Merge with Linux 2.4.0-test5-pre1. This works again on Origin UP.

[linux-2.6/linux-mips.git] / fs / ChangeLog

Mon Oct 24 23:27:42 1994  Theodore Y. Ts'o  (tytso@rt-11)

        * fcntl.c (sys_fcntl): Liberalize security checks which Alan Cox
                put in.

Thu Oct 20 23:44:22 1994  Theodore Y. Ts'o  (tytso@rt-11)

        * fcntl.c (sys_fcntl): Add more of a security check to the
                F_SETOWN fcntl().

[Tons of changes missed, indeed. This list is worth restarting since
at least some fixes WILL break third-party filesystems. Sorry, but
there was no other way to fix rmdir/rename deadlock, for one.]

Wed Dec  2 (Linus, fill the rest, please)

        * namei.c (do_rmdir) and rmdir method in filesystems:
                Locking of directory we remove was taken to VFS.
                See comments in do_rmdir(). Unfixed filesystems
                will bloody likely deadlock in rmdir().

Thu Dec  3 17:25:31 1998  Al Viro (viro@math.psu.edu)

        * namei.c (do_rmdir):
                Reject non-directories here.
                Two (probably) obsolete checks moved here too: we fail if
                the directory we remove is the same as parent (BUG: we
                serve mountpoints later) or if it lives on a different
                device.
        * sysv/namei.c (sysv_rmdir):    See sysv/CHANGES

Fri Dec  4 00:54:12 1998  AV

        * namei.c (check_sticky): New function check_sticky(dir, inode).
                If dir is sticky check whether we can unlink/rmdir/rename
                the inode. Returns 1 if we can't. If dir isn't sticky -
                return 0 (i.e. no objections). Some filesystems require
                suser() here; some are fine with CAP_FOWNER. The later
                seems more reasonable.
        * namei.c (do_rmdir):
                Moved the check for sticky bit here.
        * affs/{inode,namei}.c:
                All AFFS directories have sticky semantics (i.e. non-owner
                having write permisssions on directory can unlink/rmdir/rename
                only the files he owns), but AFFS didn't set S_ISVTX on them.
                Fixed. NB: maybe this behaviour should be controlled by mount
                option. Obvious values being 'sticky' (current behaviour),
                'nonsticky' (normal behaviour) and maybe some play on 'D'
                permissions bit. FIXME.
        * qnx4/namei.c (qnx4_rmdir):
                Plugged inode leak.
        * ufs/namei.c (ufs_rmdir):
                Changed handling of busy directory to new scheme.

Fri Dec  4 10:30:58 1998  AV

        * namei.c (VFS_rmdir): New function. It gets inode of the parent and
                dentry of the victim, does all checks and applies fs-specific
                rmdir() method. It should be called with semaphores down
                on both the victim and its parent and with bumped d_count on
                victim (see comments in do_rmdir).
        * include/linux/fs.h: Added VFS_rmdir
        * kernel/ksyms.c: Added VFS_rmdir to export list (for NFSD).
        * nfsd/vfs.c: Fixed rmdir handling.

Tue Dec  8 05:55:08 1998  AV
        * vfat/namei.c: Fixed the bug in vfat_rename() introduced in the
                first round of rmdir fixes.

Wed Dec  9 03:06:10 1998  AV
        * namei.c (do_rename): part of fs-independent checks had been moved
                here (sticky bit handling, type mismatches). Cases of
                the source or target being append-only or immutable also went
                here - if we check it for parent we could as well do it for
                children.
        * {affs,ext2,minix,sysv,ufs}/namei.c (do_*_rename):
                Removed tests that went to VFS, it simplified the code big way.
                Fixed a race in check for empty target - we should check for
                extra owners _before_ checking for emptiness, not after it.
        * {ext2,ufs}/namei.c (do_*_rename):
                VERY nasty bug shot: if somebody mkdired /tmp/cca01234, went
                there, rmdired '.', waited till somebody created a file with
                the same name and said mv . /tmp/goodbye_sticky_bit... Well,
                goodbye sticky bit. Down, not across!
        * {minix,sysv}/namei.c (do_*_rename):
                Incorrect check for other owners (i_count instead of d_count).
                Fixed.
        * vfat: Looks like the changes above fixed a bug in VFAT - this beast
                used to allow renaming file over directory and vice versa.

Wed Dec  9 08:00:27 1998  AV
        * namei.c (VFS_rename): New function. It gets the same arguments as
                ->rename() method, does all checks and applies fs-specific
                rmdir() method. It should be called with semaphores down
                on both parents.
        * include/linux/fs.h: Added VFS_rename
        * kernel/ksyms.c: Added VFS_rename to export list (for NFSD).
        * nfsd/vfs.c: Changed rename handling (switched to VFS_rename).

Wed Dec  9 18:16:27 1998  AV
        * namei.c (do_unlink): handling of sticky bit went here.
        * {affs,ext2,minix,qnx4,sysv,ufs}/namei.c (*_unlink):
                removed handling of sticky bit.
        * qnx4/namei.c (qnx4_unlink):
                Yet another inode leak. Fixed.

Thu Dec 10 04:55:26 1998  AV
        * {ext2,minix,sysv,ufs}/namei.c (*_mknod):
                removed meaningless code handling attempts to mknod symlinks
                and directories. VFS protects us from _that_ and if this code
                would ever be called we'ld get a filesystem corruption.

Thu Dec 10 16:58:50 1998  AV
        * namei.c (do_rename): Fixed dentry leak that had been introduced by
                the first round of rmdir fixes.

Fri Dec 11 14:57:17 1998  AV
        * msdos/namei.c (msdos_rmdir): Fixed race in emptiness check.

Sat Dec 12 19:59:57 1998  AV
        * msdos/namei.c (msdos_mkdir): Fixed the evil breakage introduced by
                the changes of rmdir locking scheme. We shouldn't call
                msdos_rmdir from there.

Sun Dec 13 02:05:16 1998  AV
        * namei.c (do_unlink):
                Added new function: vfs_unlink, with the same arguments as
                ->unlink() method.
        * kernel/ksyms.c: Made it exported.
        * include/linux/fs.h: Added prototype.
        * nfsd/vfs.c: Changed handling of unlink (switched to vfs_unlink)
        * {ext2,ufs}/namei.c (*_unlink): moved handling of imm./append-only to
                VFS.

Wed Dec 16 06:10:04 1998  AV
        * namei.c (may_create, may_delete): New inline functions.
                They check whether creation/deletion is permitted.
                Checks from other places of namei.c went there.
                Looks like originally I misread permission-related stuff
                both here and in nfsd. In particular, checks for
                immutable are done in permission(). D'oh.
        * unlink on directory should return -EISDIR, not -EPERM as it used to
                do. Fixed.
        * rmdir of immutable/append-only directory shouldn't be allowed. Fixed.

Remains unfixed:
        * rename's handling of races is, erm, not optimal. Looks like I know
                what to do, but this thing needs some more cleanup - we can
                take care of almost all races in VFS and be much more graceful
                wrt locking. Moreover, it would give strong lookup atomicity.
                But it's a lot of changes to lookup and dcache code, so it will
                go after the fs drivers' cleanup.
        * affs allows HARD links to directories. VFS is, to put it politely,
                not too ready to cope with _that_. And I'm not sure it should
                be - looks like they are pretty much similar to symlinks.
        * truncate doesn't give a damn about IO errors and disk overflows (on
                braindead filesystems). I've submitted a patch to Linus, but
                looks like it wasn't applied.
        * msdos: shouldn't we treat SYS as IMMUTABLE? Makes sense, IMHO.