summaryrefslogtreecommitdiffstats
path: root/fs
Commit message (Collapse)AuthorAgeFilesLines
* [PATCH] smbfs: Fix slab corruption in samba error pathJan Niehusmann2006-05-151-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Yesterday, I got the following error with 2.6.16.13 during a file copy from a smb filesystem over a wireless link. I guess there was some error on the wireless link, which in turn caused an error condition for the smb filesystem. In the log, smb_file_read reports error=4294966784 (0xfffffe00), which also shows up in the slab dumps, and also is -ERESTARTSYS. Error code 27499 corresponds to 0x6b6b, so the rq_errno field seems to be the only one being set after freeing the slab. In smb_add_request (which is the only place in smbfs where I found ERESTARTSYS), I found the following: if (!timeleft || signal_pending(current)) { /* * On timeout or on interrupt we want to try and remove the * request from the recvq/xmitq. */ smb_lock_server(server); if (!(req->rq_flags & SMB_REQ_RECEIVED)) { list_del_init(&req->rq_queue); smb_rput(req); } smb_unlock_server(server); } [...] if (signal_pending(current)) req->rq_errno = -ERESTARTSYS; I guess that some codepath like smbiod_flush() caused the request to be removed from the queue, and smb_rput(req) be called, without SMB_REQ_RECEIVED being set. This violates an asumption made by the quoted code. Then, the above code calls smb_rput(req) again, the req gets freed, and req->rq_errno = -ERESTARTSYS writes into the already freed slab. As list_del_init doesn't cause an error if called multiple times, that does cause the observed behaviour (freed slab with rq_errno=-ERESTARTSYS). If this observation is correct, the following patch should fix it. I wonder why the smb code uses list_del_init everywhere - using list_del instead would catch such situations by poisoning the next and prev pointers. May 4 23:29:21 knautsch kernel: [17180085.456000] ipw2200: Firmware error detected. Restarting. May 4 23:29:21 knautsch kernel: [17180085.456000] ipw2200: Sysfs 'error' log captured. May 4 23:33:02 knautsch kernel: [17180306.316000] ipw2200: Firmware error detected. Restarting. May 4 23:33:02 knautsch kernel: [17180306.316000] ipw2200: Sysfs 'error' log already exists. May 4 23:33:02 knautsch kernel: [17180306.968000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:34:18 knautsch kernel: [17180383.256000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:34:18 knautsch kernel: [17180383.284000] SMB connection re-established (-5) May 4 23:37:19 knautsch kernel: [17180563.956000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:40:09 knautsch kernel: [17180733.636000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:40:26 knautsch kernel: [17180750.700000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:43:02 knautsch kernel: [17180907.304000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:43:08 knautsch kernel: [17180912.324000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:43:34 knautsch kernel: [17180938.416000] smb_errno: class Unknown, code 27499 from command 0x6b May 4 23:43:34 knautsch kernel: [17180938.416000] Slab corruption: start=c4ebe09c, len=244 May 4 23:43:34 knautsch kernel: [17180938.416000] Redzone: 0x5a2cf071/0x5a2cf071. May 4 23:43:34 knautsch kernel: [17180938.416000] Last user: [<e087b903>](smb_rput+0x53/0x90 [smbfs]) May 4 23:43:34 knautsch kernel: [17180938.416000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b May 4 23:43:34 knautsch kernel: [17180938.416000] 0f0: 00 fe ff ff May 4 23:43:34 knautsch kernel: [17180938.416000] Next obj: start=c4ebe19c, len=244 May 4 23:43:34 knautsch kernel: [17180938.416000] Redzone: 0x5a2cf071/0x5a2cf071. May 4 23:43:34 knautsch kernel: [17180938.416000] Last user: [<00000000>](_stext+0x3feffde0/0x30) May 4 23:43:34 knautsch kernel: [17180938.416000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b May 4 23:43:34 knautsch kernel: [17180938.416000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b May 4 23:43:34 knautsch kernel: [17180938.460000] SMB connection re-established (-5) May 4 23:43:42 knautsch kernel: [17180946.292000] ipw2200: Firmware error detected. Restarting. May 4 23:43:42 knautsch kernel: [17180946.292000] ipw2200: Sysfs 'error' log already exists. May 4 23:45:04 knautsch kernel: [17181028.752000] ipw2200: Firmware error detected. Restarting. May 4 23:45:04 knautsch kernel: [17181028.752000] ipw2200: Sysfs 'error' log already exists. May 4 23:45:05 knautsch kernel: [17181029.868000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:45:36 knautsch kernel: [17181060.984000] smb_errno: class Unknown, code 27499 from command 0x6b May 4 23:45:36 knautsch kernel: [17181060.984000] Slab corruption: start=c4ebe09c, len=244 May 4 23:45:36 knautsch kernel: [17181060.984000] Redzone: 0x5a2cf071/0x5a2cf071. May 4 23:45:36 knautsch kernel: [17181060.984000] Last user: [<e087b903>](smb_rput+0x53/0x90 [smbfs]) May 4 23:45:36 knautsch kernel: [17181060.984000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b May 4 23:45:36 knautsch kernel: [17181060.984000] 0f0: 00 fe ff ff May 4 23:45:36 knautsch kernel: [17181060.984000] Next obj: start=c4ebe19c, len=244 May 4 23:45:36 knautsch kernel: [17181060.984000] Redzone: 0x5a2cf071/0x5a2cf071. May 4 23:45:36 knautsch kernel: [17181060.984000] Last user: [<00000000>](_stext+0x3feffde0/0x30) May 4 23:45:36 knautsch kernel: [17181060.984000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b May 4 23:45:36 knautsch kernel: [17181060.984000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b May 4 23:45:36 knautsch kernel: [17181061.024000] SMB connection re-established (-5) May 4 23:46:17 knautsch kernel: [17181102.132000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:47:46 knautsch kernel: [17181190.468000] smb_errno: class Unknown, code 27499 from command 0x6b May 4 23:47:46 knautsch kernel: [17181190.468000] Slab corruption: start=c4ebe09c, len=244 May 4 23:47:46 knautsch kernel: [17181190.468000] Redzone: 0x5a2cf071/0x5a2cf071. May 4 23:47:46 knautsch kernel: [17181190.468000] Last user: [<e087b903>](smb_rput+0x53/0x90 [smbfs]) May 4 23:47:46 knautsch kernel: [17181190.468000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b May 4 23:47:46 knautsch kernel: [17181190.468000] 0f0: 00 fe ff ff May 4 23:47:46 knautsch kernel: [17181190.468000] Next obj: start=c4ebe19c, len=244 May 4 23:47:46 knautsch kernel: [17181190.468000] Redzone: 0x5a2cf071/0x5a2cf071. May 4 23:47:46 knautsch kernel: [17181190.468000] Last user: [<00000000>](_stext+0x3feffde0/0x30) May 4 23:47:46 knautsch kernel: [17181190.468000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b May 4 23:47:46 knautsch kernel: [17181190.468000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b May 4 23:47:46 knautsch kernel: [17181190.492000] SMB connection re-established (-5) May 4 23:49:20 knautsch kernel: [17181284.828000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:49:39 knautsch kernel: [17181303.896000] smb_file_read: //some_file validation failed, error=4294966784 Signed-off-by: Jan Niehusmann <jan@gondor.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] smbfs chroot issue (CVE-2006-1864)Olaf Kirch2006-05-151-0/+5
| | | | | | | | | | | | | | | Mark Moseley reported that a chroot environment on a SMB share can be left via "cd ..\\". Similar to CVE-2006-1863 issue with cifs, this fix is for smbfs. Steven French <sfrench@us.ibm.com> wrote: Looks fine to me. This should catch the slash on lookup or equivalent, which will be all obvious paths of interest. Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] autofs4: NFY_NONE wait race fixIan Kent2006-05-153-34/+58
| | | | | | | | | | | | | | | | | | | | This patch fixes two problems. First, the comparison of entries in the waitq.c was incorrect. Second, the NFY_NONE check was incorrect. The test of whether the dentry is mounted if ineffective, for example, if an expire fails then we could wait forever on a non existant expire. The bug was identified by Jeff Moyer. The patch changes autofs4 to wait on expires only as this is all that's needed. If there is no existing wait when autofs4_wait is call with a type of NFY_NONE it delays until either a wait appears or the the expire flag is cleared. Signed-off-by: Ian Kent <raven@themaw.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] fs/open.c: unexport sys_openatAdrian Bunk2006-05-151-1/+0
| | | | | | | | Remove the unused EXPORT_SYMBOL_GPL(sys_openat). Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Alternative fix for MMC oops on unmount after removalLinus Torvalds2006-05-121-1/+2
| | | | | | | | | | | | | | | | | | | | | | | Make sure to clear the driverfs_dev pointer when we do del_gendisk() (on disk removal), so that other users that may still have a ref to the disk won't try to use the stale pointer. Also move the KOBJ_REMOVE uevent handler up, so that the uevent still has access to the driverfs_dev data. This all should hopefully fix the problems with MMC umounts after device removals that caused commit 56cf6504fc1c0c221b82cebc16a444b684140fb7 and its reversal (1a2acc9e9214699a99389e323e6686e9e0e2ca67). Original problem reported by Todd Blumer and others. Acked-by: Greg KH <gregkh@suse.de> Cc: Russell King <rmk+lkml@arm.linux.org.uk> Cc: James Bottomley <James.Bottomley@SteelEye.com> Cc: Erik Mouw <erik@harddisk-recovery.com> Cc: Andrew Vasquez <andrew.vasquez@qlogic.com> Cc: Todd Blumer <todd@sdgsystems.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Merge git://oss.sgi.com:8090/xfs-2.6Linus Torvalds2006-05-084-20/+26
|\ | | | | | | | | | | | | * git://oss.sgi.com:8090/xfs-2.6: [XFS] Fix a possible metadata buffer (AGFL) refcount leak when fixing an [XFS] Fix a project quota space accounting leak on rename. [XFS] Fix a possible forced shutdown due to mishandling write barriers
| * [XFS] Fix a possible metadata buffer (AGFL) refcount leak when fixing anNathan Scott2006-05-081-1/+4
| | | | | | | | | | | | | | | | | | AG freelist. SGI-PV: 952681 SGI-Modid: xfs-linux-melb:xfs-kern:25902a Signed-off-by: Nathan Scott <nathans@sgi.com>
| * [XFS] Fix a project quota space accounting leak on rename.Nathan Scott2006-05-082-1/+13
| | | | | | | | | | | | | | SGI-PV: 951636 SGI-Modid: xfs-linux-melb:xfs-kern:25811a Signed-off-by: Nathan Scott <nathans@sgi.com>
| * [XFS] Fix a possible forced shutdown due to mishandling write barriersNathan Scott2006-05-081-18/+9
| | | | | | | | | | | | | | | | | | with remount,ro. SGI-PV: 951944 SGI-Modid: xfs-linux-melb:xfs-kern:25742a Signed-off-by: Nathan Scott <nathans@sgi.com>
* | [PATCH] fs/locks.c: Fix lease_initTrond Myklebust2006-05-081-9/+12
|/ | | | | | | | | | | | | | It is insane to be giving lease_init() the task of freeing the lock it is supposed to initialise, given that the lock is not guaranteed to be allocated on the stack. This causes lockups in fcntl_setlease(). Problem diagnosed by Daniel Hokka Zakrisson <daniel@hozac.com> Also fix a slab leak in __setlease() due to an uninitialised return value. Problem diagnosed by Björn Steinbrink. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Tested-by: Daniel Hokka Zakrisson <daniel@hozac.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] compat_sys_vmsplice: one-off in UIO_MAXIOV checkJens Axboe2006-05-041-1/+1
| | | | | | | | nr_segs may not be > UIO_MAXIOV, however it may be equal to. This makes the behaviour identical to the real sys_vmsplice(). The other foov syscalls also agree that this is the way to go. Signed-off-by: Jens Axboe <axboe@suse.de>
* [PATCH] splice: redo page lookup if add_to_page_cache() returns -EEXISTJens Axboe2006-05-041-0/+2
| | | | | | | | | This can happen quite easily, if several processes are trying to splice the same file at the same time. It's not a failure, it just means someone raced with us in allocating this file page. So just dump the allocated page and relookup the original. Signed-off-by: Jens Axboe <axboe@suse.de>
* [PATCH] splice: rename remaining info variables to pipeJens Axboe2006-05-041-10/+10
| | | | | | | Same thing was done in fs/pipe.c and most of fs/splice.c, but we had a few missing still. Signed-off-by: Jens Axboe <axboe@suse.de>
* [PATCH] splice: LRU fixupsJens Axboe2006-05-041-22/+11
| | | | | | | | Nick says that the current construct isn't safe. This goes back to the original, but sets PIPE_BUF_FLAG_LRU on user pages as well as they all seem to be on the LRU in the first place. Signed-off-by: Jens Axboe <axboe@suse.de>
* [PATCH] splice: fix unlocking of page on error ->prepare_write()Jens Axboe2006-05-041-3/+16
| | | | | | | | | Looking at generic_file_buffered_write(), we need to unlock_page() if prepare write fails and it isn't due to racing with truncate(). Also trim the size if ->prepare_write() fails, if we have to. Signed-off-by: Jens Axboe <axboe@suse.de>
* [PATCH] ext3: multile block allocate little endian fixesMingming Cao2006-05-031-5/+8
| | | | | | | | | | | | Some places in ext3 multiple block allocation code (in 2.6.17-rc3) don't handle the little endian well. This was resulting in *wrong* block numbers being assigned to in-memory block variables and then stored on disk eventually. The following patch has been verified to fix an ext3 filesystem failure when run ltp test on a 64 bit machine. Signed-off-by; Mingming Cao <cmm@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] vmsplice: restrict stealing a little moreJens Axboe2006-05-022-4/+4
| | | | | | | Apply the same rules as the anon pipe pages, only allow stealing if no one else is using the page. Signed-off-by: Jens Axboe <axboe@suse.de>
* [PATCH] splice: fix page LRU accountingJens Axboe2006-05-021-10/+21
| | | | | | | | | | | | Currently we rely on the PIPE_BUF_FLAG_LRU flag being set correctly to know whether we need to fiddle with page LRU state after stealing it, however for some origins we just don't know if the page is on the LRU list or not. So remove PIPE_BUF_FLAG_LRU and do this check/add manually in pipe_to_file() instead. Signed-off-by: Jens Axboe <axboe@suse.de>
* [PATCH] vmsplice: fix badly placed end paranthesisJens Axboe2006-05-021-1/+1
| | | | | | | | We need to use the minium of {len, PAGE_SIZE-off}, not {len, PAGE_SIZE}-off. The latter doesn't make any sense, and could cause us to attempt negative length transfers... Signed-off-by: Jens Axboe <axboe@suse.de>
* Merge branch 'splice' of git://brick.kernel.dk/data/git/linux-2.6-blockLinus Torvalds2006-05-013-122/+230
|\ | | | | | | | | | | | | | | | | | | | | * 'splice' of git://brick.kernel.dk/data/git/linux-2.6-block: [PATCH] vmsplice: allow user to pass in gift pages [PATCH] pipe: enable atomic copying of pipe data to/from user space [PATCH] splice: call handle_ra_miss() on failure to lookup page [PATCH] Add ->splice_read/splice_write to def_blk_fops [PATCH] pipe: introduce ->pin() buffer operation [PATCH] splice: fix bugs in pipe_to_file() [PATCH] splice: fix bugs with stealing regular pipe pages
| * [PATCH] vmsplice: allow user to pass in gift pagesJens Axboe2006-05-011-3/+25
| | | | | | | | | | | | | | | | | | | | | | If SPLICE_F_GIFT is set, the user is basically giving this pages away to the kernel. That means we can steal them for eg page cache uses instead of copying it. The data must be properly page aligned and also a multiple of the page size in length. Signed-off-by: Jens Axboe <axboe@suse.de>
| * [PATCH] pipe: enable atomic copying of pipe data to/from user spaceJens Axboe2006-05-012-25/+120
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The pipe ->map() method uses kmap() to virtually map the pages, which is both slow and has known scalability issues on SMP. This patch enables atomic copying of pipe pages, by pre-faulting data and using kmap_atomic() instead. lmbench bw_pipe and lat_pipe measurements agree this is a Good Thing. Here are results from that on a UP machine with highmem (1.5GiB of RAM), running first a UP kernel, SMP kernel, and SMP kernel patched. Vanilla-UP: Pipe bandwidth: 1622.28 MB/sec Pipe bandwidth: 1610.59 MB/sec Pipe bandwidth: 1608.30 MB/sec Pipe latency: 7.3275 microseconds Pipe latency: 7.2995 microseconds Pipe latency: 7.3097 microseconds Vanilla-SMP: Pipe bandwidth: 1382.19 MB/sec Pipe bandwidth: 1317.27 MB/sec Pipe bandwidth: 1355.61 MB/sec Pipe latency: 9.6402 microseconds Pipe latency: 9.6696 microseconds Pipe latency: 9.6153 microseconds Patched-SMP: Pipe bandwidth: 1578.70 MB/sec Pipe bandwidth: 1579.95 MB/sec Pipe bandwidth: 1578.63 MB/sec Pipe latency: 9.1654 microseconds Pipe latency: 9.2266 microseconds Pipe latency: 9.1527 microseconds Signed-off-by: Jens Axboe <axboe@suse.de>
| * [PATCH] splice: call handle_ra_miss() on failure to lookup pageJens Axboe2006-05-011-0/+6
| | | | | | | | | | | | | | Notify the readahead logic of the missing page. Suggested by Oleg Nesterov. Signed-off-by: Jens Axboe <axboe@suse.de>
| * [PATCH] Add ->splice_read/splice_write to def_blk_fopsJens Axboe2006-05-011-0/+2
| | | | | | | | | | | | It can use the generic handlers. Signed-off-by: Jens Axboe <axboe@suse.de>
| * [PATCH] pipe: introduce ->pin() buffer operationJens Axboe2006-05-012-77/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | The ->map() function is really expensive on highmem machines right now, since it has to use the slower kmap() instead of kmap_atomic(). Splice rarely needs to access the virtual address of a page, so it's a waste of time doing it. Introduce ->pin() to take over the responsibility of making sure the page data is valid. ->map() is then reduced to just kmap(). That way we can also share a most of the pipe buffer ops between pipe.c and splice.c Signed-off-by: Jens Axboe <axboe@suse.de>
| * [PATCH] splice: fix bugs in pipe_to_file()Jens Axboe2006-05-012-21/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Found by Oleg Nesterov <oleg@tv-sign.ru>, fixed by me. - Only allow full pages to go to the page cache. - Check page != buf->page instead of using PIPE_BUF_FLAG_STOLEN. - Remember to clear 'stolen' if add_to_page_cache() fails. And as a cleanup on that: - Make the bottom fall-through logic a little less convoluted. Also make the steal path hold an extra reference to the page, so we don't have to differentiate between stolen and non-stolen at the end. Signed-off-by: Jens Axboe <axboe@suse.de>
| * [PATCH] splice: fix bugs with stealing regular pipe pagesJens Axboe2006-04-302-3/+12
| | | | | | | | | | | | | | | | | | - Check that page has suitable count for stealing in the regular pipes. - pipe_to_file() assumes that the page is locked on succesful steal, so do that in the pipe steal hook - Missing unlock_page() in add_to_page_cache() failure. Signed-off-by: Jens Axboe <axboe@suse.de>
* | [PATCH] x86_64: Add compat_sys_vmsplice and use it in x86-64Andi Kleen2006-05-011-0/+20
|/ | | | | | Signed-off-by: Andi Kleen <ak@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] powerpc: Wire up *at syscallsAndreas Schwab2006-04-281-1/+1
| | | | | | | | | | | Wire up *at syscalls. This patch has been tested on ppc64 (using glibc's testsuite, both 32bit and 64bit), and compile-tested for ppc32 (I have currently no ppc32 system available, but I expect no problems). Signed-off-by: Andreas Schwab <schwab@suse.de> Signed-off-by: Paul Mackerras <paulus@samba.org>
* [PATCH] splice: make the read-side do batched page lookupsJens Axboe2006-04-271-30/+65
| | | | | | | | Use the new find_get_pages_contig() to potentially look up the entire splice range in one single call. This speeds up generic_file_splice_read() quite a bit. Signed-off-by: Jens Axboe <axboe@suse.de>
* [PATCH] splice: switch to using page_cache_readahead()Jens Axboe2006-04-271-2/+2
| | | | | | Avoids doing useless work, when the file is fully cached. Signed-off-by: Jens Axboe <axboe@suse.de>
* [PATCH] LSM: add missing hook to do_compat_readv_writev()James Morris2006-04-261-0/+4
| | | | | | | | | | | | | | | This patch addresses a flaw in LSM, where there is no mediation of readv() and writev() in for 32-bit compatible apps using a 64-bit kernel. This bug was discovered and fixed initially in the native readv/writev code [1], but was not fixed in the compat code. Thanks to Al for spotting this one. [1] http://lwn.net/Articles/154282/ Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] protect ext3 ioctl modifying append_only, immutable, etc. with i_mutexAl Viro2006-04-261-4/+14
| | | | | | | | | All modifications of ->i_flags in inodes that might be visible to somebody else must be under ->i_mutex. That patch fixes ext3 ioctl() setting S_APPEND and friends. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] forgotten ->b_data in memcpy() call in ext3/resize.c (oopsable)Al Viro2006-04-261-1/+1
| | | | | | | | | | | | | | sbi->s_group_desc is an array of pointers to buffer_head. memcpy() of buffer size from address of buffer_head is a bad idea - it will generate junk in any case, may oops if buffer_head is close to the end of slab page and next page is not mapped and isn't what was intended there. IOW, ->b_data is missing in that call. Fortunately, result doesn't go into the primary on-disk data structures, so only backup ones get crap written to them; that had allowed this bug to remain unnoticed until now. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Merge branch 'splice' of git://brick.kernel.dk/data/git/linux-2.6-blockLinus Torvalds2006-04-261-73/+282
|\ | | | | | | | | | | | | | | | | * 'splice' of git://brick.kernel.dk/data/git/linux-2.6-block: [PATCH] splice: add ->splice_write support for /dev/null [PATCH] splice: rearrange moving to/from pipe helpers [PATCH] Add support for the sys_vmsplice syscall [PATCH] splice: fix offset problems [PATCH] splice: fix min() warning
| * [PATCH] splice: rearrange moving to/from pipe helpersJens Axboe2006-04-261-24/+11
| | | | | | | | | | | | We need these for people writing their own ->splice_read/write hooks. Signed-off-by: Jens Axboe <axboe@suse.de>
| * [PATCH] Add support for the sys_vmsplice syscallJens Axboe2006-04-261-39/+253
| | | | | | | | | | | | | | | | | | | | | | sys_splice() moves data to/from pipes with a file input/output. sys_vmsplice() moves data to a pipe, with the input being a user address range instead. This uses an approach suggested by Linus, where we can hold partial ranges inside the pages[] map. Hopefully this will be useful for network receive support as well. Signed-off-by: Jens Axboe <axboe@suse.de>
| * [PATCH] splice: fix offset problemsJens Axboe2006-04-261-19/+27
| | | | | | | | | | | | | | | | | | | | Make the move_from_pipe() actors return number of bytes processed, then move_from_pipe() can decide more cleverly when to move on to the next buffer. This fixes problems with pipe offset and differing file offset. Signed-off-by: Jens Axboe <axboe@suse.de>
| * [PATCH] splice: fix min() warningAndrew Morton2006-04-261-1/+1
| | | | | | | | | | Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Jens Axboe <axboe@suse.de>
* | [fuse] fix race between checking and setting file->private_dataMiklos Szeredi2006-04-261-5/+8
| | | | | | | | | | | | | | | | | | | | BKL does not protect against races if the task may sleep between checking and setting a value. So move checking of file->private_data near to setting it in fuse_fill_super(). Found by Al Viro. Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
* | [fuse] fix deadlock between fuse_put_super() and request_end(), try #2Miklos Szeredi2006-04-261-2/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A deadlock was possible, when the last reference to the superblock was held due to a background request containing a file reference. Releasing the file would release the vfsmount which in turn would release the superblock. Since sbput_sem is held during the fput() and fuse_put_super() tries to acquire this same semaphore, a deadlock results. The solution is to move the fput() outside the region protected by sbput_sem. Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
* | Revert "[fuse] fix deadlock between fuse_put_super() and request_end()"Miklos Szeredi2006-04-263-36/+31
|/ | | | | | | | | | | | | This reverts 73ce8355c243a434524a34c05cc417dd0467996e commit. It was wrong, because it didn't take into account the requirement, that iput() for background requests must be performed synchronously with ->put_super(), otherwise active inodes may remain after unmount. The right solution is to keep the sbput_sem and perform iput() within the locked region, but move fput() outside sbput_sem. Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
* [CIFS] Fix compile error when CONFIG_CIFS_EXPERIMENTAL is undefinedSteve French2006-04-241-1/+4
| | | | | Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* Merge master.kernel.org:/pub/scm/linux/kernel/git/sfrench/cifs-2.6-stableLinus Torvalds2006-04-2313-115/+138
|\ | | | | | | | | | | | | | | | | * master.kernel.org:/pub/scm/linux/kernel/git/sfrench/cifs-2.6-stable: [CIFS] Fix typo in previous [CIFS] Readdir fixes to allow search to start at arbitrary position [CIFS] Use the kthread_ API instead of opencoding lots of hairy code for kernel [CIFS] Don't allow a backslash in a path component [CIFS] [CIFS] Do not take rename sem on most path based calls (during
| * [CIFS] Fix typo in previousSteve French2006-04-231-1/+1
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Readdir fixes to allow search to start at arbitrary positionSteve French2006-04-227-36/+74
| | | | | | | | | | | | | | | | | | in directory Also includes first part of fix to compensate for servers which forget to return . and .. as well as updates to changelog and cifs readme. Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Use the kthread_ API instead of opencoding lots of hairy code for kernelSteve French2006-04-211-49/+50
| | | | | | | | | | | | | | | | | | | | | | | | thread creation and teardown. It does not move the cifsd thread handling to kthread due to problems found in testing with wakeup of threads blocked in the socket peek api, but the other cifs kernel threads now use kthread. Also cleanup cifs_init to properly unwind when thread creation fails. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] Don't allow a backslash in a path componentSteve French2006-04-211-0/+14
| | | | | | | | | | | | | | | | Unless Posix paths have been negotiated, the backslash, "\", is not a valid character in a path component. Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
| * [CIFS] [CIFS] Do not take rename sem on most path based calls (duringSteve French2006-04-217-30/+0
| | | | | | | | | | | | | | | | building of full path) to avoid hang rename/readdir hang Reported by Alan Tyson Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [PATCH] Fix reiserfs deadlockJan Kara2006-04-221-2/+3
|/ | | | | | | | | | | | | | reiserfs_cache_default_acl() should return whether we successfully found the acl or not. We have to return correct value even if reiserfs_get_acl() returns error code and not just 0. Otherwise callers such as reiserfs_mkdir() can unnecessarily lock the xattrs and later functions such as reiserfs_new_inode() fail to notice that we have already taken the lock and try to take it again with obvious consequences. Signed-off-by: Jan Kara <jack@suse.cz> Cc: <reiserfs-dev@namesys.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
OpenPOWER on IntegriCloud