10 Oct, 2012

1 commit

• 35c2a7f49   tmpfs,ceph,gfs2,isofs,reiserfs,xfs: fix fh_len checking ... Browse Code »

  Fuzzing with trinity oopsed on the 1st instruction of shmem_fh_to_dentry(),
  u64 inum = fid->raw[2];
  which is unhelpfully reported as at the end of shmem_alloc_inode():

  BUG: unable to handle kernel paging request at ffff880061cd3000
  IP: [] shmem_alloc_inode+0x40/0x40
  Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
  Call Trace:
  [] ? exportfs_decode_fh+0x79/0x2d0
  [] do_handle_open+0x163/0x2c0
  [] sys_open_by_handle_at+0xc/0x10
  [] tracesys+0xe1/0xe6

  Right, tmpfs is being stupid to access fid->raw[2] before validating that
  fh_len includes it: the buffer kmalloc'ed by do_sys_name_to_handle() may
  fall at the end of a page, and the next page not be present.

  But some other filesystems (ceph, gfs2, isofs, reiserfs, xfs) are being
  careless about fh_len too, in fh_to_dentry() and/or fh_to_parent(), and
  could oops in the same way: add the missing fh_len checks to those.

  Reported-by: Sasha Levin
  Signed-off-by: Hugh Dickins
  Cc: Al Viro
  Cc: Sage Weil
  Cc: Steven Whitehouse
  Cc: Christoph Hellwig
  Cc: stable@vger.kernel.org
  Signed-off-by: Al Viro

  Hugh Dickins

  2012-10-10 11:33:55 +0800  

30 May, 2012

1 commit

• b0b0382bb   ->encode_fh() API change ... Browse Code »

  pass inode + parent's inode or NULL instead of dentry + bool saying
  whether we want the parent or not.

  NOTE: that needs ceph fix folded in.

  Signed-off-by: Al Viro

  Al Viro

  2012-05-30 11:28:33 +0800  

15 May, 2012

1 commit

• 60a34607b   xfs: move xfsagino_t to xfs_types.h ... Browse Code »

  Untangle the header file includes a bit by moving the definition of
  xfs_agino_t to xfs_types.h. This removes the dependency that xfs_ag.h has on
  xfs_inum.h, meaning we don't need to include xfs_inum.h everywhere we include
  xfs_ag.h.

  Signed-off-by: Dave Chinner
  Reviewed-by: Mark Tinguely
  Signed-off-by: Ben Myers

  Dave Chinner

  2012-05-15 05:20:54 +0800  

07 Dec, 2011

1 commit

• c29f7d457   xfs: fix nfs export of 64-bit inodes numbers on 32-bit kernels ... Browse Code »

  The i_ino field in the VFS inode is of type unsigned long and thus can't
  hold the full 64-bit inode number on 32-bit kernels. We have the full
  inode number in the XFS inode, so use that one for nfs exports. Note
  that I've also switched the 32-bit file handles types to it, just to make
  the code more consistent and copy & paste errors less likely to happen.

  Reported-by: Guoquan Yang
  Reported-by: Hank Peng
  Signed-off-by: Christoph Hellwig
  Signed-off-by: Ben Myers

  Christoph Hellwig

  2011-12-07 00:46:23 +0800  

12 Oct, 2011

1 commit

• 8292d88c5   xfs: unlock the inode before log force in xfs_fs_nfs_commit_metadata ... Browse Code »

  Only read the LSN we need to push to with the ilock held, and then release
  it before we do the log force to improve concurrency.

  Signed-off-by: Christoph Hellwig
  Reviewed-by: Dave Chinner
  Signed-off-by: Alex Elder

  Christoph Hellwig

  2011-10-12 10:15:08 +0800  

13 Aug, 2011

1 commit

• c59d87c46   xfs: remove subdirectories ... Browse Code »

  Use the move from Linux 2.6 to Linux 3.x as an excuse to kill the
  annoying subdirectories in the XFS source code. Besides the large
  amount of file rename the only changes are to the Makefile, a few
  files including headers with the subdirectory prefix, and the binary
  sysctl compat code that includes a header under fs/xfs/ from
  kernel/.

  Signed-off-by: Christoph Hellwig
  Signed-off-by: Alex Elder

  Christoph Hellwig

  2011-08-13 05:21:35 +0800