1. 28 6月, 2015 5 次提交
  2. 21 5月, 2015 5 次提交
  3. 20 5月, 2015 1 次提交
  4. 11 5月, 2015 4 次提交
    • A
      don't pass nameidata to ->follow_link() · 6e77137b
      Al Viro 提交于
      its only use is getting passed to nd_jump_link(), which can obtain
      it from current->nameidata
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      6e77137b
    • A
      new ->follow_link() and ->put_link() calling conventions · 680baacb
      Al Viro 提交于
      a) instead of storing the symlink body (via nd_set_link()) and returning
      an opaque pointer later passed to ->put_link(), ->follow_link() _stores_
      that opaque pointer (into void * passed by address by caller) and returns
      the symlink body.  Returning ERR_PTR() on error, NULL on jump (procfs magic
      symlinks) and pointer to symlink body for normal symlinks.  Stored pointer
      is ignored in all cases except the last one.
      
      Storing NULL for opaque pointer (or not storing it at all) means no call
      of ->put_link().
      
      b) the body used to be passed to ->put_link() implicitly (via nameidata).
      Now only the opaque pointer is.  In the cases when we used the symlink body
      to free stuff, ->follow_link() now should store it as opaque pointer in addition
      to returning it.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      680baacb
    • N
      Fix that several functions handle incorrect value of mapchars · bc8ebdc4
      Nakajima Akira 提交于
      Cifs client has problem with reserved chars filename.
      
      [BUG1] : several functions handle incorrect value of mapchars
      -	cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
      +	cifs_remap(cifs_sb));
      
      [BUG2] : forget to convert reserved chars when creating SymbolicLink.
      -	CIFSUnixCreateSymLink() calls cifs_strtoUTF16
      +	CIFSUnixCreateSymLink() calls cifsConvertToUTF16() with remap
      
      [BUG3] : forget to convert reserved chars when getting SymbolicLink.
      -	CIFSSMBUnixQuerySymLink() calls cifs_strtoUTF16
      +	CIFSSMBUnixQuerySymLink() calls cifsConvertToUTF16() with remap
      
      [BUG4] : /proc/mounts don't show "mapposix" when using mapposix mount option
      +	    cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SFM_CHR)
      + 		seq_puts(s, ",mapposix");
      
      Reported-by: t.wede@kw-reneg.de
      Reported-by: NNakajima Akira <nakajima.akira@nttcom.co.jp>
      Signed-off-by: NNakajima Akira <nakajima.akira@nttcom.co.jp>
      Signed-off-by: NCarl Schaefer <schaefer@trilug.org>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      bc8ebdc4
    • S
      cifs: Don't replace dentries for dfs mounts · f5d0684e
      Sachin Prabhu 提交于
      Doing a readdir on a dfs root can result in the dentries for directories
      with a dfs share mounted  being replaced by new dentries for objects
      returned by the readdir call. These new dentries on shares mounted with
      unix extenstions show up as symlinks pointing to the dfs share.
      
       # mount -t cifs -o sec=none  //vm140-31/dfsroot cifs
       # stat cifs/testlink/testfile; ls -l cifs
        File: ‘cifs/testlink/testfile’
        Size: 0         	Blocks: 0          IO Block: 16384  regular
      empty file
      Device: 27h/39d	Inode: 130120      Links: 1
      Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
      Access: 2015-03-31 13:55:50.106018200 +0100
      Modify: 2015-03-31 13:55:50.106018200 +0100
      Change: 2015-03-31 13:55:50.106018200 +0100
       Birth: -
      total 0
      drwxr-xr-x 2 root root  0 Mar 31 13:54 testdir
      lrwxrwxrwx 1 root root 19 Mar 24 14:25 testlink -> \vm140-31\test
      
      In the example above, the stat command mounts the dfs share at
      cifs/testlink. The subsequent ls on the dfsroot directory replaces the
      dentry for testlink with a symlink.
      
      In the earlier code, the d_invalidate command returned an -EBUSY error
      when attempting to invalidate directories. This stopped the code from
      replacing the directories with symlinks returned by the readdir call.
      Changes were recently made to the d_invalidate() command so
      that it no longer returns an error code. This results in the directory
      with the mounted dfs share being replaced by a symlink which denotes a
      dfs share.
      Signed-off-by: NSachin Prabhu <sprabhu@redhat.com>
      Reviewed-by: NJeff Layton <jeff.layton@primarydata.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      f5d0684e
  5. 16 4月, 2015 1 次提交
  6. 15 4月, 2015 1 次提交
  7. 12 4月, 2015 6 次提交
  8. 01 4月, 2015 8 次提交
  9. 22 3月, 2015 1 次提交
  10. 21 3月, 2015 2 次提交
    • D
      cifs: fix use-after-free bug in find_writable_file · e1e9bda2
      David Disseldorp 提交于
      Under intermittent network outages, find_writable_file() is susceptible
      to the following race condition, which results in a user-after-free in
      the cifs_writepages code-path:
      
      Thread 1                                        Thread 2
      ========                                        ========
      
      inv_file = NULL
      refind = 0
      spin_lock(&cifs_file_list_lock)
      
      // invalidHandle found on openFileList
      
      inv_file = open_file
      // inv_file->count currently 1
      
      cifsFileInfo_get(inv_file)
      // inv_file->count = 2
      
      spin_unlock(&cifs_file_list_lock);
      
      cifs_reopen_file()                            cifs_close()
      // fails (rc != 0)                            ->cifsFileInfo_put()
                                             spin_lock(&cifs_file_list_lock)
                                             // inv_file->count = 1
                                             spin_unlock(&cifs_file_list_lock)
      
      spin_lock(&cifs_file_list_lock);
      list_move_tail(&inv_file->flist,
            &cifs_inode->openFileList);
      spin_unlock(&cifs_file_list_lock);
      
      cifsFileInfo_put(inv_file);
      ->spin_lock(&cifs_file_list_lock)
      
        // inv_file->count = 0
        list_del(&cifs_file->flist);
        // cleanup!!
        kfree(cifs_file);
      
        spin_unlock(&cifs_file_list_lock);
      
      spin_lock(&cifs_file_list_lock);
      ++refind;
      // refind = 1
      goto refind_writable;
      
      At this point we loop back through with an invalid inv_file pointer
      and a refind value of 1. On second pass, inv_file is not overwritten on
      openFileList traversal, and is subsequently dereferenced.
      Signed-off-by: NDavid Disseldorp <ddiss@suse.de>
      Reviewed-by: NJeff Layton <jlayton@samba.org>
      CC: <stable@vger.kernel.org>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      e1e9bda2
    • S
      cifs: smb2_clone_range() - exit on unhandled error · 2477bc58
      Sachin Prabhu 提交于
      While attempting to clone a file on a samba server, we receive a
      STATUS_INVALID_DEVICE_REQUEST. This is mapped to -EOPNOTSUPP which
      isn't handled in smb2_clone_range(). We end up looping in the while loop
      making same call to the samba server over and over again.
      
      The proposed fix is to exit and return the error value when encountered
      with an unhandled error.
      
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NSachin Prabhu <sprabhu@redhat.com>
      Signed-off-by: NSteve French <steve.french@primarydata.com>
      Signed-off-by: NSteve French <smfrench@gmail.com>
      2477bc58
  11. 17 2月, 2015 1 次提交
  12. 11 2月, 2015 1 次提交
  13. 27 1月, 2015 1 次提交
  14. 21 1月, 2015 2 次提交
  15. 20 1月, 2015 1 次提交
    • S
      Complete oplock break jobs before closing file handle · ca7df8e0
      Sachin Prabhu 提交于
      Commit
      c11f1df5
      requires writers to wait for any pending oplock break handler to
      complete before proceeding to write. This is done by waiting on bit
      CIFS_INODE_PENDING_OPLOCK_BREAK in cifsFileInfo->flags. This bit is
      cleared by the oplock break handler job queued on the workqueue once it
      has completed handling the oplock break allowing writers to proceed with
      writing to the file.
      
      While testing, it was noticed that the filehandle could be closed while
      there is a pending oplock break which results in the oplock break
      handler on the cifsiod workqueue being cancelled before it has had a
      chance to execute and clear the CIFS_INODE_PENDING_OPLOCK_BREAK bit.
      Any subsequent attempt to write to this file hangs waiting for the
      CIFS_INODE_PENDING_OPLOCK_BREAK bit to be cleared.
      
      We fix this by ensuring that we also clear the bit
      CIFS_INODE_PENDING_OPLOCK_BREAK when we remove the oplock break handler
      from the workqueue.
      
      The bug was found by Red Hat QA while testing using ltp's fsstress
      command.
      Signed-off-by: NSachin Prabhu <sprabhu@redhat.com>
      Acked-by: NShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: NJeff Layton <jlayton@samba.org>
      Cc: stable@vger.kernel.org
      Signed-off-by: NSteve French <steve.french@primarydata.com>
      ca7df8e0