Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v2.6.32 2009-11-18T21:42:01Z 2009-11-18T21:42:01Z Mimi Zohar zohar@linux.vnet.ibm.com 2009-11-18T21:16:06Z urn:sha1:c09c59e6a070d6af05f238f255aea268185273ef While running fsstress tests on the NFSv4 mounted ext3 and ext4 filesystem, the following call trace was generated on the nfs server machine. Replace GFP_KERNEL with GFP_NOFS in ima_iint_insert() to avoid a potential deadlock. ================================= [ INFO: inconsistent lock state ] 2.6.31-31.el6.x86_64 #1 --------------------------------- inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-W} usage. kswapd2/75 [HC0[0]:SC0[0]:HE1:SE1] takes: (jbd2_handle){+.+.?.}, at: [<ffffffff811edd5e>] jbd2_journal_start+0xfe/0x13f {RECLAIM_FS-ON-W} state was registered at: [<ffffffff81091e40>] mark_held_locks+0x65/0x99 [<ffffffff81091f31>] lockdep_trace_alloc+0xbd/0xf5 [<ffffffff81126fdd>] kmem_cache_alloc+0x40/0x185 [<ffffffff812344d7>] ima_iint_insert+0x3d/0xf1 [<ffffffff812345b0>] ima_inode_alloc+0x25/0x44 [<ffffffff811484ac>] inode_init_always+0xec/0x271 [<ffffffff81148682>] alloc_inode+0x51/0xa1 [<ffffffff81148700>] new_inode+0x2e/0x94 [<ffffffff811b2f08>] ext4_new_inode+0xb8/0xdc9 [<ffffffff811be611>] ext4_create+0xcf/0x175 [<ffffffff8113e2cd>] vfs_create+0x82/0xb8 [<ffffffff8113f337>] do_filp_open+0x32c/0x9ee [<ffffffff811309b9>] do_sys_open+0x6c/0x12c [<ffffffff81130adc>] sys_open+0x2e/0x44 [<ffffffff81011e42>] system_call_fastpath+0x16/0x1b [<ffffffffffffffff>] 0xffffffffffffffff irq event stamp: 90371 hardirqs last enabled at (90371): [<ffffffff8112708d>] kmem_cache_alloc+0xf0/0x185 hardirqs last disabled at (90370): [<ffffffff81127026>] kmem_cache_alloc+0x89/0x185 softirqs last enabled at (89492): [<ffffffff81068ecf>] __do_softirq+0x1bf/0x1eb softirqs last disabled at (89477): [<ffffffff8101312c>] call_softirq+0x1c/0x30 other info that might help us debug this: 2 locks held by kswapd2/75: #0: (shrinker_rwsem){++++..}, at: [<ffffffff810f98ba>] shrink_slab+0x44/0x177 #1: (&type->s_umount_key#25){++++..}, at: [<ffffffff811450ba>] Reported-by: Muni P. Beerakam <mbeeraka@in.ibm.com> Reported-by: Amit K. Arora <amitarora@in.ibm.com> Cc: stable@kernel.org Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> 2009-10-15T22:19:58Z David Howells dhowells@redhat.com 2009-10-15T09:14:35Z urn:sha1:21279cfa107af07ef985539ac0de2152b9cba5f5 The destination keyring specified to request_key() and co. is made available to the process that instantiates the key (the slave process started by /sbin/request-key typically). This is passed in the request_key_auth struct as the dest_keyring member. keyctl_instantiate_key and keyctl_negate_key() call get_instantiation_keyring() to get the keyring to attach the newly constructed key to at the end of instantiation. This may be given a specific keyring into which a link will be made later, or it may be asked to find the keyring passed to request_key(). In the former case, it returns a keyring with the refcount incremented by lookup_user_key(); in the latter case, it returns the keyring from the request_key_auth struct - and does _not_ increment the refcount. The latter case will eventually result in an oops when the keyring prematurely runs out of references and gets destroyed. The effect may take some time to show up as the key is destroyed lazily. To fix this, the keyring returned by get_instantiation_keyring() must always have its refcount incremented, no matter where it comes from. This can be tested by setting /etc/request-key.conf to: #OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ... #====== ======= =============== =============== =============================== create * test:* * |/bin/false %u %g %d %{user:_display} negate * * * /bin/keyctl negate %k 10 @u and then doing: keyctl add user _display aaaaaaaa @u while keyctl request2 user test:x test:x @u && keyctl list @u; do keyctl request2 user test:x test:x @u; sleep 31; keyctl list @u; done which will oops eventually. Changing the negate line to have @u rather than %S at the end is important as that forces the latter case by passing a special keyring ID rather than an actual keyring ID. Reported-by: Alexander Zangerl <az@bond.edu.au> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Alexander Zangerl <az@bond.edu.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2009-10-01T23:11:11Z Alexey Dobriyan adobriyan@gmail.com 2009-10-01T22:43:56Z urn:sha1:828c09509b9695271bcbdc53e9fc9a6a737148d2 [akpm@linux-foundation.org: fix KVM] Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Acked-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2009-09-24T15:31:04Z Linus Torvalds torvalds@linux-foundation.org 2009-09-24T15:31:04Z urn:sha1:6d39b27f0ac7e805ae3bd9efa51d7da04bec0360 * git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: lsm: Use a compressed IPv6 string format in audit events Audit: send signal info if selinux is disabled Audit: rearrange audit_context to save 16 bytes per struct Audit: reorganize struct audit_watch to save 8 bytes 2009-09-24T14:21:04Z Alexey Dobriyan adobriyan@gmail.com 2009-09-23T22:57:19Z urn:sha1:8d65af789f3e2cf4cfbdbf71a0f7a61ebcd41d38 It's unused. It isn't needed -- read or write flag is already passed and sysctl shouldn't care about the rest. It _was_ used in two places at arch/frv for some reason. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: David Howells <dhowells@redhat.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: "David S. Miller" <davem@davemloft.net> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2009-09-24T14:20:59Z Oleg Nesterov oleg@redhat.com 2009-09-23T22:56:46Z urn:sha1:0b7570e77f7c3abd43107dabc47ea89daf9a1cba Ratan Nalumasu reported that in a process with many threads doing unnecessary wakeups. Every waiting thread in the process wakes up to loop through the children and see that the only ones it cares about are still not ready. Now that we have struct wait_opts we can change do_wait/__wake_up_parent to use filtered wakeups. We can make child_wait_callback() more clever later, right now it only checks eligible_child(). Signed-off-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Roland McGrath <roland@redhat.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Ratan Nalumasu <rnalumasu@gmail.com> Cc: Vitaly Mayatskikh <vmayatsk@redhat.com> Acked-by: James Morris <jmorris@namei.org> Tested-by: Valdis Kletnieks <valdis.kletnieks@vt.edu> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2009-09-24T14:20:58Z Ben Blum bblum@google.com 2009-09-23T22:56:31Z urn:sha1:be367d09927023d081f9199665c8500f69f14d22 Alter the ss->can_attach and ss->attach functions to be able to deal with a whole threadgroup at a time, for use in cgroup_attach_proc. (This is a pre-patch to cgroup-procs-writable.patch.) Currently, new mode of the attach function can only tell the subsystem about the old cgroup of the threadgroup leader. No subsystem currently needs that information for each thread that's being moved, but if one were to be added (for example, one that counts tasks within a group) this bit would need to be reworked a bit to tell the subsystem the right information. [hidave.darkstar@gmail.com: fix build] Signed-off-by: Ben Blum <bblum@google.com> Signed-off-by: Paul Menage <menage@google.com> Acked-by: Li Zefan <lizf@cn.fujitsu.com> Reviewed-by: Matt Helsley <matthltc@us.ibm.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Ingo Molnar <mingo@elte.hu> Cc: Dave Young <hidave.darkstar@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2009-09-24T07:50:26Z Paul Moore paul.moore@hp.com 2009-09-23T17:46:00Z urn:sha1:d81165919ebf6e1cb9eeb612150f9287ad414659 Currently the audit subsystem prints uncompressed IPv6 addresses which not only differs from common usage but also results in ridiculously large audit strings which is not a good thing. This patch fixes this by simply converting audit to always print compressed IPv6 addresses. Old message example: audit(1253576792.161:30): avc: denied { ingress } for saddr=0000:0000:0000:0000:0000:0000:0000:0001 src=5000 daddr=0000:0000:0000:0000:0000:0000:0000:0001 dest=35502 netif=lo scontext=system_u:object_r:unlabeled_t:s15:c0.c1023 tcontext=system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass=netif New message example: audit(1253576792.161:30): avc: denied { ingress } for saddr=::1 src=5000 daddr=::1 dest=35502 netif=lo scontext=system_u:object_r:unlabeled_t:s15:c0.c1023 tcontext=system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass=netif Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2009-09-23T22:18:57Z Linus Torvalds torvalds@linux-foundation.org 2009-09-23T22:18:57Z urn:sha1:c82ffab9a857f8286ed2b559624b7005a367b638 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: SELinux: do not destroy the avc_cache_nodep KEYS: Have the garbage collector set its timer for live expired keys tpm-fixup-pcrs-sysfs-file-update creds_are_invalid() needs to be exported for use by modules: include/linux/cred.h: fix build Fix trivial BUILD_BUG_ON-induced conflicts in drivers/char/tpm/tpm.c 2009-09-23T18:16:20Z Eric Paris eparis@redhat.com 2009-09-21T01:21:10Z urn:sha1:5224ee086321fec78970e2f2805892d2b34e8957 The security_ops reset done when SELinux is disabled at run time is done after the avc cache is freed and after the kmem_cache for the avc is also freed. This means that between the time the selinux disable code destroys the avc_node_cachep another process could make a security request and could try to allocate from the cache. We are just going to leave the cachep around, like we always have. SELinux: Disabled at runtime. BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<ffffffff81122537>] kmem_cache_alloc+0x9a/0x185 PGD 0 Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC last sysfs file: CPU 1 Modules linked in: Pid: 12, comm: khelper Not tainted 2.6.31-tip-05525-g0eeacc6-dirty #14819 System Product Name RIP: 0010:[<ffffffff81122537>] [<ffffffff81122537>] kmem_cache_alloc+0x9a/0x185 RSP: 0018:ffff88003f9258b0 EFLAGS: 00010086 RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000078c0129e RDX: 0000000000000000 RSI: ffffffff8130b626 RDI: ffffffff81122528 RBP: ffff88003f925900 R08: 0000000078c0129e R09: 0000000000000001 R10: 0000000000000000 R11: 0000000078c0129e R12: 0000000000000246 R13: 0000000000008020 R14: ffff88003f8586d8 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff880002b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b CR2: 0000000000000000 CR3: 0000000001001000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: ffffffff827bd420 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process khelper (pid: 12, threadinfo ffff88003f924000, task ffff88003f928000) Stack: 0000000000000246 0000802000000246 ffffffff8130b626 0000000000000001 <0> 0000000078c0129e 0000000000000000 ffff88003f925a70 0000000000000002 <0> 0000000000000001 0000000000000001 ffff88003f925960 ffffffff8130b626 Call Trace: [<ffffffff8130b626>] ? avc_alloc_node+0x36/0x273 [<ffffffff8130b626>] avc_alloc_node+0x36/0x273 [<ffffffff8130b545>] ? avc_latest_notif_update+0x7d/0x9e [<ffffffff8130b8b4>] avc_insert+0x51/0x18d [<ffffffff8130bcce>] avc_has_perm_noaudit+0x9d/0x128 [<ffffffff8130bf20>] avc_has_perm+0x45/0x88 [<ffffffff8130f99d>] current_has_perm+0x52/0x6d [<ffffffff8130fbb2>] selinux_task_create+0x2f/0x45 [<ffffffff81303bf7>] security_task_create+0x29/0x3f [<ffffffff8105c6ba>] copy_process+0x82/0xdf0 [<ffffffff81091578>] ? register_lock_class+0x2f/0x36c [<ffffffff81091a13>] ? mark_lock+0x2e/0x1e1 [<ffffffff8105d596>] do_fork+0x16e/0x382 [<ffffffff81091578>] ? register_lock_class+0x2f/0x36c [<ffffffff810d9166>] ? probe_workqueue_execution+0x57/0xf9 [<ffffffff81091a13>] ? mark_lock+0x2e/0x1e1 [<ffffffff810d9166>] ? probe_workqueue_execution+0x57/0xf9 [<ffffffff8100cdb2>] kernel_thread+0x82/0xe0 [<ffffffff81078b1f>] ? ____call_usermodehelper+0x0/0x139 [<ffffffff8100ce10>] ? child_rip+0x0/0x20 [<ffffffff81078aea>] ? __call_usermodehelper+0x65/0x9a [<ffffffff8107a5c7>] run_workqueue+0x171/0x27e [<ffffffff8107a573>] ? run_workqueue+0x11d/0x27e [<ffffffff81078a85>] ? __call_usermodehelper+0x0/0x9a [<ffffffff8107a7bc>] worker_thread+0xe8/0x10f [<ffffffff810808e2>] ? autoremove_wake_function+0x0/0x63 [<ffffffff8107a6d4>] ? worker_thread+0x0/0x10f [<ffffffff8108042e>] kthread+0x91/0x99 [<ffffffff8100ce1a>] child_rip+0xa/0x20 [<ffffffff8100c754>] ? restore_args+0x0/0x30 [<ffffffff8108039d>] ? kthread+0x0/0x99 [<ffffffff8100ce10>] ? child_rip+0x0/0x20 Code: 0f 85 99 00 00 00 9c 58 66 66 90 66 90 49 89 c4 fa 66 66 90 66 66 90 e8 83 34 fb ff e8 d7 e9 26 00 48 98 49 8b 94 c6 10 01 00 00 <48> 8b 1a 44 8b 7a 18 48 85 db 74 0f 8b 42 14 48 8b 04 c3 ff 42 RIP [<ffffffff81122537>] kmem_cache_alloc+0x9a/0x185 RSP <ffff88003f9258b0> CR2: 0000000000000000 ---[ end trace 42f41a982344e606 ]--- Reported-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>