summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* [readdir] convert f2fsAl Viro2013-06-292-35/+22
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert 9pAl Viro2013-06-291-44/+28
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert affsAl Viro2013-06-291-45/+24
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert adfsAl Viro2013-06-291-24/+18
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert logfsAl Viro2013-06-291-34/+15
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert jfsAl Viro2013-06-293-36/+31
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert cephAl Viro2013-06-291-51/+48
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert nfsAl Viro2013-06-291-26/+25
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert ext4Al Viro2013-06-293-190/+134
| | | | | | and trim the living hell out bogosities in inline dir case Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert qnx6Al Viro2013-06-291-17/+14
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert qnx4Al Viro2013-06-291-35/+31
| | | | | | | ... and use strnlen() instead of strlen() - it's done on untrusted data, after all. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert omfsAl Viro2013-06-291-56/+38
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert nilfs2Al Viro2013-06-291-30/+18
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert sysfsAl Viro2013-06-291-48/+18
| | | | | | get rid of the kludges in sysfs_readdir() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert gfs2Al Viro2013-06-294-51/+38
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert exofsAl Viro2013-06-291-22/+16
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert bfsAl Viro2013-06-291-21/+14
| | | | | | ... and get rid of that ridiculous mutex in bfs_readdir() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert procfsAl Viro2013-06-299-489/+284
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert openpromfsAl Viro2013-06-291-51/+44
| | | | | | what the hell is op_mutex for, BTW? Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert efsAl Viro2013-06-291-42/+33
| | | | | | | * sanity checks belong before risky operation, not after it * don't quit as soon as we'd found an entry Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert configfsAl Viro2013-06-291-70/+52
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert romfsAl Viro2013-06-291-12/+9
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert squashfsAl Viro2013-06-291-28/+12
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert ubifsAl Viro2013-06-291-41/+16
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert udfAl Viro2013-06-291-37/+26
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] convert ext3Al Viro2013-06-292-93/+70
| | | | | | | | | | new helper: dir_relax(inode). Call when you are in location that will _not_ be invalidated by directory modifications (block boundary, in case of ext*). Returns whether the directory has survived (dropping i_mutex allows rmdir to kill the sucker; if it returns false to us, ->iterate() is obviously done) Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] switch dcache_readdir() users to ->iterate()Al Viro2013-06-294-60/+65
| | | | | | | new helpers - dir_emit_dot(file, ctx, dentry), dir_emit_dotdot(file, ctx), dir_emit_dots(file, ctx). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] simple local unixlike: switch to ->iterate()Al Viro2013-06-294-75/+59
| | | | | | ext2, ufs, minix, sysv Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] introduce ->iterate(), ctx->pos, dir_emit()Al Viro2013-06-297-18/+47
| | | | | | | | | | | | | New method - ->iterate(file, ctx). That's the replacement for ->readdir(); it takes callback from ctx->actor, uses ctx->pos instead of file->f_pos and calls dir_emit(ctx, ...) instead of filldir(data, ...). It does *not* update file->f_pos (or look at it, for that matter); iterate_dir() does the update. Note that dir_emit() takes the offset from ctx->pos (and eventually filldir_t will lose that argument). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* [readdir] introduce iterate_dir() and dir_contextAl Viro2013-06-2910-20/+53
| | | | | | | | | | | iterate_dir(): new helper, replacing vfs_readdir(). struct dir_context: contains the readdir callback (and will get more stuff in it), embedded into whatever data that callback wants to deal with; eventually, we'll be passing it to ->readdir() replacement instead of (data,filldir) pair. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* move linux/loop.h to drivers/blockAl Viro2013-06-293-3/+3
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* compat.c: LOOP_CLR_FD is taken care of in loop.c itself...Al Viro2013-06-291-3/+0
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* pxa3xx: VM_IO is set by io_remap_pfn_range()Al Viro2013-06-291-1/+0
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* au1100fb: VM_IO is set by io_remap_pfn_range()Al Viro2013-06-291-2/+0
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* au1200fb: io_remap_pfn_range() sets VM_IOAl Viro2013-06-291-4/+0
| | | | | | ... and single return is quite sufficient to get out of function, TYVM Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* vfio: remap_pfn_range() sets all those flags...Al Viro2013-06-291-1/+0
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* i810: VM_IO is set by io_remap_pfn_range()Al Viro2013-06-291-1/+1
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* drm: io_remap_pfn_range() sets VM_IO...Al Viro2013-06-291-1/+0
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* sparc: __pci_mmap_set_flags() is uselessAl Viro2013-06-291-10/+0
| | | | | | io_remap_pfn_range() does all we need Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* mn10300: don't bother with VM_IOAl Viro2013-06-291-1/+1
| | | | | | io_remap_pfn_range() sets it Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* hose_mmap_page_range(): io_remap_pfn_range() will set all those flags...Al Viro2013-06-291-1/+0
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* samsung: don't bother with setting VM_IOAl Viro2013-06-291-1/+0
| | | | | | io_remap_pfn_range() will set it just fine Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* consolidate io_remap_pfn_range definitionsAl Viro2013-06-2934-105/+7
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* UBIFS: fix a horrid bugArtem Bityutskiy2013-06-291-3/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | Al Viro pointed me to the fact that '->readdir()' and '->llseek()' have no mutual exclusion, which means the 'ubifs_dir_llseek()' can be run while we are in the middle of 'ubifs_readdir()'. This means that 'file->private_data' can be freed while 'ubifs_readdir()' uses it, and this is a very bad bug: not only 'ubifs_readdir()' can return garbage, but this may corrupt memory and lead to all kinds of problems like crashes an security holes. This patch fixes the problem by using the 'file->f_version' field, which '->llseek()' always unconditionally sets to zero. We set it to 1 in 'ubifs_readdir()' and whenever we detect that it became 0, we know there was a seek and it is time to clear the state saved in 'file->private_data'. I tested this patch by writing a user-space program which runds readdir and seek in parallell. I could easily crash the kernel without these patches, but could not crash it with these patches. Cc: stable@vger.kernel.org Reported-by: Al Viro <viro@zeniv.linux.org.uk> Tested-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* UBIFS: prepare to fix a horrid bugArtem Bityutskiy2013-06-291-12/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | Al Viro pointed me to the fact that '->readdir()' and '->llseek()' have no mutual exclusion, which means the 'ubifs_dir_llseek()' can be run while we are in the middle of 'ubifs_readdir()'. First of all, this means that 'file->private_data' can be freed while 'ubifs_readdir()' uses it. But this particular patch does not fix the problem. This patch is only a preparation, and the fix will follow next. In this patch we make 'ubifs_readdir()' stop using 'file->f_pos' directly, because 'file->f_pos' can be changed by '->llseek()' at any point. This may lead 'ubifs_readdir()' to returning inconsistent data: directory entry names may correspond to incorrect file positions. So here we introduce a local variable 'pos', read 'file->f_pose' once at very the beginning, and then stick to 'pos'. The result of this is that when 'ubifs_dir_llseek()' changes 'file->f_pos' while we are in the middle of 'ubifs_readdir()', the latter "wins". Cc: stable@vger.kernel.org Reported-by: Al Viro <viro@zeniv.linux.org.uk> Tested-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* aout32 coredump compat fixAl Viro2013-06-221-1/+1
| | | | | | | | | dump_seek() does SEEK_CUR, not SEEK_SET; native binfmt_aout handles it correctly (seeks by PAGE_SIZE - sizeof(struct user), getting the current position to PAGE_SIZE), compat one seeks by PAGE_SIZE and ends up at PAGE_SIZE + already written... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* splice: don't pass the address of ->f_pos to methodsAl Viro2013-06-205-23/+41
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* mconsole: we'd better initialize pos before passing it to vfs_read()...Al Viro2013-06-191-1/+1
| | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* lseek(fd, n, SEEK_END) does *not* go to eof - nAl Viro2013-06-164-4/+4
| | | | | | | | | | When you copy some code, you are supposed to read it. If nothing else, there's a chance to spot and fix an obvious bug instead of sharing it... X-Song: "I Got It From Agnes", by Tom Lehrer Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> [ Tom Lehrer? You're dating yourself, Al ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* Linux 3.10-rc6v3.10-rc6Linus Torvalds2013-06-151-1/+1
|