
      among other things.  Those two files have the same meaning as the FUSE
      control files.
      The only notable lacking feature compared to in-kernel implementation
      is mmap support.
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
  24. 13 May, 2009 1 commit
  25. 07 Apr, 2009 1 commit
  26. 03 Apr, 2009 2 commits
    • David Howells's avatar
      CacheFiles: A cache that backs onto a mounted filesystem · 9ae326a6
      David Howells authored
      Add an FS-Cache cache-backend that permits a mounted filesystem to be used as a
      backing store for the cache.
      CacheFiles uses a userspace daemon to do some of the cache management - such as
      reaping stale nodes and culling.  This is called cachefilesd and lives in
      /sbin.  The source for the daemon can be downloaded from:
      And an example configuration from:
      The filesystem and data integrity of the cache are only as good as those of the
      filesystem providing the backing services.  Note that CacheFiles does not
      attempt to journal anything since the journalling interfaces of the various
      filesystems are very specific in nature.
      CacheFiles creates a misc character device - "/dev/cachefiles" - that is used
      to communication with the daemon.  Only one thing may have this open at once,
      and whilst it is open, a cache is at least partially in existence.  The daemon
      opens this and sends commands down it to control the cache.
      CacheFiles is currently limited to a single cache.
      CacheFiles attempts to maintain at least a certain percentage of free space on
      the filesystem, shrinking the cache by culling the objects it contains to make
      space if necessary - see the "Cache Culling" section.  This means it can be
      placed on the same medium as a live set of data, and will expand to make use of
      spare space and automatically contract when the set of data requires more
      The use of CacheFiles and its daemon requires the following features to be
      available in the system and in the cache filesystem:
      	- dnotify.
      	- extended attributes (xattrs).
      	- openat() and friends.
      	- bmap() support on files in the filesystem (FIBMAP ioctl).
      	- The use of bmap() to detect a partial page at the end of the file.
      It is strongly recommended that the "dir_index" option is enabled on Ext3
      filesystems being used as a cache.
      The cache is configured by a script in /etc/cachefilesd.conf.  These commands
      set up cache ready for use.  The following script commands are available:
       (*) brun <N>%
       (*) bcull <N>%
       (*) bstop <N>%
       (*) frun <N>%
       (*) fcull <N>%
       (*) fstop <N>%
      	Configure the culling limits.  Optional.  See the section on culling
      	The defaults are 7% (run), 5% (cull) and 1% (stop) respectively.
      	The commands beginning with a 'b' are file space (block) limits, those
      	beginning with an 'f' are file count limits.
       (*) dir <path>
      	Specify the directory containing the root of the cache.  Mandatory.
       (*) tag <name>
      	Specify a tag to FS-Cache to use in distinguishing multiple caches.
      	Optional.  The default is "CacheFiles".
       (*) debug <mask>
      	Specify a numeric bitmask to control debugging in the kernel module.
      	Optional.  The default is zero (all off).  The following values can be
      	OR'd into the mask to collect various information:
      		1	Turn on trace of function entry (_enter() macros)
      		2	Turn on trace of function exit (_leave() macros)
      		4	Turn on trace of internal debug points (_debug())
      	This mask can also be set through sysfs, eg:
      		echo 5 >/sys/modules/cachefiles/parameters/debug
      The cache is started by running the daemon.  The daemon opens the cache device,
      configures the cache and tells it to begin caching.  At that point the cache
      binds to fscache and the cache becomes live.
      The daemon is run as follows:
      	/sbin/cachefilesd [-d]* [-s] [-n] [-f <configfile>]
      The flags are:
       (*) -d
      	Increase the debugging level.  This can be specified multiple times and
      	is cumulative with itself.
       (*) -s
      	Send messages to stderr instead of syslog.
       (*) -n
      	Don't daemonise and go into background.
       (*) -f <configfile>
      	Use an alternative configuration file rather than the default one.
      Do not mount other things within the cache as this will cause problems.  The
      kernel module contains its own very cut-down path walking facility that ignores
      mountpoints, but the daemon can't avoid them.
      Do not create, rename or unlink files and directories in the cache whilst the
      cache is active, as this may cause the state to become uncertain.
      Renaming files in the cache might make objects appear to be other objects (the
      filename is part of the lookup key).
      Do not change or remove the extended attributes attached to cache files by the
      cache as this will cause the cache state management to get confused.
      Do not create files or directories in the cache, lest the cache get confused or
      serve incorrect data.
      Do not chmod files in the cache.  The module creates things with minimal
      permissions to prevent random users being able to access them directly.
      The cache may need culling occasionally to make space.  This involves
      discarding objects from the cache that have been used less recently than
      anything else.  Culling is based on the access time of data objects.  Empty
      directories are culled if not in use.
      Cache culling is done on the basis of the percentage of blocks and the
      percentage of files available in the underlying filesystem.  There are six
       (*) brun
       (*) frun
           If the amount of free space and the number of available files in the cache
           rises above both these limits, then culling is turned off.
       (*) bcull
       (*) fcull
           If the amount of available space or the number of available files in the
           cache falls below either of these limits, then culling is started.
       (*) bstop
       (*) fstop
           If the amount of available space or the number of available files in the
           cache falls below either of these limits, then no further allocation of
           disk space or files is permitted until culling has raised things above
           these limits again.
      These must be configured thusly:
      	0 <= bstop < bcull < brun < 100
      	0 <= fstop < fcull < frun < 100
      Note that these are percentages of available space and available files, and do
      _not_ appear as 100 minus the percentage displayed by the "df" program.
      The userspace daemon scans the cache to build up a table of cullable objects.
      These are then culled in least recently used order.  A new scan of the cache is
      started as soon as space is made in the table.  Objects will be skipped if
      their atimes have changed or if the kernel module says it is still using them.
      The CacheFiles module will create two directories in the directory it was
       (*) cache/
       (*) graveyard/
      The active cache objects all reside in the first directory.  The CacheFiles
      kernel module moves any retired or culled objects that it can't simply unlink
      to the graveyard from which the daemon will actually delete them.
      The daemon uses dnotify to monitor the graveyard directory, and will delete
      anything that appears therein.
      The module represents index objects as directories with the filename "I..." or
      "J...".  Note that the "cache/" directory is itself a special index.
      Data objects are represented as files if they have no children, or directories
      if they do.  Their filenames all begin "D..." or "E...".  If represented as a
      directory, data objects will have a file in the directory called "data" that
      actually holds the data.
      Special objects are similar to data objects, except their filenames begin
      "S..." or "T...".
      If an object has children, then it will be represented as a directory.
      Immediately in the representative directory are a collection of directories
      named for hash values of the child object keys with an '@' prepended.  Into
      this directory, if possible, will be placed the representations of the child
      	INDEX     INDEX      INDEX                             DATA FILES
      	========= ========== ================================= ================
      If the key is so long that it exceeds NAME_MAX with the decorations added on to
      it, then it will be cut into pieces, the first few of which will be used to
      make a nest of directories, and the last one of which will be the objects
      inside the last directory.  The names of the intermediate directories will have
      '+' prepended:
      Note that keys are raw data, and not only may they exceed NAME_MAX in size,
      they may also contain things like '/' and NUL characters, and so they may not
      be suitable for turning directly into a filename.
      To handle this, CacheFiles will use a suitably printable filename directly and
      "base-64" encode ones that aren't directly suitable.  The two versions of
      object filenames indicate the encoding:
      	===============	===============	===============
      	Index		"I..."		"J..."
      	Data		"D..."		"E..."
      	Special		"S..."		"T..."
      Intermediate directories are always "@" or "+" as appropriate.
      Each object in the cache has an extended attribute label that holds the object
      type ID (required to distinguish special objects) and the auxiliary data from
      the netfs.  The latter is used to detect stale objects in the cache and update
      or retire them.
      Note that CacheFiles will erase from the cache any file it doesn't recognise or
      any file of an incorrect type (such as a FIFO file or a device file).
      CacheFiles is implemented to deal properly with the LSM security features of
      the Linux kernel and the SELinux facility.
      One of the problems that CacheFiles faces is that it is generally acting on
      behalf of a process, and running in that process's context, and that includes a
      security context that is not appropriate for accessing the cache - either
      because the files in the cache are inaccessible to that process, or because if
      the process creates a file in the cache, that file may be inaccessible to other
      The way CacheFiles works is to temporarily change the security context (fsuid,
      fsgid and actor security label) that the process acts as - without changing the
      security context of the process when it the target of an operation performed by
      some other process (so signalling and suchlike still work correctly).
      When the CacheFiles module is asked to bind to its cache, it:
       (1) Finds the security label attached to the root cache directory and uses
           that as the security label with which it will create files.  By default,
           this is:
       (2) Finds the security label of the process which issued the bind request
           (presumed to be the cachefilesd daemon), which by default will be:
           and asks LSM to supply a security ID as which it should act given the
           daemon's label.  By default, this will be:
           SELinux transitions the daemon's security ID to the module's security ID
           based on a rule of this form in the policy.
      	type_transition <daemon's-ID> kernel_t : process <module's-ID>;
           For instance:
      	type_transition cachefilesd_t kernel_t : process cachefiles_kernel_t;
      The module's security ID gives it permission to create, move and remove files
      and directories in the cache, to find and access directories and files in the
      cache, to set and access extended attributes on cache objects, and to read and
      write files in the cache.
      The daemon's security ID gives it only a very restricted set of permissions: it
      may scan directories, stat files and erase files and directories.  It may
      not read or write files in the cache, and so it is precluded from accessing the
      data cached therein; nor is it permitted to create new files in the cache.
      There are policy source files available in:
      and later versions.  In that tarball, see the files:
      They are built and installed directly by the RPM.
      If a non-RPM based system is being used, then copy the above files to their own
      directory and run:
      	make -f /usr/share/selinux/devel/Makefile
      	semodule -i cachefilesd.pp
      You will need checkpolicy and selinux-policy-devel installed prior to the
      By default, the cache is located in /var/fscache, but if it is desirable that
      it should be elsewhere, than either the above policy files must be altered, or
      an auxiliary policy must be installed to label the alternate location of the
      For instructions on how to add an auxiliary policy to enable the cache to be
      located elsewhere when SELinux is in enforcing mode, please see:
      When the cachefilesd rpm is installed; alternatively, the document can be found
      in the sources.
      CacheFiles makes use of the split security in the task_struct.  It allocates
      its own task_security structure, and redirects current->act_as to point to it
      when it acts on behalf of another process, in that process's context.
      The reason it does this is that it calls vfs_mkdir() and suchlike rather than
      bypassing security and calling inode ops directly.  Therefore the VFS and LSM
      may deny the CacheFiles access to the cache data because under some
      circumstances the caching code is running in the security context of whatever
      process issued the original syscall on the netfs.
      Furthermore, should CacheFiles create a file or directory, the security
      parameters with that object is created (UID, GID, security label) would be
      derived from that process that issued the system call, thus potentially
      preventing other processes from accessing the cache - including CacheFiles's
      cache management daemon (cachefilesd).
      What is required is to temporarily override the security of the process that
      issued the system call.  We can't, however, just do an in-place change of the
      security data as that affects the process as an object, not just as a subject.
      This means it may lose signals or ptrace events for example, and affects what
      the process looks like in /proc.
      So CacheFiles makes use of a logical split in the security between the
      objective security (task->sec) and the subjective security (task->act_as).  The
      objective security holds the intrinsic security properties of a process and is
      never overridden.  This is what appears in /proc, and is what is used when a
      process is the target of an operation by some other process (SIGKILL for
      The subjective security holds the active security properties of a process, and
      may be overridden.  This is not seen externally, and is used whan a process
      acts upon another object, for example SIGKILLing another process or opening a
      LSM hooks exist that allow SELinux (or Smack or whatever) to reject a request
      for CacheFiles to run in a context of a specific security label, or to create
      files and directories with another security label.
      This documentation is added by the patch to:
      Signed-Off-By: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarSteve Dickson <steved@redhat.com>
      Acked-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      Acked-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Tested-by: default avatarDaire Byrne <Daire.Byrne@framestore.com>
    • David Howells's avatar
      FS-Cache: Add main configuration option, module entry points and debugging · 06b3db1b
      David Howells authored
      Add the main configuration option, allowing FS-Cache to be selected; the
      module entry and exit functions and the debugging stuff used by these patches.
      The two configuration options added are:
      The first enables the facility, and the second makes the debugging statements
      enableable through the "debug" module parameter.  The value of this parameter
      is a bitmask as described in:
      The module can be loaded at this point, but all it will do at this point in
      the patch series is to start up the slow work facility and shut it down again.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarSteve Dickson <steved@redhat.com>
      Acked-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      Acked-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Tested-by: default avatarDaire Byrne <Daire.Byrne@framestore.com>
  27. 31 Mar, 2009 1 commit
  28. 26 Mar, 2009 1 commit
  29. 22 Jan, 2009 8 commits