Signed-off-by: NAnton Altaparmakov <aia21@cantab.net>

Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NAnton Altaparmakov <aia21@cantab.net>

      Many thanks to Alberto Patino for testing and reporting the data
      corruption.  And many apologies for corrupting his partition.
Signed-off-by: NAnton Altaparmakov <aia21@cantab.net>

      Minor tidying.
Signed-off-by: NAnton Altaparmakov <aia21@cantab.net>

lock_kiocb() was introduced to serialize retrying and cancellation.  In the
process of doing so it tried to sleep waiting for KIF_LOCKED while holding
the ctx_lock spinlock.  Recent fixes have ensured that multiple concurrent
retries won't be attempted for a given iocb.  Cancel has other problems and
has no significant in-tree users that have been complaining about it.  So
for the immediate future we'll revert sleeping with the lock held and will
address proper cancellation and retry serialization in the future.
Signed-off-by: NZach Brown <zach.brown@oracle.com>
Acked-by: NBenjamin LaHaise <bcrl@kvack.org>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Currently you do not get all the map entries on nommu systems because the
start function doesn't index into the list using the value of "pos".
Signed-off-by: NDavid McCullough <davidm@snapgear.com>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Oopsable since nfs_wait_on_inode() can get called as part of iput_final().

Unnecessary since the caller had better be damned sure that the inode won't
disappear from underneath it anyway.
Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

If the data cache has been marked as potentially invalid by nfs_refresh_inode,
we should invalidate it rather than assume that changes are due to our own
activity.

Also ensure that we always start with a valid cache before declaring it
to be protected by a delegation.
Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

"proc_smaps_operations" is not defined in case of "CONFIG_MMU=n".
Signed-off-by: NYoshinori Sato <ysato@users.sourceforge.jp>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Nir Tzachar <tzachar@cs.bgu.ac.il> points out that if an ELF file specifies a
zero-length bss at a whacky address, we cannot load that binary because
padzero() tries to zero out the end of the page at the whacky address, and
that may not be writeable.

See also http://bugzilla.kernel.org/show_bug.cgi?id=5411

So teach load_elf_binary() to skip the bss settng altogether if the elf file
has a zero-length bss segment.

Cc: Roland McGrath <roland@redhat.com>
Cc: Daniel Jacobowitz <dan@debian.org>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Here is a compatibility fix between Linux and Solaris when used with VxFS
filesystems: Solaris usually accepts acl entries in any order, but with
VxFS it replies with NFSERR_INVAL when it sees a four-entry acl that is not
in canonical form.  It may also fail with other non-canonical acls -- I
can't tell, because that case never triggers: We only send non-canonical
acls when we fake up an ACL_MASK entry.

Instead of adding fake ACL_MASK entries at the end, inserting them in the
correct position makes Solaris+VxFS happy.  The Linux client and server
sides don't care about entry order.  The three-entry-acl special case in
which we need a fake ACL_MASK entry was handled in xdr_nfsace_encode.  The
patch moves this into nfsacl_encode.
Signed-off-by: NAndreas Gruenbacher <agruen@suse.de>
Acked-by: NTrond Myklebust <trond.myklebust@fys.uio.no>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

v9fs_file_read and v9fs_file_write use kmalloc to allocate buffers as big
as the data buffer received as parameter.  kmalloc cannot be used to
allocate buffers bigger than 128K, so reading/writing data in chunks bigger
than 128k fails.

This patch reorganizes v9fs_file_read and v9fs_file_write to allocate only
buffers as big as the maximum data that can be sent in one 9P message.
Signed-off-by: NLatchesar Ionkov <lucho@ionkov.net>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

      file operations ->write(), ->aio_write(), and ->writev() for regular
      files.  This replaces the old use of generic_file_write(), et al and
      the address space operations ->prepare_write and ->commit_write.
      This means that both sparse and non-sparse (unencrypted and
      uncompressed) files can now be extended using the normal write(2)
      code path.  There are two limitations at present and these are that
      we never create sparse files and that we only have limited support
      for highly fragmented files, i.e. ones whose data attribute is split
      across multiple extents.   When such a case is encountered,
      EOPNOTSUPP is returned.
Signed-off-by: NAnton Altaparmakov <aia21@cantab.net>

      preparation for the big rewrite of write(2) support in ntfs.
Signed-off-by: NAnton Altaparmakov <aia21@cantab.net>

      and cond_resched() in the main loop as we could be dirtying a lot of
      pages and this ensures we play nice with the VM and the system as a
      whole.
Signed-off-by: NAnton Altaparmakov <aia21@cantab.net>

The third param in this call to vmap shouldn't be GFP_KERNEL, which
makes no sense, but rather VM_MAP.  Thanks to Al Viro for spotting
this.
Signed-off-by: NTom Zanussi <zanussi@us.ibm.com>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

 - added typedef unsigned int __nocast gfp_t;

 - replaced __nocast uses for gfp flags with gfp_t - it gives exactly
   the same warnings as far as sparse is concerned, doesn't change
   generated code (from gcc point of view we replaced unsigned int with
   typedef) and documents what's going on far better.
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

The nameidata "last.name" is always allocated with "__getname()", and
should always be free'd with "__putname()".

Using "putname()" without the underscores will leak memory, because the
allocation will have been hidden from the AUDITSYSCALL code.

Arguably the real bug is that the AUDITSYSCALL code is really broken,
but in the meantime this fixes the problem people see.

Reported by Robert Derr, patch by Rick Lindsley.
Acked-by: NAl Viro <viro@ftp.linux.org.uk>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

bfs_fill_super() walks the inode table to get the bitmap of free inodes
and collect stats.  It has no business using iget() for that - it's a
lot of extra work, extra icache pollution and more complex code.
Switched to walking the damn thing directly.

Note: that also allows to kill ->i_dsk_ino in there - separate patch if
Tigran can confirm that this field can be zero only for deleted inodes
(i.e.  something that could only be found during that scan and not by
normal lookups).
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Signed-off-by: NAlexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

      the initial implementation of file truncation.  Now both open(2)ing
      a file with the O_TRUNC flag and the {,f}truncate(2) system calls
      will resize a file appropriately.  The limitations are that only
      uncompressed and unencrypted files are supported.  Also, there is
      only very limited support for highly fragmented files (the ones whose
      $DATA attribute is split into multiple attribute extents).
Signed-off-by: NAnton Altaparmakov <aia21@cantab.net>

      uncompressed and unencrypted files.
Signed-off-by: NAnton Altaparmakov <aia21@cantab.net>

      extend the allocation of an attributes.  Optionally, the data size,
      but not the initialized size can be extended, too.
Signed-off-by: NAnton Altaparmakov <aia21@cantab.net>

      which is zero for a resident attribute but should no longer be zero
      once the attribute is non-resident as it then has real clusters
      allocated.
Signed-off-by: NAnton Altaparmakov <aia21@cantab.net>

      as an extra parameter.  This is needed since we need to know the size
      before we can map the mft record and our callers always know it.  The
      reason we cannot simply read the size from the vfs inode i_size is
      that this is not necessarily uptodate.  This happens when
      ntfs_attr_make_non_resident() is called in the ->truncate call path.
Signed-off-by: NAnton Altaparmakov <aia21@cantab.net>

        specifying whether the cluster are being allocated to extend an
        attribute or to fill a hole.
      - Change ntfs_attr_make_non_resident() to call ntfs_cluster_alloc()
        with @is_extension set to TRUE and remove the runlist terminator
        fixup code as this is now done by ntfs_cluster_alloc().
Signed-off-by: NAnton Altaparmakov <aia21@cantab.net>

        search context as argument.  This allows calling it with the mft
        record mapped.  Update all callers.
      - Fix potential deadlock in ntfs_mft_data_extend_allocation_nolock()
	error handling by passing in the active search context when calling
	ntfs_cluster_free().
Signed-off-by: NAnton Altaparmakov <aia21@cantab.net>

      search context as argument.  This allows calling it with the mft
      record mapped.  Update all callers.
Signed-off-by: NAnton Altaparmakov <aia21@cantab.net>

      search context.  This allows calling it with the mft record mapped.
Signed-off-by: NAnton Altaparmakov <aia21@cantab.net>

      which we now cast to 64-bit first (fs/ntfs/mft.c::map_mft_record_page().
Signed-off-by: NAnton Altaparmakov <aia21@cantab.net>

      count to become negative and hence we had a wild memset() scribbling
      all over the system's ram.
Signed-off-by: NAnton Altaparmakov <aia21@cantab.net>

Check O_DIRECT and return -EINVAL error in open.  dentry_open() also checks
this but only after the open method is called.  This patch optimizes away
the unnecessary upcalls in this case.

It could be a correctness issue too: if filesystem has open() with side
effect, then it should fail before doing the open, not after.
Signed-off-by: NMiklos Szeredi <miklos@szeredi.hu>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Calling truncate() on hostfs spits a kernel warning "Something isn't
implemented here", but it still works fine.

Indeed, hostfs i_op->truncate doesn't do anything.  But hostfs_setattr() ->
set_attr() correctly detects ATTR_SIZE and calls truncate() on the host.  So
we should be safe (using ftruncate() may be better, in case the file is
unlinked on the host, but we aren't sure to have the file open for writing,
and reopening it would cause the same races; plus nobody should expect UML to
be so careful).

So, the warning is wrong, because the current implementation is working.  Al,
am I correct, and can the warning be therefore dropped?

CC: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: NPaolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Recently aio_p{read,write} changed to perform retries internally rather
than returning -EIOCBRETRY.  This inadvertantly resulted in always calling
aio_{read,write} with ki_left at 0 which would in turn immediately return
0.  Harmless, but we can avoid this call by checking in the caller.
Signed-off-by: NZach Brown <zach.brown@oracle.com>
Signed-off-by: NBenjamin LaHaise <bcrl@linux.intel.com>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Only one of the run or kick path is supposed to put an iocb on the run
list.  If both of them do it than one of them can end up referencing a
freed iocb.  The kick path could delete the task_list item from the wait
queue before getting the ctx_lock and putting the iocb on the run list.
The run path was testing the task_list item outside the lock so that it
could catch ki_retry methods that return -EIOCBRETRY *without* putting the
iocb on a wait queue and promising to call kick_iocb.  This unlocked check
could then race with the kick path to cause both to try and put the iocb on
the run list.

The patch stops the run path from testing task_list by requring that any
ki_retry that returns -EIOCBRETRY *must* guarantee that kick_iocb() will be
called in the future.  aio_p{read,write}, the only in-tree -EIOCBRETRY
users, are updated.
Signed-off-by: NZach Brown <zach.brown@oracle.com>
Signed-off-by: NBenjamin LaHaise <bcrl@linux.intel.com>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Only one of the run or kick path is supposed to put an iocb on the run
list.  If both of them do it than one of them can end up referencing a
freed iocb.  The kick patch could set the Kicked bit before acquiring the
ctx_lock and putting the iocb on the run list.  The run path, while holding
the ctx_lock, could see this partial kick and mistake it for a kick that
was deferred while it was doing work with the run_list NULLed out.  It
would then race with the kick thread to add the iocb to the run list.

This patch moves the kick setting under the ctx_lock so that only one of
the kick or run path queues the iocb on the run list, as intended.
Signed-off-by: NZach Brown <zach.brown@oracle.com>
Signed-off-by: NBenjamin LaHaise <bcrl@linux.intel.com>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

it seems that readv(2)/writev(2) syscalls do not call
file_permission callback. Looks like this is overlook.

I have filled the issue into redhat bugzilla as
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169433
and got the recommendation to post this on lsm mailing list.

The following trivial patch solves the problem.
Signed-off-by: NKostik Belousov <kostikbel@gmail.com>
Signed-off-by: NChris Wright <chrisw@osdl.org>

Handle the timeout upper boundary for epoll.
Signed-off-by: NDavide Libenzi <davidel@xmailserver.org>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Fid management cleanup.  The patch attempts to fix the races in dentry's
fid management.

Dentries don't keep the opened fids anymore, they are moved to the file
structs.  Ideally there should be no more than one fid with fidcreate equal
to zero in the dentry's list of fids.

v9fs_fid_create initializes the important fields (fid, fidcreated) before
v9fs_fid is added to the list.  v9fs_fid_lookup returns only fids that are
not created by v9fs_create.  v9fs_fid_get_created returns the fid created
by the same process by v9fs_create (if any) and removes it from dentry's
list
Signed-off-by: NLatchesar Ionkov <lucho@ionkov.net>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>