1. 09 Dec, 2019 1 commit
  2. 15 Nov, 2019 1 commit
  3. 30 Aug, 2019 1 commit
  4. 06 Feb, 2019 1 commit
    • Arnd Bergmann's avatar
      y2038: syscalls: rename y2038 compat syscalls · 8dabe724
      Arnd Bergmann authored
      A lot of system calls that pass a time_t somewhere have an implementation
      using a COMPAT_SYSCALL_DEFINEx() on 64-bit architectures, and have
      been reworked so that this implementation can now be used on 32-bit
      architectures as well.
      
      The missing step is to redefine them using the regular SYSCALL_DEFINEx()
      to get them out of the compat namespace and make it possible to build them
      on 32-bit architectures.
      
      Any system call that ends in 'time' gets a '32' suffix on its name for
      that version, while the others get a '_time32' suffix, to distinguish
      them from the normal version, which takes a 64-bit time argument in the
      future.
      
      In this step, only 64-bit architectures are changed, doing this rename
      first lets us avoid touching the 32-bit architectures twice.
      Acked-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      8dabe724
  5. 29 Aug, 2018 3 commits
    • Arnd Bergmann's avatar
      y2038: utimes: Rework #ifdef guards for compat syscalls · 4faea239
      Arnd Bergmann authored
      After changing over to 64-bit time_t syscalls, many architectures will
      want compat_sys_utimensat() but not respective handlers for utime(),
      utimes() and futimesat(). This adds a new __ARCH_WANT_SYS_UTIME32 to
      complement __ARCH_WANT_SYS_UTIME. For now, all 64-bit architectures that
      support CONFIG_COMPAT set it, but future 64-bit architectures will not
      (tile would not have needed it either, but got removed).
      
      As older 32-bit architectures get converted to using CONFIG_64BIT_TIME,
      they will have to use __ARCH_WANT_SYS_UTIME32 instead of
      __ARCH_WANT_SYS_UTIME. Architectures using the generic syscall ABI don't
      need either of them as they never had a utime syscall.
      
      Since the compat_utimbuf structure is now required outside of
      CONFIG_COMPAT, I'm moving it into compat_time.h.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      ---
      changed from last version:
      - renamed __ARCH_WANT_COMPAT_SYS_UTIME to __ARCH_WANT_SYS_UTIME32
      4faea239
    • Arnd Bergmann's avatar
      y2038: Compile utimes()/futimesat() conditionally · 185cfaf7
      Arnd Bergmann authored
      There are four generations of utimes() syscalls: utime(), utimes(),
      futimesat() and utimensat(), each one being a superset of the previous
      one. For y2038 support, we have to add another one, which is the same
      as the existing utimensat() but always passes 64-bit times_t based
      timespec values.
      
      There are currently 10 architectures that only use utimensat(), two
      that use utimes(), futimesat() and utimensat() but not utime(), and 11
      architectures that have all four, and those define __ARCH_WANT_SYS_UTIME
      in order to get a sys_utime implementation. Since all the new
      architectures only want utimensat(), moving all the legacy entry points
      into a common __ARCH_WANT_SYS_UTIME guard simplifies the logic. Only alpha
      and ia64 grow a tiny bit as they now also get an unused sys_utime(),
      but it didn't seem worth the extra complexity of adding yet another
      ifdef for those.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      185cfaf7
    • Arnd Bergmann's avatar
      y2038: Change sys_utimensat() to use __kernel_timespec · a4f7a300
      Arnd Bergmann authored
      When 32-bit architectures get changed to support 64-bit time_t,
      utimensat() needs to use the new __kernel_timespec structure as its
      argument.
      
      The older utime(), utimes() and futimesat() system calls don't need a
      corresponding change as they are no longer used on C libraries that have
      64-bit time support.
      
      As we do for the other syscalls that have timespec arguments, we reuse
      the 'compat' syscall entry points to implement the traditional four
      interfaces, and only leave the new utimensat() as a native handler,
      so that the same code gets used on both 32-bit and 64-bit kernels
      on each syscall.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      a4f7a300
  6. 27 Aug, 2018 1 commit
    • Arnd Bergmann's avatar
      y2038: globally rename compat_time to old_time32 · 9afc5eee
      Arnd Bergmann authored
      Christoph Hellwig suggested a slightly different path for handling
      backwards compatibility with the 32-bit time_t based system calls:
      
      Rather than simply reusing the compat_sys_* entry points on 32-bit
      architectures unchanged, we get rid of those entry points and the
      compat_time types by renaming them to something that makes more sense
      on 32-bit architectures (which don't have a compat mode otherwise),
      and then share the entry points under the new name with the 64-bit
      architectures that use them for implementing the compatibility.
      
      The following types and interfaces are renamed here, and moved
      from linux/compat_time.h to linux/time32.h:
      
      old				new
      ---				---
      compat_time_t			old_time32_t
      struct compat_timeval		struct old_timeval32
      struct compat_timespec		struct old_timespec32
      struct compat_itimerspec	struct old_itimerspec32
      ns_to_compat_timeval()		ns_to_old_timeval32()
      get_compat_itimerspec64()	get_old_itimerspec32()
      put_compat_itimerspec64()	put_old_itimerspec32()
      compat_get_timespec64()		get_old_timespec32()
      compat_put_timespec64()		put_old_timespec32()
      
      As we already have aliases in place, this patch addresses only the
      instances that are relevant to the system call interface in particular,
      not those that occur in device drivers and other modules. Those
      will get handled separately, while providing the 64-bit version
      of the respective interfaces.
      
      I'm not renaming the timex, rusage and itimerval structures, as we are
      still debating what the new interface will look like, and whether we
      will need a replacement at all.
      
      This also doesn't change the names of the syscall entry points, which can
      be done more easily when we actually switch over the 32-bit architectures
      to use them, at that point we need to change COMPAT_SYSCALL_DEFINEx to
      SYSCALL_DEFINEx with a new name, e.g. with a _time32 suffix.
      Suggested-by: default avatarChristoph Hellwig <hch@infradead.org>
      Link: https://lore.kernel.org/lkml/20180705222110.GA5698@infradead.org/Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      9afc5eee
  7. 02 Apr, 2018 2 commits
  8. 02 Nov, 2017 1 commit
    • Greg Kroah-Hartman's avatar
      License cleanup: add SPDX GPL-2.0 license identifier to files with no license · b2441318
      Greg Kroah-Hartman authored
      Many source files in the tree are missing licensing information, which
      makes it harder for compliance tools to determine the correct license.
      
      By default all files without license information are under the default
      license of the kernel, which is GPL version 2.
      
      Update the files which contain no license information with the 'GPL-2.0'
      SPDX license identifier.  The SPDX identifier is a legally binding
      shorthand, which can be used instead of the full boiler plate text.
      
      This patch is based on work done by Thomas Gleixner and Kate Stewart and
      Philippe Ombredanne.
      
      How this work was done:
      
      Patches were generated and checked against linux-4.14-rc6 for a subset of
      the use cases:
       - file had no licensing information it it.
       - file was a */uapi/* one with no licensing information in it,
       - file was a */uapi/* one with existing licensing information,
      
      Further patches will be generated in subsequent months to fix up cases
      where non-standard license headers were used, and references to license
      had to be inferred by heuristics based on keywords.
      
      The analysis to determine which SPDX License Identifier to be applied to
      a file was done in a spreadsheet of side by side results from of the
      output of two independent scanners (ScanCode & Windriver) producing SPDX
      tag:value files created by Philippe Ombredanne.  Philippe prepared the
      base worksheet, and did an initial spot review of a few 1000 files.
      
      The 4.13 kernel was the starting point of the analysis with 60,537 files
      assessed.  Kate Stewart did a file by file comparison of the scanner
      results in the spreadsheet to determine which SPDX license identifier(s)
      to be applied to the file. She confirmed any determination that was not
      immediately clear with lawyers working with the Linux Foundation.
      
      Criteria used to select files for SPDX license identifier tagging was:
       - Files considered eligible had to be source code files.
       - Make and config files were included as candidates if they contained >5
         lines of source
       - File already had some variant of a license header in it (even if <5
         lines).
      
      All documentation files were explicitly excluded.
      
      The following heuristics were used to determine which SPDX license
      identifiers to apply.
      
       - when both scanners couldn't find any license traces, file was
         considered to have no license information in it, and the top level
         COPYING file license applied.
      
         For non */uapi/* files that summary was:
      
         SPDX license identifier                            # files
         ---------------------------------------------------|-------
         GPL-2.0                                              11139
      
         and resulted in the first patch in this series.
      
         If that file was a */uapi/* path one, it was "GPL-2.0 WITH
         Linux-syscall-note" otherwise it was "GPL-2.0".  Results of that was:
      
         SPDX license identifier                            # files
         ---------------------------------------------------|-------
         GPL-2.0 WITH Linux-syscall-note                        930
      
         and resulted in the second patch in this series.
      
       - if a file had some form of licensing information in it, and was one
         of the */uapi/* ones, it was denoted with the Linux-syscall-note if
         any GPL family license was found in the file or had no licensing in
         it (per prior point).  Results summary:
      
         SPDX license identifier                            # files
         ---------------------------------------------------|------
         GPL-2.0 WITH Linux-syscall-note                       270
         GPL-2.0+ WITH Linux-syscall-note                      169
         ((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause)    21
         ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)    17
         LGPL-2.1+ WITH Linux-syscall-note                      15
         GPL-1.0+ WITH Linux-syscall-note                       14
         ((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause)    5
         LGPL-2.0+ WITH Linux-syscall-note                       4
         LGPL-2.1 WITH Linux-syscall-note                        3
         ((GPL-2.0 WITH Linux-syscall-note) OR MIT)              3
         ((GPL-2.0 WITH Linux-syscall-note) AND MIT)             1
      
         and that resulted in the third patch in this series.
      
       - when the two scanners agreed on the detected license(s), that became
         the concluded license(s).
      
       - when there was disagreement between the two scanners (one detected a
         license but the other didn't, or they both detected different
         licenses) a manual inspection of the file occurred.
      
       - In most cases a manual inspection of the information in the file
         resulted in a clear resolution of the license that should apply (and
         which scanner probably needed to revisit its heuristics).
      
       - When it was not immediately clear, the license identifier was
         confirmed with lawyers working with the Linux Foundation.
      
       - If there was any question as to the appropriate license identifier,
         the file was flagged for further research and to be revisited later
         in time.
      
      In total, over 70 hours of logged manual review was done on the
      spreadsheet to determine the SPDX license identifiers to apply to the
      source files by Kate, Philippe, Thomas and, in some cases, confirmation
      by lawyers working with the Linux Foundation.
      
      Kate also obtained a third independent scan of the 4.13 code base from
      FOSSology, and compared selected files where the other two scanners
      disagreed against that SPDX file, to see if there was new insights.  The
      Windriver scanner is based on an older version of FOSSology in part, so
      they are related.
      
      Thomas did random spot checks in about 500 files from the spreadsheets
      for the uapi headers and agreed with SPDX license identifier in the
      files he inspected. For the non-uapi files Thomas did random spot checks
      in about 15000 files.
      
      In initial set of patches against 4.14-rc6, 3 files were found to have
      copy/paste license identifier errors, and have been fixed to reflect the
      correct identifier.
      
      Additionally Philippe spent 10 hours this week doing a detailed manual
      inspection and review of the 12,461 patched files from the initial patch
      version early this week with:
       - a full scancode scan run, collecting the matched texts, detected
         license ids and scores
       - reviewing anything where there was a license detected (about 500+
         files) to ensure that the applied SPDX license was correct
       - reviewing anything where there was no detection but the patch license
         was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
         SPDX license was correct
      
      This produced a worksheet with 20 files needing minor correction.  This
      worksheet was then exported into 3 different .csv files for the
      different types of files to be modified.
      
      These .csv files were then reviewed by Greg.  Thomas wrote a script to
      parse the csv files and add the proper SPDX tag to the file, in the
      format that the file expected.  This script was further refined by Greg
      based on the output to detect more types of files automatically and to
      distinguish between header and source .c files (which need different
      comment types.)  Finally Greg ran the script using the .csv files to
      generate the patches.
      Reviewed-by: default avatarKate Stewart <kstewart@linuxfoundation.org>
      Reviewed-by: default avatarPhilippe Ombredanne <pombredanne@nexb.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b2441318
  9. 04 Sep, 2017 1 commit
  10. 17 Apr, 2017 1 commit
  11. 24 Dec, 2016 1 commit
  12. 06 Dec, 2016 1 commit
  13. 22 Sep, 2016 1 commit
  14. 16 Sep, 2016 1 commit
  15. 07 Aug, 2016 1 commit
  16. 22 Jan, 2016 1 commit
    • Al Viro's avatar
      wrappers for ->i_mutex access · 5955102c
      Al Viro authored
      parallel to mutex_{lock,unlock,trylock,is_locked,lock_nested},
      inode_foo(inode) being mutex_foo(&inode->i_mutex).
      
      Please, use those for access to ->i_mutex; over the coming cycle
      ->i_mutex will become rwsem, with ->lookup() done with it held
      only shared.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      5955102c
  17. 09 Nov, 2013 1 commit
  18. 20 Dec, 2012 1 commit
  19. 27 Sep, 2012 1 commit
  20. 30 May, 2012 1 commit
  21. 24 Mar, 2011 1 commit
  22. 13 Aug, 2010 1 commit
  23. 14 Jan, 2009 2 commits
  24. 27 Jul, 2008 5 commits
  25. 23 Jun, 2008 4 commits
    • Michael Kerrisk's avatar
      [patch for 2.6.26 4/4] vfs: utimensat(): fix write access check for futimens() · c70f8441
      Michael Kerrisk authored
      The POSIX.1 draft spec for futimens()/utimensat() says:
      
              Only a process with the effective user ID equal to the
              user ID of the file, *or with write access to the file*,
              or with appropriate privileges may use futimens() or
              utimensat() with a null pointer as the times argument
              or with both tv_nsec fields set to the special value
              UTIME_NOW.
      
      The important piece here is "with write access to the file", and
      this matters for futimens(), which deals with an argument that
      is a file descriptor referring to the file whose timestamps are
      being updated,  The standard is saying that the "writability"
      check is based on the file permissions, not the access mode with
      which the file is opened.  (This behavior is consistent with the
      semantics of FreeBSD's futimes().)  However, Linux is currently
      doing the latter -- futimens(fd, times) is a library
      function implemented as
      
             utimensat(fd, NULL, times, 0)
      
      and within the utimensat() implementation we have the code:
      
                      f = fget(dfd);  // dfd is 'fd'
                      ...
                      if (f) {
                              if (!(f->f_mode & FMODE_WRITE))
                                      goto mnt_drop_write_and_out;
      
      The check should instead be based on the file permissions.
      
      Thanks to Miklos for pointing out how to do this check.
      Miklos also pointed out a simplification that could be
      made to my first version of this patch, since the checks
      for the pathname and file descriptor cases can now be
      conflated.
      Acked-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Ulrich Drepper <drepper@redhat.com>
      Signed-off-by: default avatarMichael Kerrisk <mtk.manpages@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      c70f8441
    • Michael Kerrisk's avatar
      [patch for 2.6.26 3/4] vfs: utimensat(): fix error checking for {UTIME_NOW,UTIME_OMIT} case · 4cca9226
      Michael Kerrisk authored
      The POSIX.1 draft spec for utimensat() says:
      
          Only a process with the effective user ID equal to the
          user ID of the file or with appropriate privileges may use
          futimens() or utimensat() with a non-null times argument
          that does not have both tv_nsec fields set to UTIME_NOW
          and does not have both tv_nsec fields set to UTIME_OMIT.
      
      If this condition is violated, then the error EPERM should result.
      However, the current implementation does not generate EPERM if
      one tv_nsec field is UTIME_NOW while the other is UTIME_OMIT.
      It should give this error for that case.
      
      This patch:
      
      a) Repairs that problem.
      b) Removes the now unneeded nsec_special() helper function.
      c) Adds some comments to explain the checks that are being
         performed.
      
      Thanks to Miklos, who provided comments on the previous iteration
      of this patch.  As a result, this version is a little simpler and
      and its logic is better structured.
      
      Miklos suggested an alternative idea, migrating the
      is_owner_or_cap() checks into fs/attr.c:inode_change_ok() via
      the use of an ATTR_OWNER_CHECK flag.  Maybe we could do that
      later, but for now I've gone with this version, which is
      IMO simpler, and can be more easily read as being correct.
      Acked-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Ulrich Drepper <drepper@redhat.com>
      Signed-off-by: default avatarMichael Kerrisk <mtk.manpages@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      4cca9226
    • Michael Kerrisk's avatar
      [patch for 2.6.26 1/4] vfs: utimensat(): ignore tv_sec if tv_nsec == UTIME_OMIT or UTIME_NOW · 94c70b9b
      Michael Kerrisk authored
      The POSIX.1 draft spec for utimensat() says that if a times[n].tv_nsec
      field is UTIME_OMIT or UTIME_NOW, then the value in the corresponding
      tv_sec field is ignored.  See the last sentence of this para, from
      the spec:
      
          If the tv_nsec field of a timespec structure has
          the special value UTIME_NOW, the file's relevant
          timestamp shall be set to the greatest value
          supported by the file system that is not greater than
          the current time. If the tv_nsec field has the
          special value UTIME_OMIT, the file's relevant
          timestamp shall not be changed. In either case,
          the tv_sec field shall be ignored.
      
      However the current Linux implementation requires the tv_sec value to be
      zero (or the EINVAL error results). This requirement should be removed.
      Acked-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Ulrich Drepper <drepper@redhat.com>
      Signed-off-by: default avatarMichael Kerrisk <mtk.manpages@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      94c70b9b
    • Michael Kerrisk's avatar
      [patch for 2.6.26 2/4] vfs: utimensat(): be consistent with utime() for... · 12fd0d30
      Michael Kerrisk authored
      [patch for 2.6.26 2/4] vfs: utimensat(): be consistent with utime() for immutable and append-only files
      
      This patch fixes utimensat() to make its behavior consistent
      with that of utime()/utimes() when dealing with files marked
      immutable and append-only.
      
      The current utimensat() implementation also returns EPERM if
      'times' is non-NULL and the tv_nsec fields are both UTIME_NOW.
      For consistency, the
      
      (times != NULL && times[0].tv_nsec == UTIME_NOW &&
                        times[1].tv_nsec == UTIME_NOW)
      
      case should be treated like the traditional utimes() case where
      'times' is NULL.  That is, the call should succeed for a file
      marked append-only and should give the error EACCES if the file
      is marked as immutable.
      
      The simple way to do this is to set 'times' to NULL
      if (times[0].tv_nsec == UTIME_NOW && times[1].tv_nsec == UTIME_NOW).
      
      This is also the natural approach, since POSIX.1 semantics consider the
      times == {{x, UTIME_NOW}, {y, UTIME_NOW}}
      to be exactly equivalent to the case for
      times == NULL.
      
      (Thanks to Miklos for pointing this out.)
      
      Patch 3 in this series relies on the simplification provided
      by this patch.
      Acked-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Ulrich Drepper <drepper@redhat.com>
      Signed-off-by: default avatarMichael Kerrisk <mtk.manpages@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      12fd0d30
  26. 01 May, 2008 1 commit
    • Miklos Szeredi's avatar
      vfs: fix permission checking in sys_utimensat · 02c6be61
      Miklos Szeredi authored
      If utimensat() is called with both times set to UTIME_NOW or one of them to
      UTIME_NOW and the other to UTIME_OMIT, then it will update the file time
      without any permission checking.
      
      I don't think this can be used for anything other than a local DoS, but could
      be quite bewildering at that (e.g.  "Why was that large source tree rebuilt
      when I didn't modify anything???")
      
      This affects all kernels from 2.6.22, when the utimensat() syscall was
      introduced.
      
      Fix by doing the same permission checking as for the "times == NULL" case.
      
      Thanks to Michael Kerrisk, whose utimensat-non-conformances-and-fixes.patch in
      -mm also fixes this (and breaks other stuff), only he didn't realize the
      security implications of this bug.
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
      Cc: Ulrich Drepper <drepper@redhat.com>
      Cc: Michael Kerrisk <mtk-manpages@gmx.net>
      Cc: <stable@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      02c6be61
  27. 19 Apr, 2008 1 commit
  28. 15 Feb, 2008 2 commits