summaryrefslogtreecommitdiff
path: root/fs
AgeCommit message (Collapse)AuthorFilesLines
2006-05-15[PATCH] smbfs chroot issue (CVE-2006-1864)Olaf Kirch1-0/+5
Mark Moseley reported that a chroot environment on a SMB share can be left via "cd ..\\". Similar to CVE-2006-1863 issue with cifs, this fix is for smbfs. Steven French <sfrench@us.ibm.com> wrote: Looks fine to me. This should catch the slash on lookup or equivalent, which will be all obvious paths of interest. Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15[PATCH] autofs4: NFY_NONE wait race fixIan Kent3-34/+58
This patch fixes two problems. First, the comparison of entries in the waitq.c was incorrect. Second, the NFY_NONE check was incorrect. The test of whether the dentry is mounted if ineffective, for example, if an expire fails then we could wait forever on a non existant expire. The bug was identified by Jeff Moyer. The patch changes autofs4 to wait on expires only as this is all that's needed. If there is no existing wait when autofs4_wait is call with a type of NFY_NONE it delays until either a wait appears or the the expire flag is cleared. Signed-off-by: Ian Kent <raven@themaw.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15[PATCH] fs/open.c: unexport sys_openatAdrian Bunk1-1/+0
Remove the unused EXPORT_SYMBOL_GPL(sys_openat). Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-13Alternative fix for MMC oops on unmount after removalLinus Torvalds1-1/+2
Make sure to clear the driverfs_dev pointer when we do del_gendisk() (on disk removal), so that other users that may still have a ref to the disk won't try to use the stale pointer. Also move the KOBJ_REMOVE uevent handler up, so that the uevent still has access to the driverfs_dev data. This all should hopefully fix the problems with MMC umounts after device removals that caused commit 56cf6504fc1c0c221b82cebc16a444b684140fb7 and its reversal (1a2acc9e9214699a99389e323e6686e9e0e2ca67). Original problem reported by Todd Blumer and others. Acked-by: Greg KH <gregkh@suse.de> Cc: Russell King <rmk+lkml@arm.linux.org.uk> Cc: James Bottomley <James.Bottomley@SteelEye.com> Cc: Erik Mouw <erik@harddisk-recovery.com> Cc: Andrew Vasquez <andrew.vasquez@qlogic.com> Cc: Todd Blumer <todd@sdgsystems.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-09Merge git://oss.sgi.com:8090/xfs-2.6Linus Torvalds4-20/+26
* git://oss.sgi.com:8090/xfs-2.6: [XFS] Fix a possible metadata buffer (AGFL) refcount leak when fixing an [XFS] Fix a project quota space accounting leak on rename. [XFS] Fix a possible forced shutdown due to mishandling write barriers
2006-05-08[PATCH] fs/locks.c: Fix lease_initTrond Myklebust1-9/+12
It is insane to be giving lease_init() the task of freeing the lock it is supposed to initialise, given that the lock is not guaranteed to be allocated on the stack. This causes lockups in fcntl_setlease(). Problem diagnosed by Daniel Hokka Zakrisson <daniel@hozac.com> Also fix a slab leak in __setlease() due to an uninitialised return value. Problem diagnosed by Björn Steinbrink. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Tested-by: Daniel Hokka Zakrisson <daniel@hozac.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-08[XFS] Fix a possible metadata buffer (AGFL) refcount leak when fixing anNathan Scott1-1/+4
AG freelist. SGI-PV: 952681 SGI-Modid: xfs-linux-melb:xfs-kern:25902a Signed-off-by: Nathan Scott <nathans@sgi.com>
2006-05-08[XFS] Fix a project quota space accounting leak on rename.Nathan Scott2-1/+13
SGI-PV: 951636 SGI-Modid: xfs-linux-melb:xfs-kern:25811a Signed-off-by: Nathan Scott <nathans@sgi.com>
2006-05-08[XFS] Fix a possible forced shutdown due to mishandling write barriersNathan Scott1-18/+9
with remount,ro. SGI-PV: 951944 SGI-Modid: xfs-linux-melb:xfs-kern:25742a Signed-off-by: Nathan Scott <nathans@sgi.com>
2006-05-04[PATCH] compat_sys_vmsplice: one-off in UIO_MAXIOV checkJens Axboe1-1/+1
nr_segs may not be > UIO_MAXIOV, however it may be equal to. This makes the behaviour identical to the real sys_vmsplice(). The other foov syscalls also agree that this is the way to go. Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-04[PATCH] splice: redo page lookup if add_to_page_cache() returns -EEXISTJens Axboe1-0/+2
This can happen quite easily, if several processes are trying to splice the same file at the same time. It's not a failure, it just means someone raced with us in allocating this file page. So just dump the allocated page and relookup the original. Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-04[PATCH] splice: rename remaining info variables to pipeJens Axboe1-10/+10
Same thing was done in fs/pipe.c and most of fs/splice.c, but we had a few missing still. Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-04[PATCH] splice: LRU fixupsJens Axboe1-22/+11
Nick says that the current construct isn't safe. This goes back to the original, but sets PIPE_BUF_FLAG_LRU on user pages as well as they all seem to be on the LRU in the first place. Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-04[PATCH] splice: fix unlocking of page on error ->prepare_write()Jens Axboe1-3/+16
Looking at generic_file_buffered_write(), we need to unlock_page() if prepare write fails and it isn't due to racing with truncate(). Also trim the size if ->prepare_write() fails, if we have to. Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-04[PATCH] ext3: multile block allocate little endian fixesMingming Cao1-5/+8
Some places in ext3 multiple block allocation code (in 2.6.17-rc3) don't handle the little endian well. This was resulting in *wrong* block numbers being assigned to in-memory block variables and then stored on disk eventually. The following patch has been verified to fix an ext3 filesystem failure when run ltp test on a 64 bit machine. Signed-off-by; Mingming Cao <cmm@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-02[PATCH] vmsplice: restrict stealing a little moreJens Axboe2-4/+4
Apply the same rules as the anon pipe pages, only allow stealing if no one else is using the page. Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-02[PATCH] splice: fix page LRU accountingJens Axboe1-10/+21
Currently we rely on the PIPE_BUF_FLAG_LRU flag being set correctly to know whether we need to fiddle with page LRU state after stealing it, however for some origins we just don't know if the page is on the LRU list or not. So remove PIPE_BUF_FLAG_LRU and do this check/add manually in pipe_to_file() instead. Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-02[PATCH] vmsplice: fix badly placed end paranthesisJens Axboe1-1/+1
We need to use the minium of {len, PAGE_SIZE-off}, not {len, PAGE_SIZE}-off. The latter doesn't make any sense, and could cause us to attempt negative length transfers... Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-02Merge branch 'splice' of git://brick.kernel.dk/data/git/linux-2.6-blockLinus Torvalds3-122/+230
* 'splice' of git://brick.kernel.dk/data/git/linux-2.6-block: [PATCH] vmsplice: allow user to pass in gift pages [PATCH] pipe: enable atomic copying of pipe data to/from user space [PATCH] splice: call handle_ra_miss() on failure to lookup page [PATCH] Add ->splice_read/splice_write to def_blk_fops [PATCH] pipe: introduce ->pin() buffer operation [PATCH] splice: fix bugs in pipe_to_file() [PATCH] splice: fix bugs with stealing regular pipe pages
2006-05-02[PATCH] x86_64: Add compat_sys_vmsplice and use it in x86-64Andi Kleen1-0/+20
Signed-off-by: Andi Kleen <ak@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-01[PATCH] vmsplice: allow user to pass in gift pagesJens Axboe1-3/+25
If SPLICE_F_GIFT is set, the user is basically giving this pages away to the kernel. That means we can steal them for eg page cache uses instead of copying it. The data must be properly page aligned and also a multiple of the page size in length. Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-01[PATCH] pipe: enable atomic copying of pipe data to/from user spaceJens Axboe2-25/+120
The pipe ->map() method uses kmap() to virtually map the pages, which is both slow and has known scalability issues on SMP. This patch enables atomic copying of pipe pages, by pre-faulting data and using kmap_atomic() instead. lmbench bw_pipe and lat_pipe measurements agree this is a Good Thing. Here are results from that on a UP machine with highmem (1.5GiB of RAM), running first a UP kernel, SMP kernel, and SMP kernel patched. Vanilla-UP: Pipe bandwidth: 1622.28 MB/sec Pipe bandwidth: 1610.59 MB/sec Pipe bandwidth: 1608.30 MB/sec Pipe latency: 7.3275 microseconds Pipe latency: 7.2995 microseconds Pipe latency: 7.3097 microseconds Vanilla-SMP: Pipe bandwidth: 1382.19 MB/sec Pipe bandwidth: 1317.27 MB/sec Pipe bandwidth: 1355.61 MB/sec Pipe latency: 9.6402 microseconds Pipe latency: 9.6696 microseconds Pipe latency: 9.6153 microseconds Patched-SMP: Pipe bandwidth: 1578.70 MB/sec Pipe bandwidth: 1579.95 MB/sec Pipe bandwidth: 1578.63 MB/sec Pipe latency: 9.1654 microseconds Pipe latency: 9.2266 microseconds Pipe latency: 9.1527 microseconds Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-01[PATCH] splice: call handle_ra_miss() on failure to lookup pageJens Axboe1-0/+6
Notify the readahead logic of the missing page. Suggested by Oleg Nesterov. Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-01[PATCH] Add ->splice_read/splice_write to def_blk_fopsJens Axboe1-0/+2
It can use the generic handlers. Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-01[PATCH] pipe: introduce ->pin() buffer operationJens Axboe2-77/+53
The ->map() function is really expensive on highmem machines right now, since it has to use the slower kmap() instead of kmap_atomic(). Splice rarely needs to access the virtual address of a page, so it's a waste of time doing it. Introduce ->pin() to take over the responsibility of making sure the page data is valid. ->map() is then reduced to just kmap(). That way we can also share a most of the pipe buffer ops between pipe.c and splice.c Signed-off-by: Jens Axboe <axboe@suse.de>
2006-05-01[PATCH] splice: fix bugs in pipe_to_file()Jens Axboe2-21/+19
Found by Oleg Nesterov <oleg@tv-sign.ru>, fixed by me. - Only allow full pages to go to the page cache. - Check page != buf->page instead of using PIPE_BUF_FLAG_STOLEN. - Remember to clear 'stolen' if add_to_page_cache() fails. And as a cleanup on that: - Make the bottom fall-through logic a little less convoluted. Also make the steal path hold an extra reference to the page, so we don't have to differentiate between stolen and non-stolen at the end. Signed-off-by: Jens Axboe <axboe@suse.de>
2006-04-30[PATCH] splice: fix bugs with stealing regular pipe pagesJens Axboe2-3/+12
- Check that page has suitable count for stealing in the regular pipes. - pipe_to_file() assumes that the page is locked on succesful steal, so do that in the pipe steal hook - Missing unlock_page() in add_to_page_cache() failure. Signed-off-by: Jens Axboe <axboe@suse.de>
2006-04-28[PATCH] powerpc: Wire up *at syscallsAndreas Schwab1-1/+1
Wire up *at syscalls. This patch has been tested on ppc64 (using glibc's testsuite, both 32bit and 64bit), and compile-tested for ppc32 (I have currently no ppc32 system available, but I expect no problems). Signed-off-by: Andreas Schwab <schwab@suse.de> Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-04-27[PATCH] splice: make the read-side do batched page lookupsJens Axboe1-30/+65
Use the new find_get_pages_contig() to potentially look up the entire splice range in one single call. This speeds up generic_file_splice_read() quite a bit. Signed-off-by: Jens Axboe <axboe@suse.de>
2006-04-27[PATCH] splice: switch to using page_cache_readahead()Jens Axboe1-2/+2
Avoids doing useless work, when the file is fully cached. Signed-off-by: Jens Axboe <axboe@suse.de>
2006-04-26[PATCH] LSM: add missing hook to do_compat_readv_writev()James Morris1-0/+4
This patch addresses a flaw in LSM, where there is no mediation of readv() and writev() in for 32-bit compatible apps using a 64-bit kernel. This bug was discovered and fixed initially in the native readv/writev code [1], but was not fixed in the compat code. Thanks to Al for spotting this one. [1] http://lwn.net/Articles/154282/ Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-26[PATCH] protect ext3 ioctl modifying append_only, immutable, etc. with i_mutexAl Viro1-4/+14
All modifications of ->i_flags in inodes that might be visible to somebody else must be under ->i_mutex. That patch fixes ext3 ioctl() setting S_APPEND and friends. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-26[PATCH] forgotten ->b_data in memcpy() call in ext3/resize.c (oopsable)Al Viro1-1/+1
sbi->s_group_desc is an array of pointers to buffer_head. memcpy() of buffer size from address of buffer_head is a bad idea - it will generate junk in any case, may oops if buffer_head is close to the end of slab page and next page is not mapped and isn't what was intended there. IOW, ->b_data is missing in that call. Fortunately, result doesn't go into the primary on-disk data structures, so only backup ones get crap written to them; that had allowed this bug to remain unnoticed until now. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-26Merge branch 'splice' of git://brick.kernel.dk/data/git/linux-2.6-blockLinus Torvalds1-73/+282
* 'splice' of git://brick.kernel.dk/data/git/linux-2.6-block: [PATCH] splice: add ->splice_write support for /dev/null [PATCH] splice: rearrange moving to/from pipe helpers [PATCH] Add support for the sys_vmsplice syscall [PATCH] splice: fix offset problems [PATCH] splice: fix min() warning
2006-04-26[PATCH] splice: rearrange moving to/from pipe helpersJens Axboe1-24/+11
We need these for people writing their own ->splice_read/write hooks. Signed-off-by: Jens Axboe <axboe@suse.de>
2006-04-26[PATCH] Add support for the sys_vmsplice syscallJens Axboe1-39/+253
sys_splice() moves data to/from pipes with a file input/output. sys_vmsplice() moves data to a pipe, with the input being a user address range instead. This uses an approach suggested by Linus, where we can hold partial ranges inside the pages[] map. Hopefully this will be useful for network receive support as well. Signed-off-by: Jens Axboe <axboe@suse.de>
2006-04-26[fuse] fix race between checking and setting file->private_dataMiklos Szeredi1-5/+8
BKL does not protect against races if the task may sleep between checking and setting a value. So move checking of file->private_data near to setting it in fuse_fill_super(). Found by Al Viro. Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
2006-04-26[fuse] fix deadlock between fuse_put_super() and request_end(), try #2Miklos Szeredi1-2/+11
A deadlock was possible, when the last reference to the superblock was held due to a background request containing a file reference. Releasing the file would release the vfsmount which in turn would release the superblock. Since sbput_sem is held during the fput() and fuse_put_super() tries to acquire this same semaphore, a deadlock results. The solution is to move the fput() outside the region protected by sbput_sem. Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
2006-04-26Revert "[fuse] fix deadlock between fuse_put_super() and request_end()"Miklos Szeredi3-36/+31
This reverts 73ce8355c243a434524a34c05cc417dd0467996e commit. It was wrong, because it didn't take into account the requirement, that iput() for background requests must be performed synchronously with ->put_super(), otherwise active inodes may remain after unmount. The right solution is to keep the sbput_sem and perform iput() within the locked region, but move fput() outside sbput_sem. Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
2006-04-26[PATCH] splice: fix offset problemsJens Axboe1-19/+27
Make the move_from_pipe() actors return number of bytes processed, then move_from_pipe() can decide more cleverly when to move on to the next buffer. This fixes problems with pipe offset and differing file offset. Signed-off-by: Jens Axboe <axboe@suse.de>
2006-04-26[PATCH] splice: fix min() warningAndrew Morton1-1/+1
Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Jens Axboe <axboe@suse.de>
2006-04-24[CIFS] Fix compile error when CONFIG_CIFS_EXPERIMENTAL is undefinedSteve French1-1/+4
Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-04-23Merge master.kernel.org:/pub/scm/linux/kernel/git/sfrench/cifs-2.6-stableLinus Torvalds13-115/+138
* master.kernel.org:/pub/scm/linux/kernel/git/sfrench/cifs-2.6-stable: [CIFS] Fix typo in previous [CIFS] Readdir fixes to allow search to start at arbitrary position [CIFS] Use the kthread_ API instead of opencoding lots of hairy code for kernel [CIFS] Don't allow a backslash in a path component [CIFS] [CIFS] Do not take rename sem on most path based calls (during
2006-04-23[CIFS] Fix typo in previousSteve French1-1/+1
Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-04-22[PATCH] Fix reiserfs deadlockJan Kara1-2/+3
reiserfs_cache_default_acl() should return whether we successfully found the acl or not. We have to return correct value even if reiserfs_get_acl() returns error code and not just 0. Otherwise callers such as reiserfs_mkdir() can unnecessarily lock the xattrs and later functions such as reiserfs_new_inode() fail to notice that we have already taken the lock and try to take it again with obvious consequences. Signed-off-by: Jan Kara <jack@suse.cz> Cc: <reiserfs-dev@namesys.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-22[CIFS] Readdir fixes to allow search to start at arbitrary positionSteve French7-36/+74
in directory Also includes first part of fix to compensate for servers which forget to return . and .. as well as updates to changelog and cifs readme. Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-04-22[CIFS] Use the kthread_ API instead of opencoding lots of hairy code for kernelSteve French1-49/+50
thread creation and teardown. It does not move the cifsd thread handling to kthread due to problems found in testing with wakeup of threads blocked in the socket peek api, but the other cifs kernel threads now use kthread. Also cleanup cifs_init to properly unwind when thread creation fails. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-04-21[CIFS] Don't allow a backslash in a path componentSteve French1-0/+14
Unless Posix paths have been negotiated, the backslash, "\", is not a valid character in a path component. Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-04-21[CIFS] [CIFS] Do not take rename sem on most path based calls (duringSteve French7-30/+0
building of full path) to avoid hang rename/readdir hang Reported by Alan Tyson Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-04-20[PATCH] splice: fix smaller sized splice readsJens Axboe1-1/+12
Signed-off-by: Jens Axboe <axboe@suse.de>