21 Dec, 2018
1 commit
-
commit 2e64ff154ce6ce9a8dc0f9556463916efa6ff460 upstream.
When FUSE_OPEN returns ENOSYS, the no_open bit is set on the connection.
Because the FUSE_RELEASE and FUSE_RELEASEDIR paths share code, this
incorrectly caused the FUSE_RELEASEDIR request to be dropped and never sent
to userspace.Pass an isdir bool to distinguish between FUSE_RELEASE and FUSE_RELEASEDIR
inside of fuse_file_put.Fixes: 7678ac50615d ("fuse: support clients that don't implement 'open'")
Cc: # v3.14
Signed-off-by: Chad Austin
Signed-off-by: Miklos Szeredi
Signed-off-by: Greg Kroah-Hartman
21 Nov, 2018
6 commits
-
commit 7fabaf303458fcabb694999d6fa772cc13d4e217 upstream.
fuse_request_send_notify_reply() may fail if the connection was reset for
some reason (e.g. fs was unmounted). Don't leak request reference in this
case. Besides leaking memory, this resulted in fc->num_waiting not being
decremented and hence fuse_wait_aborted() left in a hanging and unkillable
state.Fixes: 2d45ba381a74 ("fuse: add retrieve request")
Fixes: b8f95e5d13f5 ("fuse: umount should wait for all requests")
Reported-and-tested-by: syzbot+6339eda9cb4ebbc4c37b@syzkaller.appspotmail.com
Signed-off-by: Miklos Szeredi
Cc: #v2.6.36
Signed-off-by: Greg Kroah-Hartman -
commit ebacb81273599555a7a19f7754a1451206a5fc4f upstream.
In async IO blocking case the additional reference to the io is taken for
it to survive fuse_aio_complete(). In non blocking case this additional
reference is not needed, however we still reference io to figure out
whether to wait for completion or not. This is wrong and will lead to
use-after-free. Fix it by storing blocking information in separate
variable.This was spotted by KASAN when running generic/208 fstest.
Signed-off-by: Lukas Czerner
Reported-by: Zorro Lang
Signed-off-by: Miklos Szeredi
Fixes: 744742d692e3 ("fuse: Add reference counting for fuse_io_priv")
Cc: # v4.6
Signed-off-by: Greg Kroah-Hartman -
commit 4c316f2f3ff315cb48efb7435621e5bfb81df96d upstream.
Otherwise fuse_dev_do_write() could come in and finish off the request, and
the set_bit(FR_SENT, ...) could trigger the WARN_ON(test_bit(FR_SENT, ...))
in request_end().Signed-off-by: Miklos Szeredi
Reported-by: syzbot+ef054c4d3f64cd7f7cec@syzkaller.appspotmai
Fixes: 46c34a348b0a ("fuse: no fc->lock for pqueue parts")
Cc: # v4.2
Signed-off-by: Greg Kroah-Hartman -
commit 908a572b80f6e9577b45e81b3dfe2e22111286b8 upstream.
Using waitqueue_active() is racy. Make sure we issue a wake_up()
unconditionally after storing into fc->blocked. After that it's okay to
optimize with waitqueue_active() since the first wake up provides the
necessary barrier for all waiters, not the just the woken one.Signed-off-by: Miklos Szeredi
Fixes: 3c18ef8117f0 ("fuse: optimize wake_up")
Cc: # v3.10
Signed-off-by: Greg Kroah-Hartman -
commit d2d2d4fb1f54eff0f3faa9762d84f6446a4bc5d0 upstream.
After we found req in request_find() and released the lock,
everything may happen with the req in parallel:cpu0 cpu1
fuse_dev_do_write() fuse_dev_do_write()
req = request_find(fpq, ...) ...
spin_unlock(&fpq->lock) ...
... req = request_find(fpq, oh.unique)
... spin_unlock(&fpq->lock)
queue_interrupt(&fc->iq, req); ...
... ...
... ...
request_end(fc, req);
fuse_put_request(fc, req);
... queue_interrupt(&fc->iq, req);Signed-off-by: Kirill Tkhai
Signed-off-by: Miklos Szeredi
Fixes: 46c34a348b0a ("fuse: no fc->lock for pqueue parts")
Cc: # v4.2
Signed-off-by: Greg Kroah-Hartman -
commit bc78abbd55dd28e2287ec6d6502b842321a17c87 upstream.
We may pick freed req in this way:
[cpu0] [cpu1]
fuse_dev_do_read() fuse_dev_do_write()
list_move_tail(&req->list, ...); ...
spin_unlock(&fpq->lock); ...
... request_end(fc, req);
... fuse_put_request(fc, req);
if (test_bit(FR_INTERRUPTED, ...))
queue_interrupt(fiq, req);Fix that by keeping req alive until we finish all manipulations.
Reported-by: syzbot+4e975615ca01f2277bdd@syzkaller.appspotmail.com
Signed-off-by: Kirill Tkhai
Signed-off-by: Miklos Szeredi
Fixes: 46c34a348b0a ("fuse: no fc->lock for pqueue parts")
Cc: # v4.2
Signed-off-by: Greg Kroah-Hartman
05 Sep, 2018
7 commits
-
commit 109728ccc5933151c68d1106e4065478a487a323 upstream.
The above error path returns with page unlocked, so this place seems also
to behave the same.Fixes: f8dbdf81821b ("fuse: rework fuse_readpages()")
Signed-off-by: Kirill Tkhai
Signed-off-by: Miklos Szeredi
Signed-off-by: Greg Kroah-Hartman -
commit e8f3bd773d22f488724dffb886a1618da85c2966 upstream.
syzbot is hitting NULL pointer dereference at process_init_reply().
This is because deactivate_locked_super() is called before response for
initial request is processed.Fix this by aborting and waiting for all requests (including FUSE_INIT)
before resetting fc->sb.Original patch by Tetsuo Handa .
Reported-by: syzbot
Fixes: e27c9d3877a0 ("fuse: fuse: add time_gran to INIT_OUT")
Cc: # v3.19
Signed-off-by: Miklos Szeredi
Signed-off-by: Greg Kroah-Hartman -
commit b8f95e5d13f5f0191dcb4b9113113d241636e7cb upstream.
fuse_abort_conn() does not guarantee that all async requests have actually
finished aborting (i.e. their ->end() function is called). This could
actually result in still used inodes after umount.Add a helper to wait until all requests are fully done. This is done by
looking at the "num_waiting" counter. When this counter drops to zero, we
can be sure that no more requests are outstanding.Fixes: 0d8e84b0432b ("fuse: simplify request abort")
Cc: # v4.2
Signed-off-by: Miklos Szeredi
Signed-off-by: Greg Kroah-Hartman -
commit 45ff350bbd9d0f0977ff270a0d427c71520c0c37 upstream.
fuse_dev_release() assumes that it's the only one referencing the
fpq->processing list, but that's not true, since fuse_abort_conn() can be
doing the same without any serialization between the two.Fixes: c3696046beb3 ("fuse: separate pqueue for clones")
Cc: # v4.2
Signed-off-by: Miklos Szeredi
Signed-off-by: Greg Kroah-Hartman -
commit 87114373ea507895a62afb10d2910bd9adac35a8 upstream.
Refcounting of request is broken when fuse_abort_conn() is called and
request is on the fpq->io list:- ref is taken too late
- then it is not droppedFixes: 0d8e84b0432b ("fuse: simplify request abort")
Cc: # v4.2
Signed-off-by: Miklos Szeredi
Signed-off-by: Greg Kroah-Hartman -
commit 63576c13bd17848376c8ba4a98f5d5151140c4ac upstream.
If parallel dirops are enabled in FUSE_INIT reply, then first operation may
leave fi->mutex held.Reported-by: syzbot
Fixes: 5c672ab3f0ee ("fuse: serialize dirops by default")
Cc: # v4.7
Signed-off-by: Miklos Szeredi
Signed-off-by: Greg Kroah-Hartman -
commit a2477b0e67c52f4364a47c3ad70902bc2a61bd4c upstream.
fuse_dev_splice_write() reads pipe->buffers to determine the size of
'bufs' array before taking the pipe_lock(). This is not safe as
another thread might change the 'pipe->buffers' between the allocation
and taking the pipe_lock(). So we end up with too small 'bufs' array.Move the bufs allocations inside pipe_lock()/pipe_unlock() to fix this.
Fixes: dd3bb14f44a6 ("fuse: support splice() writing to fuse device")
Signed-off-by: Andrey Ryabinin
Cc: # v2.6.35
Signed-off-by: Miklos Szeredi
Signed-off-by: Greg Kroah-Hartman
03 Jul, 2018
4 commits
-
commit 6becdb601bae2a043d7fb9762c4d48699528ea6e upstream.
syzbot is reporting NULL pointer dereference at fuse_ctl_remove_conn() [1].
Since fc->ctl_ndents is incremented by fuse_ctl_add_conn() when new_inode()
failed, fuse_ctl_remove_conn() reaches an inode-less dentry and tries to
clear d_inode(dentry)->i_private field.Fix by only adding the dentry to the array after being fully set up.
When tearing down the control directory, do d_invalidate() on it to get rid
of any mounts that might have been added.[1] https://syzkaller.appspot.com/bug?id=f396d863067238959c91c0b7cfc10b163638cac6
Reported-by: syzbot
Fixes: bafa96541b25 ("[PATCH] fuse: add control filesystem")
Cc: # v2.6.18
Signed-off-by: Miklos Szeredi
Signed-off-by: Greg Kroah-Hartman -
commit 543b8f8662fe6d21f19958b666ab0051af9db21a upstream.
syzbot is reporting use-after-free at fuse_kill_sb_blk() [1].
Since sb->s_fs_info field is not cleared after fc was released by
fuse_conn_put() when initialization failed, fuse_kill_sb_blk() finds
already released fc and tries to hold the lock. Fix this by clearing
sb->s_fs_info field after calling fuse_conn_put().[1] https://syzkaller.appspot.com/bug?id=a07a680ed0a9290585ca424546860464dd9658db
Signed-off-by: Tetsuo Handa
Reported-by: syzbot
Fixes: 3b463ae0c626 ("fuse: invalidation reverse calls")
Cc: John Muir
Cc: Csaba Henk
Cc: Anand Avati
Cc: # v2.6.31
Signed-off-by: Miklos Szeredi
Signed-off-by: Greg Kroah-Hartman -
commit df0e91d488276086bc07da2e389986cae0048c37 upstream.
Fuse has an "atomic_o_trunc" mode, where userspace filesystem uses the
O_TRUNC flag in the OPEN request to truncate the file atomically with the
open.In this mode there's no need to send a SETATTR request to userspace after
the open, so fuse_do_setattr() checks this mode and returns. But this
misses the important step of truncating the pagecache.Add the missing parts of truncation to the ATTR_OPEN branch.
Reported-by: Chad Austin
Fixes: 6ff958edbf39 ("fuse: add atomic open+truncate support")
Signed-off-by: Miklos Szeredi
Cc:
Signed-off-by: Greg Kroah-Hartman -
commit 8a301eb16d99983a4961f884690ec97b92e7dcfe upstream.
If a connection gets aborted while congested, FUSE can leave
nr_wb_congested[] stuck until reboot causing wait_iff_congested() to
wait spuriously which can lead to severe performance degradation.The leak is caused by gating congestion state clearing with
fc->connected test in request_end(). This was added way back in 2009
by 26c3679101db ("fuse: destroy bdi on umount"). While the commit
description doesn't explain why the test was added, it most likely was
to avoid dereferencing bdi after it got destroyed.Since then, bdi lifetime rules have changed many times and now we're
always guaranteed to have access to the bdi while the superblock is
alive (fc->sb).Drop fc->connected conditional to avoid leaking congestion states.
Signed-off-by: Tejun Heo
Reported-by: Joshua Miller
Cc: Johannes Weiner
Cc: stable@vger.kernel.org # v2.6.29+
Acked-by: Jan Kara
Signed-off-by: Miklos Szeredi
Signed-off-by: Greg Kroah-Hartman
25 Oct, 2017
1 commit
-
Marios Titas running a Haskell program noticed a problem with fuse's
readdirplus: when it is interrupted by a signal, it skips one directory
entry.The reason is that fuse erronously updates ctx->pos after a failed
dir_emit().The issue originates from the patch adding readdirplus support.
Reported-by: Jakob Unterwurzacher
Tested-by: Marios Titas
Signed-off-by: Miklos Szeredi
Fixes: 0b05b18381ee ("fuse: implement NFS-like readdirplus support")
Cc: # v3.9
19 Oct, 2017
1 commit
-
[AV: in addition to the fix in previous commit]
Signed-off-by: Matthew Garrett
Cc: David Howells
Cc: Alexander Viro
Reviewed-by: David Howells
Signed-off-by: Al Viro
14 Sep, 2017
1 commit
-
Pull fuse updates from Miklos Szeredi:
"This fixes a regression (spotted by the Sandstorm.io folks) in the pid
namespace handling introduced in 4.12.There's also a fix for honoring sync/dsync flags for pwritev2()"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
fuse: getattr cleanup
fuse: honor iocb sync flags on write
fuse: allow server to run in different pid_ns
12 Sep, 2017
3 commits
-
The refreshed argument isn't used by any caller, get rid of it.
Use a helper for just updating the inode (no need to fill in a kstat).
Signed-off-by: Miklos Szeredi
-
If the IOCB_DSYNC flag is set a sync is not being performed by
fuse_file_write_iter.Honor IOCB_DSYNC/IOCB_SYNC by setting O_DYSNC/O_SYNC respectively in the
flags filed of the write request.We don't need to sync data or metadata, since fuse_perform_write() does
write-through and the filesystem is responsible for updating file times.Original patch by Vitaly Zolotusky.
Reported-by: Nate Clark
Cc: Vitaly Zolotusky .
Signed-off-by: Miklos Szeredi -
Commit 0b6e9ea041e6 ("fuse: Add support for pid namespaces") broke
Sandstorm.io development tools, which have been sending FUSE file
descriptors across PID namespace boundaries since early 2014.The above patch added a check that prevented I/O on the fuse device file
descriptor if the pid namespace of the reader/writer was different from the
pid namespace of the mounter. With this change passing the device file
descriptor to a different pid namespace simply doesn't work. The check was
added because pids are transferred to/from the fuse userspace server in the
namespace registered at mount time.To fix this regression, remove the checks and do the following:
1) the pid in the request header (the pid of the task that initiated the
filesystem operation) is translated to the reader's pid namespace. If a
mapping doesn't exist for this pid, then a zero pid is used. Note: even if
a mapping would exist between the initiator task's pid namespace and the
reader's pid namespace the pid will be zero if either mapping from
initator's to mounter's namespace or mapping from mounter's to reader's
namespace doesn't exist.2) The lk.pid value in setlk/setlkw requests and getlk reply is left alone.
Userspace should not interpret this value anyway. Also allow the
setlk/setlkw operations if the pid of the task cannot be represented in the
mounter's namespace (pid being zero in that case).Reported-by: Kenton Varda
Signed-off-by: Miklos Szeredi
Fixes: 0b6e9ea041e6 ("fuse: Add support for pid namespaces")
Cc: # v4.12+
Cc: Eric W. Biederman
Cc: Seth Forshee
07 Sep, 2017
2 commits
-
Pull writeback error handling updates from Jeff Layton:
"This pile continues the work from last cycle on better tracking
writeback errors. In v4.13 we added some basic errseq_t infrastructure
and converted a few filesystems to use it.This set continues refining that infrastructure, adds documentation,
and converts most of the other filesystems to use it. The main
exception at this point is the NFS client"* tag 'wberr-v4.14-1' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux:
ecryptfs: convert to file_write_and_wait in ->fsync
mm: remove optimizations based on i_size in mapping writeback waits
fs: convert a pile of fsync routines to errseq_t based reporting
gfs2: convert to errseq_t based writeback error reporting for fsync
fs: convert sync_file_range to use errseq_t based error-tracking
mm: add file_fdatawait_range and file_write_and_wait
fuse: convert to errseq_t based error tracking for fsync
mm: consolidate dax / non-dax checks for writeback
Documentation: add some docs for errseq_t
errseq: rename __errseq_set to errseq_set -
Pull file locking updates from Jeff Layton:
"This pile just has a few file locking fixes from Ben Coddington. There
are a couple of cleanup patches + an attempt to bring sanity to the
l_pid value that is reported back to userland on an F_GETLK request.After a few gyrations, he came up with a way for filesystems to
communicate to the VFS layer code whether the pid should be translated
according to the namespace or presented as-is to userland"* tag 'locks-v4.14-1' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux:
locks: restore a warn for leaked locks on close
fs/locks: Remove fl_nspid and use fs-specific l_pid for remote locks
fs/locks: Use allocation rather than the stack in fcntl_getlk()
12 Aug, 2017
1 commit
-
Pull fuse fixes from Miklos Szeredi:
"Fix a few bugs in fuse"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
fuse: set mapping error in writepage_locked when it fails
fuse: Dont call set_page_dirty_lock() for ITER_BVEC pages for async_dio
fuse: initialize the flock flag in fuse_file on allocation
11 Aug, 2017
1 commit
-
This ensures that we see errors on fsync when writeback fails.
Signed-off-by: Jeff Layton
Reviewed-by: Christoph Hellwig
Reviewed-by: Jan Kara
Signed-off-by: Miklos Szeredi
03 Aug, 2017
1 commit
-
Commit 8fba54aebbdf ("fuse: direct-io: don't dirty ITER_BVEC pages") fixes
the ITER_BVEC page deadlock for direct io in fuse by checking in
fuse_direct_io(), whether the page is a bvec page or not, before locking
it. However, this check is missed when the "async_dio" mount option is
enabled. In this case, set_page_dirty_lock() is called from the req->end
callback in request_end(), when the fuse thread is returning from userspace
to respond to the read request. This will cause the same deadlock because
the bvec condition is not checked in this path.Here is the stack of the deadlocked thread, while returning from userspace:
[13706.656686] INFO: task glusterfs:3006 blocked for more than 120 seconds.
[13706.657808] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables
this message.
[13706.658788] glusterfs D ffffffff816c80f0 0 3006 1
0x00000080
[13706.658797] ffff8800d6713a58 0000000000000086 ffff8800d9ad7000
ffff8800d9ad5400
[13706.658799] ffff88011ffd5cc0 ffff8800d6710008 ffff88011fd176c0
7fffffffffffffff
[13706.658801] 0000000000000002 ffffffff816c80f0 ffff8800d6713a78
ffffffff816c790e
[13706.658803] Call Trace:
[13706.658809] [] ? bit_wait_io_timeout+0x80/0x80
[13706.658811] [] schedule+0x3e/0x90
[13706.658813] [] schedule_timeout+0x1b5/0x210
[13706.658816] [] ? gup_pud_range+0x1db/0x1f0
[13706.658817] [] ? kvm_clock_read+0x1e/0x20
[13706.658819] [] ? kvm_clock_get_cycles+0x9/0x10
[13706.658822] [] ? ktime_get+0x52/0xc0
[13706.658824] [] io_schedule_timeout+0xa4/0x110
[13706.658826] [] bit_wait_io+0x36/0x50
[13706.658828] [] __wait_on_bit_lock+0x76/0xb0
[13706.658831] [] ? lock_request+0x46/0x70 [fuse]
[13706.658834] [] __lock_page+0xaa/0xb0
[13706.658836] [] ? wake_atomic_t_function+0x40/0x40
[13706.658838] [] set_page_dirty_lock+0x58/0x60
[13706.658841] [] fuse_release_user_pages+0x58/0x70 [fuse]
[13706.658844] [] ? fuse_aio_complete+0x190/0x190 [fuse]
[13706.658847] [] fuse_aio_complete_req+0x29/0x90 [fuse]
[13706.658849] [] request_end+0xd9/0x190 [fuse]
[13706.658852] [] fuse_dev_do_write+0x336/0x490 [fuse]
[13706.658854] [] fuse_dev_write+0x6e/0xa0 [fuse]
[13706.658857] [] ? security_file_permission+0x23/0x90
[13706.658859] [] do_iter_readv_writev+0x60/0x90
[13706.658862] [] ? fuse_dev_splice_write+0x350/0x350
[fuse]
[13706.658863] [] do_readv_writev+0x171/0x1f0
[13706.658866] [] ? try_to_wake_up+0x210/0x210
[13706.658868] [] vfs_writev+0x41/0x50
[13706.658870] [] SyS_writev+0x56/0xf0
[13706.658872] [] ? syscall_trace_leave+0xf1/0x160
[13706.658874] [] system_call_fastpath+0x12/0x71Fix this by making should_dirty a fuse_io_priv parameter that can be
checked in fuse_aio_complete_req().Reported-by: Tiger Yang
Signed-off-by: Ashish Samant
Signed-off-by: Miklos Szeredi
01 Aug, 2017
1 commit
-
Change to file_write_and_wait_range and
file_check_and_advance_wb_errSigned-off-by: Jeff Layton
16 Jul, 2017
1 commit
-
Since commit c69899a17ca4 "NFSv4: Update of VFS byte range lock must be
atomic with the stateid update", NFSv4 has been inserting locks in rpciod
worker context. The result is that the file_lock's fl_nspid is the
kworker's pid instead of the original userspace pid.The fl_nspid is only used to represent the namespaced virtual pid number
when displaying locks or returning from F_GETLK. There's no reason to set
it for every inserted lock, since we can usually just look it up from
fl_pid. So, instead of looking up and holding struct pid for every lock,
let's just look up the virtual pid number from fl_pid when it is needed.
That means we can remove fl_nspid entirely.The translaton and presentation of fl_pid should handle the following four
cases:1 - F_GETLK on a remote file with a remote lock:
In this case, the filesystem should determine the l_pid to return here.
Filesystems should indicate that the fl_pid represents a non-local pid
value that should not be translated by returning an fl_pid
Signed-off-by: Jeff Layton
09 Jun, 2017
1 commit
-
Before the patch, the flock flag could remain uninitialized for the
lifespan of the fuse_file allocation. Unless set to true in
fuse_file_flock(), it would remain in an indeterminate state until read in
an if statement in fuse_release_common(). This could consequently lead to
taking an unexpected branch in the code.The bug was discovered by a runtime instrumentation designed to detect use
of uninitialized memory in the kernel.Signed-off-by: Mateusz Jurczyk
Fixes: 37fb3a30b462 ("fuse: fix flock")
Cc: # v3.1+
Signed-off-by: Miklos Szeredi
21 May, 2017
1 commit
-
Pull block fixes from Jens Axboe:
"A small collection of fixes that should go into this cycle.- a pull request from Christoph for NVMe, which ended up being
manually applied to avoid pulling in newer bits in master. Mostly
fibre channel fixes from James, but also a few fixes from Jon and
Vijay- a pull request from Konrad, with just a single fix for xen-blkback
from Gustavo.- a fuseblk bdi fix from Jan, fixing a regression in this series with
the dynamic backing devices.- a blktrace fix from Shaohua, replacing sscanf() with kstrtoull().
- a request leak fix for drbd from Lars, fixing a regression in the
last series with the kref changes. This will go to stable as well"* 'for-linus' of git://git.kernel.dk/linux-block:
nvmet: release the sq ref on rdma read errors
nvmet-fc: remove target cpu scheduling flag
nvme-fc: stop queues on error detection
nvme-fc: require target or discovery role for fc-nvme targets
nvme-fc: correct port role bits
nvme: unmap CMB and remove sysfs file in reset path
blktrace: fix integer parse
fuseblk: Fix warning in super_setup_bdi_name()
block: xen-blkback: add null check to avoid null pointer dereference
drbd: fix request leak introduced by locking/atomic, kref: Kill kref_sub()
17 May, 2017
1 commit
-
Commit 5f7f7543f52e "fuse: Convert to separately allocated bdi" didn't
properly handle fuseblk filesystem. When fuse_bdi_init() is called for
that filesystem type, sb->s_bdi is already initialized (by
set_bdev_super()) to point to block device's bdi and consequently
super_setup_bdi_name() complains about this fact when reseting bdi to
the private one.Fix the problem by properly dropping bdi reference in fuse_bdi_init()
before creating a private bdi in super_setup_bdi_name().Fixes: 5f7f7543f52e ("fuse: Convert to separately allocated bdi")
Reported-by: Rakesh Pandit
Tested-by: Rakesh Pandit
Signed-off-by: Jan Kara
Signed-off-by: Jens Axboe
11 May, 2017
1 commit
-
Pull NFS client updates from Trond Myklebust:
"Highlights include:Stable bugfixes:
- Fix use after free in write error path
- Use GFP_NOIO for two allocations in writeback
- Fix a hang in OPEN related to server reboot
- Check the result of nfs4_pnfs_ds_connect
- Fix an rcu lock leakFeatures:
- Removal of the unmaintained and unused OSD pNFS layout
- Cleanup and removal of lots of unnecessary dprintk()s
- Cleanup and removal of some memory failure paths now that GFP_NOFS
is guaranteed to never fail.
- Remove the v3-only data server limitation on pNFS/flexfilesBugfixes:
- RPC/RDMA connection handling bugfixes
- Copy offload: fixes to ensure the copied data is COMMITed to disk.
- Readdir: switch back to using the ->iterate VFS interface
- File locking fixes from Ben Coddington
- Various use-after-free and deadlock issues in pNFS
- Write path bugfixes"* tag 'nfs-for-4.12-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: (89 commits)
pNFS/flexfiles: Always attempt to call layoutstats when flexfiles is enabled
NFSv4.1: Work around a Linux server bug...
NFS append COMMIT after synchronous COPY
NFSv4: Fix exclusive create attributes encoding
NFSv4: Fix an rcu lock leak
nfs: use kmap/kunmap directly
NFS: always treat the invocation of nfs_getattr as cache hit when noac is on
Fix nfs_client refcounting if kmalloc fails in nfs4_proc_exchange_id and nfs4_proc_async_renew
NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION
pNFS: Fix NULL dereference in pnfs_generic_alloc_ds_commits
pNFS: Fix a typo in pnfs_generic_alloc_ds_commits
pNFS: Fix a deadlock when coalescing writes and returning the layout
pNFS: Don't clear the layout return info if there are segments to return
pNFS: Ensure we commit the layout if it has been invalidated
pNFS: Don't send COMMITs to the DSes if the server invalidated our layout
pNFS/flexfiles: Fix up the ff_layout_write_pagelist failure path
pNFS: Ensure we check layout validity before marking it for return
NFS4.1 handle interrupted slot reuse from ERR_DELAY
NFSv4: check return value of xdr_inline_decode
nfs/filelayout: fix NULL pointer dereference in fl_pnfs_update_layout()
...
10 May, 2017
2 commits
-
Pull fuse updates from Miklos Szeredi:
"Support for pid namespaces from Seth and refcount_t work from Elena"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
fuse: Add support for pid namespaces
fuse: convert fuse_conn.count from atomic_t to refcount_t
fuse: convert fuse_req.count from atomic_t to refcount_t
fuse: convert fuse_file.count from atomic_t to refcount_t -
Pull misc vfs updates from Al Viro:
"Assorted bits and pieces from various people. No common topic in this
pile, sorry"* 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
fs/affs: add rename exchange
fs/affs: add rename2 to prepare multiple methods
Make stat/lstat/fstatat pass AT_NO_AUTOMOUNT to vfs_statx()
fs: don't set *REFERENCED on single use objects
fs: compat: Remove warning from COMPATIBLE_IOCTL
remove pointless extern of atime_need_update_rcu()
fs: completely ignore unknown open flags
fs: add a VALID_OPEN_FLAGS
fs: remove _submit_bh()
fs: constify tree_descr arrays passed to simple_fill_super()
fs: drop duplicate header percpu-rwsem.h
fs/affs: bugfix: Write files greater than page size on OFS
fs/affs: bugfix: enable writes on OFS disks
fs/affs: remove node generation check
fs/affs: import amigaffs.h
fs/affs: bugfix: make symbolic links work again
27 Apr, 2017
1 commit
-
simple_fill_super() is passed an array of tree_descr structures which
describe the files to create in the filesystem's root directory. Since
these arrays are never modified intentionally, they should be 'const' so
that they are placed in .rodata and benefit from memory protection.
This patch updates the function signature and all users, and also
constifies tree_descr.name.Signed-off-by: Eric Biggers
Signed-off-by: Al Viro
21 Apr, 2017
2 commits
-
Set FL_CLOSE in fl_flags as in locks_remove_posix() when clearing locks.
NFS will check for this flag to ensure an unlock is sent in a following
patch.Fuse handles flock and posix locks differently for FL_CLOSE, and so
requires a fixup to retain the existing behavior for flock.Signed-off-by: Benjamin Coddington
Reviewed-by: Jeff Layton
Acked-by: Miklos Szeredi
Signed-off-by: Trond Myklebust -
It is not needed anymore since bdi is initialized whenever superblock
exists.CC: Miklos Szeredi
CC: linux-fsdevel@vger.kernel.org
Suggested-by: Miklos Szeredi
Reviewed-by: Christoph Hellwig
Signed-off-by: Jan Kara
Signed-off-by: Jens Axboe