Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
Merge branch 'fixes' of git://git.linux-nfs.org/pub/linux/nfs-2.6
-8
fs/exec.c
-8
fs/exec.c
···
486
486
if (!(nd.mnt->mnt_flags & MNT_NOEXEC) &&
487
487
S_ISREG(inode->i_mode)) {
488
488
int err = vfs_permission(&nd, MAY_EXEC);
489
-
if (!err && !(inode->i_mode & 0111))
490
-
err = -EACCES;
491
489
file = ERR_PTR(err);
492
490
if (!err) {
493
491
file = nameidata_to_filp(&nd, O_RDONLY);
···
920
922
int retval;
921
923
922
924
mode = inode->i_mode;
923
-
/*
924
-
* Check execute perms again - if the caller has CAP_DAC_OVERRIDE,
925
-
* generic_permission lets a non-executable through
926
-
*/
927
-
if (!(mode & 0111)) /* with at least _one_ execute bit set */
928
-
return -EACCES;
929
925
if (bprm->file->f_op == NULL)
930
926
return -EACCES;
931
927
+9
-6
fs/lockd/svcsubs.c
+9
-6
fs/lockd/svcsubs.c
···
237
237
nlm_traverse_files(struct nlm_host *host, int action)
238
238
{
239
239
struct nlm_file *file, **fp;
240
-
int i;
240
+
int i, ret = 0;
241
241
242
242
mutex_lock(&nlm_file_mutex);
243
243
for (i = 0; i < FILE_NRHASH; i++) {
244
244
fp = nlm_files + i;
245
245
while ((file = *fp) != NULL) {
246
+
file->f_count++;
247
+
mutex_unlock(&nlm_file_mutex);
248
+
246
249
/* Traverse locks, blocks and shares of this file
247
250
* and update file->f_locks count */
248
-
if (nlm_inspect_file(host, file, action)) {
249
-
mutex_unlock(&nlm_file_mutex);
250
-
return 1;
251
-
}
251
+
if (nlm_inspect_file(host, file, action))
252
+
ret = 1;
252
253
254
+
mutex_lock(&nlm_file_mutex);
255
+
file->f_count--;
253
256
/* No more references to this file. Let go of it. */
254
257
if (!file->f_blocks && !file->f_locks
255
258
&& !file->f_shares && !file->f_count) {
···
265
262
}
266
263
}
267
264
mutex_unlock(&nlm_file_mutex);
268
-
return 0;
265
+
return ret;
269
266
}
270
267
271
268
/*
+10
-1
fs/namei.c
+10
-1
fs/namei.c
···
227
227
228
228
int permission(struct inode *inode, int mask, struct nameidata *nd)
229
229
{
230
+
umode_t mode = inode->i_mode;
230
231
int retval, submask;
231
232
232
233
if (mask & MAY_WRITE) {
233
-
umode_t mode = inode->i_mode;
234
234
235
235
/*
236
236
* Nobody gets write access to a read-only fs.
···
246
246
return -EACCES;
247
247
}
248
248
249
+
250
+
/*
251
+
* MAY_EXEC on regular files requires special handling: We override
252
+
* filesystem execute permissions if the mode bits aren't set.
253
+
*/
254
+
if ((mask & MAY_EXEC) && S_ISREG(mode) && !(mode & S_IXUGO))
255
+
return -EACCES;
249
256
250
257
/* Ordinary permission routines do not understand MAY_APPEND. */
251
258
submask = mask & ~MAY_APPEND;
···
1774
1767
if (nd->last_type != LAST_NORM)
1775
1768
goto fail;
1776
1769
nd->flags &= ~LOOKUP_PARENT;
1770
+
nd->flags |= LOOKUP_CREATE;
1771
+
nd->intent.open.flags = O_EXCL;
1777
1772
1778
1773
/*
1779
1774
* Do the final lookup.
+7
-1
fs/nfs/file.c
+7
-1
fs/nfs/file.c
···
312
312
313
313
static int nfs_release_page(struct page *page, gfp_t gfp)
314
314
{
315
-
return !nfs_wb_page(page->mapping->host, page);
315
+
if (gfp & __GFP_FS)
316
+
return !nfs_wb_page(page->mapping->host, page);
317
+
else
318
+
/*
319
+
* Avoid deadlock on nfs_wait_on_request().
320
+
*/
321
+
return 0;
316
322
}
317
323
318
324
const struct address_space_operations nfs_file_aops = {
+1
-3
fs/nfs/idmap.c
+1
-3
fs/nfs/idmap.c
+27
-2
fs/nfs/nfs4proc.c
+27
-2
fs/nfs/nfs4proc.c
···
2668
2668
nfs4_set_cached_acl(inode, acl);
2669
2669
}
2670
2670
2671
-
static inline ssize_t nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t buflen)
2671
+
static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t buflen)
2672
2672
{
2673
2673
struct page *pages[NFS4ACL_MAXPAGES];
2674
2674
struct nfs_getaclargs args = {
···
2721
2721
return ret;
2722
2722
}
2723
2723
2724
+
static ssize_t nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t buflen)
2725
+
{
2726
+
struct nfs4_exception exception = { };
2727
+
ssize_t ret;
2728
+
do {
2729
+
ret = __nfs4_get_acl_uncached(inode, buf, buflen);
2730
+
if (ret >= 0)
2731
+
break;
2732
+
ret = nfs4_handle_exception(NFS_SERVER(inode), ret, &exception);
2733
+
} while (exception.retry);
2734
+
return ret;
2735
+
}
2736
+
2724
2737
static ssize_t nfs4_proc_get_acl(struct inode *inode, void *buf, size_t buflen)
2725
2738
{
2726
2739
struct nfs_server *server = NFS_SERVER(inode);
···
2750
2737
return nfs4_get_acl_uncached(inode, buf, buflen);
2751
2738
}
2752
2739
2753
-
static int nfs4_proc_set_acl(struct inode *inode, const void *buf, size_t buflen)
2740
+
static int __nfs4_proc_set_acl(struct inode *inode, const void *buf, size_t buflen)
2754
2741
{
2755
2742
struct nfs_server *server = NFS_SERVER(inode);
2756
2743
struct page *pages[NFS4ACL_MAXPAGES];
···
2774
2761
if (ret == 0)
2775
2762
nfs4_write_cached_acl(inode, buf, buflen);
2776
2763
return ret;
2764
+
}
2765
+
2766
+
static int nfs4_proc_set_acl(struct inode *inode, const void *buf, size_t buflen)
2767
+
{
2768
+
struct nfs4_exception exception = { };
2769
+
int err;
2770
+
do {
2771
+
err = nfs4_handle_exception(NFS_SERVER(inode),
2772
+
__nfs4_proc_set_acl(inode, buf, buflen),
2773
+
&exception);
2774
+
} while (exception.retry);
2775
+
return err;
2777
2776
}
2778
2777
2779
2778
static int
+11
-10
fs/nfs/nfs4xdr.c
+11
-10
fs/nfs/nfs4xdr.c
···
3355
3355
struct kvec *iov = rcvbuf->head;
3356
3356
unsigned int nr, pglen = rcvbuf->page_len;
3357
3357
uint32_t *end, *entry, *p, *kaddr;
3358
-
uint32_t len, attrlen;
3358
+
uint32_t len, attrlen, xlen;
3359
3359
int hdrlen, recvd, status;
3360
3360
3361
3361
status = decode_op_hdr(xdr, OP_READDIR);
···
3377
3377
3378
3378
BUG_ON(pglen + readdir->pgbase > PAGE_CACHE_SIZE);
3379
3379
kaddr = p = (uint32_t *) kmap_atomic(page, KM_USER0);
3380
-
end = (uint32_t *) ((char *)p + pglen + readdir->pgbase);
3380
+
end = p + ((pglen + readdir->pgbase) >> 2);
3381
3381
entry = p;
3382
3382
for (nr = 0; *p++; nr++) {
3383
-
if (p + 3 > end)
3383
+
if (end - p < 3)
3384
3384
goto short_pkt;
3385
3385
dprintk("cookie = %Lu, ", *((unsigned long long *)p));
3386
3386
p += 2; /* cookie */
···
3389
3389
printk(KERN_WARNING "NFS: giant filename in readdir (len 0x%x)\n", len);
3390
3390
goto err_unmap;
3391
3391
}
3392
+
xlen = XDR_QUADLEN(len);
3393
+
if (end - p < xlen + 1)
3394
+
goto short_pkt;
3392
3395
dprintk("filename = %*s\n", len, (char *)p);
3393
-
p += XDR_QUADLEN(len);
3394
-
if (p + 1 > end)
3395
-
goto short_pkt;
3396
+
p += xlen;
3396
3397
len = ntohl(*p++); /* bitmap length */
3398
+
if (end - p < len + 1)
3399
+
goto short_pkt;
3397
3400
p += len;
3398
-
if (p + 1 > end)
3399
-
goto short_pkt;
3400
3401
attrlen = XDR_QUADLEN(ntohl(*p++));
3401
-
p += attrlen; /* attributes */
3402
-
if (p + 2 > end)
3402
+
if (end - p < attrlen + 2)
3403
3403
goto short_pkt;
3404
+
p += attrlen; /* attributes */
3404
3405
entry = p;
3405
3406
}
3406
3407
if (!nr && (entry[0] != 0 || entry[1] == 0))
+15
-8
fs/nfs/read.c
+15
-8
fs/nfs/read.c
···
116
116
pages = &data->args.pages[base >> PAGE_CACHE_SHIFT];
117
117
base &= ~PAGE_CACHE_MASK;
118
118
pglen = PAGE_CACHE_SIZE - base;
119
-
if (pglen < remainder)
119
+
for (;;) {
120
+
if (remainder <= pglen) {
121
+
memclear_highpage_flush(*pages, base, remainder);
122
+
break;
123
+
}
120
124
memclear_highpage_flush(*pages, base, pglen);
121
-
else
122
-
memclear_highpage_flush(*pages, base, remainder);
125
+
pages++;
126
+
remainder -= pglen;
127
+
pglen = PAGE_CACHE_SIZE;
128
+
base = 0;
129
+
}
123
130
}
124
131
125
132
/*
···
483
476
unsigned int base = data->args.pgbase;
484
477
struct page **pages;
485
478
479
+
if (data->res.eof)
480
+
count = data->args.count;
486
481
if (unlikely(count == 0))
487
482
return;
488
483
pages = &data->args.pages[base >> PAGE_CACHE_SHIFT];
···
492
483
count += base;
493
484
for (;count >= PAGE_CACHE_SIZE; count -= PAGE_CACHE_SIZE, pages++)
494
485
SetPageUptodate(*pages);
495
-
/*
496
-
* Was this an eof or a short read? If the latter, don't mark the page
497
-
* as uptodate yet.
498
-
*/
499
-
if (count > 0 && (data->res.eof || data->args.count == data->res.count))
486
+
if (count != 0)
500
487
SetPageUptodate(*pages);
501
488
}
502
489
···
506
501
base &= ~PAGE_CACHE_MASK;
507
502
count += base;
508
503
for (;count >= PAGE_CACHE_SIZE; count -= PAGE_CACHE_SIZE, pages++)
504
+
SetPageError(*pages);
505
+
if (count != 0)
509
506
SetPageError(*pages);
510
507
}
511
508
+1
-1
include/linux/nfs_xdr.h
+1
-1
include/linux/nfs_xdr.h
···
659
659
struct nfs4_setclientid {
660
660
const nfs4_verifier * sc_verifier; /* request */
661
661
unsigned int sc_name_len;
662
-
char sc_name[32]; /* request */
662
+
char sc_name[48]; /* request */
663
663
u32 sc_prog; /* request */
664
664
unsigned int sc_netid_len;
665
665
char sc_netid[4]; /* request */
+2
-2
include/linux/sunrpc/rpc_pipe_fs.h
+2
-2
include/linux/sunrpc/rpc_pipe_fs.h
···
42
42
extern int rpc_queue_upcall(struct inode *, struct rpc_pipe_msg *);
43
43
44
44
extern struct dentry *rpc_mkdir(char *, struct rpc_clnt *);
45
-
extern int rpc_rmdir(char *);
45
+
extern int rpc_rmdir(struct dentry *);
46
46
extern struct dentry *rpc_mkpipe(char *, void *, struct rpc_pipe_ops *, int flags);
47
-
extern int rpc_unlink(char *);
47
+
extern int rpc_unlink(struct dentry *);
48
48
extern struct vfsmount *rpc_get_mount(void);
49
49
extern void rpc_put_mount(void);
50
50
+1
-1
include/linux/sunrpc/xprt.h
+1
-1
include/linux/sunrpc/xprt.h
+1
-2
net/sunrpc/auth_gss/auth_gss.c
+1
-2
net/sunrpc/auth_gss/auth_gss.c
+19
-11
net/sunrpc/clnt.c
+19
-11
net/sunrpc/clnt.c
···
183
183
184
184
out_no_auth:
185
185
if (!IS_ERR(clnt->cl_dentry)) {
186
-
rpc_rmdir(clnt->cl_pathname);
187
-
dput(clnt->cl_dentry);
186
+
rpc_rmdir(clnt->cl_dentry);
188
187
rpc_put_mount();
189
188
}
190
189
out_no_path:
···
250
251
new->cl_autobind = 0;
251
252
new->cl_oneshot = 0;
252
253
new->cl_dead = 0;
253
-
if (!IS_ERR(new->cl_dentry)) {
254
+
if (!IS_ERR(new->cl_dentry))
254
255
dget(new->cl_dentry);
255
-
rpc_get_mount();
256
-
}
257
256
rpc_init_rtt(&new->cl_rtt_default, clnt->cl_xprt->timeout.to_initval);
258
257
if (new->cl_auth)
259
258
atomic_inc(&new->cl_auth->au_count);
···
314
317
clnt->cl_auth = NULL;
315
318
}
316
319
if (clnt->cl_parent != clnt) {
320
+
if (!IS_ERR(clnt->cl_dentry))
321
+
dput(clnt->cl_dentry);
317
322
rpc_destroy_client(clnt->cl_parent);
318
323
goto out_free;
319
324
}
320
-
if (clnt->cl_pathname[0])
321
-
rpc_rmdir(clnt->cl_pathname);
325
+
if (!IS_ERR(clnt->cl_dentry)) {
326
+
rpc_rmdir(clnt->cl_dentry);
327
+
rpc_put_mount();
328
+
}
322
329
if (clnt->cl_xprt) {
323
330
xprt_destroy(clnt->cl_xprt);
324
331
clnt->cl_xprt = NULL;
···
332
331
out_free:
333
332
rpc_free_iostats(clnt->cl_metrics);
334
333
clnt->cl_metrics = NULL;
335
-
if (!IS_ERR(clnt->cl_dentry)) {
336
-
dput(clnt->cl_dentry);
337
-
rpc_put_mount();
338
-
}
339
334
kfree(clnt);
340
335
return 0;
341
336
}
···
1181
1184
u32 *p = iov->iov_base, n;
1182
1185
int error = -EACCES;
1183
1186
1187
+
if ((task->tk_rqstp->rq_rcv_buf.len & 3) != 0) {
1188
+
/* RFC-1014 says that the representation of XDR data must be a
1189
+
* multiple of four bytes
1190
+
* - if it isn't pointer subtraction in the NFS client may give
1191
+
* undefined results
1192
+
*/
1193
+
printk(KERN_WARNING
1194
+
"call_verify: XDR representation not a multiple of"
1195
+
" 4 bytes: 0x%x\n", task->tk_rqstp->rq_rcv_buf.len);
1196
+
goto out_eio;
1197
+
}
1184
1198
if ((len -= 3) < 0)
1185
1199
goto out_overflow;
1186
1200
p += 1; /* skip XID */
+21
-34
net/sunrpc/rpc_pipe.c
+21
-34
net/sunrpc/rpc_pipe.c
···
539
539
rpc_close_pipes(dentry->d_inode);
540
540
simple_unlink(dir, dentry);
541
541
}
542
+
inode_dir_notify(dir, DN_DELETE);
542
543
dput(dentry);
543
544
} while (n);
544
545
goto repeat;
···
611
610
int error;
612
611
613
612
shrink_dcache_parent(dentry);
614
-
if (dentry->d_inode)
615
-
rpc_close_pipes(dentry->d_inode);
613
+
if (d_unhashed(dentry))
614
+
return 0;
616
615
if ((error = simple_rmdir(dir, dentry)) != 0)
617
616
return error;
618
617
if (!error) {
···
685
684
}
686
685
687
686
int
688
-
rpc_rmdir(char *path)
687
+
rpc_rmdir(struct dentry *dentry)
689
688
{
690
-
struct nameidata nd;
691
-
struct dentry *dentry;
689
+
struct dentry *parent;
692
690
struct inode *dir;
693
691
int error;
694
692
695
-
if ((error = rpc_lookup_parent(path, &nd)) != 0)
696
-
return error;
697
-
dir = nd.dentry->d_inode;
693
+
parent = dget_parent(dentry);
694
+
dir = parent->d_inode;
698
695
mutex_lock_nested(&dir->i_mutex, I_MUTEX_PARENT);
699
-
dentry = lookup_one_len(nd.last.name, nd.dentry, nd.last.len);
700
-
if (IS_ERR(dentry)) {
701
-
error = PTR_ERR(dentry);
702
-
goto out_release;
703
-
}
704
696
rpc_depopulate(dentry);
705
697
error = __rpc_rmdir(dir, dentry);
706
698
dput(dentry);
707
-
out_release:
708
699
mutex_unlock(&dir->i_mutex);
709
-
rpc_release_path(&nd);
700
+
dput(parent);
710
701
return error;
711
702
}
712
703
···
739
746
}
740
747
741
748
int
742
-
rpc_unlink(char *path)
749
+
rpc_unlink(struct dentry *dentry)
743
750
{
744
-
struct nameidata nd;
745
-
struct dentry *dentry;
751
+
struct dentry *parent;
746
752
struct inode *dir;
747
-
int error;
753
+
int error = 0;
748
754
749
-
if ((error = rpc_lookup_parent(path, &nd)) != 0)
750
-
return error;
751
-
dir = nd.dentry->d_inode;
755
+
parent = dget_parent(dentry);
756
+
dir = parent->d_inode;
752
757
mutex_lock_nested(&dir->i_mutex, I_MUTEX_PARENT);
753
-
dentry = lookup_one_len(nd.last.name, nd.dentry, nd.last.len);
754
-
if (IS_ERR(dentry)) {
755
-
error = PTR_ERR(dentry);
756
-
goto out_release;
757
-
}
758
-
d_drop(dentry);
759
-
if (dentry->d_inode) {
760
-
rpc_close_pipes(dentry->d_inode);
761
-
error = simple_unlink(dir, dentry);
758
+
if (!d_unhashed(dentry)) {
759
+
d_drop(dentry);
760
+
if (dentry->d_inode) {
761
+
rpc_close_pipes(dentry->d_inode);
762
+
error = simple_unlink(dir, dentry);
763
+
}
764
+
inode_dir_notify(dir, DN_DELETE);
762
765
}
763
766
dput(dentry);
764
-
inode_dir_notify(dir, DN_DELETE);
765
-
out_release:
766
767
mutex_unlock(&dir->i_mutex);
767
-
rpc_release_path(&nd);
768
+
dput(parent);
768
769
return error;
769
770
}
770
771