summaryrefslogtreecommitdiffstats
path: root/fs
AgeCommit message (Collapse)Author
2006-05-25[JFFS2] Correctly handle wasted space before summary node.David Woodhouse
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-25[JFFS2] jffs2_free_all_node_refs() doesn't free them all. Rename it.David Woodhouse
... to jffs2_free_jeb_node_refs() since that's what it does. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-25[JFFS2] Allocate node_ref for wasted space when skipping to page boundaryDavid Woodhouse
One more place where we were changing the accounting info without actually allocating a ref for the lost space... Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-24[JFFS2] Revert Artem's Bunkage in debug messages.David Woodhouse
Random unthinking 'cleanup' caused debug messages like this: Obsoleting node at 0x0006daf4 of len 0x3a4: <7>Dirtying If messages are continuation of an existing line, they don't need to be prefixed with KERN_DEBUG. THINK. Or you will be replaced by a small shell script. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-24Merge branch 'master' of git://git.infradead.org/~gleixner/mtd-nand-2.6.gitDavid Woodhouse
2006-05-24[JFFS2] Introduce ref_next() macro for finding next physical nodeDavid Woodhouse
Another part of the preparation for switching to an array... Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-24[JFFS2] Reduce visibility of raw_node_ref to upper layers of JFFS2 code.David Woodhouse
As the first step towards eliminating the ref->next_phys member and saving memory by using an _array_ of struct jffs2_raw_node_ref per eraseblock, stop the write functions from allocating their own refs; have them just _reserve_ the appropriate number instead. Then jffs2_link_node_ref() can just fill them in. Use a linked list of pre-allocated refs in the superblock, for now. Once we switch to an array, it'll just be a case of extending that array. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-23[MTD] Remove read/write _ecc variantsThomas Gleixner
MTD clients are agnostic of FLASH which needs ECC suppport. Remove the functions and fixup the callers. Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2006-05-23Merge branch 'master' of /home/tglx/work/kernel/git/mtd-2.6/Thomas Gleixner
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2006-05-23[JFFS2] Simplify writebuffer handlingThomas Gleixner
The writev based write buffer implementation was far to complex as in most use cases the write buffer had to be handled anyway. Simplify the write buffer handling and use mtd->write instead. From extensive testing no performance impact has been noted. Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2006-05-23[JFFS2] Remove flash offset argument from various functions.David Woodhouse
We don't need the upper layers to deal with the physical offset. It's _always_ c->nextblock->offset + c->sector_size - c->nextblock->free_size so we might as well just let the actual write functions deal with that. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-22[MTD] Introduce MTD_BIT_WRITEABLEJoern Engel
o Add a flag MTD_BIT_WRITEABLE for devices that allow single bits to be cleared. o Replace MTD_PROGRAM_REGIONS with a cleared MTD_BIT_WRITEABLE flag for STMicro and Intel Sibley flashes with internal ECC. Those flashes disallow clearing of single bits, unlike regular NOR flashes, so the new flag models their behaviour better. o Remove MTD_ECC. After the STMicro/Sibley merge, this flag is only set and never checked. Signed-off-by: Joern Engel <joern@wh.fh-wedel.de>
2006-05-22[MTD] Merge STMicro NOR_ECC code with Intel Sibley codeJoern Engel
In 2002, STMicro started producing NOR flashes with internal ECC protection for small blocks (8 or 16 bytes). Support for those flashes was added by me. In 2005, Intel Sibley flashes copied this strategy and Nico added support for those. Merge the code for both. Signed-off-by: Joern Engel <joern@wh.fh-wedel.de>
2006-05-22[MTD] Introduce writesizeJoern Engel
At least two flashes exists that have the concept of a minimum write unit, similar to NAND pages, but no other NAND characteristics. Therefore, rename the minimum write unit to "writesize" for all flashes, including NAND. Signed-off-by: Joern Engel <joern@wh.fh-wedel.de>
2006-05-22[JFFS2] Put list of nodes in common part of ic/x_ref/x_datum structureDavid Woodhouse
We'll be using a proper list of nodes in the jffs2_xattr_datum and jffs2_xattr_ref structures, because the existing code to overwrite them is just broken. Put it in the common part at the front of the structure which is shared with the jffs2_inode_cache, so that the jffs2_link_node_ref() function can do the right thing. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-22[JFFS2] Add some preemptive BUG checks for XATTR codeDavid Woodhouse
In a couple of places, we assume that what's at the end of the ->next_in_ino list is a struct jffs2_inode_cache. Let's check for that, since we expect it to change soon. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-22[JFFS2] Extend jffs2_link_node_ref() to link into per-inode list too.David Woodhouse
Let's avoid the potential for forgetting to set ref->next_in_ino, by doing it within jffs2_link_node_ref() instead. This highlights the ugliness of what we're currently doing with xattr_datum and xattr_ref structures -- we should find a nicer way of dealing with that. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-22[JFFS2] Initialise ref->next_in_ino when marking dirty space in wbuf flushDavid Woodhouse
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-22[JFFS2] Fix accounting error in jffs2_link_node_ref()David Woodhouse
When filing REF_OBSOLETE nodes, we'd add their size to the global 'dirty_size' count, but then to the eraseblock's 'used_size' count. That's not clever. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-22[JFFS2] Fix dummy jffs2_sum_scan_sumnode() macro for !SUMMARY case.David Woodhouse
I added an argument to the real function... Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21[JFFS2] Finally eliminate __totlen field from struct jffs2_raw_node_refDavid Woodhouse
Well, almost. We'll actually keep a 'TEST_TOTLEN' macro set for now, and keep doing some paranoia checks to make sure it's all working correctly. But if TEST_TOTLEN is unset, the size of struct jffs2_raw_node_ref drops from 16 bytes to 12 on 32-bit machines. That's a saving of about half a megabyte of memory on the OLPC prototype board, with 125K or so nodes in its 512MiB of flash. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21[JFFS2] Locking issues in summary write code.David Woodhouse
We can't use jffs2_scan_dirty_space() because it doesn't do any locking; it's only for use at scan time -- hence the 'scan' in the name. Also, don't allocate refs while we have c->erase_completion_lock held. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21[JFFS2] Remove stray kfree of summary info in XATTR code.David Woodhouse
We don't allocate this locally any more -- it's given to us and owner by our caller. Also improve the debug messages a little. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21[JFFS2] File node reference for wasted space when flushing wbufDavid Woodhouse
Next step in ongoing campaign to file a struct jffs2_raw_node_ref for every piece of dirty space in the system, so that __totlen can be killed off.... Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21[JFFS2] Add length argument to jffs2_add_physical_node_ref()David Woodhouse
If __totlen is going away, we need to pass the length in separately. Also stop callers from needlessly setting ref->next_phys to NULL, since that's done for them... and since that'll also be going away soon. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21[JFFS2] Mark gaps in summary list as dirty spaceDavid Woodhouse
Make sure we allocate a ref for any dirty space which exists between nodes which we find in an eraseblock summary. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21[JFFS2] Discard remaining free space when filing a dirty block in scan.David Woodhouse
The incoming ref_totlen() calculation is going to rely on the existence of nodes which cover all dirty space. We can't just tweak the accounting data any more; we have to call jffs2_scan_dirty_space() to do it. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21[JFFS2] Introduce jffs2_scan_dirty_space() function.David Woodhouse
To eliminate the __totlen field from struct jffs2_raw_node_ref, we need to allocate nodes for dirty space instead of just tweaking the accounting data. Introduce jffs2_scan_dirty_space() in preparation for that. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21[JFFS2] Fix summary handling of unknown but compatible nodes.David Woodhouse
For RWCOMPAT and ROCOMPAT nodes, we should still allow the mount to succeed. Just abandon the summary and fall through to the full scan. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21[JFFS2] Fix memory leak in scan code; improve comments.David Woodhouse
If we had to allocate extra space for the summary node, we weren't correctly freeing it when jffs2_sum_scan_sumnode() returned nonzero -- which is both the success and the failure case. Only when it returned zero, which means fall through to the full scan, were we correctly freeing the buffer. Document the meaning of those return codes while we're at it. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21[JFFS2] Correct handling of JFFS2_FEATURE_RWCOMPAT_COPY nodes.David Woodhouse
We should preserve these when we come to garbage collect them, not let them get erased. Use jffs2_garbage_collect_pristine() for this, and make sure the summary code copes -- just refrain from writing a summary for any block which contains a node we don't understand. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-20[JFFS2] Correct accounting of erroneous cleanmarkers and failed summaries.David Woodhouse
It should all be counted as dirty space, not wasted and _definitely_ not unchecked. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-20[JFFS2] Introduce jffs2_link_node_ref() function to reduce code duplicationDavid Woodhouse
The same sequence of code was repeated in many places, to add a new struct jffs2_raw_node_ref to an eraseblock and adjust the space accounting accordingly. Move it out-of-line. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-20Merge git://git.infradead.org/jffs2-xattr-2.6David Woodhouse
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-20[JFFS2] Reduce calls to ref_totlen() in jffs2_mark_node_obsolete()David Woodhouse
We were calling ref_totlen() 18 times. Even before that becomes a real function rather than just a dereference, apparently some compilers still suck anyway. It'll _certainly_ suck after ref_totlen() becomes more complicated, so calculate it once and don't rely on CSE. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-20[JFFS2] Optimise reading of eraseblock summary nodesDavid Woodhouse
This improves the time to mount 512MiB of NAND flash on my OLPC prototype by about 4%. We used to read the last page of the eraseblock twice -- once to find the offset of the summary node, and again to actually _read_ the summary node. Now we read the last page only once, and read more only if we need to. We also don't allocate a new buffer just for the summary code -- we use the buffer which was already allocated for the scan. Better still, if the 'buffer' for the scan is actually just a pointer directly into NOR flash, we use that too, avoiding the memcpy() which we used to do. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-19[JFFS2] Remove forgotten summary codeFerenc Havasi
Remove forgotten lines from jffs2_scan_eraseblock() which were unnecessary and may cause problem in some environments. Thanks to Alexander Belyakov <alexander.belyakov@intel.com>. Signed-off-by: Ferenc Havasi <havasi@inf.u-szeged.hu> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-19[JFFS2] Support new device nodesDavid Woodhouse
Device node major/minor numbers are just stored in the payload of a single data node. Just extend that to 4 bytes and use new_encode_dev() for it. We only use the 4-byte format if we _need_ to, if !old_valid_dev(foo). This preserves backwards compatibility with older code as much as possible. If we do make devices with major or minor numbers above 255, and then mount the file system with the old code, it'll just read the first two bytes and get the numbers wrong. If it comes to garbage-collect it, it'll then write back those wrong numbers. But that's about the best we can expect. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-19Merge git://git.infradead.org/mtd-2.6KaiGai Kohei
2006-05-16[JFFS2] Fix printk format in jffs2_sum_write_data() error message.David Woodhouse
fs/jffs2/summary.c: In function ‘jffs2_sum_write_data’: fs/jffs2/summary.c:658: warning: format ‘%zd’ expects type ‘signed size_t’, but argument 4 has type ‘uint32_t’ Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-16[JFFS2] Fix section mismatch warnings in JFFS2.David Brownell
Mark certain functions with __init and __exit appropriately. Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-16Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6David Woodhouse
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-15[PATCH] jffs2: memory leak in jffs2_scan_medium()Florin Malita
If jffs2_scan_eraseblock() fails and the exit path is taken, 's' is not being deallocated. Reported by Coverity, CID: 1258. Signed-off-by: Florin Malita <fmalita@gmail.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-15[PATCH] jffs2 warning fixesAndrew Morton
fs/jffs2/nodelist.c: In function `check_node_data': fs/jffs2/nodelist.c:441: warning: unsigned int format, different type arg (arg 4) fs/jffs2/nodelist.c:464: warning: int format, different type arg (arg 5) Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15[PATCH] revert "vfs: propagate mnt_flags into do_loopback/vfsmount"Andrew Morton
Revert commit f6422f17d3a480f21917a3895e2a46b968f56a08, due to Valdis.Kletnieks@vt.edu wrote: > > There seems to have been a bug introduced in this changeset: > > Am running 2.6.17-rc3-mm1. When this changeset is applied, 'mount --bind' > misbehaves: > > > # mkdir /foo > > # mount -t tmpfs -o rw,nosuid,nodev,noexec,noatime,nodiratime none /foo > > # mkdir /foo/bar > > # mount --bind /foo/bar /foo > > # tail -2 /proc/mounts > > none /foo tmpfs rw,nosuid,nodev,noexec,noatime,nodiratime 0 0 > > none /foo tmpfs rw 0 0 > > Reverting this changeset causes both mounts to have the same options. > > (Thanks to Stephen Smalley for tracking down the changeset...) > Cc: Herbert Poetzl <herbert@13thfloor.at> Cc: Christoph Hellwig <hch@infradead.org> Cc: <Valdis.Kletnieks@vt.edu> Cc: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15[PATCH] fs/compat.c: fix 'if (a |= b )' typoAlexey Dobriyan
Mentioned by Mark Armbrust somewhere on Usenet. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Ulrich Drepper <drepper@redhat.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15[PATCH] v9fs: signal handling fixesLatchesar Ionkov
Multiple races can happen when v9fs is interrupted by a signal and Tflush message is sent to the server. After v9fs sends Tflush it doesn't wait until it receives Rflush, and possibly the response of the original message. This behavior may confuse v9fs what fids are allocated by the file server. This patch fixes the races and the fid allocation. Signed-off-by: Latchesar Ionkov <lucho@ionkov.net> Cc: Eric Van Hensbergen <ericvh@hera.kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15[PATCH] v9fs: Twalk memory leakLatchesar Ionkov
v9fs leaks memory if the file server responds with Rerror to a Twalk message. The patch fixes the leak. Signed-off-by: Latchesar Ionkov <lucho@ionkov.net> Cc: Eric Van Hensbergen <ericvh@hera.kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15[PATCH] smbfs: Fix slab corruption in samba error pathJan Niehusmann
Yesterday, I got the following error with 2.6.16.13 during a file copy from a smb filesystem over a wireless link. I guess there was some error on the wireless link, which in turn caused an error condition for the smb filesystem. In the log, smb_file_read reports error=4294966784 (0xfffffe00), which also shows up in the slab dumps, and also is -ERESTARTSYS. Error code 27499 corresponds to 0x6b6b, so the rq_errno field seems to be the only one being set after freeing the slab. In smb_add_request (which is the only place in smbfs where I found ERESTARTSYS), I found the following: if (!timeleft || signal_pending(current)) { /* * On timeout or on interrupt we want to try and remove the * request from the recvq/xmitq. */ smb_lock_server(server); if (!(req->rq_flags & SMB_REQ_RECEIVED)) { list_del_init(&req->rq_queue); smb_rput(req); } smb_unlock_server(server); } [...] if (signal_pending(current)) req->rq_errno = -ERESTARTSYS; I guess that some codepath like smbiod_flush() caused the request to be removed from the queue, and smb_rput(req) be called, without SMB_REQ_RECEIVED being set. This violates an asumption made by the quoted code. Then, the above code calls smb_rput(req) again, the req gets freed, and req->rq_errno = -ERESTARTSYS writes into the already freed slab. As list_del_init doesn't cause an error if called multiple times, that does cause the observed behaviour (freed slab with rq_errno=-ERESTARTSYS). If this observation is correct, the following patch should fix it. I wonder why the smb code uses list_del_init everywhere - using list_del instead would catch such situations by poisoning the next and prev pointers. May 4 23:29:21 knautsch kernel: [17180085.456000] ipw2200: Firmware error detected. Restarting. May 4 23:29:21 knautsch kernel: [17180085.456000] ipw2200: Sysfs 'error' log captured. May 4 23:33:02 knautsch kernel: [17180306.316000] ipw2200: Firmware error detected. Restarting. May 4 23:33:02 knautsch kernel: [17180306.316000] ipw2200: Sysfs 'error' log already exists. May 4 23:33:02 knautsch kernel: [17180306.968000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:34:18 knautsch kernel: [17180383.256000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:34:18 knautsch kernel: [17180383.284000] SMB connection re-established (-5) May 4 23:37:19 knautsch kernel: [17180563.956000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:40:09 knautsch kernel: [17180733.636000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:40:26 knautsch kernel: [17180750.700000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:43:02 knautsch kernel: [17180907.304000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:43:08 knautsch kernel: [17180912.324000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:43:34 knautsch kernel: [17180938.416000] smb_errno: class Unknown, code 27499 from command 0x6b May 4 23:43:34 knautsch kernel: [17180938.416000] Slab corruption: start=c4ebe09c, len=244 May 4 23:43:34 knautsch kernel: [17180938.416000] Redzone: 0x5a2cf071/0x5a2cf071. May 4 23:43:34 knautsch kernel: [17180938.416000] Last user: [<e087b903>](smb_rput+0x53/0x90 [smbfs]) May 4 23:43:34 knautsch kernel: [17180938.416000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b May 4 23:43:34 knautsch kernel: [17180938.416000] 0f0: 00 fe ff ff May 4 23:43:34 knautsch kernel: [17180938.416000] Next obj: start=c4ebe19c, len=244 May 4 23:43:34 knautsch kernel: [17180938.416000] Redzone: 0x5a2cf071/0x5a2cf071. May 4 23:43:34 knautsch kernel: [17180938.416000] Last user: [<00000000>](_stext+0x3feffde0/0x30) May 4 23:43:34 knautsch kernel: [17180938.416000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b May 4 23:43:34 knautsch kernel: [17180938.416000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b May 4 23:43:34 knautsch kernel: [17180938.460000] SMB connection re-established (-5) May 4 23:43:42 knautsch kernel: [17180946.292000] ipw2200: Firmware error detected. Restarting. May 4 23:43:42 knautsch kernel: [17180946.292000] ipw2200: Sysfs 'error' log already exists. May 4 23:45:04 knautsch kernel: [17181028.752000] ipw2200: Firmware error detected. Restarting. May 4 23:45:04 knautsch kernel: [17181028.752000] ipw2200: Sysfs 'error' log already exists. May 4 23:45:05 knautsch kernel: [17181029.868000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:45:36 knautsch kernel: [17181060.984000] smb_errno: class Unknown, code 27499 from command 0x6b May 4 23:45:36 knautsch kernel: [17181060.984000] Slab corruption: start=c4ebe09c, len=244 May 4 23:45:36 knautsch kernel: [17181060.984000] Redzone: 0x5a2cf071/0x5a2cf071. May 4 23:45:36 knautsch kernel: [17181060.984000] Last user: [<e087b903>](smb_rput+0x53/0x90 [smbfs]) May 4 23:45:36 knautsch kernel: [17181060.984000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b May 4 23:45:36 knautsch kernel: [17181060.984000] 0f0: 00 fe ff ff May 4 23:45:36 knautsch kernel: [17181060.984000] Next obj: start=c4ebe19c, len=244 May 4 23:45:36 knautsch kernel: [17181060.984000] Redzone: 0x5a2cf071/0x5a2cf071. May 4 23:45:36 knautsch kernel: [17181060.984000] Last user: [<00000000>](_stext+0x3feffde0/0x30) May 4 23:45:36 knautsch kernel: [17181060.984000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b May 4 23:45:36 knautsch kernel: [17181060.984000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b May 4 23:45:36 knautsch kernel: [17181061.024000] SMB connection re-established (-5) May 4 23:46:17 knautsch kernel: [17181102.132000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:47:46 knautsch kernel: [17181190.468000] smb_errno: class Unknown, code 27499 from command 0x6b May 4 23:47:46 knautsch kernel: [17181190.468000] Slab corruption: start=c4ebe09c, len=244 May 4 23:47:46 knautsch kernel: [17181190.468000] Redzone: 0x5a2cf071/0x5a2cf071. May 4 23:47:46 knautsch kernel: [17181190.468000] Last user: [<e087b903>](smb_rput+0x53/0x90 [smbfs]) May 4 23:47:46 knautsch kernel: [17181190.468000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b May 4 23:47:46 knautsch kernel: [17181190.468000] 0f0: 00 fe ff ff May 4 23:47:46 knautsch kernel: [17181190.468000] Next obj: start=c4ebe19c, len=244 May 4 23:47:46 knautsch kernel: [17181190.468000] Redzone: 0x5a2cf071/0x5a2cf071. May 4 23:47:46 knautsch kernel: [17181190.468000] Last user: [<00000000>](_stext+0x3feffde0/0x30) May 4 23:47:46 knautsch kernel: [17181190.468000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b May 4 23:47:46 knautsch kernel: [17181190.468000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b May 4 23:47:46 knautsch kernel: [17181190.492000] SMB connection re-established (-5) May 4 23:49:20 knautsch kernel: [17181284.828000] smb_file_read: //some_file validation failed, error=4294966784 May 4 23:49:39 knautsch kernel: [17181303.896000] smb_file_read: //some_file validation failed, error=4294966784 Signed-off-by: Jan Niehusmann <jan@gondor.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15[PATCH] smbfs chroot issue (CVE-2006-1864)Olaf Kirch
Mark Moseley reported that a chroot environment on a SMB share can be left via "cd ..\\". Similar to CVE-2006-1863 issue with cifs, this fix is for smbfs. Steven French <sfrench@us.ibm.com> wrote: Looks fine to me. This should catch the slash on lookup or equivalent, which will be all obvious paths of interest. Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>