Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull vfs fixes from Al Viro: "These four commits are obvious fixes (a couple of fdget_pos()-related ones from Eric Biggers, prepend_name() fix, missing checks for false negatives from __lookup_mnt() in fs/namei.c)" For now I'm pulling just the four obvious fixes, there's another four pending in Al's 'for-linus' branch wrt the mnt_hash list that were more involved. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: rcuwalk: recheck mount_lock after mountpoint crossing attempts make prepend_name() work correctly when called with negative *buflen vfs: Don't let __fdget_pos() get FMODE_PATH files vfs: atomic f_pos access in llseek()
author: Linus Torvalds <torvalds@linux-foundation.org> 2014-03-25 18:05:57 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2014-03-25 18:05:57 -0400
commit: 3e79d97828841305e3369ad1e07cfed5bf5989ef (patch)
tree: d14264947e9bf1a72922060dfefd08693e550ebc
parent: b098d6726bbfb94c06d6e1097466187afddae61f (diff)
parent: b37199e626b31e1175fb06764c5d1d687723aac2 (diff)
4 files changed, 21 insertions, 35 deletions
diff --git a/fs/dcache.c b/fs/dcache.c
index 265e0ce9769c..ca02c13a84aa 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -2833,9 +2833,9 @@ static int prepend_name(char **buffer, int *buflen, struct qstr *name)
        u32 dlen = ACCESS_ONCE(name->len);
        char *p;
-        if (*buflen < dlen + 1)
-                return -ENAMETOOLONG;
        *buflen -= dlen + 1;
+        if (*buflen < 0)
+                return -ENAMETOOLONG;
        p = *buffer -= dlen + 1;
        *p++ = '/';
        while (dlen--) {
diff --git a/fs/file.c b/fs/file.c
index 60a45e9f5323..eb56a13dab3e 100644
--- a/fs/file.c
+++ b/fs/file.c
@@ -713,27 +713,16 @@ unsigned long __fdget_raw(unsigned int fd)
 unsigned long __fdget_pos(unsigned int fd)
 {
-        struct files_struct *files = current->files;
+        unsigned long v = __fdget(fd);
-        struct file *file;
+        struct file *file = (struct file *)(v & ~3);
-        unsigned long v;
-        if (atomic_read(&files->count) == 1) {
-                file = __fcheck_files(files, fd);
-                v = 0;
-        } else {
-                file = __fget(fd, 0);
-                v = FDPUT_FPUT;
-        }
-        if (!file)
-                return 0;
-        if (file->f_mode & FMODE_ATOMIC_POS) {
+        if (file && (file->f_mode & FMODE_ATOMIC_POS)) {
                if (file_count(file) > 1) {
                        v |= FDPUT_POS_UNLOCK;
                        mutex_lock(&file->f_pos_lock);
                }
        }
-        return v | (unsigned long)file;
+        return v;
 }
 /*
diff --git a/fs/namei.c b/fs/namei.c
index 2f730ef9b4b3..4b491b431990 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1109,7 +1109,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
                        return false;
                if (!d_mountpoint(path->dentry))
-                        break;
+                        return true;
                mounted = __lookup_mnt(path->mnt, path->dentry);
                if (!mounted)
@@ -1125,20 +1125,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
                 */
                *inode = path->dentry->d_inode;
        }
-        return true;
+        return read_seqretry(&mount_lock, nd->m_seq);
-}
-static void follow_mount_rcu(struct nameidata *nd)
-{
-        while (d_mountpoint(nd->path.dentry)) {
-                struct mount *mounted;
-                mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry);
-                if (!mounted)
-                        break;
-                nd->path.mnt = &mounted->mnt;
-                nd->path.dentry = mounted->mnt.mnt_root;
-                nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
-        }
 }
 static int follow_dotdot_rcu(struct nameidata *nd)
@@ -1166,7 +1153,17 @@ static int follow_dotdot_rcu(struct nameidata *nd)
                        break;
                nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
        }
-        follow_mount_rcu(nd);
+        while (d_mountpoint(nd->path.dentry)) {
+                struct mount *mounted;
+                mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry);
+                if (!mounted)
+                        break;
+                nd->path.mnt = &mounted->mnt;
+                nd->path.dentry = mounted->mnt.mnt_root;
+                nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
+                if (!read_seqretry(&mount_lock, nd->m_seq))
+                        goto failed;
+        }
        nd->inode = nd->path.dentry->d_inode;
        return 0;
diff --git a/fs/read_write.c b/fs/read_write.c
index 54e19b9392dc..28cc9c810744 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -307,7 +307,7 @@ SYSCALL_DEFINE5(llseek, unsigned int, fd, unsigned long, offset_high,
                unsigned int, whence)
 {
        int retval;
-        struct fd f = fdget(fd);
+        struct fd f = fdget_pos(fd);
        loff_t offset;
        if (!f.file)
@@ -327,7 +327,7 @@ SYSCALL_DEFINE5(llseek, unsigned int, fd, unsigned long, offset_high,
                        retval = 0;
        }
 out_putf:
-        fdput(f);
+        fdput_pos(f);
        return retval;
 }
 #endif
author	Linus Torvalds <torvalds@linux-foundation.org>	2014-03-25 18:05:57 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2014-03-25 18:05:57 -0400
commit	3e79d97828841305e3369ad1e07cfed5bf5989ef (patch)
tree	d14264947e9bf1a72922060dfefd08693e550ebc
parent	b098d6726bbfb94c06d6e1097466187afddae61f (diff)
parent	b37199e626b31e1175fb06764c5d1d687723aac2 (diff)