1. 07 2月, 2020 4 次提交
  2. 06 2月, 2020 5 次提交
  3. 05 2月, 2020 2 次提交
  4. 04 2月, 2020 1 次提交
  5. 02 2月, 2020 1 次提交
    • A
      vfs: fix do_last() regression · 6404674a
      Al Viro 提交于
      Brown paperbag time: fetching ->i_uid/->i_mode really should've been
      done from nd->inode.  I even suggested that, but the reason for that has
      slipped through the cracks and I went for dir->d_inode instead - made
      for more "obvious" patch.
      
      Analysis:
      
       - at the entry into do_last() and all the way to step_into(): dir (aka
         nd->path.dentry) is known not to have been freed; so's nd->inode and
         it's equal to dir->d_inode unless we are already doomed to -ECHILD.
         inode of the file to get opened is not known.
      
       - after step_into(): inode of the file to get opened is known; dir
         might be pointing to freed memory/be negative/etc.
      
       - at the call of may_create_in_sticky(): guaranteed to be out of RCU
         mode; inode of the file to get opened is known and pinned; dir might
         be garbage.
      
      The last was the reason for the original patch.  Except that at the
      do_last() entry we can be in RCU mode and it is possible that
      nd->path.dentry->d_inode has already changed under us.
      
      In that case we are going to fail with -ECHILD, but we need to be
      careful; nd->inode is pointing to valid struct inode and it's the same
      as nd->path.dentry->d_inode in "won't fail with -ECHILD" case, so we
      should use that.
      Reported-by: N"Rantala, Tommi T. (Nokia - FI/Espoo)" <tommi.t.rantala@nokia.com>
      Reported-by: syzbot+190005201ced78a74ad6@syzkaller.appspotmail.com
      Wearing-brown-paperbag: Al Viro <viro@zeniv.linux.org.uk>
      Cc: stable@kernel.org
      Fixes: d0cb5018 ("do_last(): fetch directory ->i_mode and ->i_uid before it's too late")
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      6404674a
  6. 01 2月, 2020 22 次提交
  7. 31 1月, 2020 1 次提交
    • R
      cifs: fix soft mounts hanging in the reconnect code · c54849dd
      Ronnie Sahlberg 提交于
      RHBZ: 1795429
      
      In recent DFS updates we have a new variable controlling how many times we will
      retry to reconnect the share.
      If DFS is not used, then this variable is initialized to 0 in:
      
      static inline int
      dfs_cache_get_nr_tgts(const struct dfs_cache_tgt_list *tl)
      {
              return tl ? tl->tl_numtgts : 0;
      }
      
      This means that in the reconnect loop in smb2_reconnect() we will immediately wrap retries to -1
      and never actually get to pass this conditional:
      
                      if (--retries)
                              continue;
      
      The effect is that we no longer reach the point where we fail the commands with -EHOSTDOWN
      and basically the kernel threads are virtually hung and unkillable.
      
      Fixes: a3a53b76 (cifs: Add support for failover in smb2_reconnect())
      Signed-off-by: NRonnie Sahlberg <lsahlber@redhat.com>
      Signed-off-by: NSteve French <stfrench@microsoft.com>
      Reviewed-by: NPaulo Alcantara (SUSE) <pc@cjr.nz>
      CC: Stable <stable@vger.kernel.org>
      c54849dd
  8. 30 1月, 2020 4 次提交