1. 29 Jan, 2018 1 commit
  2. 15 Jan, 2018 1 commit
    • David Windsor's avatar
      ext4: Define usercopy region in ext4_inode_cache slab cache · f8dd7c70
      David Windsor authored
      The ext4 symlink pathnames, stored in struct ext4_inode_info.i_data
      and therefore contained in the ext4_inode_cache slab cache, need
      to be copied to/from userspace.
      cache object allocation:
                  struct ext4_inode_info *ei;
                  ei = kmem_cache_alloc(ext4_inode_cachep, GFP_NOFS);
                  return &ei->vfs_inode;
                  #define EXT4_I(inode) \
                      (container_of(inode, struct ext4_inode_info, vfs_inode))
                  inode->i_link = (char *)&EXT4_I(inode)->i_data;
      example usage trace:
              readlink_copy(..., link):
                  copy_to_user(..., link, len)
              (inlined into vfs_readlink)
              generic_readlink(dentry, ...):
                  struct inode *inode = d_inode(dentry);
                  const char *link = inode->i_link;
                  readlink_copy(..., link);
      In support of usercopy hardening, this patch defines a region in the
      ext4_inode_cache slab cache in which userspace copy operations are
      This region is known as the slab cache's usercopy region. Slab caches
      can now check that each dynamically sized copy operation involving
      cache-managed memory falls entirely within the slab's usercopy region.
      This patch is modified from Brad Spengler/PaX Team's PAX_USERCOPY
      whitelisting code in the last public patch of grsecurity/PaX based on my
      understanding of the code. Changes or omissions from the original code are
      mine and don't reflect the original grsecurity/PaX code.
      Signed-off-by: default avatarDavid Windsor <dave@nullcore.net>
      [kees: adjust commit log, provide usage trace]
      Cc: "Theodore Ts'o" <tytso@mit.edu>
      Cc: Andreas Dilger <adilger.kernel@dilger.ca>
      Cc: linux-ext4@vger.kernel.org
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
  3. 11 Jan, 2018 1 commit
  4. 10 Jan, 2018 2 commits
  5. 18 Dec, 2017 1 commit
    • Theodore Ts'o's avatar
      ext4: fix up remaining files with SPDX cleanups · f5166768
      Theodore Ts'o authored
      A number of ext4 source files were skipped due because their copyright
      permission statements didn't match the expected text used by the
      automated conversion utilities.  I've added SPDX tags for the rest.
      While looking at some of these files, I've noticed that we have quite
      a bit of variation on the licenses that were used --- in particular
      some of the Red Hat licenses on the jbd2 files use a GPL2+ license,
      and we have some files that have a LGPL-2.1 license (which was quite
      I've not attempted to do any license changes.  Even if it is perfectly
      legal to relicense to GPL 2.0-only for consistency's sake, that should
      be done with ext4 developer community discussion.
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
  6. 27 Nov, 2017 1 commit
    • Linus Torvalds's avatar
      Rename superblock flags (MS_xyz -> SB_xyz) · 1751e8a6
      Linus Torvalds authored
      This is a pure automated search-and-replace of the internal kernel
      superblock flags.
      The s_flags are now called SB_*, with the names and the values for the
      moment mirroring the MS_* flags that they're equivalent to.
      Note how the MS_xyz flags are the ones passed to the mount system call,
      while the SB_xyz flags are what we then use in sb->s_flags.
      The script to do this was:
          # places to look in; re security/*: it generally should *not* be
          # touched (that stuff parses mount(2) arguments directly), but
          # there are two places where we really deal with superblock flags.
          FILES="drivers/mtd drivers/staging/lustre fs ipc mm \
                  include/linux/fs.h include/uapi/linux/bfs_fs.h \
                  security/apparmor/apparmorfs.c security/apparmor/include/lib.h"
          # the list of MS_... constants
                ACTIVE NOUSER"
          for i in $SYMS; do SED_PROG="$SED_PROG -e s/MS_$i/SB_$i/g"; done
          # we want files that contain at least one of MS_...,
          # with fs/namespace.c and fs/pnode.c excluded.
          L=$(for i in $SYMS; do git grep -w -l MS_$i $FILES; done| sort|uniq|grep -v '^fs/namespace.c'|grep -v '^fs/pnode.c')
          for f in $L; do sed -i $f $SED_PROG; done
      Requested-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  7. 09 Nov, 2017 1 commit
  8. 18 Oct, 2017 6 commits
  9. 12 Oct, 2017 2 commits
    • Ross Zwisler's avatar
      ext4: add sanity check for encryption + DAX · 7d3e06a8
      Ross Zwisler authored
      We prevent DAX from being used on inodes which are using ext4's built in
      encryption via a check in ext4_set_inode_flags().  We do have what appears
      to be an unsafe transition of S_DAX in ext4_set_context(), though, where
      S_DAX can get disabled without us doing a proper writeback + invalidate.
      There are also issues with mm-level races when changing the value of S_DAX,
      as well as issues with the VM_MIXEDMAP flag:
      I actually think we are safe in this case because of the following:
      1) You can't encrypt an existing file.  Encryption can only be set on an
      empty directory, with new inodes in that directory being created with
      encryption turned on, so I don't think it's possible to turn encryption on
      for a file that has open DAX mmaps or outstanding I/Os.
      2) There is no way to turn encryption off on a given file.  Once an inode
      is encrypted, it stays encrypted for the life of that inode, so we don't
      have to worry about the case where we turn encryption off and S_DAX
      suddenly turns on.
      3) The only way we end up in ext4_set_context() to turn on encryption is
      when we are creating a new file in the encrypted directory.  This happens
      as part of ext4_create() before the inode has been allowed to do any I/O.
      Here's the call tree:
      	 ext4_set_inode_flags() // sets S_DAX
      		ext4_set_context() // sets EXT4_INODE_ENCRYPT, clears S_DAX
      So, I actually think it's safe to transition S_DAX in ext4_set_context()
      without any locking, writebacks or invalidations.  I've added a
      WARN_ON_ONCE() sanity check to make sure that we are notified if we ever
      encounter a case where we are encrypting an inode that already has data,
      in which case we need to add code to safely transition S_DAX.
      Signed-off-by: default avatarRoss Zwisler <ross.zwisler@linux.intel.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
    • Ross Zwisler's avatar
      ext4: prevent data corruption with inline data + DAX · 559db4c6
      Ross Zwisler authored
      If an inode has inline data it is currently prevented from using DAX by a
      check in ext4_set_inode_flags().  When the inode grows inline data via
      ext4_create_inline_data() or removes its inline data via
      ext4_destroy_inline_data_nolock(), the value of S_DAX can change.
      Currently these changes are unsafe because we don't hold off page faults
      and I/O, write back dirty radix tree entries and invalidate all mappings.
      There are also issues with mm-level races when changing the value of S_DAX,
      as well as issues with the VM_MIXEDMAP flag:
      The unsafe transition of S_DAX can reliably cause data corruption, as shown
      by the following fstest:
      Fix this issue by preventing the DAX mount option from being used on
      filesystems that were created to support inline data.  Inline data is an
      option given to mkfs.ext4.
      Signed-off-by: default avatarRoss Zwisler <ross.zwisler@linux.intel.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      CC: stable@vger.kernel.org
  10. 05 Sep, 2017 1 commit
  11. 31 Aug, 2017 1 commit
  12. 24 Aug, 2017 2 commits
    • zhangyi (F)'s avatar
      ext4: fix quota inconsistency during orphan cleanup for read-only mounts · 95f1fda4
      zhangyi (F) authored
      Quota does not get enabled for read-only mounts if filesystem
      has quota feature, so that quotas cannot updated during orphan
      cleanup, which will lead to quota inconsistency.
      This patch turn on quotas during orphan cleanup for this case,
      make sure quotas can be updated correctly.
      Reported-by: default avatarJan Kara <jack@suse.cz>
      Signed-off-by: default avatarzhangyi (F) <yi.zhang@huawei.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      Cc: stable@vger.kernel.org # 3.18+
    • zhangyi (F)'s avatar
      ext4: fix incorrect quotaoff if the quota feature is enabled · b0a5a958
      zhangyi (F) authored
      Current ext4 quota should always "usage enabled" if the
      quota feautre is enabled. But in ext4_orphan_cleanup(), it
      turn quotas off directly (used for the older journaled
      quota), so we cannot turn it on again via "quotaon" unless
      umount and remount ext4.
      Simple reproduce:
        mkfs.ext4 -O project,quota /dev/vdb1
        mount -o prjquota /dev/vdb1 /mnt
        chattr -p 123 /mnt
        chattr +P /mnt
        touch /mnt/aa /mnt/bb
        exec 100<>/mnt/aa
        rm -f /mnt/aa
        echo c > /proc/sysrq-trigger
        #reboot and mount
        mount -o prjquota /dev/vdb1 /mnt
        #query status
        quotaon -Ppv /dev/vdb1
        quotaon: Cannot find mountpoint for device /dev/vdb1
        quotaon: No correct mountpoint specified.
      This patch add check for journaled quotas to avoid incorrect
      quotaoff when ext4 has quota feautre.
      Signed-off-by: default avatarzhangyi (F) <yi.zhang@huawei.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      Cc: stable@vger.kernel.org # 3.18
  13. 17 Aug, 2017 3 commits
    • Jan Kara's avatar
      quota: Reduce contention on dq_data_lock · 7b9ca4c6
      Jan Kara authored
      dq_data_lock is currently used to protect all modifications of quota
      accounting information, consistency of quota accounting on the inode,
      and dquot pointers from inode. As a result contention on the lock can be
      pretty heavy.
      Reduce the contention on the lock by protecting quota accounting
      information by a new dquot->dq_dqb_lock and consistency of quota
      accounting with inode usage by inode->i_lock.
      This change reduces time to create 500000 files on ext4 on ramdisk by 50
      different processes in separate directories by 6% when user quota is
      turned on. When those 50 processes belong to 50 different users, the
      improvement is about 9%.
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
    • Jan Kara's avatar
      ext4: Disable dirty list tracking of dquots when journalling quotas · 91389240
      Jan Kara authored
      When journalling quotas, we writeback all dquots immediately after
      changing them as part of current transation. Thus there's no need to
      write anything in dquot_writeback_dquots() and so we can avoid updating
      list of dirty dquots to reduce dq_list_lock contention.
      This change reduces time to create 500000 files on ext4 on ramdisk by 50
      different processes in separate directories by 15% when user quota is
      turned on.
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
    • Jan Kara's avatar
      quota: Convert dqio_mutex to rwsem · bc8230ee
      Jan Kara authored
      Convert dqio_mutex to rwsem and call it dqio_sem. No functional changes
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
  14. 31 Jul, 2017 1 commit
  15. 17 Jul, 2017 1 commit
    • David Howells's avatar
      VFS: Convert sb->s_flags & MS_RDONLY to sb_rdonly(sb) · bc98a42c
      David Howells authored
      Firstly by applying the following with coccinelle's spatch:
      	@@ expression SB; @@
      	-SB->s_flags & MS_RDONLY
      to effect the conversion to sb_rdonly(sb), then by applying:
      	@@ expression A, SB; @@
      	-(!sb_rdonly(SB)) && A
      	+!sb_rdonly(SB) && A
      	-A != (sb_rdonly(SB))
      	+A != sb_rdonly(SB)
      	-A == (sb_rdonly(SB))
      	+A == sb_rdonly(SB)
      	-A && (sb_rdonly(SB))
      	+A && sb_rdonly(SB)
      	-A || (sb_rdonly(SB))
      	+A || sb_rdonly(SB)
      	-(sb_rdonly(SB)) != A
      	+sb_rdonly(SB) != A
      	-(sb_rdonly(SB)) == A
      	+sb_rdonly(SB) == A
      	-(sb_rdonly(SB)) && A
      	+sb_rdonly(SB) && A
      	-(sb_rdonly(SB)) || A
      	+sb_rdonly(SB) || A
      	@@ expression A, B, SB; @@
      	-(sb_rdonly(SB)) ? 1 : 0
      	-(sb_rdonly(SB)) ? A : B
      	+sb_rdonly(SB) ? A : B
      to remove left over excess bracketage and finally by applying:
      	@@ expression A, SB; @@
      	-(A & MS_RDONLY) != sb_rdonly(SB)
      	+(bool)(A & MS_RDONLY) != sb_rdonly(SB)
      	-(A & MS_RDONLY) == sb_rdonly(SB)
      	+(bool)(A & MS_RDONLY) == sb_rdonly(SB)
      to make comparisons against the result of sb_rdonly() (which is a bool)
      work correctly.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
  16. 06 Jul, 2017 1 commit
    • Tahsin Erdogan's avatar
      ext4: fix __ext4_new_inode() journal credits calculation · af65207c
      Tahsin Erdogan authored
      ea_inode feature allows creating extended attributes that are up to
      64k in size. Update __ext4_new_inode() to pick increased credit limits.
      To avoid overallocating too many journal credits, update
      __ext4_xattr_set_credits() to make a distinction between xattr create
      vs update. This helps __ext4_new_inode() because all attributes are
      known to be new, so we can save credits that are normally needed to
      delete old values.
      Also, have fscrypt specify its maximum context size so that we don't
      end up allocating credits for 64k size.
      Signed-off-by: default avatarTahsin Erdogan <tahsin@google.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
  17. 24 Jun, 2017 1 commit
  18. 23 Jun, 2017 2 commits
    • Eric Biggers's avatar
      ext4: forbid encrypting root directory · 9ce0151a
      Eric Biggers authored
      Currently it's possible to encrypt all files and directories on an ext4
      filesystem by deleting everything, including lost+found, then setting an
      encryption policy on the root directory.  However, this is incompatible
      with e2fsck because e2fsck expects to find, create, and/or write to
      lost+found and does not have access to any encryption keys.  Especially
      problematic is that if e2fsck can't find lost+found, it will create it
      without regard for whether the root directory is encrypted.  This is
      wrong for obvious reasons, and it causes a later run of e2fsck to
      consider the lost+found directory entry to be corrupted.
      Encrypting the root directory may also be of limited use because it is
      the "all-or-nothing" use case, for which dm-crypt can be used instead.
      (By design, encryption policies are inherited and cannot be overridden;
      so the root directory having an encryption policy implies that all files
      and directories on the filesystem have that same encryption policy.)
      In any case, encrypting the root directory is broken currently and must
      not be allowed; so start returning an error if userspace requests it.
      For now only do this in ext4, because f2fs and ubifs do not appear to
      have the lost+found requirement.  We could move it into
      fscrypt_ioctl_set_policy() later if desired, though.
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Reviewed-by: default avatarAndreas Dilger <adilger@dilger.ca>
    • Daeho Jeong's avatar
      ext4: send parallel discards on commit completions · a0154344
      Daeho Jeong authored
      Now, when we mount ext4 filesystem with '-o discard' option, we have to
      issue all the discard commands for the blocks to be deallocated and
      wait for the completion of the commands on the commit complete phase.
      Because this procedure might involve a lot of sequential combinations of
      issuing discard commands and waiting for that, the delay of this
      procedure might be too much long, even to 17.0s in our test,
      and it results in long commit delay and fsync() performance degradation.
      To reduce this kind of delay, instead of adding callback for each
      extent and handling all of them in a sequential manner on commit phase,
      we instead add a separate list of extents to free to the superblock and
      then process this list at once after transaction commits so that
      we can issue all the discard commands in a parallel manner like XFS
      Finally, we could enhance the discard command handling performance.
      The result was such that 17.0s delay of a single commit in the worst
      case has been enhanced to 4.8s.
      Signed-off-by: default avatarDaeho Jeong <daeho.jeong@samsung.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Tested-by: default avatarHobin Woo <hobin.woo@samsung.com>
      Tested-by: default avatarKitae Lee <kitae87.lee@samsung.com>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
  19. 22 Jun, 2017 5 commits
    • Tahsin Erdogan's avatar
      ext4: add nombcache mount option · cdb7ee4c
      Tahsin Erdogan authored
      The main purpose of mb cache is to achieve deduplication in
      extended attributes. In use cases where opportunity for deduplication
      is unlikely, it only adds overhead.
      Add a mount option to explicitly turn off mb cache.
      Suggested-by: default avatarAndreas Dilger <adilger@dilger.ca>
      Signed-off-by: default avatarTahsin Erdogan <tahsin@google.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
    • Tahsin Erdogan's avatar
      quota: add get_inode_usage callback to transfer multi-inode charges · 7a9ca53a
      Tahsin Erdogan authored
      Ext4 ea_inode feature allows storing xattr values in external inodes to
      be able to store values that are bigger than a block in size. Ext4 also
      has deduplication support for these type of inodes. With deduplication,
      the actual storage waste is eliminated but the users of such inodes are
      still charged full quota for the inodes as if there was no sharing
      happening in the background.
      This design requires ext4 to manually charge the users because the
      inodes are shared.
      An implication of this is that, if someone calls chown on a file that
      has such references we need to transfer the quota for the file and xattr
      inodes. Current dquot_transfer() function implicitly transfers one inode
      charge. With ea_inode feature, we would like to transfer multiple inode
      Add get_inode_usage callback which can interrogate the total number of
      inodes that were charged for a given inode.
      [ Applied fix from Colin King to make sure the 'ret' variable is
        initialized on the successful return path.  Detected by
        CoverityScan, CID#1446616 ("Uninitialized scalar variable") --tytso]
      Signed-off-by: default avatarTahsin Erdogan <tahsin@google.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Acked-by: default avatarJan Kara <jack@suse.cz>
    • Tahsin Erdogan's avatar
      ext4: xattr inode deduplication · dec214d0
      Tahsin Erdogan authored
      Ext4 now supports xattr values that are up to 64k in size (vfs limit).
      Large xattr values are stored in external inodes each one holding a
      single value. Once written the data blocks of these inodes are immutable.
      The real world use cases are expected to have a lot of value duplication
      such as inherited acls etc. To reduce data duplication on disk, this patch
      implements a deduplicator that allows sharing of xattr inodes.
      The deduplication is based on an in-memory hash lookup that is a best
      effort sharing scheme. When a xattr inode is read from disk (i.e.
      getxattr() call), its crc32c hash is added to a hash table. Before
      creating a new xattr inode for a value being set, the hash table is
      checked to see if an existing inode holds an identical value. If such an
      inode is found, the ref count on that inode is incremented. On value
      removal the ref count is decremented and if it reaches zero the inode is
      The quota charging for such inodes is manually managed. Every reference
      holder is charged the full size as if there was no sharing happening.
      This is consistent with how xattr blocks are also charged.
      [ Fixed up journal credits calculation to handle inline data and the
        rare case where an shared xattr block can get freed when two thread
        race on breaking the xattr block sharing. --tytso ]
      Signed-off-by: default avatarTahsin Erdogan <tahsin@google.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
    • Tahsin Erdogan's avatar
      ext2, ext4: make mb block cache names more explicit · 47387409
      Tahsin Erdogan authored
      There will be a second mb_cache instance that tracks ea_inodes. Make
      existing names more explicit so that it is clear that they refer to
      xattr block cache.
      Signed-off-by: default avatarTahsin Erdogan <tahsin@google.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
    • Tahsin Erdogan's avatar
      ext4: improve journal credit handling in set xattr paths · c1a5d5f6
      Tahsin Erdogan authored
      Both ext4_set_acl() and ext4_set_context() need to be made aware of
      ea_inode feature when it comes to credits calculation.
      Also add a sufficient credits check in ext4_xattr_set_handle() right
      after xattr write lock is grabbed. Original credits calculation is done
      outside the lock so there is a possiblity that the initially calculated
      credits are not sufficient anymore.
      Signed-off-by: default avatarTahsin Erdogan <tahsin@google.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
  20. 05 Jun, 2017 1 commit
  21. 24 May, 2017 1 commit
  22. 22 May, 2017 1 commit
  23. 09 May, 2017 1 commit
    • Michal Hocko's avatar
      mm: introduce kv[mz]alloc helpers · a7c3e901
      Michal Hocko authored
      Patch series "kvmalloc", v5.
      There are many open coded kmalloc with vmalloc fallback instances in the
      tree.  Most of them are not careful enough or simply do not care about
      the underlying semantic of the kmalloc/page allocator which means that
      a) some vmalloc fallbacks are basically unreachable because the kmalloc
      part will keep retrying until it succeeds b) the page allocator can
      invoke a really disruptive steps like the OOM killer to move forward
      which doesn't sound appropriate when we consider that the vmalloc
      fallback is available.
      As it can be seen implementing kvmalloc requires quite an intimate
      knowledge if the page allocator and the memory reclaim internals which
      strongly suggests that a helper should be implemented in the memory
      subsystem proper.
      Most callers, I could find, have been converted to use the helper
      instead.  This is patch 6.  There are some more relying on __GFP_REPEAT
      in the networking stack which I have converted as well and Eric Dumazet
      was not...
  24. 08 May, 2017 1 commit
    • Dan Williams's avatar
      block, dax: move "select DAX" from BLOCK to FS_DAX · ef510424
      Dan Williams authored
      For configurations that do not enable DAX filesystems or drivers, do not
      require the DAX core to be built.
      Given that the 'direct_access' method has been removed from
      'block_device_operations', we can also go ahead and remove the
      block-related dax helper functions from fs/block_dev.c to
      drivers/dax/super.c. This keeps dax details out of the block layer and
      lets the DAX core be built as a module in the FS_DAX=n case.
      Filesystems need to include dax.h to call bdev_dax_supported().
      Cc: linux-xfs@vger.kernel.org
      Cc: Jens Axboe <axboe@kernel.dk>
      Cc: "Theodore Ts'o" <tytso@mit.edu>
      Cc: Matthew Wilcox <mawilcox@microsoft.com>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: "Darrick J. Wong" <darrick.wong@oracle.com>
      Cc: Ross Zwisler <ross.zwisler@linux.intel.com>
      Reviewed-by: default avatarJan Kara <jack@suse.com>
      Reported-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: default avatarDan Williams <dan.j.williams@intel.com>
  25. 04 May, 2017 1 commit
    • Jan Kara's avatar
      ext4: mark superblock writes synchronous for nobarrier mounts · 00473374
      Jan Kara authored
      Commit b685d3d6 "block: treat REQ_FUA and REQ_PREFLUSH as
      synchronous" removed REQ_SYNC flag from WRITE_FUA implementation.
      generic_make_request_checks() however strips REQ_FUA flag from a bio
      when the storage doesn't report volatile write cache and thus write
      effectively becomes asynchronous which can lead to performance
      regressions. This affects superblock writes for ext4. Fix the problem
      by marking superblock writes always as synchronous.
      Fixes: b685d3d6
      CC: linux-ext4@vger.kernel.org
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>