summaryrefslogtreecommitdiffstats
path: root/fs (follow)
Commit message (Collapse)AuthorAgeFilesLines
* VM: add common helper function to create the page tablesLinus Torvalds2005-11-291-11/+1
| | | | | | This logic was duplicated four times, for no good reason. Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [JFFS2] Fix the slab cache constructor of 'struct jffs2_inode_info' objects.Thomas Gleixner2005-11-292-1/+3
| | | | | | | | | | | | | | | JFFS2 initialize f->sem mutex as "locked" in the slab constructor which is a bug. Objects are freed with unlocked f->sem mutex. So, when they allocated again, f->sem is unlocked because the slab cache constructor is not called for them. The constructor is called only once when memory pages are allocated for objects (namely, when the slab layer allocates new slabs). So, sometimes 'struct jffs2_inode_info' are allocated with unlocked f->sem, sometimes with locked. This is a bug. Instead, initialize f->sem as unlocked in the constructor. I.e., in the "constructed" state f->sem must be unlocked. From: Keijiro Yano <keijiro_yano@yahoo.co.jp> Acked-by: Artem B. Bityutskiy <dedekind@infradead.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
* [PATCH] fuse: check for invalid node ID in fuse_create_open()Miklos Szeredi2005-11-281-3/+8
| | | | | | | | Check for invalid node ID values in the new atomic create+open method. Signed-off-by: Miklos Szeredi <miklos@szeredi.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] fuse: check directory aliasing in mkdirMiklos Szeredi2005-11-281-9/+17
| | | | | | | | Check the created directory inode for aliases in the mkdir() method. Signed-off-by: Miklos Szeredi <miklos@szeredi.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] Fix oops in vfs_quotaon_mount()Jan Kara2005-11-281-0/+6
| | | | | | | | | When quota file specified in mount options did not exist, we tried to dereference NULL pointer later. Fix it. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] v9fs: fix memory leak in v9fs dentry codeLatchesar Ionkov2005-11-281-0/+2
| | | | | | | | | Assign the appropriate dentry operations to the dentry. Fixes memory leak. Signed-off-by: Latchesar Ionkov <lucho@ionkov.net> Cc: Eric Van Hensbergen <ericvh@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] ext3: Wrong return value for EXT3_IOC_GROUP_ADDGlauber de Oliveira Costa2005-11-281-0/+1
| | | | | | | | | | | | | | | This patch corrects the return value for the EXT3_IOC_GROUP_ADD in case it fails due to the presence of multiple resizers at the filesystem. The problem is a little bit more serious than a wrong return value in this case, since the clause err=0 in the exit_journal path will lead to a call to update_backups which in turns causes a NULL pointer dereference. Signed-off-by: Glauber de Oliveira Costa <glommer@br.ibm.com> Cc: "Stephen C. Tweedie" <sct@redhat.com> Cc: Andreas Dilger <adilger@clusterfs.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] reiserfs: fix 32-bit overflow in map_block_for_writepage()Oleg Drokin2005-11-281-1/+1
| | | | | | | | | I now see another overflow in reiserfs that should lead to data corruptions with files that are bigger than 4G under certain circumstances when using mmap. Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* mm: re-architect the VM_UNPAGED logicLinus Torvalds2005-11-281-4/+3
| | | | | | | | | | | | | | | | This replaces the (in my opinion horrible) VM_UNMAPPED logic with very explicit support for a "remapped page range" aka VM_PFNMAP. It allows a VM area to contain an arbitrary range of page table entries that the VM never touches, and never considers to be normal pages. Any user of "remap_pfn_range()" automatically gets this new functionality, and doesn't even have to mark the pages reserved or indeed mark them any other way. It just works. As a side effect, doing mmap() on /dev/mem works for arbitrary ranges. Sparc update from David in the next commit. Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* NFS: Fix a spinlock recursion inside nfs_update_inode()Trond Myklebust2005-11-251-14/+12
| | | | | | | | | | | | | | | | | In cases where the server has gone insane, nfs_update_inode() may end up calling nfs_invalidate_inode(), which again calls stuff that takes the inode->i_lock that we're already holding. In addition, given the sort of things we have in NFS these days that need to be cleaned up on inode release, I'm not sure we should ever be calling make_bad_inode(). Fix up spinlock recursion, and limit nfs_invalidate_inode() to clearing the caches, and marking the inode as being stale. Thanks to Steve Dickson <SteveD@redhat.com> for spotting this. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4: Fix typo in lock cachingTrond Myklebust2005-11-251-3/+3
| | | | | | | When caching locks due to holding a file delegation, we must always check against local locks before sending anything to the server. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4: Fix buggy nfs_wait_on_sequence()Trond Myklebust2005-11-251-10/+10
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* [XFS] Resolve the xlog_grant_log_space hang, revert inline to macro.Nathan Scott2005-11-251-24/+12
| | | | | | | SGI-PV: 946205 SGI-Modid: xfs-linux-melb:xfs-kern:24567a Signed-off-by: Nathan Scott <nathans@sgi.com>
* [XFS] Fix a case where attr2 format was being used unconditionally.Nathan Scott2005-11-251-3/+8
| | | | | | | SGI-PV: 941645 SGI-Modid: xfs-linux-melb:xfs-kern:24566a Signed-off-by: Nathan Scott <nathans@sgi.com>
* [XFS] Tight loop in xfs_finish_reclaim_all prevented the xfslogd to runFelix Blyakher2005-11-251-2/+3
| | | | | | | | | | | its queue of IO completion callbacks, thus creating the deadlock between umount and xfslogd. Breaking the loop solves the problem. SGI-PV: 943821 SGI-Modid: xfs-linux-melb:xfs-kern:202363a Signed-off-by: Felix Blyakher <felixb@sgi.com> Signed-off-by: Nathan Scott <nathans@sgi.com>
* [XFS] Fix a 32 bit value wraparound when providing a mapping for a largeNathan Scott2005-11-251-7/+6
| | | | | | | | | direct write. SGI-PV: 944820 SGI-Modid: xfs-linux-melb:xfs-kern:24351a Signed-off-by: Nathan Scott <nathans@sgi.com>
* [XFS] handle error returns from freeze_bdevChristoph Hellwig2005-11-251-1/+1
| | | | | | | | SGI-PV: 945483 SGI-Modid: xfs-linux-melb:xfs-kern:201884a Signed-off-by: Christoph Hellwig <hch@sgi.com> Signed-off-by: Nathan Scott <nathans@sgi.com>
* [XFS] Fix potential overflow in xfs_iomap_t delta for very large extentsEric Sandeen2005-11-251-1/+1
| | | | | | | | SGI-PV: 945311 SGI-Modid: xfs-linux-melb:xfs-kern:201708a Signed-off-by: Eric Sandeen <sandeen@sgi.com> Signed-off-by: Nathan Scott <nathans@sgi.com>
* [PATCH] jffs2 debug gcc-2.9x fixAndrew Morton2005-11-241-4/+4
| | | | | | | | Work around gcc-2.95.x macro expansion bug. Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] fix do_wait() vs exec() raceOleg Nesterov2005-11-241-4/+4
| | | | | | | | | | | | | | | | | | When non-leader thread does exec, de_thread adds old leader to the init's ->children list in EXIT_ZOMBIE state and drops tasklist_lock. This means that release_task(leader) in de_thread() is racy vs do_wait() from init task. I think de_thread() should set old leader's state to EXIT_DEAD instead. Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Cc: george anzinger <george@mvista.com> Cc: Roland Dreier <rolandd@cisco.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] Fix hugetlbfs_statfs() reporting of block limitsDavid Gibson2005-11-221-4/+8
| | | | | | | | | | | | | | | | | Currently, if a hugetlbfs is mounted without limits (the default), statfs() will return -1 for max/free/used blocks. This does not appear to be in line with normal convention: simple_statfs() and shmem_statfs() both return 0 in similar cases. Worse, it confuses the translation logic in put_compat_statfs(), causing it to return -EOVERFLOW on such a mount. This patch alters hugetlbfs_statfs() to return 0 for max/free/used blocks on a mount without limits. Note that we need the test in the patch below, rather than just using 0 in the sbinfo structure, because the -1 marked in the free blocks field is used internally to tell the Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] Fix error handling with put_compat_statfs()David Gibson2005-11-221-8/+8
| | | | | | | | | | | | | | | | | | | | | | In fs/compat.c, whenever put_compat_statfs() returns an error, the containing syscall returns -EFAULT. This is presumably by analogy with the non-compat case, where any non-zero code from copy_to_user() should be translated into an EFAULT. However, put_compat_statfs() is also return -EOVERFLOW. The same applies for put_compat_statfs64(). This bug can be observed with a statfs() on a hugetlbfs directory. hugetlbfs, when mounted without limits reports available, free and total blocks as -1 (itself a bug, another patch coming). statfs() will mysteriously return EFAULT although it's parameters are perfectly valid addresses. This patch causes the compat versions of statfs() and statfs64() to correctly propogate the return values from put_compat_statfs() and put_compat_statfs64(). Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds2005-11-211-5/+3
|\
| * [COMPAT] net: SIOCGIFCONF data corruptionAlexandra Kossovsky2005-11-201-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From: Alexandra Kossovsky <Alexandra.Kossovsky@oktetlabs.ru> From http://bugzilla.kernel.org/show_bug.cgi?id=4746 There is user data corruption when using ioctl(SIOCGIFCONF) in 32-bit application running amd64 kernel. I do not think that this problem is exploitable, but any data corruption may lead to security problems. Following code demonstrates the problem #include <stdint.h> #include <stdio.h> #include <sys/time.h> #include <sys/socket.h> #include <net/if.h> #include <sys/ioctl.h> char buf[256]; main() { int s = socket(AF_INET, SOCK_DGRAM, 0); struct ifconf req; int i; req.ifc_buf = buf; req.ifc_len = 41; printf("Result %d\n", ioctl(s, SIOCGIFCONF, &req)); printf("Len %d\n", req.ifc_len); for (i = 41; i < 256; i++) if (buf[i] != 0) printf("Byte %d is corrupted\n", i); } Steps to reproduce: Compile the code above into 32-bit elf and run it. You'll get Result 0 Len 32 Byte 48 is corrupted Byte 52 is corrupted Byte 53 is corrupted Byte 54 is corrupted Byte 55 is corrupted Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [PATCH] Remove compat ioctl semaphoreAndi Kleen2005-11-201-7/+0
|/ | | | | | | | | | | Originally for 2.6.16, but the semaphore causes problems for some people so get rid of it now. It's not needed anymore because the ioctl hash table is never changed at run time now. Signed-off-by: Andi Kleen <ak@suse.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Merge with /pub/scm/linux/kernel/git/torvalds/linux-2.6.gitSteve French2005-11-201-0/+169
|\
| * [COMPAT]: EXT3_IOC_SETVERSION is _IOW() not _IOR().David S. Miller2005-11-181-1/+1
| | | | | | | | | | | | Noticed by Helge Deller. Signed-off-by: David S. Miller <davem@davemloft.net>
| * [COMPAT]: Add ext3 ioctl translations.David S. Miller2005-11-181-0/+36
| | | | | | | | | | | | | | | | So things like on-line resizing et al. work. Based almost entirely upon a patch by Guido Günther <agx@sigxcpu.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [DVB]: Add compat ioctl handling.David S. Miller2005-11-161-0/+133
| | | | | | | | | | | | | | | | | | Based upon a patch by Guido Guenther <agx@sigxcpu.org>. Some of these ioctls had embedded time_t objects or pointers, so needed translation. Signed-off-by: David S. Miller <davem@davemloft.net>
* | [CIFS] Fix setattr of mode only (e.g. in some chmod cases) to WindowsSteve French2005-11-201-0/+1
| | | | | | | | | | | | so it does not return EACCESS (unless server really returns that). Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Fix mknod of block and chardev over SFU mountsSteve French2005-11-193-13/+62
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Missing part of previous patchSteve French2005-11-182-0/+3
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Fix scheduling while atomic when pending writes at file close timeSteve French2005-11-182-22/+56
| | | | | | | | | | | | | | | | | | | | Fix the case in which readdir reset file type when SFU mount option specified. Also fix sfu related functions to not request EAs (xattrs) when not configured in Kconfig Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Vectored and async i/o turned on and correct theSteve French2005-11-181-72/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | writev and aio_write to flush properly. This is Christoph's patch merged with the new nobrl file operations Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> From: Christoph Hellwig <hch@lst.de> - support vectored and async aio ops unconditionally - this is above the pagecache and transparent to the fs - remove cifs_read_wrapper. it was only doing silly checks and calling generic_file_write in all cases. - use do_sync_read/do_sync_write as read/write operations. They call ->readv/->writev which we now always implemente. - add the filemap_fdatawrite calls to writev/aio_write which were missing previously compared to plain write. no idea what the point behind them is, but let's be consistent at least.. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Steven French <sfrench@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org>
* | [CIFS] Recognize properly symlinks and char/blk devices (not justSteve French2005-11-181-4/+44
| | | | | | | | | | | | | | | | FIFOs) created by SFU (part 2 of 2). Thanks to Martin Koeppe for useful analysis. Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Fix sparse warnings on smb bcc (byte count)Steve French2005-11-162-3/+3
| | | | | | | | | | Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Fix endian errors (setfacl/getfacl failures) in handling ACLsSteve French2005-11-161-14/+17
| | | | | | | | | | | | | | (and a ppc64 compiler warning) Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Recognize properly symlinks and char/blk devices (not just FIFOs)Steve French2005-11-162-10/+66
| | | | | | | | | | | | created by SFU (part 1 of 2). Signed-off-by: Steve French <sfrench@us.ibm.com>
* | Merge with /pub/scm/linux/kernel/git/torvalds/linux-2.6.gitSteve French2005-11-146-31/+27
|\|
| * [PATCH] ext2: remove duplicate newlines in ext2_fill_superJohann Lombardi2005-11-141-1/+1
| | | | | | | | | | | | | | | | ext2_warning() already adds a newline. Signed-off-by: Johann Lombardi <johann.lombardi@bull.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| * [PATCH] aio: replace locking comments with assert_spin_locked()Zach Brown2005-11-141-5/+12
| | | | | | | | | | | | | | | | | | aio: replace locking comments with assert_spin_locked() Signed-off-by: Zach Brown <zach.brown@oracle.com> Acked-by: Benjamin LaHaise <bcrl@kvack.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| * [PATCH] aio: remove kioctx from mm_structZach Brown2005-11-141-18/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sync iocbs have a life cycle that don't need a kioctx. Their retrying, if any, is done in the context of their owner who has allocated them on the stack. The sole user of a sync iocb's ctx reference was aio_complete() checking for an elevated iocb ref count that could never happen. No path which grabs an iocb ref has access to sync iocbs. If we were to implement sync iocb cancelation it would be done by the owner of the iocb using its on-stack reference. Removing this chunk from aio_complete allows us to remove the entire kioctx instance from mm_struct, reducing its size by a third. On a i386 testing box the slab size went from 768 to 504 bytes and from 5 to 8 per page. Signed-off-by: Zach Brown <zach.brown@oracle.com> Acked-by: Benjamin LaHaise <bcrl@kvack.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| * [PATCH] Fix sparse warning in proc/task_mmu.cLuiz Fernando Capitulino2005-11-141-1/+1
| | | | | | | | | | | | | | | | fs/proc/task_mmu.c:198:33: warning: Using plain integer as NULL pointer Signed-off-by: Luiz Capitulino <lcapitulino@mandriva.com.br> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| * [PATCH] ext3: journal handling on error path in ext3_journalled_writepage()Denis Lunev2005-11-141-1/+3
| | | | | | | | | | | | | | | | | | | | This patch fixes lost referrence on ext3 current handle in ext3_journalled_writepage(). Signed-Off-By: Denis Lunev <den@sw.ru> Cc: Kirill Korotaev <dev@sw.ru> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| * Merge master.kernel.org:/pub/scm/linux/kernel/git/tglx/mtd-2.6Linus Torvalds2005-11-131-3/+0
| |\
| | * [JFFS2] Remove broken and useless debug codeThomas Gleixner2005-11-131-3/+0
| | | | | | | | | | | | Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
| * | [PATCH] VFS: local denial-of-service with file leasesChris Wright2005-11-131-1/+0
| | | | | | | | | | | | | | | | | | | | | Remove time_out_leases() printk that's easily triggered by users. Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * | [PATCH] VFS: Fix memory leak with file leasesJ. Bruce Fields2005-11-131-1/+1
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | The patch http://linux.bkbits.net:8080/linux-2.6/diffs/fs/locks.c@1.70??nav=index.html introduced a pretty nasty memory leak in the lease code. When freeing the lease, the code in locks_delete_lock() will correctly clean up the fasync queue, but when we return to fcntl_setlease(), the freed fasync entry will be reinstated. This patch ensures that we skip the call to fasync_helper() when we're freeing up the lease. Signed-off-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | Merge with /pub/scm/linux/kernel/git/torvalds/linux-2.6.gitSteve French2005-11-138-117/+7
|\|
| * Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivialLinus Torvalds2005-11-128-117/+7
| |\