30 Jan, 2009
2 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
cifs: make sure we allocate enough storage for socket address
[CIFS] Make socket retry timeouts consistent between blocking and nonblocking cases
[CIFS] some cleanup to dir.c prior to addition of posix_open
[CIFS] revalidate parent inode when rmdir done within that directory
[CIFS] Rename md5 functions to avoid collision with new rt modules
cifs: turn smb_send into a wrapper around smb_sendv -
Linus suggested to put limits where the money is, and max_user_watches
already does that w/out the need of max_user_instances. That has the
advantage to mitigate the potential DoS while allowing pretty generous
default behavior.Allowing top 4% of low memory (per user) to be allocated in epoll watches,
we have:LOMEM MAX_WATCHES (per user)
512MB ~178000
1GB ~356000
2GB ~712000A box with 512MB of lomem, will meet some challenge in hitting 180K
watches, socket buffers math teaches us. No more max_user_instances
limits then.Signed-off-by: Davide Libenzi
Cc: Willy Tarreau
Cc: Michael Kerrisk
Cc: Bron Gondwana
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
29 Jan, 2009
6 commits
-
The sockaddr declared on the stack in cifs_get_tcp_session is too small
for IPv6 addresses. Change it from "struct sockaddr" to "struct
sockaddr_storage" to prevent stack corruption when IPv6 is used.Signed-off-by: Jeff Layton
Signed-off-by: Steve French -
We have used approximately 15 second timeouts on nonblocking sends in the past, and
also 15 second SMB timeout (waiting for server responses, for most request types).
Now that we can do blocking tcp sends,
make blocking send timeout approximately the same (15 seconds).Signed-off-by: Steve French
-
Signed-off-by: Steve French
-
When a search is pending of a parent directory, and a child directory
within it is removed, we need to reset the parent directory's time
so that we don't reuse the (now stale) search results.Thanks to Gunter Kukkukk for reporting this:
> got the following failure notification on irc #samba:
>
> A user was updating from subversion 1.4 to 1.5, where the
> repository is located on a samba share (independent of
> unix extensions = Yes or No).
> svn 1.4 did work, 1.5 does not.
>
> The user did a lot of stracing of subversion - and wrote a
> testapplet to simulate the failing behaviour.
> I've converted the C++ source to C and added some error cases.
>
> When using "./testdir" on a local file system, "result2"
> is always (nil) as expected - cifs vfs behaves different here!
>
> ./testdir /mnt/cifs/mounted/share
>
> returns a (failing) valid pointer.Acked-by: Dave Kleikamp
Acked-by: Jeff Layton
Signed-off-by: Steve French -
When rt modules were added they (each) included their own md5
with names which collided with the existing names of cifs's md5 functions.Renaming cifs's md5 modules so we don't collide with them.
> Stephen Rothwell wrote:
> When CIFS is built-in (=y) and staging/rt28[67]0 =y, there are multiple
> definitions of:
>
> build-r8250.out:(.text+0x1d8ad0): multiple definition of `MD5Init'
> build-r8250.out:(.text+0x1dbb30): multiple definition of `MD5Update'
> build-r8250.out:(.text+0x1db9b0): multiple definition of `MD5Final'
>
> all of which need to have more unique identifiers for their global
> symbols (e.g., rt28_md5_init, cifs_md5_init, foo, blah, bar).
>CC: Greg K-H
Signed-off-by: Steve French -
cifs: turn smb_send into a wrapper around smb_sendv
Rename smb_send2 to smb_sendv to make it consistent with kernel naming
conventions for functions that take a vector.There's no need to have 2 functions to handle sending SMB calls. Turn
smb_send into a wrapper around smb_sendv. This also allows us to
properly mark the socket as needing to be reconnected when there's a
partial send from smb_send.Also, in practice we always use the address and noblocksnd flag
that's attached to the TCP_Server_Info. There's no need to pass
them in as separate args to smb_sendv.Signed-off-by: Jeff Layton
Acked-by: Dave Kleikamp
Signed-off-by: Steve French
28 Jan, 2009
3 commits
-
nfsd4_lockt does a search for a lockstateowner when building the lock
struct to test. If one is found, it'll set fl_owner to it. Regardless of
whether that happens, it'll also set fl_lmops. Given that this lock is
basically a "lightweight" lock that's just used for checking conflicts,
setting fl_lmops is probably not appropriate for it.This behavior exposed a bug in DLM's GETLK implementation where it
wasn't clearing out the fields in the file_lock before filling in
conflicting lock info. While we were able to fix this in DLM, it
still seems pointless and dangerous to set the fl_lmops this way
when we may have a NULL lockstateowner.Signed-off-by: Jeff Layton
Signed-off-by: J. Bruce Fields -
Since override_creds() took its own reference on new, we need to release
our own reference.(Note the put_cred on the return value puts the *old* value of
current->creds, not the new passed-in value).Signed-off-by: J. Bruce Fields
-
We're forgetting to check the return value from groups_alloc().
Signed-off-by: J. Bruce Fields
27 Jan, 2009
6 commits
-
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/dlm:
dlm: initialize file_lock struct in GETLK before copying conflicting lock
dlm: fix plock notify callback to lockd -
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-quota-2.6:
ocfs2: Remove ocfs2_dquot_initialize() and ocfs2_dquot_drop()
quota: Improve locking -
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6:
klist.c: bit 0 in pointer can't be used as flag
debugfs: introduce stub for debugfs_create_size_t() when DEBUG_FS=n
sysfs: fix problems with binary files
PNP: fix broken pnp lowercasing for acpi module aliases
driver core: Convert '/' to '!' in dev_set_name() -
* 'Kconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/adobriyan/misc: (36 commits)
fs/Kconfig: move 9p out
fs/Kconfig: move afs out
fs/Kconfig: move coda out
fs/Kconfig: move the rest of ncpfs out
fs/Kconfig: move smbfs out
fs/Kconfig: move sunrpc out
fs/Kconfig: move nfsd out
fs/Kconfig: move nfs out
fs/Kconfig: move ufs out
fs/Kconfig: move sysv out
fs/Kconfig: move romfs out
fs/Kconfig: move qnx4 out
fs/Kconfig: move hpfs out
fs/Kconfig: move omfs out
fs/Kconfig: move minix out
fs/Kconfig: move vxfs out
fs/Kconfig: move squashfs out
fs/Kconfig: move cramfs out
fs/Kconfig: move efs out
fs/Kconfig: move bfs out
... -
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.The best fix (contributed largely by Linus) is a total rewrite
of the function in question:On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.Cc: John McCutchan
Cc: Robert Love
Cc:
Signed-off-by: Vegard Nossum
Signed-off-by: Linus Torvalds -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
fuse: fix poll notify
fuse: destroy bdi on umount
fuse: fuse_fill_super error handling cleanup
fuse: fix missing fput on error
fuse: fix NULL deref in fuse_file_alloc()
26 Jan, 2009
5 commits
-
Move fuse_copy_finish() to before calling fuse_notify_poll_wakeup().
This is not a big issue because fuse_notify_poll_wakeup() should be
atomic, but it's cleaner this way, and later uses of notification will
need to be able to finish the copying before performing some actions.Signed-off-by: Miklos Szeredi
-
If a fuse filesystem is unmounted but the device file descriptor
remains open and a new mount reuses the old device number, then the
mount fails with EEXIST and the following warning is printed in the
kernel log:WARNING: at fs/sysfs/dir.c:462 sysfs_add_one+0x35/0x3d()
sysfs: duplicate filename '0:15' can not be createdThe cause is that the bdi belonging to the fuse filesystem was
destoryed only after the device file was released. Fix this by
calling bdi_destroy() from fuse_put_super() instead.Signed-off-by: Miklos Szeredi
CC: stable@kernel.org -
Clean up error handling for the whole of fuse_fill_super() function.
Signed-off-by: Miklos Szeredi
-
Fix the leaking file reference if allocation or initialization of
fuse_conn failed.Signed-off-by: Miklos Szeredi
CC: stable@kernel.org -
ff is set to NULL and then dereferenced on line 65. Compile tested only.
Signed-off-by: Dan Carpenter
Signed-off-by: Miklos Szeredi
CC: stable@kernel.org
22 Jan, 2009
18 commits
-
Signed-off-by: Alexey Dobriyan
-
Signed-off-by: Alexey Dobriyan
-
Signed-off-by: Alexey Dobriyan
-
Signed-off-by: Alexey Dobriyan
-
Signed-off-by: Alexey Dobriyan
-
Signed-off-by: Alexey Dobriyan
-
Signed-off-by: Alexey Dobriyan
-
Signed-off-by: Alexey Dobriyan
-
Signed-off-by: Alexey Dobriyan
-
Signed-off-by: Alexey Dobriyan
-
Signed-off-by: Alexey Dobriyan
-
Signed-off-by: Alexey Dobriyan
-
Signed-off-by: Alexey Dobriyan
-
Signed-off-by: Alexey Dobriyan
-
Signed-off-by: Alexey Dobriyan
-
Signed-off-by: Alexey Dobriyan
-
Signed-off-by: Alexey Dobriyan
-
Signed-off-by: Alexey Dobriyan
