diff options
Diffstat (limited to 'fs')
-rw-r--r-- | fs/9p/trans_sock.c | 1 | ||||
-rw-r--r-- | fs/compat.c | 2 | ||||
-rw-r--r-- | fs/hostfs/hostfs_kern.c | 9 | ||||
-rw-r--r-- | fs/lockd/clntlock.c | 4 | ||||
-rw-r--r-- | fs/nfs/callback.c | 3 | ||||
-rw-r--r-- | fs/nfs/direct.c | 24 | ||||
-rw-r--r-- | fs/nfs/file.c | 26 | ||||
-rw-r--r-- | fs/nfs/inode.c | 28 | ||||
-rw-r--r-- | fs/nfsd/nfs2acl.c | 2 | ||||
-rw-r--r-- | fs/nfsd/nfs3acl.c | 2 | ||||
-rw-r--r-- | fs/partitions/Kconfig | 2 | ||||
-rw-r--r-- | fs/proc/generic.c | 47 | ||||
-rw-r--r-- | fs/read_write.c | 34 | ||||
-rw-r--r-- | fs/relayfs/relay.c | 8 |
14 files changed, 107 insertions, 85 deletions
diff --git a/fs/9p/trans_sock.c b/fs/9p/trans_sock.c index a93c2bf94c3..6a9a75d40f7 100644 --- a/fs/9p/trans_sock.c +++ b/fs/9p/trans_sock.c @@ -26,6 +26,7 @@ */ #include <linux/config.h> +#include <linux/in.h> #include <linux/module.h> #include <linux/net.h> #include <linux/ipv6.h> diff --git a/fs/compat.c b/fs/compat.c index 818634120b6..55ac0324aaf 100644 --- a/fs/compat.c +++ b/fs/compat.c @@ -1170,7 +1170,7 @@ static ssize_t compat_do_readv_writev(int type, struct file *file, } ret = rw_verify_area(type, file, pos, tot_len); - if (ret) + if (ret < 0) goto out; fnv = NULL; diff --git a/fs/hostfs/hostfs_kern.c b/fs/hostfs/hostfs_kern.c index 4684eb7d48c..b3ad0bd0312 100644 --- a/fs/hostfs/hostfs_kern.c +++ b/fs/hostfs/hostfs_kern.c @@ -501,11 +501,16 @@ int hostfs_commit_write(struct file *file, struct page *page, unsigned from, long long start; int err = 0; - start = (long long) (page->index << PAGE_CACHE_SHIFT) + from; + start = (((long long) page->index) << PAGE_CACHE_SHIFT) + from; buffer = kmap(page); err = write_file(FILE_HOSTFS_I(file)->fd, &start, buffer + from, to - from); if(err > 0) err = 0; + + /* Actually, if !err, write_file has added to-from to start, so, despite + * the appearance, we are comparing i_size against the _last_ written + * location, as we should. */ + if(!err && (start > inode->i_size)) inode->i_size = start; @@ -910,10 +915,8 @@ static struct inode_operations hostfs_dir_iops = { int hostfs_link_readpage(struct file *file, struct page *page) { char *buffer, *name; - long long start; int err; - start = page->index << PAGE_CACHE_SHIFT; buffer = kmap(page); name = inode_name(page->mapping->host, 0); if(name == NULL) return(-ENOMEM); diff --git a/fs/lockd/clntlock.c b/fs/lockd/clntlock.c index 006bb9e1457..3eaf6e70108 100644 --- a/fs/lockd/clntlock.c +++ b/fs/lockd/clntlock.c @@ -157,6 +157,8 @@ void nlmclnt_mark_reclaim(struct nlm_host *host) inode = fl->fl_file->f_dentry->d_inode; if (inode->i_sb->s_magic != NFS_SUPER_MAGIC) continue; + if (fl->fl_u.nfs_fl.owner == NULL) + continue; if (fl->fl_u.nfs_fl.owner->host != host) continue; if (!(fl->fl_u.nfs_fl.flags & NFS_LCK_GRANTED)) @@ -226,6 +228,8 @@ restart: inode = fl->fl_file->f_dentry->d_inode; if (inode->i_sb->s_magic != NFS_SUPER_MAGIC) continue; + if (fl->fl_u.nfs_fl.owner == NULL) + continue; if (fl->fl_u.nfs_fl.owner->host != host) continue; if (!(fl->fl_u.nfs_fl.flags & NFS_LCK_RECLAIM)) diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c index f2ca782aba3..30cae360286 100644 --- a/fs/nfs/callback.c +++ b/fs/nfs/callback.c @@ -14,6 +14,9 @@ #include <linux/sunrpc/svc.h> #include <linux/sunrpc/svcsock.h> #include <linux/nfs_fs.h> + +#include <net/inet_sock.h> + #include "nfs4_fs.h" #include "callback.h" diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c index b497c71384e..07922881760 100644 --- a/fs/nfs/direct.c +++ b/fs/nfs/direct.c @@ -678,15 +678,9 @@ nfs_file_direct_read(struct kiocb *iocb, char __user *buf, size_t count, loff_t if (!count) goto out; - if (mapping->nrpages) { - retval = filemap_fdatawrite(mapping); - if (retval == 0) - retval = nfs_wb_all(inode); - if (retval == 0) - retval = filemap_fdatawait(mapping); - if (retval) - goto out; - } + retval = nfs_sync_mapping(mapping); + if (retval) + goto out; retval = nfs_direct_read(inode, ctx, &iov, pos, 1); if (retval > 0) @@ -764,15 +758,9 @@ nfs_file_direct_write(struct kiocb *iocb, const char __user *buf, size_t count, if (!count) goto out; - if (mapping->nrpages) { - retval = filemap_fdatawrite(mapping); - if (retval == 0) - retval = nfs_wb_all(inode); - if (retval == 0) - retval = filemap_fdatawait(mapping); - if (retval) - goto out; - } + retval = nfs_sync_mapping(mapping); + if (retval) + goto out; retval = nfs_direct_write(inode, ctx, &iov, pos, 1); if (mapping->nrpages) diff --git a/fs/nfs/file.c b/fs/nfs/file.c index 57d3e77d97e..7a79fbe9f53 100644 --- a/fs/nfs/file.c +++ b/fs/nfs/file.c @@ -433,11 +433,7 @@ static int do_unlk(struct file *filp, int cmd, struct file_lock *fl) * Flush all pending writes before doing anything * with locks.. */ - filemap_fdatawrite(filp->f_mapping); - down(&inode->i_sem); - nfs_wb_all(inode); - up(&inode->i_sem); - filemap_fdatawait(filp->f_mapping); + nfs_sync_mapping(filp->f_mapping); /* NOTE: special case * If we're signalled while cleaning up locks on process exit, we @@ -465,15 +461,8 @@ static int do_setlk(struct file *filp, int cmd, struct file_lock *fl) * Flush all pending writes before doing anything * with locks.. */ - status = filemap_fdatawrite(filp->f_mapping); - if (status == 0) { - down(&inode->i_sem); - status = nfs_wb_all(inode); - up(&inode->i_sem); - if (status == 0) - status = filemap_fdatawait(filp->f_mapping); - } - if (status < 0) + status = nfs_sync_mapping(filp->f_mapping); + if (status != 0) goto out; lock_kernel(); @@ -497,11 +486,7 @@ static int do_setlk(struct file *filp, int cmd, struct file_lock *fl) * Make sure we clear the cache whenever we try to get the lock. * This makes locking act as a cache coherency point. */ - filemap_fdatawrite(filp->f_mapping); - down(&inode->i_sem); - nfs_wb_all(inode); /* we may have slept */ - up(&inode->i_sem); - filemap_fdatawait(filp->f_mapping); + nfs_sync_mapping(filp->f_mapping); nfs_zap_caches(inode); out: rpc_clnt_sigunmask(NFS_CLIENT(inode), &oldset); @@ -524,7 +509,8 @@ static int nfs_lock(struct file *filp, int cmd, struct file_lock *fl) return -EINVAL; /* No mandatory locks over NFS */ - if ((inode->i_mode & (S_ISGID | S_IXGRP)) == S_ISGID) + if ((inode->i_mode & (S_ISGID | S_IXGRP)) == S_ISGID && + fl->fl_type != F_UNLCK) return -ENOLCK; if (IS_GETLK(cmd)) diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c index afd75d0463f..432f41cd75e 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -640,6 +640,27 @@ static int nfs_show_options(struct seq_file *m, struct vfsmount *mnt) return 0; } +/** + * nfs_sync_mapping - helper to flush all mmapped dirty data to disk + */ +int nfs_sync_mapping(struct address_space *mapping) +{ + int ret; + + if (mapping->nrpages == 0) + return 0; + unmap_mapping_range(mapping, 0, 0, 0); + ret = filemap_fdatawrite(mapping); + if (ret != 0) + goto out; + ret = filemap_fdatawait(mapping); + if (ret != 0) + goto out; + ret = nfs_wb_all(mapping->host); +out: + return ret; +} + /* * Invalidate the local caches */ @@ -1179,11 +1200,8 @@ void nfs_revalidate_mapping(struct inode *inode, struct address_space *mapping) struct nfs_inode *nfsi = NFS_I(inode); if (nfsi->cache_validity & NFS_INO_INVALID_DATA) { - if (S_ISREG(inode->i_mode)) { - if (filemap_fdatawrite(mapping) == 0) - filemap_fdatawait(mapping); - nfs_wb_all(inode); - } + if (S_ISREG(inode->i_mode)) + nfs_sync_mapping(mapping); invalidate_inode_pages2(mapping); spin_lock(&inode->i_lock); diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c index 7cbf0682b2f..fc95c4df669 100644 --- a/fs/nfsd/nfs2acl.c +++ b/fs/nfsd/nfs2acl.c @@ -107,7 +107,7 @@ static int nfsacld_proc_setacl(struct svc_rqst * rqstp, dprintk("nfsd: SETACL(2acl) %s\n", SVCFH_fmt(&argp->fh)); fh = fh_copy(&resp->fh, &argp->fh); - nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP); + nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_SATTR); if (!nfserr) { nfserr = nfserrno( nfsd_set_posix_acl( diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c index 64ba40572fe..16e10c170ae 100644 --- a/fs/nfsd/nfs3acl.c +++ b/fs/nfsd/nfs3acl.c @@ -101,7 +101,7 @@ static int nfsd3_proc_setacl(struct svc_rqst * rqstp, int nfserr = 0; fh = fh_copy(&resp->fh, &argp->fh); - nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP); + nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_SATTR); if (!nfserr) { nfserr = nfserrno( nfsd_set_posix_acl( diff --git a/fs/partitions/Kconfig b/fs/partitions/Kconfig index deb25b661f0..656bc43431b 100644 --- a/fs/partitions/Kconfig +++ b/fs/partitions/Kconfig @@ -203,7 +203,7 @@ config ULTRIX_PARTITION config SUN_PARTITION bool "Sun partition tables support" if PARTITION_ADVANCED - default y if (SPARC32 || SPARC64 || SUN3 || SUN3X) + default y if (SPARC || SUN3 || SUN3X) ---help--- Like most systems, SunOS uses its own hard disk partition table format, incompatible with all others. Saying Y here allows you to diff --git a/fs/proc/generic.c b/fs/proc/generic.c index b638fb50074..72b431d0a0a 100644 --- a/fs/proc/generic.c +++ b/fs/proc/generic.c @@ -54,6 +54,18 @@ proc_file_read(struct file *file, char __user *buf, size_t nbytes, ssize_t n, count; char *start; struct proc_dir_entry * dp; + unsigned long long pos; + + /* + * Gaah, please just use "seq_file" instead. The legacy /proc + * interfaces cut loff_t down to off_t for reads, and ignore + * the offset entirely for writes.. + */ + pos = *ppos; + if (pos > MAX_NON_LFS) + return 0; + if (nbytes > MAX_NON_LFS - pos) + nbytes = MAX_NON_LFS - pos; dp = PDE(inode); if (!(page = (char*) __get_free_page(GFP_KERNEL))) @@ -202,30 +214,17 @@ proc_file_write(struct file *file, const char __user *buffer, static loff_t proc_file_lseek(struct file *file, loff_t offset, int orig) { - lock_kernel(); - - switch (orig) { - case 0: - if (offset < 0) - goto out; - file->f_pos = offset; - unlock_kernel(); - return(file->f_pos); - case 1: - if (offset + file->f_pos < 0) - goto out; - file->f_pos += offset; - unlock_kernel(); - return(file->f_pos); - case 2: - goto out; - default: - goto out; - } - -out: - unlock_kernel(); - return -EINVAL; + loff_t retval = -EINVAL; + switch (orig) { + case 1: + offset += file->f_pos; + /* fallthrough */ + case 0: + if (offset < 0 || offset > MAX_NON_LFS) + break; + file->f_pos = retval = offset; + } + return retval; } static int proc_notify_change(struct dentry *dentry, struct iattr *iattr) diff --git a/fs/read_write.c b/fs/read_write.c index a091ee4f430..df3468a22fe 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -14,6 +14,7 @@ #include <linux/security.h> #include <linux/module.h> #include <linux/syscalls.h> +#include <linux/pagemap.h> #include <asm/uaccess.h> #include <asm/unistd.h> @@ -182,22 +183,33 @@ bad: } #endif +/* + * rw_verify_area doesn't like huge counts. We limit + * them to something that fits in "int" so that others + * won't have to do range checks all the time. + */ +#define MAX_RW_COUNT (INT_MAX & PAGE_CACHE_MASK) int rw_verify_area(int read_write, struct file *file, loff_t *ppos, size_t count) { struct inode *inode; loff_t pos; - if (unlikely(count > INT_MAX)) + if (unlikely((ssize_t) count < 0)) goto Einval; pos = *ppos; if (unlikely((pos < 0) || (loff_t) (pos + count) < 0)) goto Einval; inode = file->f_dentry->d_inode; - if (inode->i_flock && MANDATORY_LOCK(inode)) - return locks_mandatory_area(read_write == READ ? FLOCK_VERIFY_READ : FLOCK_VERIFY_WRITE, inode, file, pos, count); - return 0; + if (inode->i_flock && MANDATORY_LOCK(inode)) { + int retval = locks_mandatory_area( + read_write == READ ? FLOCK_VERIFY_READ : FLOCK_VERIFY_WRITE, + inode, file, pos, count); + if (retval < 0) + return retval; + } + return count > MAX_RW_COUNT ? MAX_RW_COUNT : count; Einval: return -EINVAL; @@ -244,7 +256,8 @@ ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos) return -EFAULT; ret = rw_verify_area(READ, file, pos, count); - if (!ret) { + if (ret >= 0) { + count = ret; ret = security_file_permission (file, MAY_READ); if (!ret) { if (file->f_op->read) @@ -295,7 +308,8 @@ ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_ return -EFAULT; ret = rw_verify_area(WRITE, file, pos, count); - if (!ret) { + if (ret >= 0) { + count = ret; ret = security_file_permission (file, MAY_WRITE); if (!ret) { if (file->f_op->write) @@ -497,7 +511,7 @@ static ssize_t do_readv_writev(int type, struct file *file, } ret = rw_verify_area(type, file, pos, tot_len); - if (ret) + if (ret < 0) goto out; ret = security_file_permission(file, type == READ ? MAY_READ : MAY_WRITE); if (ret) @@ -653,8 +667,9 @@ static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos, if (!(in_file->f_mode & FMODE_PREAD)) goto fput_in; retval = rw_verify_area(READ, in_file, ppos, count); - if (retval) + if (retval < 0) goto fput_in; + count = retval; retval = security_file_permission (in_file, MAY_READ); if (retval) @@ -674,8 +689,9 @@ static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos, goto fput_out; out_inode = out_file->f_dentry->d_inode; retval = rw_verify_area(WRITE, out_file, &out_file->f_pos, count); - if (retval) + if (retval < 0) goto fput_out; + count = retval; retval = security_file_permission (out_file, MAY_WRITE); if (retval) diff --git a/fs/relayfs/relay.c b/fs/relayfs/relay.c index 16446a15c96..2a6f7f12b7f 100644 --- a/fs/relayfs/relay.c +++ b/fs/relayfs/relay.c @@ -333,8 +333,7 @@ size_t relay_switch_subbuf(struct rchan_buf *buf, size_t length) return length; toobig: - printk(KERN_WARNING "relayfs: event too large (%Zd)\n", length); - WARN_ON(1); + buf->chan->last_toobig = length; return 0; } @@ -399,6 +398,11 @@ void relay_close(struct rchan *chan) relay_close_buf(chan->buf[i]); } + if (chan->last_toobig) + printk(KERN_WARNING "relayfs: one or more items not logged " + "[item size (%Zd) > sub-buffer size (%Zd)]\n", + chan->last_toobig, chan->subbuf_size); + kref_put(&chan->kref, relay_destroy_channel); } |