1. 17 Oct, 2006 8 commits
    • J. Bruce Fields's avatar
      [PATCH] knfsd: nfsd4: fix owner-override on open · dc730e17
      J. Bruce Fields authored
      
      
      If a client creates a file using an open which sets the mode to 000, or if a
      chmod changes permissions after a file is opened, then situations may arise
      where an NFS client knows that some IO is permitted (because a process holds
      the file open), but the NFS server does not (because it doesn't know about the
      open, and only sees that the IO conflicts with the current mode of the file).
      
      As a hack to solve this problem, NFS servers normally allow the owner to
      override permissions on IO.  The client can still enforce correct
      permissions-checking on open by performing an explicit access check.
      
      In NFSv4 the client can rely on the explicit on-the-wire open instead of an
      access check.
      
      Therefore we should not be allowing the owner to override permissions on an
      over-the-wire open!
      
      However, we should still allow the owner to override permissions in the case
      where the client is claiming an open that it already made either before a
      reboot, or while it was holding a delegation.
      
      Thanks to Jim Rees for reporting the bug.
      Signed-off-by: default avatarJ. Bruce Fields <bfields@citi.umich.edu>
      Signed-off-by: default avatarNeil Brown <neilb@suse.de>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      dc730e17
    • Miklos Szeredi's avatar
      [PATCH] fuse: fix dereferencing dentry parent · e956edd0
      Miklos Szeredi authored
      
      
      There's no locking for ->d_revalidate, so fuse_dentry_revalidate() should use
      dget_parent() instead of simply dereferencing ->d_parent.
      
      Due to topology changes in the directory tree the parent could become negative
      or be destroyed while being used.  There hasn't been any reports about this
      yet.
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      e956edd0
    • Miklos Szeredi's avatar
      [PATCH] fuse: fix handling of moved directory · d2a85164
      Miklos Szeredi authored
      
      
      Fuse considered it an error (EIO) if lookup returned a directory inode, to
      which a dentry already refered.  This is because directory aliases are not
      allowed.
      
      But in a network filesystem this could happen legitimately, if a directory is
      moved on a remote client.  This patch attempts to relax the restriction by
      trying to first evict the offending alias from the cache.  If this fails, it
      still returns an error (EBUSY).
      
      A rarer situation is if an mkdir races with an indenpendent lookup, which
      finds the newly created directory already moved.  In this situation the mkdir
      should return success, but that would be incorrect, since the dentry cannot be
      instantiated, so return EBUSY.
      
      Previously checking for a directory alias and instantiation of the dentry
      weren't done atomically in lookup/mkdir, hence two such calls racing with each
      other could create aliased directories.  To prevent this introduce a new
      per-connection mutex: fuse_conn->inst_mutex, which is taken for instantiations
      with a directory inode.
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      d2a85164
    • Miklos Szeredi's avatar
      [PATCH] fuse: fix spurious BUG · 265126ba
      Miklos Szeredi authored
      
      
      Fix a spurious BUG in an unlikely race, where at least three parallel lookups
      return the same inode, but with different file type.  This has not yet been
      observed in real life.
      
      Allowing unlimited retries could delay fuse_iget() indefinitely, but this is
      really for the broken userspace filesystem to worry about.
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      265126ba
    • Miklos Szeredi's avatar
      [PATCH] fuse: locking fix for nlookup · 8da5ff23
      Miklos Szeredi authored
      
      
      An inode could be returned by independent parallel lookups, in this case an
      update of the lookup counter could be lost resulting in a memory leak in
      userspace.
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      8da5ff23
    • Miklos Szeredi's avatar
      [PATCH] fuse: fix hang on SMP · 9ffbb916
      Miklos Szeredi authored
      
      
      Fuse didn't always call i_size_write() with i_mutex held which caused rare
      hangs on SMP/32bit.  This bug has been present since fuse-2.2, well before
      being merged into mainline.
      
      The simplest solution is to protect i_size_write() with the per-connection
      spinlock.  Using i_mutex for this purpose would require some restructuring of
      the code and I'm not even sure it's always safe to acquire i_mutex in all
      places i_size needs to be set.
      
      Since most of vmtruncate is already duplicated for other reasons, duplicate
      the remaining part as well, making all i_size_write() calls internal to fuse.
      
      Using i_size_write() was unnecessary in fuse_init_inode(), since this function
      is only called on a newly created locked inode.
      
      Reported by a few people over the years, but special thanks to Dana Henriksen
      who was persistent enough in helping me debug it.
      Signed-off-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      9ffbb916
    • Andrew Morton's avatar
      [PATCH] PROC_NUMBUF is wrong · 0187f879
      Andrew Morton authored
      
      
      Actually, the decimal representation of a 32-bit signed number can take 12
      bytes, including the \0.
      
      And then some code adds a \n as well, so let's give it 13 bytes.
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      0187f879
    • Dave Kleikamp's avatar
      [PATCH] null dereference in fs/jbd2/journal.c · 5eb30790
      Dave Kleikamp authored
      This is Eric Sesterhenn's jbd patch applied to jbd2.
      Commit: 41716c7c
      
      His words:
      
      Since commit d1807793
      
       we dereference a NULL
      pointer.  Coverity id #1432.  We set journal to NULL, and use it directly
      afterwards.
      Signed-off-by: default avatarDave Kleikamp <shaggy@austin.ibm.com>
      Cc: Eric Sesterhenn <snakebyte@gmx.de>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      5eb30790
  2. 15 Oct, 2006 2 commits
  3. 13 Oct, 2006 1 commit
    • Petr Vandrovec's avatar
      [PATCH] Get core dump code to work... · 7f14daa1
      Petr Vandrovec authored
      
      
      The file based core dump code was broken by pipe changes - a relative
      llseek returns the absolute file position on success, not the relative
      one, so dump_seek() always failed when invoked with non-zero current
      position.
      
      Only success/failure can be tested with relative lseek, we have to trust
      kernel that on success we've got right file offset.  With this fix in
      place I have finally real core files instead of 1KB fragments...
      Signed-off-by: default avatarPetr Vandrovec <petr@vandrovec.name>
      [ Cleaned it up a bit while here - use SEEK_CUR instead of hardcoding 1 ]
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      7f14daa1
  4. 12 Oct, 2006 11 commits
  5. 11 Oct, 2006 18 commits
    • Steve French's avatar
      acf1a1b1
    • Steve French's avatar
      [CIFS] fix typo in previous patch · ddae957d
      Steve French authored
      
      Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
      ddae957d
    • Steve French's avatar
      533f90af
    • Steve French's avatar
      [CIFS] Do not need to adjust for Jan/Feb for leap day · 70903ca0
      Steve French authored
      
      calculation in 2100 (year divisible by 100)
      Signed-off-by: default avatarYehuda Sadeh Weinraub <Yehuda.Sadeh@expand.com>
      Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
      70903ca0
    • Al Viro's avatar
      [PATCH] misuse of strstr · 4b4fcaa1
      Al Viro authored
      
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      4b4fcaa1
    • Andreas Mohr's avatar
      [PATCH] fs/bio.c: tweaks · bf02c082
      Andreas Mohr authored
      
      
      - Calculate a variable in bvec_alloc_bs() only once needed, not earlier
        (bio.o down from 18408 to 18376 Bytes, 32 Bytes saved, probably due to
        data locality improvements).
      
      - Init variable idx to silence a gcc warning which already existed in the
        unmodified original base file (bvec_alloc_bs() handles idx correctly, so
        there's no need for the warning):
      
      	fs/bio.c: In function `bio_alloc_bioset':
      	fs/bio.c:169: warning: `idx' may be used uninitialized in this function
      Signed-off-by: default avatarAndreas Mohr <andi@lisas.de>
      Acked-by: default avatarJens Axboe <axboe@kernel.dk>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      bf02c082
    • David Howells's avatar
      [PATCH] VFS: Destroy the dentries contributed by a superblock on unmounting · c636ebdb
      David Howells authored
      
      
      The attached patch destroys all the dentries attached to a superblock in one go
      by:
      
       (1) Destroying the tree rooted at s_root.
      
       (2) Destroying every entry in the anon list, one at a time.
      
       (3) Each entry in the anon list has its subtree consumed from the leaves
           inwards.
      
      This reduces the amount of work generic_shutdown_super() does, and avoids
      iterating through the dentry_unused list.
      
      Note that locking is almost entirely absent in the shrink_dcache_for_umount*()
      functions added by this patch.  This is because:
      
       (1) at the point the filesystem calls generic_shutdown_super(), it is not
           permitted to further touch the superblock's set of dentries, and nor may
           it remove aliases from inodes;
      
       (2) the dcache memory shrinker now skips dentries that are being unmounted;
           and
      
       (3) the superblock no longer has any external references through which the VFS
           can reach it.
      
      Given these points, the only locking we need to do is when we remove dentries
      from the unused list and the name hashes, which we do a directory's worth at a
      time.
      
      We also don't need to guard against reference counts going to zero unexpectedly
      and removing bits of the tree we're working on as nothing else can call dput().
      
      A cut down version of dentry_iput() has been folded into
      shrink_dcache_for_umount_subtree() function.  Apart from not needing to unlock
      things, it also doesn't need to check for inotify watches.
      
      In this version of the patch, the complaint about a dentry still being in use
      has been expanded from a single BUG_ON() and now gives much more information.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarNeilBrown <neilb@suse.de>
      Acked-by: default avatarIan Kent <raven@themaw.net>
      Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      c636ebdb
    • David Howells's avatar
      [PATCH] AUTOFS: Make sure all dentries refs are released before calling kill_anon_super() · 6ce31523
      David Howells authored
      
      
      Make sure all dentries refs are released before calling kill_anon_super() so
      that the assumption that generic_shutdown_super() can completely destroy the
      dentry tree for there will be no external references holds true.
      
      What was being done in the put_super() superblock op, is now done in the
      kill_sb() filesystem op instead, prior to calling kill_anon_super().
      
      This makes the struct autofs_sb_info::root member variable redundant (since
      sb->s_root is still available), and so that is removed.  The calls to
      shrink_dcache_sb() are also removed since they're also redundant as
      shrink_dcache_for_umount() will now be called after the cleanup routine.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarIan Kent <raven@themaw.net>
      Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      6ce31523
    • David Howells's avatar
      [PATCH] ReiserFS: Make sure all dentries refs are released before calling kill_block_super() · edc666e2
      David Howells authored
      
      
      Make sure all dentries refs are released before calling kill_block_super()
      so that the assumption that generic_shutdown_super() can completely destroy
      the dentry tree for there will be no external references holds true.
      
      What was being done in the put_super() superblock op, is now done in the
      kill_sb() filesystem op instead, prior to calling kill_block_super().
      
      Changes made in [try #2]:
      
       (*) reiserfs_kill_sb() now checks that the superblock FS info pointer is set
           before trying to dereference it.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Cc: "Rafael J. Wysocki" <rjw@sisk.pl>
      Cc: <reiserfs-dev@namesys.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      edc666e2
    • Alexey Dobriyan's avatar
      [PATCH] fs/*: use BUILD_BUG_ON · 2ecd05ae
      Alexey Dobriyan authored
      
      Signed-off-by: default avatarAlexey Dobriyan <adobriyan@gmail.com>
      Cc: David Woodhouse <dwmw2@infradead.org>
      Cc: David Howells <dhowells@redhat.com>
      Cc: Mark Fasheh <mark.fasheh@oracle.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      2ecd05ae
    • Monakhov Dmitriy's avatar
      [PATCH] D-cache aliasing issue in __block_prepare_write · 8c581651
      Monakhov Dmitriy authored
      
      
      A couple of flush_dcache_page()s are missing on the I/O-error paths.
      
      Cc: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      8c581651
    • Eric Sesterhenn's avatar
      [PATCH] Remove unnecessary check in fs/fat/inode.c · 97e860d3
      Eric Sesterhenn authored
      
      
      Aince all callers dereference sb, and this function does so earlier too, we
      dont need the check.
      Signed-off-by: default avatarEric Sesterhenn <snakebyte@gmx.de>
      Acked-by: default avatarOGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      97e860d3
    • Maciej W. Rozycki's avatar
      [PATCH] 32-bit compatibility HDIO IOCTLs · 39484e53
      Maciej W. Rozycki authored
      
      
      A couple of HDIO IOCTLs are not yet handled and a few others are marked
      as using a pointer rather than an unsigned long.  The formers include:
      
      HDIO_GET_WCACHE, HDIO_GET_ACOUSTIC, HDIO_GET_ADDRESS and
      HDIO_GET_BUSSTATE.  The latters are: HDIO_SET_MULTCOUNT,
      HDIO_SET_UNMASKINTR, HDIO_SET_KEEPSETTINGS, HDIO_SET_32BIT,
      HDIO_SET_NOWERR, HDIO_SET_DMA, HDIO_SET_PIO_MODE and HDIO_SET_NICE.
      
      Additionally 0x330 used to be HDIO_GETGEO_BIG and may be issued by 32-bit
      `hdparm' run on a 64-bit kernel making Linux complain loudly.
      
      This is a fix for these issues.
      Signed-off-by: default avatarMaciej W. Rozycki <macro@linux-mips.org>
      Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
      Acked-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      39484e53
    • Vasily Averin's avatar
      [PATCH] ext2: errors behaviour fix · 5a2b4062
      Vasily Averin authored
      
      
      Current error behaviour for ext2 and ext3 filesystems does not fully
      correspond to the documentation and should be fixed.
      
      According to man 8 mount, ext2 and ext3 file systems allow to set one of 3
      different on-errors behaviours:
      
        ---- start of quote man 8 mount ----
      
        errors=continue / errors=remount-ro / errors=panic
      
          Define the behaviour when an error is encountered.  (Either ignore
          errors and just mark the file system erroneous and continue, or remount
          the file system read-only, or panic and halt the system.) The default is
          set in the filesystem superblock, and can be changed using tune2fs(8).
      
        ---- end of quote ----
      
      However EXT3_ERRORS_CONTINUE is not read from the superblock, and thus
      ERRORS_CONT is not saved on the sbi->s_mount_opt.  It leads to the incorrect
      handle of errors on ext3.
      
      Then we've checked corresponding code in ext2 and discovered that it is buggy
      as well:
      
      - EXT2_ERRORS_CONTINUE is not read from the superblock (the same);
      
      - parse_option() does not clean the alternative values and thus something
        like (ERRORS_CONT|ERRORS_RO) can be set;
      
      - if options are omitted, parse_option() does not set any of these options.
      
      Therefore it is possible to set any combination of these options on the ext2:
      
      - none of them may be set: EXT2_ERRORS_CONTINUE on superblock / empty mount
        options;
      
      - any of them may be set using mount options;
      
      - 2 any options may be set: by using EXT2_ERRORS_RO/EXT2_ERRORS_PANIC on the
        superblock and other value in mount options;
      
      - and finally all three options may be set by adding third option in remount.
      
      Currently ext2 uses these values only in ext2_error() and it is not leading to
      any noticeable troubles.  However somebody may be discouraged when he will try
      to workaround EXT2_ERRORS_PANIC on the superblock by using errors=continue in
      mount options.
      
      This patch:
      
      EXT2_ERRORS_CONTINUE should be read from the superblock as default value for
      error behaviour.  parse_option() should clean the alternative options and
      should not change default value taken from the superblock.
      Signed-off-by: default avatarVasily Averin <vvs@sw.ru>
      Acked-by: default avatarKirill Korotaev <dev@openvz.org>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      5a2b4062
    • Dmitry Mishin's avatar
      [PATCH] ext3: errors behaviour fix · 2245d7c2
      Dmitry Mishin authored
      
      
      Current error behaviour for ext2 and ext3 filesystems does not fully
      correspond to the documentation and should be fixed.
      
      According to man 8 mount, ext2 and ext3 file systems allow to set one of 3
      different on-errors behaviours:
      
        ---- start of quote man 8 mount ----
      
        errors=continue / errors=remount-ro / errors=panic
      
          Define the behaviour when an error is encountered.  (Either ignore
          errors and just mark the file system erroneous and continue, or remount
          the file system read-only, or panic and halt the system.) The default is
          set in the filesystem superblock, and can be changed using tune2fs(8).
      
        ---- end of quote ----
      
      However EXT3_ERRORS_CONTINUE is not read from the superblock, and thus
      ERRORS_CONT is not saved on the sbi->s_mount_opt.  It leads to the incorrect
      handle of errors on ext3.
      
      Then we've checked corresponding code in ext2 and discovered that it is buggy
      as well:
      
      - EXT2_ERRORS_CONTINUE is not read from the superblock (the same);
      
      - parse_option() does not clean the alternative values and thus something
        like (ERRORS_CONT|ERRORS_RO) can be set;
      
      - if options are omitted, parse_option() does not set any of these options.
      
      Therefore it is possible to set any combination of these options on the ext2:
      
      - none of them may be set: EXT2_ERRORS_CONTINUE on superblock / empty mount
        options;
      
      - any of them may be set using mount options;
      
      - 2 any options may be set: by using EXT2_ERRORS_RO/EXT2_ERRORS_PANIC on the
        superblock and other value in mount options;
      
      - and finally all three options may be set by adding third option in remount.
      
      Currently ext2 uses these values only in ext2_error() and it is not leading to
      any noticeable troubles.  However somebody may be discouraged when he will try
      to workaround EXT2_ERRORS_PANIC on the superblock by using errors=continue in
      mount options.
      
      This patch:
      
      EXT3_ERRORS_CONTINUE should be taken from the superblock as default value for
      error behaviour.
      Signed-off-by: default avatarDmitry Mishin <dim@openvz.org>
      Acked-by: default avatarVasily Averin <vvs@sw.ru>
      Acked-by: default avatarKirill Korotaev <dev@openvz.org>
      Cc: <linux-ext4@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      2245d7c2
    • Andrew Morton's avatar
      [PATCH] grow_buffers() infinite loop fix · e5657933
      Andrew Morton authored
      
      
      If grow_buffers() is for some reason passed a block number which wants to lie
      outside the maximum-addressable pagecache range (PAGE_SIZE * 4G bytes) then it
      will accidentally truncate `index' and will then instnatiate a page at the
      wrong pagecache offset.  This causes __getblk_slow() to go into an infinite
      loop.
      
      This can happen with corrupted disks, or with software errors elsewhere.
      
      Detect that, and handle it.
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      e5657933
    • Davide Libenzi's avatar
      [PATCH] epoll_pwait() · b611967d
      Davide Libenzi authored
      Implement the epoll_pwait system call, that extend the event wait mechanism
      with the same logic ppoll and pselect do.  The definition of epoll_pwait
      is:
      
      int epoll_pwait(int epfd, struct epoll_event *events, int maxevents,
                       int timeout, const sigset_t *sigmask, size_t sigsetsize);
      
      The difference between the vanilla epoll_wait and epoll_pwait is that the
      latter allows the caller to specify a signal mask to be set while waiting
      for events.  Hence epoll_pwait will wait until either one monitored event,
      or an unmasked signal happen.  If sigmask is NULL, the epoll_pwait system
      call will act exactly like epoll_wait.  For the POSIX definition of
      pselect, information is available here:
      
      http://www.opengroup.org/onlinepubs/009695399/functions/select.html
      
      Signed-off-by: default avatarDavide Libenzi <davidel@xmailserver.org>
      Cc: David Woodhouse <dwmw2@infradead.org>
      Cc: Andi Kleen <ak@muc.de>
      Cc: Michael Kerrisk <mtk-manpages@gmx.net>
      Cc: Ulrich Drepper <drepper@redhat.com>
      Cc: Roland McGrath <roland@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      b611967d
    • Andrew Morton's avatar
      [PATCH] ext4 whitespace cleanups · 63f57933
      Andrew Morton authored
      
      
      Someone's tab key is emitting spaces.  Attempt to repair some of the damage.
      
      Cc: <linux-ext4@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      63f57933