Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull second vfs pile from Al Viro: "The stuff in there: fsfreeze deadlock fixes by Jan (essentially, the deadlock reproduced by xfstests 068), symlink and hardlink restriction patches, plus assorted cleanups and fixes. Note that another fsfreeze deadlock (emergency thaw one) is *not* dealt with - the series by Fernando conflicts a lot with Jan's, breaks userland ABI (FIFREEZE semantics gets changed) and trades the deadlock for massive vfsmount leak; this is going to be handled next cycle. There probably will be another pull request, but that stuff won't be in it." Fix up trivial conflicts due to unrelated changes next to each other in drivers/{staging/gdm72xx/usb_boot.c, usb/gadget/storage_common.c} * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (54 commits) delousing target_core_file a bit Documentation: Correct s_umount state for freeze_fs/unfreeze_fs fs: Remove old freezing mechanism ext2: Implement freezing btrfs: Convert to new freezing mechanism nilfs2: Convert to new freezing mechanism ntfs: Convert to new freezing mechanism fuse: Convert to new freezing mechanism gfs2: Convert to new freezing mechanism ocfs2: Convert to new freezing mechanism xfs: Convert to new freezing code ext4: Convert to new freezing mechanism fs: Protect write paths by sb_start_write - sb_end_write fs: Skip atime update on frozen filesystem fs: Add freezing handling to mnt_want_write() / mnt_drop_write() fs: Improve filesystem freezing handling switch the protection of percpu_counter list to spinlock nfsd: Push mnt_want_write() outside of i_mutex btrfs: Push mnt_want_write() outside of i_mutex fat: Push mnt_want_write() outside of i_mutex ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2012-08-01 13:26:23 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2012-08-01 13:26:23 -0400
commit: a0e881b7c189fa2bd76c024dbff91e79511c971d (patch)
tree: 0c801918565b08921d21aceee5b326f64d998f5f /kernel
parent: eff0d13f3823f35d70228cd151d2a2c89288ff32 (diff)
parent: dbc6e0222d79e78925fe20733844a796a4b72cf9 (diff)
2 files changed, 39 insertions, 0 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 4a3f28d2ca65..ea3b7b6191c7 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1456,6 +1456,27 @@ void audit_log_key(struct audit_buffer *ab, char *key)
 }
 /**
+ * audit_log_link_denied - report a link restriction denial
+ * @operation: specific link opreation
+ * @link: the path that triggered the restriction
+ */
+void audit_log_link_denied(const char *operation, struct path *link)
+{
+        struct audit_buffer *ab;
+        ab = audit_log_start(current->audit_context, GFP_KERNEL,
+                             AUDIT_ANOM_LINK);
+        audit_log_format(ab, "op=%s action=denied", operation);
+        audit_log_format(ab, " pid=%d comm=", current->pid);
+        audit_log_untrustedstring(ab, current->comm);
+        audit_log_d_path(ab, " path=", link);
+        audit_log_format(ab, " dev=");
+        audit_log_untrustedstring(ab, link->dentry->d_inode->i_sb->s_id);
+        audit_log_format(ab, " ino=%lu", link->dentry->d_inode->i_ino);
+        audit_log_end(ab);
+}
+/**
 * audit_log_end - end one audit record
 * @ab: the audit_buffer
 *
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 6502d35a25ba..87174ef59161 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -1498,6 +1498,24 @@ static struct ctl_table fs_table[] = {
 #endif
 #endif
        {
+                .procname       = "protected_symlinks",
+                .data           = &sysctl_protected_symlinks,
+                .maxlen         = sizeof(int),
+                .mode           = 0600,
+                .proc_handler   = proc_dointvec_minmax,
+                .extra1         = &zero,
+                .extra2         = &one,
+        },
+        {
+                .procname       = "protected_hardlinks",
+                .data           = &sysctl_protected_hardlinks,
+                .maxlen         = sizeof(int),
+                .mode           = 0600,
+                .proc_handler   = proc_dointvec_minmax,
+                .extra1         = &zero,
+                .extra2         = &one,
+        },
+        {
                .procname       = "suid_dumpable",
                .data           = &suid_dumpable,
                .maxlen         = sizeof(int),
author	Linus Torvalds <torvalds@linux-foundation.org>	2012-08-01 13:26:23 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2012-08-01 13:26:23 -0400
commit	a0e881b7c189fa2bd76c024dbff91e79511c971d (patch)
tree	0c801918565b08921d21aceee5b326f64d998f5f /kernel
parent	eff0d13f3823f35d70228cd151d2a2c89288ff32 (diff)
parent	dbc6e0222d79e78925fe20733844a796a4b72cf9 (diff)

diff --git a/kernel/audit.c b/kernel/audit.c index 4a3f28d2ca65..ea3b7b6191c7 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -1456,6 +1456,27 @@ void audit_log_key(struct audit_buffer ab, char key)
1456	}	1456	}
1457		1457
1458	/**	1458	/**
		1459	* audit_log_link_denied - report a link restriction denial
		1460	* @operation: specific link opreation
		1461	* @link: the path that triggered the restriction
		1462	*/
		1463	void audit_log_link_denied(const char operation, struct path link)
		1464	{
		1465	struct audit_buffer *ab;
		1466
		1467	ab = audit_log_start(current->audit_context, GFP_KERNEL,
		1468	AUDIT_ANOM_LINK);
		1469	audit_log_format(ab, "op=%s action=denied", operation);
		1470	audit_log_format(ab, " pid=%d comm=", current->pid);
		1471	audit_log_untrustedstring(ab, current->comm);
		1472	audit_log_d_path(ab, " path=", link);
		1473	audit_log_format(ab, " dev=");
		1474	audit_log_untrustedstring(ab, link->dentry->d_inode->i_sb->s_id);
		1475	audit_log_format(ab, " ino=%lu", link->dentry->d_inode->i_ino);
		1476	audit_log_end(ab);
		1477	}
		1478
		1479	/**
1459	* audit_log_end - end one audit record	1480	* audit_log_end - end one audit record
1460	* @ab: the audit_buffer	1481	* @ab: the audit_buffer
1461	*	1482	*


diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 6502d35a25ba..87174ef59161 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c
@@ -1498,6 +1498,24 @@ static struct ctl_table fs_table[] = {
1498	#endif	1498	#endif
1499	#endif	1499	#endif
1500	{	1500	{
		1501	.procname = "protected_symlinks",
		1502	.data = &sysctl_protected_symlinks,
		1503	.maxlen = sizeof(int),
		1504	.mode = 0600,
		1505	.proc_handler = proc_dointvec_minmax,
		1506	.extra1 = &zero,
		1507	.extra2 = &one,
		1508	},
		1509	{
		1510	.procname = "protected_hardlinks",
		1511	.data = &sysctl_protected_hardlinks,
		1512	.maxlen = sizeof(int),
		1513	.mode = 0600,
		1514	.proc_handler = proc_dointvec_minmax,
		1515	.extra1 = &zero,
		1516	.extra2 = &one,
		1517	},
		1518	{
1501	.procname = "suid_dumpable",	1519	.procname = "suid_dumpable",
1502	.data = &suid_dumpable,	1520	.data = &suid_dumpable,
1503	.maxlen = sizeof(int),	1521	.maxlen = sizeof(int),