Commit Graph

12608 Commits

Author SHA1 Message Date
Jeff Layton
fa82a49127 nfsd: only set file_lock.fl_lmops in nfsd4_lockt if a stateowner is found
nfsd4_lockt does a search for a lockstateowner when building the lock
struct to test. If one is found, it'll set fl_owner to it. Regardless of
whether that happens, it'll also set fl_lmops. Given that this lock is
basically a "lightweight" lock that's just used for checking conflicts,
setting fl_lmops is probably not appropriate for it.

This behavior exposed a bug in DLM's GETLK implementation where it
wasn't clearing out the fields in the file_lock before filling in
conflicting lock info. While we were able to fix this in DLM, it
still seems pointless and dangerous to set the fl_lmops this way
when we may have a NULL lockstateowner.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@pig.fieldses.org>
2009-01-27 17:26:59 -05:00
J. Bruce Fields
b914152a6f nfsd: fix cred leak on every rpc
Since override_creds() took its own reference on new, we need to release
our own reference.

(Note the put_cred on the return value puts the *old* value of
current->creds, not the new passed-in value).

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-01-27 17:26:59 -05:00
J. Bruce Fields
bf935a7881 nfsd: fix null dereference on error path
We're forgetting to check the return value from groups_alloc().

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-01-27 17:26:58 -05:00
Linus Torvalds
a90e8a75fb Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/dlm
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/dlm:
  dlm: initialize file_lock struct in GETLK before copying conflicting lock
  dlm: fix plock notify callback to lockd
2009-01-26 10:42:05 -08:00
Linus Torvalds
cc597bc3d3 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-quota-2.6
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-quota-2.6:
  ocfs2: Remove ocfs2_dquot_initialize() and ocfs2_dquot_drop()
  quota: Improve locking
2009-01-26 10:41:00 -08:00
Linus Torvalds
ed80386295 Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6:
  klist.c: bit 0 in pointer can't be used as flag
  debugfs: introduce stub for debugfs_create_size_t() when DEBUG_FS=n
  sysfs: fix problems with binary files
  PNP: fix broken pnp lowercasing for acpi module aliases
  driver core: Convert '/' to '!' in dev_set_name()
2009-01-26 10:40:28 -08:00
Linus Torvalds
a1c70a756f Merge branch 'Kconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/adobriyan/misc
* 'Kconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/adobriyan/misc: (36 commits)
  fs/Kconfig: move 9p out
  fs/Kconfig: move afs out
  fs/Kconfig: move coda out
  fs/Kconfig: move the rest of ncpfs out
  fs/Kconfig: move smbfs out
  fs/Kconfig: move sunrpc out
  fs/Kconfig: move nfsd out
  fs/Kconfig: move nfs out
  fs/Kconfig: move ufs out
  fs/Kconfig: move sysv out
  fs/Kconfig: move romfs out
  fs/Kconfig: move qnx4 out
  fs/Kconfig: move hpfs out
  fs/Kconfig: move omfs out
  fs/Kconfig: move minix out
  fs/Kconfig: move vxfs out
  fs/Kconfig: move squashfs out
  fs/Kconfig: move cramfs out
  fs/Kconfig: move efs out
  fs/Kconfig: move bfs out
  ...
2009-01-26 10:08:50 -08:00
Vegard Nossum
3632dee2f8 inotify: clean up inotify_read and fix locking problems
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.

The best fix (contributed largely by Linus) is a total rewrite
of the function in question:

On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
>  - locking is done in just one place, and there is no question about it
>   not having an unlock.
>
>  - that whole double-while(1)-loop thing is gone.
>
>  - use multiple functions to make nesting and error handling sane
>
>  - do error testing after doing the things you always need to do, ie do
>   this:
>
>        mutex_lock(..)
>        ret = function_call();
>        mutex_unlock(..)
>
>        .. test ret here ..
>
>   instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.

Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-26 10:08:05 -08:00
Linus Torvalds
2d07d4d1bb Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
  fuse: fix poll notify
  fuse: destroy bdi on umount
  fuse: fuse_fill_super error handling cleanup
  fuse: fix missing fput on error
  fuse: fix NULL deref in fuse_file_alloc()
2009-01-26 09:49:22 -08:00
Miklos Szeredi
f6d47a1761 fuse: fix poll notify
Move fuse_copy_finish() to before calling fuse_notify_poll_wakeup().
This is not a big issue because fuse_notify_poll_wakeup() should be
atomic, but it's cleaner this way, and later uses of notification will
need to be able to finish the copying before performing some actions.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
2009-01-26 15:00:59 +01:00
Miklos Szeredi
26c3679101 fuse: destroy bdi on umount
If a fuse filesystem is unmounted but the device file descriptor
remains open and a new mount reuses the old device number, then the
mount fails with EEXIST and the following warning is printed in the
kernel log:

  WARNING: at fs/sysfs/dir.c:462 sysfs_add_one+0x35/0x3d()
  sysfs: duplicate filename '0:15' can not be created

The cause is that the bdi belonging to the fuse filesystem was
destoryed only after the device file was released.  Fix this by
calling bdi_destroy() from fuse_put_super() instead.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
CC: stable@kernel.org
2009-01-26 15:00:59 +01:00
Miklos Szeredi
c2b8f00690 fuse: fuse_fill_super error handling cleanup
Clean up error handling for the whole of fuse_fill_super() function.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
2009-01-26 15:00:58 +01:00
Miklos Szeredi
3ddf1e7f57 fuse: fix missing fput on error
Fix the leaking file reference if allocation or initialization of
fuse_conn failed.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
CC: stable@kernel.org
2009-01-26 15:00:58 +01:00
Dan Carpenter
bb875b38dc fuse: fix NULL deref in fuse_file_alloc()
ff is set to NULL and then dereferenced on line 65.  Compile tested only.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
CC: stable@kernel.org
2009-01-26 15:00:58 +01:00
Alexey Dobriyan
0fcb440889 fs/Kconfig: move 9p out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:16:01 +03:00
Alexey Dobriyan
b2480c7fbf fs/Kconfig: move afs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:16:01 +03:00
Alexey Dobriyan
33a1a6fedf fs/Kconfig: move coda out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:16:01 +03:00
Alexey Dobriyan
9d7d6447ef fs/Kconfig: move the rest of ncpfs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:16:01 +03:00
Alexey Dobriyan
213a41d404 fs/Kconfig: move smbfs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:16:01 +03:00
Alexey Dobriyan
9098c24f35 fs/Kconfig: move sunrpc out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:16:00 +03:00
Alexey Dobriyan
e2b329e200 fs/Kconfig: move nfsd out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:16:00 +03:00
Alexey Dobriyan
97afe47ac3 fs/Kconfig: move nfs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:16:00 +03:00
Alexey Dobriyan
a276a52f9f fs/Kconfig: move ufs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:16:00 +03:00
Alexey Dobriyan
8af915ba1d fs/Kconfig: move sysv out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:59 +03:00
Alexey Dobriyan
41810246df fs/Kconfig: move romfs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:59 +03:00
Alexey Dobriyan
4c7415830c fs/Kconfig: move qnx4 out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:59 +03:00
Alexey Dobriyan
928ea19295 fs/Kconfig: move hpfs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:59 +03:00
Alexey Dobriyan
da55e6f928 fs/Kconfig: move omfs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:58 +03:00
Alexey Dobriyan
8b1cd7d3c5 fs/Kconfig: move minix out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:58 +03:00
Alexey Dobriyan
22135169dd fs/Kconfig: move vxfs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:58 +03:00
Alexey Dobriyan
22635ec9e0 fs/Kconfig: move squashfs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:58 +03:00
Alexey Dobriyan
2a22783be0 fs/Kconfig: move cramfs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:58 +03:00
Alexey Dobriyan
571f0a0bde fs/Kconfig: move efs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:57 +03:00
Alexey Dobriyan
0ff423849d fs/Kconfig: move bfs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:57 +03:00
Alexey Dobriyan
0b09eb3298 fs/Kconfig: move befs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:57 +03:00
Alexey Dobriyan
b08bac1f18 fs/Kconfig: move hfs, hfsplus out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:57 +03:00
Alexey Dobriyan
295c896cb9 fs/Kconfig: move ecryptfs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:56 +03:00
Alexey Dobriyan
10951bf05d fs/Kconfig: move affs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:56 +03:00
Alexey Dobriyan
bc2de2ae67 fs/Kconfig: move adfs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:56 +03:00
Alexey Dobriyan
4591dabe27 fs/Kconfig: move configfs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:56 +03:00
Alexey Dobriyan
5f3a211a8b fs/Kconfig: move sysfs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:56 +03:00
Alexey Dobriyan
9d73ac9e8f fs/Kconfig: move ntfs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:55 +03:00
Alexey Dobriyan
1c6ace019b fs/Kconfig: move fat out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:55 +03:00
Alexey Dobriyan
ddfaccd995 fs/Kconfig: move iso9660, udf out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:55 +03:00
Alexey Dobriyan
3ef7784e47 fs/Kconfig: move fuse out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:55 +03:00
Alexey Dobriyan
90ffd46793 fs/Kconfig: move autofs, autofs4 out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:54 +03:00
Alexey Dobriyan
335debee07 fs/Kconfig: move btrfs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:54 +03:00
Alexey Dobriyan
2fe4371dff fs/Kconfig: move ocfs2 out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:54 +03:00
Alexey Dobriyan
f5c77969b3 fs/Kconfig: move jfs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:54 +03:00
Alexey Dobriyan
b16ecfe2f9 fs/Kconfig: move reiserfs out
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
2009-01-22 13:15:53 +03:00