1. 28 5月, 2009 2 次提交
    • M
      integrity: nfsd imbalance bug fix · 14dba533
      Mimi Zohar 提交于
      An nfsd exported file is opened/closed by the kernel causing the
      integrity imbalance message.
      
      Before a file is opened, there normally is permission checking, which
      is done in inode_permission().  However, as integrity checking requires
      a dentry and mount point, which is not available in inode_permission(),
      the integrity (permission) checking must be called separately.
      
      In order to detect any missing integrity checking calls, we keep track
      of file open/closes.  ima_path_check() increments these counts and
      does the integrity (permission) checking. As a result, the number of
      calls to ima_path_check()/ima_file_free() should be balanced.  An extra
      call to fput(), indicates the file could have been accessed without first
      calling ima_path_check().
      
      In nfsv3 permission checking is done once, followed by multiple reads,
      which do an open/close for each read.  The integrity (permission) checking
      call should be in nfsd_permission() after the inode_permission() call, but
      as there is no correlation between the number of permission checking and
      open calls, the integrity checking call should not increment the counters,
      but defer it to when the file is actually opened.
      
      This patch adds:
      - integrity (permission) checking for nfsd exported files in nfsd_permission().
      - a call to increment counts for files opened by nfsd.
      
      This patch has been updated to return the nfs error types.
      Signed-off-by: NMimi Zohar <zohar@us.ibm.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      14dba533
    • W
      nfsd: fix hung up of nfs client while sync write data to nfs server · a0d24b29
      Wei Yongjun 提交于
      Commit 'Short write in nfsd becomes a full write to the client'
      (31dec253) broken the sync write.
      With the following commands to reproduce:
      
        $ mount -t nfs -o sync 192.168.0.21:/nfsroot /mnt
        $ cd /mnt
        $ echo aaaa > temp.txt
      
      Then nfs client is hung up.
      
      In SYNC mode the server alaways return the write count 0 to the
      client. This is because the value of host_err in nfsd_vfs_write()
      will be overwrite in SYNC mode by 'host_err=nfsd_sync(file);',
      and then we return host_err(which is now 0) as write count.
      
      This patch fixed the problem.
      Signed-off-by: NWei Yongjun <yjwei@cn.fujitsu.com>
      Signed-off-by: NJ. Bruce Fields <bfields@citi.umich.edu>
      a0d24b29
  2. 12 5月, 2009 1 次提交
  3. 07 5月, 2009 1 次提交
  4. 04 5月, 2009 1 次提交
  5. 21 4月, 2009 2 次提交
    • D
      Fix i_mutex vs. readdir handling in nfsd · 2f9092e1
      David Woodhouse 提交于
      Commit 14f7dd63 ("Copy XFS readdir hack into nfsd code") introduced a
      bug to generic code which had been extant for a long time in the XFS
      version -- it started to call through into lookup_one_len() and hence
      into the file systems' ->lookup() methods without i_mutex held on the
      directory.
      
      This patch fixes it by locking the directory's i_mutex again before
      calling the filldir functions. The original deadlocks which commit
      14f7dd63 was designed to avoid are still avoided, because they were due
      to fs-internal locking, not i_mutex.
      
      While we're at it, fix the return type of nfsd_buffered_readdir() which
      should be a __be32 not an int -- it's an NFS errno, not a Linux errno.
      And return nfserrno(-ENOMEM) when allocation fails, not just -ENOMEM.
      Sparse would have caught that, if it wasn't so busy bitching about
      __cold__.
      
      Commit 05f4f678 ("nfsd4: don't do lookup within readdir in recovery
      code") introduced a similar problem with calling lookup_one_len()
      without i_mutex, which this patch also addresses. To fix that, it was
      necessary to fix the called functions so that they expect i_mutex to be
      held; that part was done by J. Bruce Fields.
      Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com>
      Umm-I-can-live-with-that-by: NAl Viro <viro@zeniv.linux.org.uk>
      Reported-by: NJ. R. Okajima <hooanon05@yahoo.co.jp>
      Tested-by: NJ. Bruce Fields <bfields@citi.umich.edu>
      LKML-Reference: <8036.1237474444@jrobl>
      Cc: stable@kernel.org
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      2f9092e1
    • A
      Safer nfsd_cross_mnt() · 1644ccc8
      Al Viro 提交于
      AFAICS, we have a subtle bug there: if we have crossed mountpoint
      *and* it got mount --move'd away, we'll be holding only one
      reference to fs containing dentry - exp->ex_path.mnt.  IOW, we
      ought to dput() before exp_put().
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      1644ccc8
  6. 07 4月, 2009 1 次提交
  7. 04 4月, 2009 31 次提交
  8. 01 4月, 2009 1 次提交
    • A
      Take fs_struct handling to new file (fs/fs_struct.c) · 3e93cd67
      Al Viro 提交于
      Pure code move; two new helper functions for nfsd and daemonize
      (unshare_fs_struct() and daemonize_fs_struct() resp.; for now -
      the same code as used to be in callers).  unshare_fs_struct()
      exported (for nfsd, as copy_fs_struct()/exit_fs() used to be),
      copy_fs_struct() and exit_fs() don't need exports anymore.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      3e93cd67