linux-toradex.git/fs, branch v2.6.13.2 Linux kernel for Apalis and Colibri modules [PATCH] jfs: jfs_delete_inode must call clear_inode 2005-09-17T01:01:58+00:00 Dave Kleikamp shaggy@austin.ibm.com 2005-09-13T08:16:09+00:00 81ddd439761f2f2e6837f9746c83864f410a4077 JFS: jfs_delete_inode should always call clear_inode. > From Chuck Ebbert: I'm submitting this patch for -stable: - it reportedly fixes an oops - it's already in 2.6.13-git Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Chris Wright <chrisw@osdl.org> 
JFS: jfs_delete_inode should always call clear_inode.

> From Chuck Ebbert:
I'm submitting this patch for -stable:

  - it reportedly fixes an oops
  - it's already in 2.6.13-git

Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
Signed-off-by: Chris Wright <chrisw@osdl.org>
[PATCH] Lost sockfd_put() in routing_ioctl() 2005-09-17T01:01:56+00:00 Maxim Giryaev gem@sw.ru 2005-09-09T09:59:48+00:00 98debffa9114b60138b3dbd4d02ce13f01a07ab4 This patch adds lost sockfd_put() in 32bit compat rounting_ioctl() on 64bit platforms, bug found by Vasiliy Averin <vvs@sw.ru>. I believe this is a security issues, since user can fget() file as many times as he wants to. So file refcounter can be overlapped and first fput() will free resources though there will be still structures pointing to the file, mnt, dentry etc. Also fput() sets f_dentry and f_vfsmnt to NULL, so other file users will OOPS. The oops can be done under files_lock and others, so this can be an exploitable DoS on SMP. Didn't checked it on practice actually. Signed-Off-By: Kirill Korotaev <dev@sw.ru> Signed-Off-By: Maxim Giryaev <gem@sw.ru> Signed-off-by: Chris Wright <chrisw@osdl.org> 
This patch adds lost sockfd_put() in 32bit compat rounting_ioctl() on
64bit platforms, bug found by Vasiliy Averin <vvs@sw.ru>.

I believe this is a security issues, since user can fget() file as many
times as he wants to. So file refcounter can be overlapped and first
fput() will free resources though there will be still structures
pointing to the file, mnt, dentry etc.
Also fput() sets f_dentry and f_vfsmnt to NULL,
so other file users will OOPS.

The oops can be done under files_lock and others, so this can be an
exploitable DoS on SMP. Didn't checked it on practice actually.

Signed-Off-By: Kirill Korotaev <dev@sw.ru>
Signed-Off-By: Maxim Giryaev <gem@sw.ru>
Signed-off-by: Chris Wright <chrisw@osdl.org>
[PATCH] Fix oops in sysfs_hash_and_remove_file() 2005-08-27T02:37:13+00:00 James Bottomley James.Bottomley@SteelEye.com 2005-08-27T01:34:17+00:00 36676bcbf9f6bcbea9d06e67ee8d04eacde54952 The problem arises if an entity in sysfs is created and removed without ever having been made completely visible. In SCSI this is triggered by removing a device while it's initialising. The problem appears to be that because it was never made visible in sysfs, the sysfs dentry has a null d_inode which oopses when a reference is made to it. The solution is simply to check d_inode and assume the object was never made visible (and thus doesn't need deleting) if it's NULL. (akpm: possibly a stopgap for 2.6.13 scsi problems. May not be the long-term fix) Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
The problem arises if an entity in sysfs is created and removed without
ever having been made completely visible.  In SCSI this is triggered by
removing a device while it's initialising.

The problem appears to be that because it was never made visible in sysfs,
the sysfs dentry has a null d_inode which oopses when a reference is made
to it.  The solution is simply to check d_inode and assume the object was
never made visible (and thus doesn't need deleting) if it's NULL.

(akpm: possibly a stopgap for 2.6.13 scsi problems.  May not be the
long-term fix)

Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] Fix oops in fs/locks.c on close of file with pending locks 2005-08-26T23:05:35+00:00 Steve French smfltc@us.ibm.com 2005-08-26T19:42:59+00:00 d634cc15e8f33332038dc9c078beae79f9382ada The recent change to locks_remove_flock code in fs/locks.c changes how byte range locks are removed from closing files, which shows up a bug in cifs. The assumption in the cifs code was that the close call sent to the server would remove any pending locks on the server on this file, but that is no longer safe as the fs/locks.c code on the client wants unlock of 0 to PATH_MAX to remove all locks (at least from this client, it is not possible AFAIK to remove all locks from other clients made to the server copy of the file). Note that cifs locks are different from posix locks - and it is not possible to map posix locks perfectly on the wire yet, due to restrictions of the cifs network protocol, even to Samba without adding a new request type to the network protocol (which we plan to do for Samba 3.0.21 within a few months), but the local client will have the correct, posix view, of the lock in most cases. The correct fix for cifs for this would involve a bigger change than I would like to do this late in the 2.6.13-rc cycle - and would involve cifs keeping track of all unmerged (uncoalesced) byte range locks for each remote inode and scanning that list to remove locks that intersect or fall wholly within the range - locks that intersect may have to be reaquired with the smaller, remaining range. Signed-off-by: Steve French <sfrench@us.ibm.com> Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
The recent change to locks_remove_flock code in fs/locks.c changes how
byte range locks are removed from closing files, which shows up a bug in
cifs.

The assumption in the cifs code was that the close call sent to the
server would remove any pending locks on the server on this file, but
that is no longer safe as the fs/locks.c code on the client wants unlock
of 0 to PATH_MAX to remove all locks (at least from this client, it is
not possible AFAIK to remove all locks from other clients made to the
server copy of the file).

Note that cifs locks are different from posix locks - and it is not
possible to map posix locks perfectly on the wire yet, due to
restrictions of the cifs network protocol, even to Samba without adding
a new request type to the network protocol (which we plan to do for
Samba 3.0.21 within a few months), but the local client will have the
correct, posix view, of the lock in most cases.

The correct fix for cifs for this would involve a bigger change than I
would like to do this late in the 2.6.13-rc cycle - and would involve
cifs keeping track of all unmerged (uncoalesced) byte range locks for
each remote inode and scanning that list to remove locks that intersect
or fall wholly within the range - locks that intersect may have to be
reaquired with the smaller, remaining range.

Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] hppfs: fix symlink error path 2005-08-26T18:39:19+00:00 Paolo 'Blaisorblade' Giarrusso blaisorblade@yahoo.it 2005-08-26T14:57:53+00:00 fd589e0b662c1ea8cfb1e0d20d60a2510979865b While touching this code I noticed the error handling is bogus, so I fixed it up. I've removed the IS_ERR(proc_dentry) check, which will never trigger and is clearly a typo: we must check proc_file instead. Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
While touching this code I noticed the error handling is bogus, so I
fixed it up.

I've removed the IS_ERR(proc_dentry) check, which will never trigger and
is clearly a typo: we must check proc_file instead.

Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] Fixup symlink function pointers for hppfs [for 2.6.13] 2005-08-26T18:39:19+00:00 Paolo 'Blaisorblade' Giarrusso blaisorblade@yahoo.it 2005-08-26T14:57:44+00:00 d7a60d50d7713b65a3fd88f11d5717b83a6b6a97 Update hppfs for the symlink functions prototype change. Yes, I know the code I leave there is still _bogus_, see next patch for this. Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
Update hppfs for the symlink functions prototype change.

Yes, I know the code I leave there is still _bogus_, see next patch for
this.

Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] Document idr_get_new_above() semantics, update inotify 2005-08-26T18:32:57+00:00 John McCutchan ttb@tentacle.dhs.org 2005-08-26T18:02:04+00:00 7c657f2f25d50c602df9291bc6242b98fc090759 There is an off by one problem with idr_get_new_above. The comment and function name suggest that it will return an id > starting_id, but it actually returned an id >= starting_id, and kernel callers other than inotify treated it as such. The patch below fixes the comment, and fixes inotifys usage. The function name still doesn't match the behaviour, but it never did. Signed-off-by: John McCutchan <ttb@tentacle.dhs.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
There is an off by one problem with idr_get_new_above.

The comment and function name suggest that it will return an id >
starting_id, but it actually returned an id >= starting_id, and kernel
callers other than inotify treated it as such.

The patch below fixes the comment, and fixes inotifys usage.  The
function name still doesn't match the behaviour, but it never did.

Signed-off-by: John McCutchan <ttb@tentacle.dhs.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Don't allow normal users to set idle IO priority 2005-08-21T01:51:29+00:00 Linus Torvalds torvalds@g5.osdl.org 2005-08-21T01:51:29+00:00 f6fdd7d9c273bb2a20ab467cb57067494f932fa3 It has all the normal priority inversion problems. Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
It has all the normal priority inversion problems.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] freevxfs: fix breakage introduced by symlink fixes 2005-08-20T21:30:50+00:00 Alexey Dobriyan adobriyan@gmail.com 2005-08-20T21:08:36+00:00 a5ea169c9581553662bb79a1c8c98fed1ee84246 Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
befs: fix up missed follow_link declaration change 2005-08-20T20:20:01+00:00 Linus Torvalds torvalds@g5.osdl.org 2005-08-20T20:20:01+00:00 db873896d168217e213902c7163fda7ee798781b We'd updated the prototype and the return value, but not the function declaration itself. 
We'd updated the prototype and the return value, but not the function
declaration itself.