1. 15 12月, 2009 6 次提交
  2. 26 11月, 2009 1 次提交
    • J
      nfsd: simplify fh_verify access checks · 864f0f61
      J. Bruce Fields 提交于
      All nfsd security depends on the security checks in fh_verify, and
      especially on nfsd_setuser().
      
      It therefore bothers me that the nfsd_setuser call may be made from
      three different places, depending on whether the filehandle has already
      been mapped to a dentry, and on whether subtreechecking is in force.
      
      Instead, make an unconditional call in fh_verify(), so it's trivial to
      verify that the call always occurs.
      
      That leaves us with a redundant nfsd_setuser() call in the subtreecheck
      case--it needs the correct user set earlier in order to check execute
      permissions on the path to this filehandle--but I'm willing to accept
      that minor inefficiency in the subtreecheck case in return for more
      straightforward permission checking.
      Signed-off-by: NJ. Bruce Fields <bfields@citi.umich.edu>
      864f0f61
  3. 18 11月, 2009 4 次提交
  4. 16 11月, 2009 1 次提交
  5. 15 11月, 2009 2 次提交
  6. 14 11月, 2009 1 次提交
  7. 13 11月, 2009 1 次提交
    • R
      nilfs2: fix lock order reversal in chcp operation · c1ea985c
      Ryusuke Konishi 提交于
      Will fix the following lock order reversal lockdep detected:
      
      =======================================================
      [ INFO: possible circular locking dependency detected ]
      2.6.32-rc6 #7
      -------------------------------------------------------
      chcp/30157 is trying to acquire lock:
       (&nilfs->ns_mount_mutex){+.+.+.}, at: [<fed7cfcc>] nilfs_cpfile_change_cpmode+0x46/0x752 [nilfs2]
      
      but task is already holding lock:
       (&nilfs->ns_segctor_sem){++++.+}, at: [<fed7ca32>] nilfs_transaction_begin+0xba/0x110 [nilfs2]
      
      which lock already depends on the new lock.
      
      the existing dependency chain (in reverse order) is:
      
      -> #2 (&nilfs->ns_segctor_sem){++++.+}:
             [<c105799c>] __lock_acquire+0x109c/0x139d
             [<c1057d26>] lock_acquire+0x89/0xa0
             [<c14151e2>] down_read+0x31/0x45
             [<fed6d77b>] nilfs_attach_checkpoint+0x8f/0x16b [nilfs2]
             [<fed6e393>] nilfs_get_sb+0x3e7/0x653 [nilfs2]
             [<c10c0ccb>] vfs_kern_mount+0x8b/0x124
             [<c10c0db2>] do_kern_mount+0x37/0xc3
             [<c10d7517>] do_mount+0x64d/0x69d
             [<c10d75cd>] sys_mount+0x66/0x95
             [<c1002a14>] sysenter_do_call+0x12/0x32
      
      -> #1 (&type->s_umount_key#31/1){+.+.+.}:
             [<c105799c>] __lock_acquire+0x109c/0x139d
             [<c1057d26>] lock_acquire+0x89/0xa0
             [<c104c0f3>] down_write_nested+0x34/0x52
             [<c10c08fe>] sget+0x22e/0x389
             [<fed6e133>] nilfs_get_sb+0x187/0x653 [nilfs2]
             [<c10c0ccb>] vfs_kern_mount+0x8b/0x124
             [<c10c0db2>] do_kern_mount+0x37/0xc3
             [<c10d7517>] do_mount+0x64d/0x69d
             [<c10d75cd>] sys_mount+0x66/0x95
             [<c1002a14>] sysenter_do_call+0x12/0x32
      
      -> #0 (&nilfs->ns_mount_mutex){+.+.+.}:
             [<c1057727>] __lock_acquire+0xe27/0x139d
             [<c1057d26>] lock_acquire+0x89/0xa0
             [<c1414d63>] mutex_lock_nested+0x41/0x23e
             [<fed7cfcc>] nilfs_cpfile_change_cpmode+0x46/0x752 [nilfs2]
             [<fed801b2>] nilfs_ioctl+0x11a/0x7da [nilfs2]
             [<c10cca12>] vfs_ioctl+0x27/0x6e
             [<c10ccf93>] do_vfs_ioctl+0x491/0x4db
             [<c10cd022>] sys_ioctl+0x45/0x5f
             [<c1002a14>] sysenter_do_call+0x12/0x32
      Signed-off-by: NRyusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
      c1ea985c
  8. 12 11月, 2009 15 次提交
  9. 11 11月, 2009 4 次提交
  10. 09 11月, 2009 1 次提交
    • T
      ext4: partial revert to fix double brelse WARNING() · 1e424a34
      Theodore Ts'o 提交于
      This is a partial revert of commit 6487a9d3 (only the changes made to
      fs/ext4/namei.c), since it is causing the following brelse()
      double-free warning when running fsstress on a file system with 1k
      blocksize and we run into a block allocation failure while converting
      a single-block directory to a multi-block hash-tree indexed directory.
      
      WARNING: at fs/buffer.c:1197 __brelse+0x2e/0x33()
      Hardware name: 
      VFS: brelse: Trying to free free buffer
      Modules linked in:
      Pid: 2226, comm: jbd2/sdd-8 Not tainted 2.6.32-rc6-00577-g0003f55 #101
      Call Trace:
       [<c01587fb>] warn_slowpath_common+0x65/0x95
       [<c0158869>] warn_slowpath_fmt+0x29/0x2c
       [<c021168e>] __brelse+0x2e/0x33
       [<c0288a9f>] jbd2_journal_refile_buffer+0x67/0x6c
       [<c028a9ed>] jbd2_journal_commit_transaction+0x319/0x14d8
       [<c0164d73>] ? try_to_del_timer_sync+0x58/0x60
       [<c0175bcc>] ? sched_clock_cpu+0x12a/0x13e
       [<c017f6b4>] ? trace_hardirqs_off+0xb/0xd
       [<c0175c1f>] ? cpu_clock+0x3f/0x5b
       [<c017f6ec>] ? lock_release_holdtime+0x36/0x137
       [<c0664ad0>] ? _spin_unlock_irqrestore+0x44/0x51
       [<c0180af3>] ? trace_hardirqs_on_caller+0x103/0x124
       [<c0180b1f>] ? trace_hardirqs_on+0xb/0xd
       [<c0164d73>] ? try_to_del_timer_sync+0x58/0x60
       [<c0290d1c>] kjournald2+0x11a/0x310
       [<c017118e>] ? autoremove_wake_function+0x0/0x38
       [<c0290c02>] ? kjournald2+0x0/0x310
       [<c0170ee6>] kthread+0x66/0x6b
       [<c0170e80>] ? kthread+0x0/0x6b
       [<c01251b3>] kernel_thread_helper+0x7/0x10
      ---[ end trace 5579351b86af61e3 ]---
      
      Commit 6487a9d3 was an attempt some buffer head leaks in an ENOSPC
      error path, but in some cases it actually results in an excess ENOSPC,
      as shown above.  Fixing this means cleaning up who is responsible for
      releasing the buffer heads from the callee to the caller of
      add_dirent_to_buf().
      
      Since that's a relatively complex change, and we're late in the rcX
      development cycle, I'm reverting this now, and holding back a more
      complete fix until after 2.6.32 ships.  We've lived with this
      buffer_head leak on ENOSPC in ext3 and ext4 for a very long time; a
      few more months won't kill us.
      Signed-off-by: N"Theodore Ts'o" <tytso@mit.edu>
      Cc: Curt Wohlgemuth <curtw@google.com>
      1e424a34
  11. 08 11月, 2009 2 次提交
    • R
      nilfs2: fix missing cleanup of gc cache on error cases · c083234f
      Ryusuke Konishi 提交于
      This fixes an -rc1 regression brought by the commit:
      1cf58fa8 ("nilfs2: shorten freeze
      period due to GC in write operation v3").
      
      Although the patch moved out a function call of
      nilfs_ioctl_move_blocks() to nilfs_ioctl_clean_segments() from
      nilfs_ioctl_prepare_clean_segments(), it didn't move corresponding
      cleanup job needed for the error case.
      
      This will move the missing cleanup job to the destination function.
      Signed-off-by: NRyusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
      Acked-by: NJiro SEKIBA <jir@unicus.jp>
      c083234f
    • R
      nilfs2: fix kernel oops in error case of nilfs_ioctl_move_blocks · 5399dd1f
      Ryusuke Konishi 提交于
      This fixes a kernel oops reported by Markus Trippelsdorf in the email
      titled "[NILFS users] kernel Oops while running nilfs_cleanerd".
      
      The oops was caused by a bug of error path in
      nilfs_ioctl_move_blocks() function, which was inlined in
      nilfs_ioctl_clean_segments().
      
      nilfs_ioctl_move_blocks checks duplication of blocks which will be
      moved in garbage collection.  But, the check should have be done
      within nilfs_ioctl_move_inode_block() to prevent list corruption among
      buffers storing the target blocks.
      
      To fix the kernel oops, this moves forward the duplication check
      before the list insertion.
      
      I also tested this for stable trees [2.6.30, 2.6.31].
      Reported-by: NMarkus Trippelsdorf <markus@trippelsdorf.de>
      Signed-off-by: NRyusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
      Cc: stable <stable@kernel.org>
      5399dd1f
  12. 07 11月, 2009 2 次提交
    • J
      cifs: don't use CIFSGetSrvInodeNumber in is_path_accessible · f475f677
      Jeff Layton 提交于
      Because it's lighter weight, CIFS tries to use CIFSGetSrvInodeNumber to
      verify the accessibility of the root inode and then falls back to doing a
      full QPathInfo if that fails with -EOPNOTSUPP. I have at least a report
      of a server that returns NT_STATUS_INTERNAL_ERROR rather than something
      that translates to EOPNOTSUPP.
      
      Rather than trying to be clever with that call, just have
      is_path_accessible do a normal QPathInfo. That call is widely
      supported and it shouldn't increase the overhead significantly.
      
      Cc: Stable <stable@kernel.org>
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      f475f677
    • J
      cifs: clean up handling when server doesn't consistently support inode numbers · ec06aedd
      Jeff Layton 提交于
      It's possible that a server will return a valid FileID when we query the
      FILE_INTERNAL_INFO for the root inode, but then zeroed out inode numbers
      when we do a FindFile with an infolevel of
      SMB_FIND_FILE_ID_FULL_DIR_INFO.
      
      In this situation turn off querying for server inode numbers, generate a
      warning for the user and just generate an inode number using iunique.
      Once we generate any inode number with iunique we can no longer use any
      server inode numbers or we risk collisions, so ensure that we don't do
      that in cifs_get_inode_info either.
      
      Cc: Stable <stable@kernel.org>
      Reported-by: NTimothy Normand Miller <theosib@gmail.com>
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      ec06aedd