1. 08 12月, 2006 1 次提交
  2. 26 11月, 2006 1 次提交
    • M
      [PATCH] fuse: fix Oops in lookup · 2d51013e
      Miklos Szeredi 提交于
      Fix bug in certain error paths of lookup routines.  The request object was
      reused for sending FORGET, which is illegal.  This bug could cause an Oops
      in 2.6.18.  In earlier versions it might silently corrupt memory, but this
      is very unlikely.
      
      These error paths are never triggered by libfuse, so this wasn't noticed
      even with the 2.6.18 kernel, only with a filesystem using the raw kernel
      interface.
      
      Thanks to Russ Cox for the bug report and test filesystem.
      Signed-off-by: NMiklos Szeredi <miklos@szeredi.hu>
      Cc: <stable@kernel.org>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      2d51013e
  3. 17 10月, 2006 4 次提交
    • M
      [PATCH] fuse: fix dereferencing dentry parent · e956edd0
      Miklos Szeredi 提交于
      There's no locking for ->d_revalidate, so fuse_dentry_revalidate() should use
      dget_parent() instead of simply dereferencing ->d_parent.
      
      Due to topology changes in the directory tree the parent could become negative
      or be destroyed while being used.  There hasn't been any reports about this
      yet.
      Signed-off-by: NMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      e956edd0
    • M
      [PATCH] fuse: fix handling of moved directory · d2a85164
      Miklos Szeredi 提交于
      Fuse considered it an error (EIO) if lookup returned a directory inode, to
      which a dentry already refered.  This is because directory aliases are not
      allowed.
      
      But in a network filesystem this could happen legitimately, if a directory is
      moved on a remote client.  This patch attempts to relax the restriction by
      trying to first evict the offending alias from the cache.  If this fails, it
      still returns an error (EBUSY).
      
      A rarer situation is if an mkdir races with an indenpendent lookup, which
      finds the newly created directory already moved.  In this situation the mkdir
      should return success, but that would be incorrect, since the dentry cannot be
      instantiated, so return EBUSY.
      
      Previously checking for a directory alias and instantiation of the dentry
      weren't done atomically in lookup/mkdir, hence two such calls racing with each
      other could create aliased directories.  To prevent this introduce a new
      per-connection mutex: fuse_conn->inst_mutex, which is taken for instantiations
      with a directory inode.
      Signed-off-by: NMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      d2a85164
    • M
      [PATCH] fuse: locking fix for nlookup · 8da5ff23
      Miklos Szeredi 提交于
      An inode could be returned by independent parallel lookups, in this case an
      update of the lookup counter could be lost resulting in a memory leak in
      userspace.
      Signed-off-by: NMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      8da5ff23
    • M
      [PATCH] fuse: fix hang on SMP · 9ffbb916
      Miklos Szeredi 提交于
      Fuse didn't always call i_size_write() with i_mutex held which caused rare
      hangs on SMP/32bit.  This bug has been present since fuse-2.2, well before
      being merged into mainline.
      
      The simplest solution is to protect i_size_write() with the per-connection
      spinlock.  Using i_mutex for this purpose would require some restructuring of
      the code and I'm not even sure it's always safe to acquire i_mutex in all
      places i_size needs to be set.
      
      Since most of vmtruncate is already duplicated for other reasons, duplicate
      the remaining part as well, making all i_size_write() calls internal to fuse.
      
      Using i_size_write() was unnecessary in fuse_init_inode(), since this function
      is only called on a newly created locked inode.
      
      Reported by a few people over the years, but special thanks to Dana Henriksen
      who was persistent enough in helping me debug it.
      Signed-off-by: NMiklos Szeredi <miklos@szeredi.hu>
      Signed-off-by: NAndrew Morton <akpm@osdl.org>
      Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
      9ffbb916
  4. 01 10月, 2006 1 次提交
  5. 30 9月, 2006 1 次提交
  6. 01 8月, 2006 2 次提交
  7. 26 6月, 2006 1 次提交
  8. 11 4月, 2006 1 次提交
  9. 29 3月, 2006 1 次提交
  10. 01 3月, 2006 1 次提交
  11. 17 1月, 2006 2 次提交
  12. 07 1月, 2006 6 次提交
  13. 29 11月, 2005 2 次提交
  14. 07 11月, 2005 4 次提交
  15. 31 10月, 2005 1 次提交
  16. 28 9月, 2005 1 次提交
  17. 10 9月, 2005 10 次提交