Commit Graph

1369 Commits

Author SHA1 Message Date
Daniel Drake
894ec8707c [PATCH] Fix listxattr() for generic security attributes
Commit f549d6c18c introduced a generic
fallback for security xattrs, but appears to include a subtle bug.

Gentoo users with kernels with selinux compiled in, and coreutils compiled
with acl support, noticed that they could not copy files on tmpfs using
'cp'.

cp (compiled with acl support) copies the file, lists the extended
attributes on the old file, copies them all to the new file, and then
exits.  However the listxattr() calls were failing with this odd behaviour:

llistxattr("a.out", (nil), 0)           = 17
llistxattr("a.out", 0x7fffff8c6cb0, 17) = -1 ERANGE (Numerical result out of
range)

I believe this is a simple problem in the logic used to check the buffer
sizes; if the user sends a buffer the exact size of the data, then its ok
:)

This change solves the problem.
More info can be found at http://bugs.gentoo.org/113138

Signed-off-by: Daniel Drake <dsd@gentoo.org>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-12-12 08:57:42 -08:00
Trond Myklebust
3b6efee923 NFSv4: Fix an Oops in the synchronous write path
- Missing initialisation of attribute bitmask in _nfs4_proc_write()
 - On success, _nfs4_proc_write() must return number of bytes written.
 - Missing post_op_update_inode() in _nfs4_proc_write()
 - Missing initialisation of attribute bitmask in _nfs4_proc_commit()
 - Missing post_op_update_inode() in _nfs4_proc_commit()

 Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2005-12-03 15:20:21 -05:00
Trond Myklebust
5ba7cc4801 NFS: Fix post-op attribute revalidation...
- Missing nfs_mark_for_revalidate in nfs_proc_link()
  - Missing nfs_mark_for_revalidate in nfs_rename()

 Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2005-12-03 15:20:17 -05:00
Trond Myklebust
bb713d6d38 NFS: use set_page_writeback() in the appropriate places
Ensure that we use set_page_writeback() in the appropriate places
 to help the VM in keeping its page radix_tree in sync.

 Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2005-12-03 15:20:14 -05:00
Trond Myklebust
24aa1fe677 NFS: Fix a few further cache consistency regressions
Steve Dickson writes:
 Doing the following:
 1. On server:
 $ mkdir ~/t
 $ echo Hello > ~/t/tmp

 2. On client, wait for a string to appear in this file:
 $ until grep -q foo t/tmp ; do echo -n . ; sleep 1 ; done

 3. On server, create a *new* file with the same name containing that
 string:
 $ mv ~/t/tmp ~/t/tmp.old; echo foo > ~/t/tmp

 will show how the client will never (and I mean never ;-) ) see
 the updated file.

 The problem is that we do not update nfsi->cache_change_attribute when the
 file changes on the server (we only update it when our client makes the
 changes). This again means that functions like nfs_check_verifier() will
 fail to register when the parent directory has changed and should trigger
 a dentry lookup revalidation.

 Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2005-12-03 15:20:07 -05:00
Steve Dickson
223db122bf NFS: Fix cache consistency regression
Make sure cache_change_attribute is initialized to jiffies
 so when the mtime changes on directory, the directory
 will be refreshed.

 Signed-off by: Steve Dickson <steved@redhat.com>
 Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2005-12-03 15:20:03 -05:00
Steve French
25741b3e43 [CIFS] For previous fix, mode on mkdir needed S_IFDIR left out.
Signed-off-by: Steve French <sfrench@us.ibm.com>
2005-11-29 22:38:43 -08:00
Steve French
2a138ebb01 [CIFS] Missing parenthesis and typo in previous fix
Signed-off-by: Steve French <sfrench@us.ibm.com>
2005-11-29 21:22:19 -08:00
Steve French
606c0dafbe Merge with /pub/scm/linux/kernel/git/torvalds/linux-2.6.git 2005-11-29 20:56:07 -08:00
Steve French
6ab16d2495 [CIFS] Fix umount --force to wake up the pending response queue, not just
the request queue. Also periodically wakeup response_q so threads can
check if stuck requests have timed out. Workaround Windows server illegal smb
length on transact2 findfirst response.

Signed-off-by: Steve French <sfrench@us.ibm.com>
2005-11-29 20:55:11 -08:00
Steve French
6473a559c3 [CIFS] Fix missing permission check on setattr when noperm mount option is
disabled.  Also set mode, uid, gid better on mkdir and create for the
case when Unix Extensions is not enabled and setuids is enabled. This is
necessary to fix the hole in which chown could be allowed for non-root
users in some cases if root mounted, and also to display the mode and uid
properly in some cases.

Signed-off-by: Steve French <sfrench@us.ibm.com>
2005-11-29 20:20:10 -08:00
Roman Zippel
b0b623c3b2 [PATCH] hfsplus: don't modify journaled volume
Access to a journaled HFS+ volume is not officially supported under Linux, so
mount such a volume read-only, but users can override this behaviour using the
"force" mount option.

The minimum requirement to relax this check is to at least check that the
journal is empty and so nothing needs to be replayed to make sure the volume
is consistent.

Signed-off-by: Roman Zippel <zippel@linux-m68k.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-29 19:47:03 -08:00
Jeff Mahoney
576f6d7956 [PATCH] reiserfs: handle cnode allocation failure gracefully
If an external device is used for a journal, by default it will use the
entire device.  The reiserfs journal code allocates structures per journal
block when it mounts the file system.  If the journal device is too large,
and memory cannot be allocated for the structures, it will continue and
ultimately panic when it can't pull one off the free list.

This patch handles the allocation failure gracefully and prints an error
message at mount time.

Changes: Updated error message to be more descriptive to the user.

Discussed and approved on ReiserFS Mailing List, Nov 28.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-29 19:47:03 -08:00
Linus Torvalds
c9cfcddfd6 VM: add common helper function to create the page tables
This logic was duplicated four times, for no good reason.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-29 14:03:14 -08:00
Thomas Gleixner
21eeb7aa11 [JFFS2] Fix the slab cache constructor of 'struct jffs2_inode_info' objects.
JFFS2 initialize f->sem mutex as "locked" in the slab constructor which is a
bug. Objects are freed with unlocked f->sem mutex. So, when they allocated
again, f->sem is unlocked because the slab cache constructor is not called for
them. The constructor is called only once when memory pages are allocated for
objects (namely, when the slab layer allocates new slabs). So, sometimes
'struct jffs2_inode_info' are allocated with unlocked f->sem, sometimes with
locked. This is a bug. Instead, initialize f->sem as unlocked in the
constructor. I.e., in the "constructed" state f->sem must be unlocked.

From: Keijiro Yano <keijiro_yano@yahoo.co.jp>
Acked-by: Artem B. Bityutskiy <dedekind@infradead.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2005-11-29 16:57:17 +01:00
Miklos Szeredi
2827d0b23b [PATCH] fuse: check for invalid node ID in fuse_create_open()
Check for invalid node ID values in the new atomic create+open method.

Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-28 14:42:26 -08:00
Miklos Szeredi
f007d5c961 [PATCH] fuse: check directory aliasing in mkdir
Check the created directory inode for aliases in the mkdir() method.

Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-28 14:42:26 -08:00
Jan Kara
154f484b92 [PATCH] Fix oops in vfs_quotaon_mount()
When quota file specified in mount options did not exist, we tried to
dereference NULL pointer later. Fix it.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-28 14:42:26 -08:00
Latchesar Ionkov
a93a117eaa [PATCH] v9fs: fix memory leak in v9fs dentry code
Assign the appropriate dentry operations to the dentry. Fixes memory leak.

Signed-off-by: Latchesar Ionkov <lucho@ionkov.net>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-28 14:42:25 -08:00
Glauber de Oliveira Costa
aa877b3dc9 [PATCH] ext3: Wrong return value for EXT3_IOC_GROUP_ADD
This patch corrects the return value for the EXT3_IOC_GROUP_ADD in case it
fails due to the presence of multiple resizers at the filesystem.

The problem is a little bit more serious than a wrong return value in this
case, since the clause err=0 in the exit_journal path will lead to a call
to update_backups which in turns causes a NULL pointer dereference.

Signed-off-by: Glauber de Oliveira Costa <glommer@br.ibm.com>
Cc: "Stephen C. Tweedie" <sct@redhat.com>
Cc: Andreas Dilger <adilger@clusterfs.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-28 14:42:24 -08:00
Oleg Drokin
7729ac5efe [PATCH] reiserfs: fix 32-bit overflow in map_block_for_writepage()
I now see another overflow in reiserfs that should lead to data corruptions
with files that are bigger than 4G under certain circumstances when using
mmap.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-28 14:42:23 -08:00
Linus Torvalds
6aab341e0a mm: re-architect the VM_UNPAGED logic
This replaces the (in my opinion horrible) VM_UNMAPPED logic with very
explicit support for a "remapped page range" aka VM_PFNMAP.  It allows a
VM area to contain an arbitrary range of page table entries that the VM
never touches, and never considers to be normal pages.

Any user of "remap_pfn_range()" automatically gets this new
functionality, and doesn't even have to mark the pages reserved or
indeed mark them any other way.  It just works.  As a side effect, doing
mmap() on /dev/mem works for arbitrary ranges.

Sparc update from David in the next commit.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-28 14:34:23 -08:00
Steve French
3abb92722a [CIFS] When file is deleted locally but later recreated on the server
fix cifs negative dentries so they are freed faster (not requiring
umount or readdir e.g.) so the client recognizes the new file on
the server more quickly.

Signed-off-by: Steve French <sfrench@us.ibm.com>
2005-11-28 08:16:13 -08:00
Trond Myklebust
b37b03b705 NFS: Fix a spinlock recursion inside nfs_update_inode()
In cases where the server has gone insane, nfs_update_inode() may end
 up calling nfs_invalidate_inode(), which again calls stuff that takes
 the inode->i_lock that we're already holding.

 In addition, given the sort of things we have in NFS these days that
 need to be cleaned up on inode release, I'm not sure we should ever
 be calling make_bad_inode().

 Fix up spinlock recursion, and limit nfs_invalidate_inode() to clearing
 the caches, and marking the inode as being stale.

 Thanks to Steve Dickson <SteveD@redhat.com> for spotting this.

 Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2005-11-25 17:11:29 -05:00
Trond Myklebust
ff6040667a NFSv4: Fix typo in lock caching
When caching locks due to holding a file delegation, we must always
 check against local locks before sending anything to the server.

 Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2005-11-25 17:11:29 -05:00
Trond Myklebust
36f20c6df7 NFSv4: Fix buggy nfs_wait_on_sequence()
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2005-11-25 17:11:28 -05:00
Nathan Scott
551c81e2d3 [XFS] Resolve the xlog_grant_log_space hang, revert inline to macro.
SGI-PV: 946205
SGI-Modid: xfs-linux-melb:xfs-kern:24567a

Signed-off-by: Nathan Scott <nathans@sgi.com>
2005-11-25 16:42:28 +11:00
Nathan Scott
e0144ca553 [XFS] Fix a case where attr2 format was being used unconditionally.
SGI-PV: 941645
SGI-Modid: xfs-linux-melb:xfs-kern:24566a

Signed-off-by: Nathan Scott <nathans@sgi.com>
2005-11-25 16:42:22 +11:00
Felix Blyakher
6b2cf618cc [XFS] Tight loop in xfs_finish_reclaim_all prevented the xfslogd to run
its queue of IO completion callbacks, thus creating the deadlock between
umount and xfslogd. Breaking the loop solves the problem.

SGI-PV: 943821
SGI-Modid: xfs-linux-melb:xfs-kern:202363a

Signed-off-by: Felix Blyakher <felixb@sgi.com>
Signed-off-by: Nathan Scott <nathans@sgi.com>
2005-11-25 16:42:13 +11:00
Nathan Scott
a4656391b7 [XFS] Fix a 32 bit value wraparound when providing a mapping for a large
direct write.

SGI-PV: 944820
SGI-Modid: xfs-linux-melb:xfs-kern:24351a

Signed-off-by: Nathan Scott <nathans@sgi.com>
2005-11-25 16:41:57 +11:00
Christoph Hellwig
f33c6797bc [XFS] handle error returns from freeze_bdev
SGI-PV: 945483
SGI-Modid: xfs-linux-melb:xfs-kern:201884a

Signed-off-by: Christoph Hellwig <hch@sgi.com>
Signed-off-by: Nathan Scott <nathans@sgi.com>
2005-11-25 16:41:47 +11:00
Eric Sandeen
55b02d74e1 [XFS] Fix potential overflow in xfs_iomap_t delta for very large extents
SGI-PV: 945311
SGI-Modid: xfs-linux-melb:xfs-kern:201708a

Signed-off-by: Eric Sandeen <sandeen@sgi.com>
Signed-off-by: Nathan Scott <nathans@sgi.com>
2005-11-25 16:41:33 +11:00
Andrew Morton
02b7068221 [PATCH] jffs2 debug gcc-2.9x fix
Work around gcc-2.95.x macro expansion bug.

Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-23 16:08:39 -08:00
Oleg Nesterov
962b564cf1 [PATCH] fix do_wait() vs exec() race
When non-leader thread does exec, de_thread adds old leader to the init's
->children list in EXIT_ZOMBIE state and drops tasklist_lock.

This means that release_task(leader) in de_thread() is racy vs do_wait()
from init task.

I think de_thread() should set old leader's state to EXIT_DEAD instead.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: george anzinger <george@mvista.com>
Cc: Roland Dreier <rolandd@cisco.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-23 16:08:39 -08:00
David Gibson
74a8a65c52 [PATCH] Fix hugetlbfs_statfs() reporting of block limits
Currently, if a hugetlbfs is mounted without limits (the default), statfs()
will return -1 for max/free/used blocks.  This does not appear to be in
line with normal convention: simple_statfs() and shmem_statfs() both return
0 in similar cases.  Worse, it confuses the translation logic in
put_compat_statfs(), causing it to return -EOVERFLOW on such a mount.

This patch alters hugetlbfs_statfs() to return 0 for max/free/used blocks
on a mount without limits.  Note that we need the test in the patch below,
rather than just using 0 in the sbinfo structure, because the -1 marked in
the free blocks field is used internally to tell the

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-22 09:13:43 -08:00
David Gibson
86e07ce71a [PATCH] Fix error handling with put_compat_statfs()
In fs/compat.c, whenever put_compat_statfs() returns an error, the
containing syscall returns -EFAULT.  This is presumably by analogy with the
non-compat case, where any non-zero code from copy_to_user() should be
translated into an EFAULT.  However, put_compat_statfs() is also return
-EOVERFLOW.  The same applies for put_compat_statfs64().

This bug can be observed with a statfs() on a hugetlbfs directory.
hugetlbfs, when mounted without limits reports available, free and total
blocks as -1 (itself a bug, another patch coming).  statfs() will
mysteriously return EFAULT although it's parameters are perfectly valid
addresses.

This patch causes the compat versions of statfs() and statfs64() to
correctly propogate the return values from put_compat_statfs() and
put_compat_statfs64().

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-22 09:13:43 -08:00
Linus Torvalds
1a324727ca Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2005-11-21 10:46:34 -08:00
Alexandra Kossovsky
4909724b5d [COMPAT] net: SIOCGIFCONF data corruption
From: Alexandra Kossovsky <Alexandra.Kossovsky@oktetlabs.ru>

From http://bugzilla.kernel.org/show_bug.cgi?id=4746

There is user data corruption when using ioctl(SIOCGIFCONF) in 32-bit
application running amd64 kernel. I do not think that this problem is
exploitable, but any data corruption may lead to security problems.
Following code demonstrates the problem

#include <stdint.h>
#include <stdio.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <net/if.h>
#include <sys/ioctl.h>

char buf[256];

main()
{
	int s = socket(AF_INET, SOCK_DGRAM, 0);
	struct ifconf req;
	int i;

	req.ifc_buf = buf;
	req.ifc_len = 41;

	printf("Result %d\n", ioctl(s, SIOCGIFCONF, &req));
	printf("Len %d\n", req.ifc_len);
	for (i = 41; i < 256; i++)
		if (buf[i] != 0)
			printf("Byte %d is corrupted\n", i);
}
	
Steps to reproduce:
Compile the code above into 32-bit elf and run it. You'll get
Result 0
Len 32
Byte 48 is corrupted
Byte 52 is corrupted
Byte 53 is corrupted
Byte 54 is corrupted
Byte 55 is corrupted

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-11-20 13:41:59 -08:00
Andi Kleen
9e18fcdd34 [PATCH] Remove compat ioctl semaphore
Originally for 2.6.16, but the semaphore causes problems for some
people so get rid of it now.

It's not needed anymore because the ioctl hash table is never changed
at run time now.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-20 11:52:59 -08:00
Steve French
1e6b39fbb6 Merge with /pub/scm/linux/kernel/git/torvalds/linux-2.6.git 2005-11-19 21:05:42 -08:00
Steve French
cdbce9c87e [CIFS] Fix setattr of mode only (e.g. in some chmod cases) to Windows
so it does not return EACCESS (unless server really returns that).

Signed-off-by: Steve French <sfrench@us.ibm.com>
2005-11-19 21:04:52 -08:00
Steve French
86c96b4bb7 [CIFS] Fix mknod of block and chardev over SFU mounts
Signed-off-by: Steve French <sfrench@us.ibm.com>
2005-11-18 20:25:31 -08:00
David S. Miller
bcb6ad1f5a [COMPAT]: EXT3_IOC_SETVERSION is _IOW() not _IOR().
Noticed by Helge Deller.

Signed-off-by: David S. Miller <davem@davemloft.net>
2005-11-18 14:50:20 -08:00
Steve French
c119b87d59 [CIFS] Missing part of previous patch
Signed-off-by: Steve French <sfrench@us.ibm.com>
2005-11-18 12:27:27 -08:00
Steve French
3020a1f58c [CIFS] Fix scheduling while atomic when pending writes at file close time
Fix the case in which readdir reset file type when SFU mount option
specified.

Also fix sfu related functions to not request EAs (xattrs) when not
configured in Kconfig

Signed-off-by: Steve French <sfrench@us.ibm.com>
2005-11-18 11:31:10 -08:00
Steve French
87c89dd733 [CIFS] Vectored and async i/o turned on and correct the
writev and aio_write to flush properly.

This is Christoph's patch merged with the new nobrl file operations

Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>

From: Christoph Hellwig <hch@lst.de>

 - support vectored and async aio ops unconditionally - this is above
   the pagecache and transparent to the fs
 - remove cifs_read_wrapper.  it was only doing silly checks and
   calling generic_file_write in all cases.
 - use do_sync_read/do_sync_write as read/write operations.  They call
   ->readv/->writev which we now always implemente.
 - add the filemap_fdatawrite calls to writev/aio_write which were
   missing previously compared to plain write.  no idea what the point
   behind them is, but let's be consistent at least..

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Steven French <sfrench@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
2005-11-17 17:03:00 -08:00
Steve French
9e294f1c4d [CIFS] Recognize properly symlinks and char/blk devices (not just
FIFOs) created by SFU (part 2 of 2).

    Thanks to Martin Koeppe for useful analysis.

    Signed-off-by: Steve French <sfrench@us.ibm.com>
2005-11-17 16:59:21 -08:00
David S. Miller
d5ea655376 [COMPAT]: Add ext3 ioctl translations.
So things like on-line resizing et al. work.

Based almost entirely upon a patch by Guido Günther <agx@sigxcpu.org>

Signed-off-by: David S. Miller <davem@davemloft.net>
2005-11-17 15:04:34 -08:00
Steve French
0f2b27c438 [CIFS] Fix sparse warnings on smb bcc (byte count)
Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2005-11-16 14:25:50 -08:00
David S. Miller
6e87abd0b8 [DVB]: Add compat ioctl handling.
Based upon a patch by Guido Guenther <agx@sigxcpu.org>.

Some of these ioctls had embedded time_t objects
or pointers, so needed translation.

Signed-off-by: David S. Miller <davem@davemloft.net>
2005-11-16 00:52:57 -08:00