1. 14 7月, 2016 1 次提交
    • F
      chardev: add missing line break in pr_warn · 077e2642
      Fengguang Wu 提交于
      To fix super long dmesg error lines like
      
        CHRDEV "dummy_stm.0" major number 224 goes below the dynamic allocation rangeCHRDEV "dummy_stm.1" major number 223 goes below the dynamic allocation rangeswapper: page allocation failure: order:8, mode:0x26040c0(GFP_KERNEL|__GFP_COMP|__GFP_NOTRACK)
      
      After fix, it should look like
      
        CHRDEV "dummy_stm.0" major number 224 goes below the dynamic allocation range
        CHRDEV "dummy_stm.1" major number 223 goes below the dynamic allocation range
        swapper: page allocation failure: order:8, mode:0x26040c0(GFP_KERNEL|__GFP_COMP|__GFP_NOTRACK)
      Reported-by: NPhilip Li <philip.li@intel.com>
      Signed-off-by: NFengguang Wu <fengguang.wu@intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      077e2642
  2. 18 6月, 2016 8 次提交
  3. 16 6月, 2016 3 次提交
  4. 15 6月, 2016 4 次提交
    • J
      nfsd4/rpc: move backchannel create logic into rpc code · d50039ea
      J. Bruce Fields 提交于
      Also simplify the logic a bit.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      Acked-by: NTrond Myklebust <trondmy@primarydata.com>
      d50039ea
    • M
      ovl: fix uid/gid when creating over whiteout · d0e13f5b
      Miklos Szeredi 提交于
      Fix a regression when creating a file over a whiteout.  The new
      file/directory needs to use the current fsuid/fsgid, not the ones from the
      mounter's credentials.
      
      The refcounting is a bit tricky: prepare_creds() sets an original refcount,
      override_creds() gets one more, which revert_cred() drops.  So
      
        1) we need to expicitly put the mounter's credentials when overriding
           with the updated one
      
        2) we need to put the original ref to the updated creds (and this can
           safely be done before revert_creds(), since we'll still have the ref
           from override_creds()).
      Reported-by: NStephen Smalley <sds@tycho.nsa.gov>
      Fixes: 3fe6e52f ("ovl: override creds with the ones from the superblock mounter")
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      d0e13f5b
    • N
      debugfs: open_proxy_open(): avoid double fops release · 75f0b68b
      Nicolai Stange 提交于
      Debugfs' open_proxy_open(), the ->open() installed at all inodes created
      through debugfs_create_file_unsafe(),
      - grabs a reference to the original file_operations instance passed to
        debugfs_create_file_unsafe() via fops_get(),
      - installs it at the file's ->f_op by means of replace_fops()
      - and calls fops_put() on it.
      
      Since the semantics of replace_fops() are such that the reference's
      ownership is transferred, the subsequent fops_put() will result in a double
      release when the file is eventually closed.
      
      Currently, this is not an issue since fops_put() basically does a
      module_put() on the file_operations' ->owner only and there don't exist any
      modules calling debugfs_create_file_unsafe() yet. This is expected to
      change in the future though, c.f. commit c6468808 ("debugfs: add
      support for self-protecting attribute file fops").
      
      Remove the call to fops_put() from open_proxy_open().
      
      Fixes: 9fd4dcec ("debugfs: prevent access to possibly dead
                            file_operations at file open")
      Signed-off-by: NNicolai Stange <nicstange@gmail.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      75f0b68b
    • N
      debugfs: full_proxy_open(): free proxy on ->open() failure · b10e3e90
      Nicolai Stange 提交于
      Debugfs' full_proxy_open(), the ->open() installed at all inodes created
      through debugfs_create_file(),
      - grabs a reference to the original struct file_operations instance passed
        to debugfs_create_file(),
      - dynamically allocates a proxy struct file_operations instance wrapping
        the original
      - and installs this at the file's ->f_op.
      
      Afterwards, it calls the original ->open() and passes its return value back
      to the VFS layer.
      
      Now, if that return value indicates failure, the VFS layer won't ever call
      ->release() and thus, neither the reference to the original file_operations
      nor the memory for the proxy file_operations will get released, i.e. both
      are leaked.
      
      Upon failure of the original fops' ->open(), undo the proxy installation.
      That is:
      - Set the struct file ->f_op to what it had been when full_proxy_open()
        was entered.
      - Drop the reference to the original file_operations.
      - Free the memory holding the proxy file_operations.
      
      Fixes: 49d200de ("debugfs: prevent access to removed files' private
                            data")
      Signed-off-by: NNicolai Stange <nicstange@gmail.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b10e3e90
  5. 14 6月, 2016 1 次提交
  6. 11 6月, 2016 2 次提交
  7. 08 6月, 2016 3 次提交
    • M
      coredump: fix dumping through pipes · 1607f09c
      Mateusz Guzik 提交于
      The offset in the core file used to be tracked with ->written field of
      the coredump_params structure. The field was retired in favour of
      file->f_pos.
      
      However, ->f_pos is not maintained for pipes which leads to breakage.
      
      Restore explicit tracking of the offset in coredump_params. Introduce
      ->pos field for this purpose since ->written was already reused.
      
      Fixes: a0083939 ("get rid of coredump_params->written").
      Reported-by: NZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
      Signed-off-by: NMateusz Guzik <mguzik@redhat.com>
      Reviewed-by: NOmar Sandoval <osandov@fb.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      1607f09c
    • A
      fix a regression in atomic_open() · a01e718f
      Al Viro 提交于
      open("/foo/no_such_file", O_RDONLY | O_CREAT) on should fail with
      EACCES when /foo is not writable; failing with ENOENT is obviously
      wrong.  That got broken by a braino introduced when moving the
      creat_error logics from atomic_open() to lookup_open().  Easy to
      fix, fortunately.
      Spotted-by: N"Yan, Zheng" <ukernel@gmail.com>
      Tested-by: N"Yan, Zheng" <ukernel@gmail.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      a01e718f
    • A
      fix d_walk()/non-delayed __d_free() race · 3d56c25e
      Al Viro 提交于
      Ascend-to-parent logics in d_walk() depends on all encountered child
      dentries not getting freed without an RCU delay.  Unfortunately, in
      quite a few cases it is not true, with hard-to-hit oopsable race as
      the result.
      
      Fortunately, the fix is simiple; right now the rule is "if it ever
      been hashed, freeing must be delayed" and changing it to "if it
      ever had a parent, freeing must be delayed" closes that hole and
      covers all cases the old rule used to cover.  Moreover, pipes and
      sockets remain _not_ covered, so we do not introduce RCU delay in
      the cases which are the reason for having that delay conditional
      in the first place.
      
      Cc: stable@vger.kernel.org # v3.2+ (and watch out for __d_materialise_dentry())
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      3d56c25e
  8. 07 6月, 2016 2 次提交
  9. 06 6月, 2016 11 次提交
  10. 05 6月, 2016 1 次提交
    • A
      autofs braino fix for do_last() · e6ec03a2
      Al Viro 提交于
      It's an analogue of commit 7500c38a (fix the braino in "namei:
      massage lookup_slow() to be usable by lookup_one_len_unlocked()").
      The same problem (->lookup()-returned unhashed negative dentry
      just might be an autofs one with ->d_manage() that would wait
      until the daemon makes it positive) applies in do_last() - we
      need to do follow_managed() first.
      
      Fortunately, remaining callers of follow_managed() are OK - only
      autofs has that weirdness (negative dentry that does not mean
      an instant -ENOENT)) and autofs never has its negative dentries
      hashed, so we can't pick one from a dcache lookup.
      
      ->d_manage() is a bloody mess ;-/
      
      Cc: stable@vger.kernel.org # v4.6
      Spotted-by: NIan Kent <raven@themaw.net>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      e6ec03a2
  11. 04 6月, 2016 2 次提交
    • A
      fix EOPENSTALE bug in do_last() · fac7d191
      Al Viro 提交于
      EOPENSTALE occuring at the last component of a trailing symlink ends up
      with do_last() retrying its lookup.  After the symlink body has been
      discarded.  The thing is, all this retry_lookup logics in there is not
      needed at all - the upper layers will do the right thing if we simply
      return that -EOPENSTALE as we would with any other error.  Trying to
      microoptimize in do_last() is a lot of headache for no good reason.
      
      Cc: stable@vger.kernel.org # v4.2+
      Tested-by: NOleg Drokin <green@linuxhacker.ru>
      Reviewed-and-Tested-by: NJeff Layton <jlayton@poochiereds.net>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      fac7d191
    • C
      Btrfs: deal with duplciates during extent_map insertion in btrfs_get_extent · 8dff9c85
      Chris Mason 提交于
      When dealing with inline extents, btrfs_get_extent will incorrectly try
      to insert a duplicate extent_map.  The dup hits -EEXIST from
      add_extent_map, but then we try to merge with the existing one and end
      up trying to insert a zero length extent_map.
      
      This actually works most of the time, except when there are extent maps
      past the end of the inline extent.  rocksdb will trigger this sometimes
      because it preallocates an extent and then truncates down.
      
      Josef made a script to trigger with xfs_io:
      
      	#!/bin/bash
      
      	xfs_io -f -c "pwrite 0 1000" inline
      	xfs_io -c "falloc -k 4k 1M" inline
      	xfs_io -c "pread 0 1000" -c "fadvise -d 0 1000" -c "pread 0 1000" inline
      	xfs_io -c "fadvise -d 0 1000" inline
      	cat inline
      
      You'll get EIOs trying to read inline after this because add_extent_map
      is returning EEXIST
      Signed-off-by: NChris Mason <clm@fb.com>
      8dff9c85
  12. 03 6月, 2016 2 次提交
新手
引导
客服 返回
顶部