Change all the usages of file->f_mapping in ext3_*write_end() functions to use the mapping argument directly. This has two consequences: (*) Consistency. Without this patch sometimes one is used and sometimes the other is. (*) A NULL file pointer can be passed. This feature is then made use of by the generic hook in the next patch, which is used by CacheFiles to write pages to a file without setting up a file struct. Signed-off-by: David Howells ...

Add a function to install a monitor on the page lock waitqueue for a particular page, thus allowing the page being unlocked to be detected. This is used by CacheFiles to detect read completion on a page in the backing filesystem so that it can then copy the data to the waiting netfs page. Signed-off-by: David Howells <dhowells@redhat.com> --- include/linux/pagemap.h | 5 +++++ mm/filemap.c | 18 ++++++++++++++++++ 2 files changed, 23 insertions(+), 0 deletions(-) diff ...

Register NFS for caching and retrieve the top-level cache index object cookie. Signed-off-by: David Howells <dhowells@redhat.com> --- fs/nfs/Makefile | 1 + fs/nfs/fscache-index.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++ fs/nfs/fscache.h | 35 ++++++++++++++++++++++++++++++++ fs/nfs/inode.c | 8 +++++++ 4 files changed, 97 insertions(+), 0 deletions(-) create mode 100644 fs/nfs/fscache-index.c create mode 100644 fs/nfs/fscache.h diff ...

Add some new NFS I/O event counters for FS-Cache events. They have to be added as byte counters because I may need to be able to increase the numbers by more than 1 at a time. Signed-off-by: David Howells <dhowells@redhat.com> --- fs/nfs/iostat.h | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/fs/nfs/iostat.h b/fs/nfs/iostat.h index 6350ecb..0e3b170 100644 --- a/fs/nfs/iostat.h +++ b/fs/nfs/iostat.h @@ -60,6 +60,13 @@ enum nfs_stat_bytecounters { ...

Read pages from an FS-Cache data storage object representing an inode into an NFS inode. Signed-off-by: David Howells <dhowells@redhat.com> --- fs/nfs/fscache.c | 112 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ fs/nfs/fscache.h | 47 +++++++++++++++++++++++ fs/nfs/read.c | 18 +++++++++ 3 files changed, 176 insertions(+), 1 deletions(-) diff --git a/fs/nfs/fscache.c b/fs/nfs/fscache.c index d475ff5..438cc9b 100644 --- a/fs/nfs/fscache.c +++ b/fs/nfs/fscache.c @@ ...

Increase the size of a payload that can be used to instantiate a key in add_key() and keyctl_instantiate_key(). This permits huge CIFS SPNEGO blobs to be passed around. The limit is raised to 1MB. If kmalloc() can't allocate a buffer of sufficient size, vmalloc() will be tried instead. Signed-off-by: David Howells <dhowells@redhat.com> --- security/keys/keyctl.c | 38 ++++++++++++++++++++++++++++++-------- 1 files changed, 30 insertions(+), 8 deletions(-) diff --git ...

Provide an add_wait_queue_tail() function to add a waiter to the back of a wait queue instead of the front. Signed-off-by: David Howells <dhowells@redhat.com> --- include/linux/pagemap.h | 7 +++++-- include/linux/wait.h | 1 + kernel/wait.c | 18 ++++++++++++++++++ mm/filemap.c | 2 +- 4 files changed, 25 insertions(+), 3 deletions(-) diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h index c5df3ae..ad9484f 100644 --- ...

Remove the temporarily embedded task security record from task_struct. Instead it is made to dangle from the task_struct::sec and task_struct::act_as pointers with references counted for each. do_coredump() is made to create a copy of the security record, modify it and then use that to override the main one for a task. sys_faccessat() is made to do the same. The process and session keyrings are moved from signal_struct into a new thread_group_security struct. This is then refcounted, with ...

Define and create inode-level cache data storage objects (as managed by nfs_inode structs). Each inode-level object is created in a superblock-level index object and is itself a data storage object into which pages from the inode are stored. The inode object key is the NFS file handle for the inode. The inode object is given coherency data to carry in the auxiliary data permitted by the cache. This is a sequence made up of: (1) i_mtime from the NFS inode. (2) i_ctime from the NFS ...

nfs_readpage_async() needs to be non-static so that it can be used as a fallback for the local on-disk caching should an EIO crop up when reading the cache. Signed-off-by: David Howells <dhowells@redhat.com> --- fs/nfs/read.c | 4 ++-- include/linux/nfs_fs.h | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/nfs/read.c b/fs/nfs/read.c index 3d7d963..725a5a2 100644 --- a/fs/nfs/read.c +++ b/fs/nfs/read.c @@ -114,8 +114,8 @@ static void ...

Add read context retention so that FS-Cache can call back into NFS when a read operation on the cache fails EIO rather than reading data. This permits NFS to then fetch the data from the server instead using the appropriate security context. Signed-off-by: David Howells <dhowells@redhat.com> --- fs/nfs/fscache-index.c | 26 ++++++++++++++++++++++++++ 1 files changed, 26 insertions(+), 0 deletions(-) diff --git a/fs/nfs/fscache-index.c b/fs/nfs/fscache-index.c index eec8e7e..af9f06b ...

Add a keyctl() function to get the security label of a key. The following is added to Documentation/keys.txt: (*) Get the LSM security context attached to a key. long keyctl(KEYCTL_GET_SECURITY, key_serial_t key, char *buffer, size_t buflen) This function returns a string that represents the LSM security context attached to a key in the buffer provided. Unless there's an error, it always returns the amount of data it could produce, even if that's too big for ...

Add NFS mount options to allow the local caching support to be enabled. The attached patch makes it possible for the NFS filesystem to be told to make use of the network filesystem local caching service (FS-Cache). To be able to use this, a recent nfsutils package is required. There are three variant NFS mount options that can be added to a mount command to control caching for a mount. Only the last one specified takes effect: (*) Adding "fsc" will request caching. (*) Adding ...

Store pages from an NFS inode into the cache data storage object associated with that inode. Signed-off-by: David Howells <dhowells@redhat.com> --- fs/nfs/fscache.c | 26 ++++++++++++++++++++++++++ fs/nfs/fscache.h | 16 ++++++++++++++++ fs/nfs/read.c | 5 +++++ 3 files changed, 47 insertions(+), 0 deletions(-) diff --git a/fs/nfs/fscache.c b/fs/nfs/fscache.c index 438cc9b..50ae70f 100644 --- a/fs/nfs/fscache.c +++ b/fs/nfs/fscache.c @@ -456,3 +456,29 @@ int ...

FS-Cache page management for NFS. This includes hooking the releasing and invalidation of pages marked with PG_fscache (aka PG_private_2) and waiting for completion of the write-to-cache flag (PG_fscache_write aka PG_owner_priv_2). Signed-off-by: David Howells <dhowells@redhat.com> --- fs/nfs/file.c | 17 +++++++++++++---- fs/nfs/fscache.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ fs/nfs/fscache.h | 22 ++++++++++++++++++++++ 3 files changed, 84 insertions(+), 4 ...

Check the starting keyring as part of the search to (a) see if that is what we're searching for, and (b) to check it is still valid for searching. The scenario: User in process A does things that cause things to be created in its process session keyring. The user then does an su to another user and starts a new process, B. The two processes now share the same process session keyring. Process B does an NFS access which results in an upcall to gssd. When gssd attempts to instantiate the ...

Seems *really* weird that every time you send this, patch 6 doesn't seem to reach me in any of my mailboxes... (did get it from the url you listed) I'm sorry if I miss where you explicitly state this, but is it safe to assume, as perusing the patches suggests, that 1. tsk->sec never changes other than in task_alloc_security()? 2. tsk->act_as is only ever dereferenced from (a) current-> except (b) in do_coredump? (thereby carefully avoiding locking issues) I'd still like to ...

Define and create superblock-level cache index objects (as managed by nfs_server structs). Each superblock object is created in a server level index object and is itself an index into which inode-level objects are inserted. Ideally there would be one superblock-level object per server, and the former would be folded into the latter; however, since the "nosharecache" option exists this isn't possible. The superblock object key is a sequence consisting of: (1) Certain superblock ...

Change current->fs[ug]id to current_fs[ug]id() so that fsgid and fsuid can be separated from the task_struct. Signed-off-by: David Howells <dhowells@redhat.com> --- arch/ia64/kernel/perfmon.c | 4 ++-- arch/powerpc/platforms/cell/spufs/inode.c | 4 ++-- drivers/isdn/capi/capifs.c | 4 ++-- drivers/usb/core/inode.c | 4 ++-- fs/9p/fid.c | 2 +- fs/9p/vfs_inode.c | 4 ++-- ...

I wonder, what is wrong in reporting mounts in other namespaces that either receive and send propagation to mounts in our namespace? If we take that approach, we will report **only** the mounts in other namespace which have a counter part in our namespace. After all the filesystems backing the mounts here and there are the same(other wise they would'nt have propagated). And any mounts contained outside our namespace, having no propagation relation to any mounts in our namespace, will remain ...

This sounds fine. I'll have a look at implementing a stable peer group ID (it doesn't need a separate object, I realized that now). Miklos -

A plenty. E.g. if foo trusts control over /var/blah to bar, it's not obvious that foo has any business knowing if bar gets it from somebody else in turn. And I'm not sure that bar has any business knowing that foo has the damn thing attached in five places instead of just one, let alone _where_ it has been attached. If you get down to it, the thing is about delegating control over part of namespace to somebody, without letting them control, see, etc. the rest of it. So I'd rather be very ...

Well, assuming you see only one namespace. When I'm experimenting with namespaces and propagations, I see both (each in a separate xterm) and I do want to know how propagation between them happens. Your suggestion doesn't deal with that problem. Otherwise, yes it makes sense to have a consistent view of the tree shown for each namespace. Perhaps the solution is to restrict viewing the whole tree to privileged processes. Miklos -

Hmm, looks like selinux is not showing it's mount options in /proc/mounts. Well, actually there's no infrastructure for it either. Here's a template patch (completely untested). Selinux guys, please fill in the details and submit, thanks. Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Index: linux/fs/namespace.c =================================================================== --- linux.orig/fs/namespace.c 2008-02-20 10:51:11.000000000 +0100 +++ linux/fs/namespace.c 2008-02-20 ...

It's not so much a special case for NFS, just that NFS happens to use binary mount options. So, I guess it could be put into a library for other potential filesystems with binary mount options. To clarify: The SELinux options are indeed filesystem independent, and the FS should really not need to be concerned at all with them. For everything except NFS, we parse text options looking for context=, then use that value from within SELinux as the label for all files in the ...

FWIW, I must apologize for delay with getting the damn tree open on kernel.org ;-/ The last couple of weeks had been Not Fun(tm) in a lot of respects. Hopefully I'll finish putting the damn thing into publishable shape by tomorrow. As for the stuff mentioned above... ro-bind series - definitely yes, mountinfo - IMO needs a sane discussion of what and how should be shown wrt propagation state, unprivileged mounts - in the "need to finish reviewing" pile. -

But GNU tar does not handle acls and xattrs. So back to rsync/cp/mv. -

Yeah they probably whipped it up with some patches. $ tar --xattrs tar: unrecognized option `--xattrs' Try `tar --help' or `tar --usage' for more information. $ tar --acl tar: unrecognized option `--acl' Try `tar --help' or `tar --usage' for more information. $ rpm -q tar tar-1.17-21 (Not everything that runs rpm is a fedorahat, though) -

On Tue, 19 Feb 2008 23:28:28 +0100 I suspect one problem could be that an HPC job scheduling program does not know exactly how much memory each job can take, so it can sometimes end up making a mistake and overcommitting the memory on one HPC node. In that case the user is better off having that job killed and restarted elsewhere, than having all of the jobs on that node crawl to a halt due to swapping. Paul, is this guess correct? :) -- All rights reversed. -

Not for the loads I focus on. Each job gets exclusive use of its own dedicated set of nodes, for the duration of the job. With that comes a quite specific upper limit on how much memory, in total, including node local kernel data, that job is allowed to use. One problem with swapping is that nodes aren't entirely isolated. They share buses, i/o channels, disk arms, kernel data cache lines and kernel locks with other nodes, running other jobs. A job thrashing its swap is a drag on the rest ...

Hm our dedicated ndoe user set memory limit to machine physical memory size (minus a bit). I think don't have so much share/dedicate and watch user-defined/swap. am i misundestand? -