commit 0d03d59d9b31cd1e33b7e46a80b6fef66244b1f2 Author: Geert Uytterhoeven Date: Thu Sep 10 23:13:28 2009 +0200 md: Fix "strchr" [drivers/md/dm-log-userspace.ko] undefined! Commit b8313b6da7e2e7c7f47d93d8561969a3ff9ba0ea ("dm log: remove incorrect field from userspace table output") added a call to strstr() with a single-character "needle" string parameter. Unfortunately some versions of gcc replace such calls to strstr() by calls to strchr() behind our back. This causes linking errors if strchr() is defined as an inline function in (e.g. on m68k): | WARNING: "strchr" [drivers/md/dm-log-userspace.ko] undefined! Avoid this by explicitly calling strchr() instead. Signed-off-by: Geert Uytterhoeven Cc: stable@kernel.org Signed-off-by: Linus Torvalds commit 526b678093a8a4bcf1ffffbe17bcf21c057eddf5 Merge: 752015d 18f4c64 Author: Linus Torvalds Date: Wed Sep 9 20:04:54 2009 -0700 Merge branch 'lookup-permissions-cleanup' * lookup-permissions-cleanup: jffs2/jfs/xfs: switch over to 'check_acl' rather than 'permission()' ext[234]: move over to 'check_acl' permission model shmfs: use 'check_acl' instead of 'permission' Make 'check_acl()' a first-class filesystem op Simplify exec_permission_lite(), part 3 Simplify exec_permission_lite() further Simplify exec_permission_lite() logic Do not call 'ima_path_check()' for each path component commit 752015d1b0683a8c623ebfe4c62893413e9b30d3 Author: Roland McGrath Date: Tue Sep 8 19:49:40 2009 -0700 binfmt_elf: fix PT_INTERP bss handling In fs/binfmt_elf.c, load_elf_interp() calls padzero() for .bss even if the PT_LOAD has no PROT_WRITE and no .bss. This generates EFAULT. Here is a small test case. (Yes, there are other, useful PT_INTERP which have only .text and no .data/.bss.) ----- ptinterp.S _start: .globl _start nop int3 ----- $ gcc -m32 -nostartfiles -nostdlib -o ptinterp ptinterp.S $ gcc -m32 -Wl,--dynamic-linker=ptinterp -o hello hello.c $ ./hello Segmentation fault # during execve() itself After applying the patch: $ ./hello Trace trap # user-mode execution after execve() finishes If the ELF headers are actually self-inconsistent, then dying is fine. But having no PROT_WRITE segment is perfectly normal and correct if there is no segment with p_memsz > p_filesz (i.e. bss). John Reiser suggested checking for PROT_WRITE in the bss logic. I think it makes most sense to simply apply the bss logic only when there is bss. This patch looks less trivial than it is due to some reindentation. It just moves the "if (last_bss > elf_bss) {" test up to include the partial-page bss logic as well as the more-pages bss logic. Reported-by: John Reiser Signed-off-by: Roland McGrath Signed-off-by: Linus Torvalds commit 18f4c644773bc8de1fd9c5182b30c231aafb94ef Author: Linus Torvalds Date: Fri Aug 28 12:29:03 2009 -0700 jffs2/jfs/xfs: switch over to 'check_acl' rather than 'permission()' This avoids an indirect call in the VFS for each path component lookup. Well, at least as long as you own the directory in question, and the ACL check is unnecessary. Reviewed-by: James Morris Acked-by: Serge Hallyn Signed-off-by: Linus Torvalds commit 1d5ccd1c422d7d292a9e45248aa36771900c6331 Author: Linus Torvalds Date: Fri Aug 28 12:12:24 2009 -0700 ext[234]: move over to 'check_acl' permission model Don't implement per-filesystem 'extX_permission()' functions that have to be called for every path component operation, and instead just expose the actual ACL checking so that the VFS layer can now do it for us. Reviewed-by: James Morris Acked-by: Serge Hallyn Signed-off-by: Linus Torvalds commit 6d848a488ad83cc3891bb274691118f45ce6aab9 Author: Linus Torvalds Date: Fri Aug 28 12:04:28 2009 -0700 shmfs: use 'check_acl' instead of 'permission' shmfs wants purely standard POSIX ACL semantics, so we can use the new generic VFS layer POSIX ACL checking rather than cooking our own 'permission()' function. Reviewed-by: James Morris Acked-by: Serge Hallyn Acked-by: Hugh Dickins Signed-off-by: Linus Torvalds commit 5909ccaa300a4a834ffa275327af4df0b9cb5295 Author: Linus Torvalds Date: Fri Aug 28 11:51:25 2009 -0700 Make 'check_acl()' a first-class filesystem op This is stage one in flattening out the callchains for the common permission testing. Rather than have most filesystem implement their own inode->i_op->permission function that just calls back down to the VFS layers 'generic_permission()' with the per-filesystem ACL checking function, the filesystem can just expose its 'check_acl' function directly, and let the VFS layer do everything for it. This is all just preparatory - no filesystem actually enables this yet. Reviewed-by: James Morris Acked-by: Serge Hallyn Signed-off-by: Linus Torvalds commit cb9179ead0aa0e3b7b4087cdba59baf16bbeef6d Author: Linus Torvalds Date: Fri Aug 28 11:08:31 2009 -0700 Simplify exec_permission_lite(), part 3 Don't call down to the generic inode_permission() function just to call the inode-specific permission function - just do it directly. The generic inode_permission() code does things like checking MAY_WRITE and devcgroup_inode_permission(), neither of which are relevant for the light pathname walk permission checks (we always do just MAY_EXEC, and the inode is never a special device). Reviewed-by: James Morris Acked-by: Serge Hallyn Signed-off-by: Linus Torvalds commit f1ac9f6bfea6f21e8ab6dbbe46879d62a6fba8c0 Author: Linus Torvalds Date: Fri Aug 28 10:53:56 2009 -0700 Simplify exec_permission_lite() further This function is only called for path components that are already known to be directories (they have a '->lookup' method). So don't bother doing that whole S_ISDIR() testing, the whole point of the 'lite()' version is that we know that we are looking at a directory component, and that we're only checking name lookup permission. Reviewed-by: James Morris Acked-by: Serge Hallyn Signed-off-by: Linus Torvalds commit b7a437b08a44a3ed7e3a052eb39d2c5f618b603b Author: Linus Torvalds Date: Fri Aug 28 10:50:37 2009 -0700 Simplify exec_permission_lite() logic Instead of returning EAGAIN and having the caller do something special for that case, just do the special case directly. Reviewed-by: James Morris Acked-by: Serge Hallyn Signed-off-by: Linus Torvalds commit e8e66ed25b5cbeebed69c475f6c108e52078a3b3 Author: Linus Torvalds Date: Fri Aug 28 10:05:33 2009 -0700 Do not call 'ima_path_check()' for each path component Not only is that a supremely timing-critical path, but it's hopefully some day going to be lockless for the common case, and ima can't do that. Plus the integrity code doesn't even care about non-regular files, so it was always a total waste of time and effort. Acked-by: Serge Hallyn Acked-by: Mimi Zohar Signed-off-by: Linus Torvalds