linux-toradex.git/fs/udf, branch v4.17 Linux kernel for Apalis and Colibri modules Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-05-21T18:54:57+00:00 Linus Torvalds torvalds@linux-foundation.org 2018-05-21T18:54:57+00:00 5997aab0a11ea27ee8e520ecc551ed18fd3e8296 Pull vfs fixes from Al Viro: "Assorted fixes all over the place" * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: aio: fix io_destroy(2) vs. lookup_ioctx() race ext2: fix a block leak nfsd: vfs_mkdir() might succeed leaving dentry negative unhashed cachefiles: vfs_mkdir() might succeed leaving dentry negative unhashed unfuck sysfs_mount() kernfs: deal with kernfs_fill_super() failures cramfs: Fix IS_ENABLED typo befs_lookup(): use d_splice_alias() affs_lookup: switch to d_splice_alias() affs_lookup(): close a race with affs_remove_link() fix breakage caused by d_find_alias() semantics change fs: don't scan the inode cache before SB_BORN is set do d_instantiate/unlock_new_inode combinations safely iov_iter: fix memory leak in pipe_get_pages_alloc() iov_iter: fix return type of __pipe_get_pages() 
Pull vfs fixes from Al Viro:
 "Assorted fixes all over the place"

* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  aio: fix io_destroy(2) vs. lookup_ioctx() race
  ext2: fix a block leak
  nfsd: vfs_mkdir() might succeed leaving dentry negative unhashed
  cachefiles: vfs_mkdir() might succeed leaving dentry negative unhashed
  unfuck sysfs_mount()
  kernfs: deal with kernfs_fill_super() failures
  cramfs: Fix IS_ENABLED typo
  befs_lookup(): use d_splice_alias()
  affs_lookup: switch to d_splice_alias()
  affs_lookup(): close a race with affs_remove_link()
  fix breakage caused by d_find_alias() semantics change
  fs: don't scan the inode cache before SB_BORN is set
  do d_instantiate/unlock_new_inode combinations safely
  iov_iter: fix memory leak in pipe_get_pages_alloc()
  iov_iter: fix return type of __pipe_get_pages()
do d_instantiate/unlock_new_inode combinations safely 2018-05-11T19:36:37+00:00 Al Viro viro@zeniv.linux.org.uk 2018-05-04T12:23:01+00:00 1e2e547a93a00ebc21582c06ca3c6cfea2a309ee For anything NFS-exported we do _not_ want to unlock new inode before it has grown an alias; original set of fixes got the ordering right, but missed the nasty complication in case of lockdep being enabled - unlock_new_inode() does lockdep_annotate_inode_mutex_key(inode) which can only be done before anyone gets a chance to touch ->i_mutex. Unfortunately, flipping the order and doing unlock_new_inode() before d_instantiate() opens a window when mkdir can race with open-by-fhandle on a guessed fhandle, leading to multiple aliases for a directory inode and all the breakage that follows from that. Correct solution: a new primitive (d_instantiate_new()) combining these two in the right order - lockdep annotate, then d_instantiate(), then the rest of unlock_new_inode(). All combinations of d_instantiate() with unlock_new_inode() should be converted to that. Cc: stable@kernel.org # 2.6.29 and later Tested-by: Mike Marshall <hubcap@omnibond.com> Reviewed-by: Andreas Dilger <adilger@dilger.ca> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
For anything NFS-exported we do _not_ want to unlock new inode
before it has grown an alias; original set of fixes got the
ordering right, but missed the nasty complication in case of
lockdep being enabled - unlock_new_inode() does
	lockdep_annotate_inode_mutex_key(inode)
which can only be done before anyone gets a chance to touch
->i_mutex.  Unfortunately, flipping the order and doing
unlock_new_inode() before d_instantiate() opens a window when
mkdir can race with open-by-fhandle on a guessed fhandle, leading
to multiple aliases for a directory inode and all the breakage
that follows from that.

	Correct solution: a new primitive (d_instantiate_new())
combining these two in the right order - lockdep annotate, then
d_instantiate(), then the rest of unlock_new_inode().  All
combinations of d_instantiate() with unlock_new_inode() should
be converted to that.

Cc: stable@kernel.org	# 2.6.29 and later
Tested-by: Mike Marshall <hubcap@omnibond.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
udf: Fix leak of UTF-16 surrogates into encoded strings 2018-04-18T14:34:55+00:00 Jan Kara jack@suse.cz 2018-04-12T15:22:23+00:00 44f06ba8297c7e9dfd0e49b40cbe119113cca094 OSTA UDF specification does not mention whether the CS0 charset in case of two bytes per character encoding should be treated in UTF-16 or UCS-2. The sample code in the standard does not treat UTF-16 surrogates in any special way but on systems such as Windows which work in UTF-16 internally, filenames would be treated as being in UTF-16 effectively. In Linux it is more difficult to handle characters outside of Base Multilingual plane (beyond 0xffff) as NLS framework works with 2-byte characters only. Just make sure we don't leak UTF-16 surrogates into the resulting string when loading names from the filesystem for now. CC: stable@vger.kernel.org # >= v4.6 Reported-by: Mingye Wang <arthur200126@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> 
OSTA UDF specification does not mention whether the CS0 charset in case
of two bytes per character encoding should be treated in UTF-16 or
UCS-2. The sample code in the standard does not treat UTF-16 surrogates
in any special way but on systems such as Windows which work in UTF-16
internally, filenames would be treated as being in UTF-16 effectively.
In Linux it is more difficult to handle characters outside of Base
Multilingual plane (beyond 0xffff) as NLS framework works with 2-byte
characters only. Just make sure we don't leak UTF-16 surrogates into the
resulting string when loading names from the filesystem for now.

CC: stable@vger.kernel.org # >= v4.6
Reported-by: Mingye Wang <arthur200126@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
udf: fix potential refcnt problem of nls module 2018-03-02T13:23:12+00:00 Chengguang Xu cgxu519@icloud.com 2018-02-25T13:25:07+00:00 785dffe1daf95c176504dea3069c9df11af7ff15 When specifiying iocharset multiple times in a mount or once/multiple in a remount, current option parsing may cause inaccurate refcount of nls module. Also, in the failure cleanup of option parsing, the condition of calling unload_nls is not sufficient. Signed-off-by: Chengguang Xu <cgxu519@icloud.com> Signed-off-by: Jan Kara <jack@suse.cz> 
When specifiying iocharset multiple times in a mount or once/multiple in
a remount, current option parsing may cause inaccurate refcount of nls
module.  Also, in the failure cleanup of option parsing, the condition
of calling unload_nls is not sufficient.

Signed-off-by: Chengguang Xu <cgxu519@icloud.com>
Signed-off-by: Jan Kara <jack@suse.cz>
udf: Do not mark possibly inconsistent filesystems as closed 2018-03-02T13:22:57+00:00 Jan Kara jack@suse.cz 2018-02-27T17:55:31+00:00 b72e632c6c7e29343651b0e26539b2e01444dfe6 If logical volume integrity descriptor contains non-closed integrity type when mounting the volume, there are high chances that the volume is not consistent (device was detached before the filesystem was unmounted). Don't touch integrity type of such volume so that fsck can recognize it and check such filesystem. Reported-by: Pali Rohár <pali.rohar@gmail.com> Reviewed-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> 
If logical volume integrity descriptor contains non-closed integrity
type when mounting the volume, there are high chances that the volume is
not consistent (device was detached before the filesystem was
unmounted). Don't touch integrity type of such volume so that fsck can
recognize it and check such filesystem.

Reported-by: Pali Rohár <pali.rohar@gmail.com>
Reviewed-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
udf: Remove never implemented mount options 2018-02-27T09:25:33+00:00 Jan Kara jack@suse.cz 2018-02-22T13:33:04+00:00 f0c4a81711cb773b60cb8f90173e6491e67bf74f Signed-off-by: Jan Kara <jack@suse.cz> 
Signed-off-by: Jan Kara <jack@suse.cz>
udf: Provide saner default for invalid uid / gid 2018-02-27T09:25:33+00:00 Jan Kara jack@suse.cz 2018-02-22T09:39:52+00:00 116e5258e4115aca0c64ac0bf40ded3b353ed626 Currently when UDF filesystem is recorded without uid / gid (ids are set to -1), we will assign INVALID_[UG]ID to vfs inode unless user uses uid= and gid= mount options. In such case filesystem could not be modified in any way as VFS refuses to modify files with invalid ids (even by root). This is confusing to users and not very useful default since such media mode is generally used for removable media. Use overflow[ug]id instead so that at least root can modify the filesystem. Reported-by: Steve Kenton <skenton@ou.edu> Reviewed-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> 
Currently when UDF filesystem is recorded without uid / gid (ids are set
to -1), we will assign INVALID_[UG]ID to vfs inode unless user uses uid=
and gid= mount options. In such case filesystem could not be modified in
any way as VFS refuses to modify files with invalid ids (even by root).
This is confusing to users and not very useful default since such media
mode is generally used for removable media. Use overflow[ug]id instead
so that at least root can modify the filesystem.

Reported-by: Steve Kenton <skenton@ou.edu>
Reviewed-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
udf: Clean up handling of invalid uid/gid 2018-02-27T09:25:33+00:00 Jan Kara jack@suse.cz 2018-02-22T09:28:52+00:00 0c9850f4d4c5d645125869fe0fa206fb662bd98b Current code relies on the fact that invalid uid/gid as defined by UDF 2.60 3.3.3.1 and 3.3.3.2 coincides with invalid uid/gid as used by the user namespaces implementation. Since this is only lucky coincidence, clean this up to avoid future surprises in case user namespaces implementation changes. Also this is more robust in presence of valid (from UDF point of view) uids / gids which do not map into current user namespace. Reviewed-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> 
Current code relies on the fact that invalid uid/gid as defined by UDF
2.60 3.3.3.1 and 3.3.3.2 coincides with invalid uid/gid as used by the
user namespaces implementation. Since this is only lucky coincidence,
clean this up to avoid future surprises in case user namespaces
implementation changes. Also this is more robust in presence of valid
(from UDF point of view) uids / gids which do not map into current user
namespace.

Reviewed-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
udf: Apply uid/gid mount options also to new inodes & chown 2018-02-27T09:25:33+00:00 Jan Kara jack@suse.cz 2018-02-21T16:59:31+00:00 ecd10aa42819cd5dcf639d25575e95a5bda8d08a Currently newly created files belong to current user despite uid=<number> / gid=<number> mount options. This is confusing to users (as owner of the file will change after remount / eviction from cache) and also inconsistent with e.g. FAT with the same mount option. So apply uid=<number> and gid=<number> also to newly created inodes and similarly as FAT disallow to change owner of the file in this case. Reported-by: Steve Kenton <skenton@ou.edu> Reviewed-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> 
Currently newly created files belong to current user despite
uid=<number> / gid=<number> mount options. This is confusing to users
(as owner of the file will change after remount / eviction from cache)
and also inconsistent with e.g. FAT with the same mount option. So apply
uid=<number> and gid=<number> also to newly created inodes and similarly
as FAT disallow to change owner of the file in this case.

Reported-by: Steve Kenton <skenton@ou.edu>
Reviewed-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
udf: Ignore [ug]id=ignore mount options 2018-02-27T09:25:33+00:00 Jan Kara jack@suse.cz 2018-02-21T16:27:44+00:00 70260e44750356fecb40ff5fcb0f91bcc911ab5f Currently uid=ignore and gid=ignore make no sense without uid=<number> and gid=<number> respectively as they result in all files having invalid uid / gid which then doesn't allow even root to modify files and thus causes confusion. And since commit ca76d2d8031f "UDF: fix UID and GID mount option ignorance" (from over 10 years ago) uid=<number> overrides all uids on disk as uid=ignore does. So just silently ignore uid=ignore mount option. Reviewed-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> 
Currently uid=ignore and gid=ignore make no sense without uid=<number>
and gid=<number> respectively as they result in all files having invalid
uid / gid which then doesn't allow even root to modify files and thus
causes confusion. And since commit ca76d2d8031f "UDF: fix UID and GID
mount option ignorance" (from over 10 years ago) uid=<number> overrides
all uids on disk as uid=ignore does. So just silently ignore uid=ignore
mount option.

Reviewed-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>