aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* fanotify: ignore events on directories unless specifically requestedEric Paris2010-10-28
| | | | | | | | | | | | | | fanotify has a very limited number of events it sends on directories. The usefulness of these events is yet to be seen and still we send them. This is particularly painful for mount marks where one might receive many of these useless events. As such this patch will drop events on IS_DIR() inodes unless they were explictly requested with FAN_ON_DIR. This means that a mark on a directory without FAN_EVENT_ON_CHILD or FAN_ON_DIR is meaningless and will result in no events ever (although it will still be allowed since detecting it is hard) Signed-off-by: Eric Paris <eparis@redhat.com>
* fsnotify: rename FS_IN_ISDIR to FS_ISDIREric Paris2010-10-28
| | | | | | | | The _IN_ in the naming is reserved for flags only used by inotify. Since I am about to use this flag for fanotify rename it to be generic like the rest. Signed-off-by: Eric Paris <eparis@redhat.com>
* fanotify: do not send events for irregular filesEric Paris2010-10-28
| | | | | | | | | | fanotify_should_send_event has a test to see if an object is a file or directory and does not send an event otherwise. The problem is that the test is actually checking if the object with a mark is a file or directory, not if the object the event happened on is a file or directory. We should check the latter. Signed-off-by: Eric Paris <eparis@redhat.com>
* fanotify: limit number of listeners per userEric Paris2010-10-28
| | | | | | | | fanotify currently has no limit on the number of listeners a given user can have open. This patch limits the total number of listeners per user to 128. This is the same as the inotify default limit. Signed-off-by: Eric Paris <eparis@redhat.com>
* fanotify: allow userspace to override max marksEric Paris2010-10-28
| | | | | | | | | | | | Some fanotify groups, especially those like AV scanners, will need to place lots of marks, particularly ignore marks. Since ignore marks do not pin inodes in cache and are cleared if the inode is removed from core (usually under memory pressure) we expose an interface for listeners, with CAP_SYS_ADMIN, to override the maximum number of marks and be allowed to set and 'unlimited' number of marks. Programs which make use of this feature will be able to OOM a machine. Signed-off-by: Eric Paris <eparis@redhat.com>
* fanotify: limit the number of marks in a single fanotify groupEric Paris2010-10-28
| | | | | | | | | | There is currently no limit on the number of marks a given fanotify group can have. Since fanotify is gated on CAP_SYS_ADMIN this was not seen as a serious DoS threat. This patch implements a default of 8192, the same as inotify to work towards removing the CAP_SYS_ADMIN gating and eliminating the default DoS'able status. Signed-off-by: Eric Paris <eparis@redhat.com>
* fanotify: allow userspace to override max queue depthEric Paris2010-10-28
| | | | | | | | | fanotify has a defualt max queue depth. This patch allows processes which explicitly request it to have an 'unlimited' queue depth. These processes need to be very careful to make sure they cannot fall far enough behind that they OOM the box. Thus this flag is gated on CAP_SYS_ADMIN. Signed-off-by: Eric Paris <eparis@redhat.com>
* fsnotify: implement a default maximum queue depthEric Paris2010-10-28
| | | | | | | | | | | | Currently fanotify has no maximum queue depth. Since fanotify is CAP_SYS_ADMIN only this does not pose a normal user DoS issue, but it certianly is possible that an fanotify listener which can't keep up could OOM the box. This patch implements a default 16k depth. This is the same default depth used by inotify, but given fanotify's better queue merging in many situations this queue will contain many additional useful events by comparison. Signed-off-by: Eric Paris <eparis@redhat.com>
* fanotify: ignore fanotify ignore marks if open writersEric Paris2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fanotify will clear ignore marks if a task changes the contents of an inode. The problem is with the races around when userspace finishes checking a file and when that result is actually attached to the inode. This race was described as such: Consider the following scenario with hostile processes A and B, and victim process C: 1. Process A opens new file for writing. File check request is generated. 2. File check is performed in userspace. Check result is "file has no malware". 3. The "permit" response is delivered to kernel space. 4. File ignored mark set. 5. Process A writes dummy bytes to the file. File ignored flags are cleared. 6. Process B opens the same file for reading. File check request is generated. 7. File check is performed in userspace. Check result is "file has no malware". 8. Process A writes malware bytes to the file. There is no cached response yet. 9. The "permit" response is delivered to kernel space and is cached in fanotify. 10. File ignored mark set. 11. Now any process C will be permitted to open the malware file. There is a race between steps 8 and 10 While fanotify makes no strong guarantees about systems with hostile processes there is no reason we cannot harden against this race. We do that by simply ignoring any ignore marks if the inode has open writers (aka i_writecount > 0). (We actually do not ignore ignore marks if the FAN_MARK_SURV_MODIFY flag is set) Reported-by: Vasily Novikov <vasily.novikov@kaspersky.com> Signed-off-by: Eric Paris <eparis@redhat.com>
* fanotify: allow userspace to flush all marksEric Paris2010-10-28
| | | | | | | | | fanotify is supposed to be able to flush all marks. This is mostly useful for the AV community to flush all cached decisions on a security policy change. This functionality has existed in the kernel but wasn't correctly exposed to userspace. Signed-off-by: Eric Paris <eparis@redhat.com>
* fsnotify: call fsnotify_parent in perm eventsEric Paris2010-10-28
| | | | | | | | fsnotify perm events do not call fsnotify parent. That means you cannot register a perm event on a directory and enforce permissions on all inodes in that directory. This patch fixes that situation. Signed-off-by: Eric Paris <eparis@redhat.com>
* fsnotify: correctly handle return codes from listenersEric Paris2010-10-28
| | | | | | | | When fsnotify groups return errors they are ignored. For permissions events these should be passed back up the stack, but for most events these should continue to be ignored. Signed-off-by: Eric Paris <eparis@redhat.com>
* fanotify: use __aligned_u64 in fanotify userspace metadataEric Paris2010-10-28
| | | | | | | | | | Currently the userspace struct exposed by fanotify uses __attribute__((packed)) to make sure that alignment works on multiarch platforms. Since this causes a severe performance penalty on some platforms we are going to switch to using explicit alignment notation on the 64bit values so we don't have to use 'packed' Signed-off-by: Eric Paris <eparis@redhat.com>
* fanotify: implement fanotify listener orderingEric Paris2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The fanotify listeners needs to be able to specify what types of operations they are going to perform so they can be ordered appropriately between other listeners doing other types of operations. They need this to be able to make sure that things like hierarchichal storage managers will get access to inodes before processes which need the data. This patch defines 3 possible uses which groups must indicate in the fanotify_init() flags. FAN_CLASS_PRE_CONTENT FAN_CLASS_CONTENT FAN_CLASS_NOTIF Groups will receive notification in that order. The order between 2 groups in the same class is undeterministic. FAN_CLASS_PRE_CONTENT is intended to be used by listeners which need access to the inode before they are certain that the inode contains it's final data. A hierarchical storage manager should choose to use this class. FAN_CLASS_CONTENT is intended to be used by listeners which need access to the inode after it contains its intended contents. This would be the appropriate level for an AV solution or document control system. FAN_CLASS_NOTIF is intended for normal async notification about access, much the same as inotify and dnotify. Syncronous permissions events are not permitted at this class. Signed-off-by: Eric Paris <eparis@redhat.com>
* fsnotify: implement ordering between notifiersEric Paris2010-10-28
| | | | | | | | | | fanotify needs to be able to specify that some groups get events before others. They use this idea to make sure that a hierarchical storage manager gets access to files before programs which actually use them. This is purely infrastructure. Everything will have a priority of 0, but the infrastructure will exist for it to be non-zero. Signed-off-by: Eric Paris <eparis@redhat.com>
* fanotify: allow fanotify to be builtEric Paris2010-10-28
| | | | | | | We disabled the ability to build fanotify in commit 7c5347733dcc4ba0ba. This reverts that commit and allows people to build fanotify. Signed-off-by: Eric Paris <eparis@redhat.com>
* Merge branch 'x86-platform-for-linus' of ↵Linus Torvalds2010-10-28
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: x86: Move olpc to platform x86: Move uv to platform x86: Move mrst to platform x86: Move scx200 to platform x86: Move visws to platform x86: Move efi to platform x86: Move sfi to platform x86: Add platform directory
| * x86: Move olpc to platformThomas Gleixner2010-10-27
| | | | | | | | | | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Andres Salomon <dilinger@queued.net>
| * x86: Move uv to platformThomas Gleixner2010-10-27
| | | | | | | | | | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Mike Travis <travis@sgi.com>
| * x86: Move mrst to platformThomas Gleixner2010-10-27
| | | | | | | | | | | | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Jacob Pan <jacob.jun.pan@intel.com> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
| * x86: Move scx200 to platformThomas Gleixner2010-10-27
| | | | | | | | Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
| * x86: Move visws to platformThomas Gleixner2010-10-27
| | | | | | | | Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
| * x86: Move efi to platformThomas Gleixner2010-10-27
| | | | | | | | | | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Huang Ying <ying.huang@intel.com>
| * x86: Move sfi to platformThomas Gleixner2010-10-27
| | | | | | | | | | | | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Len Brown <lenb@kernel.org> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
| * x86: Add platform directoryThomas Gleixner2010-10-27
| | | | | | | | | | | | | | | | | | x86 has finally arrived in the embedded nightmare and will rapidly grow SoC platform support in various flavours. So we need a place for the platform support files. That also allows us to clean up the dumpground which arch/x86/kernel has become over time. Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
* | Merge branch 'hwmon-for-linus' of ↵Linus Torvalds2010-10-28
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging * 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging: (68 commits) hwmon: (it87) Add support for the IT8721F/IT8758E hwmon: (it87) Move conversion functions hwmon: Remove many EXPERIMENTAL flags hwmon: (lm85) Add support for ADT7468 high-frequency PWM mode hwmon: (lm85) Document the ADT7468 as supported hwmon: (lm85) Fix ADT7468 frequency table hwmon: I2C addresses are constant Move ams driver to macintosh hwmon: (pcf8591) Don't attempt to detect devices hwmon: (pcf8591) Register as a hwmon device hwmon: (w83795) Use standard attributes for chassis intrusion hwmon: (w83795) Exclude fan control feature by default hwmon: (w83795) Add myself as co-author and maintainer hwmon: (w83795) More style cleanups hwmon: (w83795) Fix LSB reading of voltage limits hwmon: (w83795) Use dev_get_drvdata() where possible hwmon: (w83795) Delay reading pwm config registers hwmon: (w83795) Delay reading limit registers hwmon: (w83795) Move register reads to dedicated functions hwmon: (w83795) Pack similar register reads ...
| * | hwmon: (it87) Add support for the IT8721F/IT8758EJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for the IT8721F/IT8758E. These new chips differ from the older IT87xxF chips in the following ways: * ADC LSB is 12 mV instead of 16 mV. * PWM values are 8-bit instead of 7-bit. There are other minor changes we don't have to care about in the driver. Another change is that we will handle internal voltage scaling in the driver instead of delegating the work to user-space. Signed-off-by: Jean Delvare <khali@linux-fr.org>
| * | hwmon: (it87) Move conversion functionsJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | Move conversion functions until after structure defintions. This is needed for future changes which make use of the structures in the conversion funtcions. Signed-off-by: Jean Delvare <khali@linux-fr.org>
| * | hwmon: Remove many EXPERIMENTAL flagsJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove the dependency on EXPERIMENTAL for all drivers which are in the kernel tree for a long time, are known to work properly and for which we have documentation. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Corentin Labbe <corentin.labbe@geomatys.fr> Cc: Riku Voipio <riku.voipio@iki.fi> Cc: Juerg Haefliger <juergh@gmail.com> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
| * | hwmon: (lm85) Add support for ADT7468 high-frequency PWM modeJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ADT7468 supports a high-frequency PWM output mode where all PWM outputs are driven by a 22.5 kHz clock. Add support for this mode, and document it, as it may surprise the user that setting one PWM output frequency also affects the other PWM outputs. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Darrick J. Wong <djwong@us.ibm.com> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
| * | hwmon: (lm85) Document the ADT7468 as supportedJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Darrick J. Wong <djwong@us.ibm.com> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
| * | hwmon: (lm85) Fix ADT7468 frequency tableJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | The ADT7468 uses the same frequency table as the ADT7463. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: stable@kernel.org Cc: Darrick J. Wong <djwong@us.ibm.com> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
| * | hwmon: I2C addresses are constantJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We can mark normal_i2c const. Almost all drivers do that already, so fix the 3 remaining ones before they are used as (bad) examples for new drivers. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: George Joseph <george.joseph@fairview5.com> Reviewed-by: Guenter Roeck <guenter.roeck@ericsson.com>
| * | Move ams driver to macintoshJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ams driver isn't a hardware monitoring driver, so it shouldn't live under driver/hwmon. drivers/macintosh seems much more appropriate, as the driver is only useful on PowerBooks and iBooks. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Guenter Roeck <guenter.roeck@ericsson.com> Cc: Stelian Pop <stelian@popies.net> Cc: Michael Hanselmann <linux-kernel@hansmi.ch> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Grant Likely <grant.likely@secretlab.ca>
| * | hwmon: (pcf8591) Don't attempt to detect devicesJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | The PCF8591 can't be detected, don't even try. There are plenty of other means to instantiate i2c devices these days. Signed-off-by: Jean Delvare <khali@linux-fr.org> Reviewed-by: Guenter Roeck <guenter.roeck@ericsson.com> Cc: Aurelien Jarno <aurelien@aurel32.net>
| * | hwmon: (pcf8591) Register as a hwmon deviceJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Register PCF8591 devices as hwmon devices. There's little point in implementing the standard sysfs interface if we don't register it in a way libsensors will pick it. Signed-off-by: Jean Delvare <khali@linux-fr.org> Reviewed-by: Guenter Roeck <guenter.roeck@ericsson.com> Cc: Aurelien Jarno <aurelien@aurel32.net>
| * | hwmon: (w83795) Use standard attributes for chassis intrusionJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | Follow the standard attribute naming for the chassis intrusion feature. I couldn't test the beeping (my board apparently doesn't do that) but the alarm works fine. Signed-off-by: Jean Delvare <khali@linux-fr.org> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
| * | hwmon: (w83795) Exclude fan control feature by defaultJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The fan control feature of the w83795 driver is insufficiently reviewed and tested for public consumption at this time, so make it optional and disabled by default. We will change the default when review and testing is deemed sufficient. Ultimately the option will go away. Signed-off-by: Jean Delvare <khali@linux-fr.org> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
| * | hwmon: (w83795) Add myself as co-author and maintainerJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | I've made so many changes to the w83795 driver that it's only fair to list myself as a co-author. I'll also maintain the driver for some time. There's more work needed on the driver for sure. Signed-off-by: Jean Delvare <khali@linux-fr.org> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
| * | hwmon: (w83795) More style cleanupsJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cleanups suggested by Guenter Roeck, falling into 4 categories: * Swapping test orders, because if (var == CONSTANT) is much easier to read than if (CONSTANT == var). * Simplifying comparisons with 0. * Dropping unneeded masks. * Dropping unneeded parentheses and curly braces. Signed-off-by: Jean Delvare <khali@linux-fr.org> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
| * | hwmon: (w83795) Fix LSB reading of voltage limitsJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | Wrong index caused the wrong register value to be read, resulting in random LSB for voltage limits. Signed-off-by: Jean Delvare <khali@linux-fr.org>
| * | hwmon: (w83795) Use dev_get_drvdata() where possibleJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | When we don't need the client pointer, calling dev_get_drvdata() is more efficient that calling to_i2c_client() and then i2c_get_clientdata(). Signed-off-by: Jean Delvare <khali@linux-fr.org>
| * | hwmon: (w83795) Delay reading pwm config registersJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Wait until we need the pwm config register values, instead of pre-reading them. This saves over 1 second on modprobe on my test system. Obviously this time is added when first accessing pwm config attributes, however not everybody will use them, so it seems unfair to slow down driver loading (and thus boot) for an optional feature. Signed-off-by: Jean Delvare <khali@linux-fr.org>
| * | hwmon: (w83795) Delay reading limit registersJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | Wait until we need the limit register values, instead of pre-reading them. This saves 544 ms on modprobe on my test system. Obviously this time is added when first running "sensors" or any other monitoring application, but I think it is better than slowing down the boot. Signed-off-by: Jean Delvare <khali@linux-fr.org>
| * | hwmon: (w83795) Move register reads to dedicated functionsJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move initial register reads out of probe, to dedicated functions. This makes the code clearer, and will be needed if we want to delay calling these functions until they are needed, or want to call them periodically. Signed-off-by: Jean Delvare <khali@linux-fr.org> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
| * | hwmon: (w83795) Pack similar register readsJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | Pack similar register reads using for loops. Signed-off-by: Jean Delvare <khali@linux-fr.org>
| * | hwmon: (w83795) Make W83795_REG_PWM more efficientJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | Cascaded conditionals are inefficient. Reorder the fields so that PWM register addresses can be computed more efficiently. Signed-off-by: Jean Delvare <khali@linux-fr.org> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
| * | hwmon: (w83795) Don't pre-read values we'll update laterJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | There is no point in reading registers during initialization if we will refresh the values in the update function later. This is only slowing down the driver loading with no benefit, stop doing it. This change saves 480 ms on driver load on my test system. Signed-off-by: Jean Delvare <khali@linux-fr.org>
| * | hwmon: (w83795) Simplify temperature sensor type handlingJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All 3 temperature sensor type sysfs functions (show_temp_mode, store_temp_mode and show_dts_mode) can be simplified. We don't create these files when the correponding input isn't in temperature monitoring mode, so there is no point in handling that case. Likewise, we don't allow changing inputs from temperature to voltage, so the code handling this case is dead and can be removed. Signed-off-by: Jean Delvare <khali@linux-fr.org>
| * | hwmon: (w83795) Drop _NUM constantsJean Delvare2010-10-28
| | | | | | | | | | | | | | | | | | Consistently use ARRAY_SIZE() to control for loops. Signed-off-by: Jean Delvare <khali@linux-fr.org>