aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2010-01-28 21:48:53 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2010-01-28 21:48:53 -0500
commit64a028a6de08545a2c94f302bc7694bf48aee5b5 (patch)
treed01fd905efb117cb5b00443464073a6539a23684
parent3d29935ff0773fe466e957f17284ca777a2aaa89 (diff)
parent12e9a45609054fb83d4a8b716a5265cc1a393e10 (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: Fix failure exit in ipathfs fix oops in fs/9p late mount failure fix leak in romfs_fill_super() get rid of pointless checks after simple_pin_fs() Fix failure exits in bfs_fill_super() fix affs parse_options() Fix remount races with symlink handling in affs Fix a leak in affs_fill_super()
Diffstat
-rw-r--r--drivers/infiniband/hw/ipath/ipath_fs.c4
-rw-r--r--fs/9p/vfs_super.c3
-rw-r--r--fs/affs/affs.h2
-rw-r--r--fs/affs/namei.c7
-rw-r--r--fs/affs/super.c31
-rw-r--r--fs/affs/symlink.c7
-rw-r--r--fs/bfs/inode.c43
-rw-r--r--fs/debugfs/inode.c11
-rw-r--r--fs/romfs/super.c1
-rw-r--r--security/inode.c11
10 files changed, 62 insertions, 58 deletions
diff --git a/drivers/infiniband/hw/ipath/ipath_fs.c b/drivers/infiniband/hw/ipath/ipath_fs.c
index b3684060465e..100da8542bba 100644
--- a/drivers/infiniband/hw/ipath/ipath_fs.c
+++ b/drivers/infiniband/hw/ipath/ipath_fs.c
@@ -346,10 +346,8 @@ static int ipathfs_fill_super(struct super_block *sb, void *data,
346 list_for_each_entry_safe(dd, tmp, &ipath_dev_list, ipath_list) { 346 list_for_each_entry_safe(dd, tmp, &ipath_dev_list, ipath_list) {
347 spin_unlock_irqrestore(&ipath_devs_lock, flags); 347 spin_unlock_irqrestore(&ipath_devs_lock, flags);
348 ret = create_device_files(sb, dd); 348 ret = create_device_files(sb, dd);
349 if (ret) { 349 if (ret)
350 deactivate_locked_super(sb);
351 goto bail; 350 goto bail;
352 }
353 spin_lock_irqsave(&ipath_devs_lock, flags); 351 spin_lock_irqsave(&ipath_devs_lock, flags);
354 } 352 }
355 353
diff --git a/fs/9p/vfs_super.c b/fs/9p/vfs_super.c
index 14a86448572c..69357c0d9899 100644
--- a/fs/9p/vfs_super.c
+++ b/fs/9p/vfs_super.c
@@ -188,7 +188,8 @@ static void v9fs_kill_super(struct super_block *s)
188 188
189 P9_DPRINTK(P9_DEBUG_VFS, " %p\n", s); 189 P9_DPRINTK(P9_DEBUG_VFS, " %p\n", s);
190 190
191 v9fs_dentry_release(s->s_root); /* clunk root */ 191 if (s->s_root)
192 v9fs_dentry_release(s->s_root); /* clunk root */
192 193
193 kill_anon_super(s); 194 kill_anon_super(s);
194 195
diff --git a/fs/affs/affs.h b/fs/affs/affs.h
index e511dc621a2e..0e40caaba456 100644
--- a/fs/affs/affs.h
+++ b/fs/affs/affs.h
@@ -106,8 +106,8 @@ struct affs_sb_info {
106 u32 s_last_bmap; 106 u32 s_last_bmap;
107 struct buffer_head *s_bmap_bh; 107 struct buffer_head *s_bmap_bh;
108 char *s_prefix; /* Prefix for volumes and assigns. */ 108 char *s_prefix; /* Prefix for volumes and assigns. */
109 int s_prefix_len; /* Length of prefix. */
110 char s_volume[32]; /* Volume prefix for absolute symlinks. */ 109 char s_volume[32]; /* Volume prefix for absolute symlinks. */
110 spinlock_t symlink_lock; /* protects the previous two */
111}; 111};
112 112
113#define SF_INTL 0x0001 /* International filesystem. */ 113#define SF_INTL 0x0001 /* International filesystem. */
diff --git a/fs/affs/namei.c b/fs/affs/namei.c
index 960d336ec694..d70bbbac6b7b 100644
--- a/fs/affs/namei.c
+++ b/fs/affs/namei.c
@@ -341,10 +341,13 @@ affs_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
341 p = (char *)AFFS_HEAD(bh)->table; 341 p = (char *)AFFS_HEAD(bh)->table;
342 lc = '/'; 342 lc = '/';
343 if (*symname == '/') { 343 if (*symname == '/') {
344 struct affs_sb_info *sbi = AFFS_SB(sb);
344 while (*symname == '/') 345 while (*symname == '/')
345 symname++; 346 symname++;
346 while (AFFS_SB(sb)->s_volume[i]) /* Cannot overflow */ 347 spin_lock(&sbi->symlink_lock);
347 *p++ = AFFS_SB(sb)->s_volume[i++]; 348 while (sbi->s_volume[i]) /* Cannot overflow */
349 *p++ = sbi->s_volume[i++];
350 spin_unlock(&sbi->symlink_lock);
348 } 351 }
349 while (i < maxlen && (c = *symname++)) { 352 while (i < maxlen && (c = *symname++)) {
350 if (c == '.' && lc == '/' && *symname == '.' && symname[1] == '/') { 353 if (c == '.' && lc == '/' && *symname == '.' && symname[1] == '/') {
diff --git a/fs/affs/super.c b/fs/affs/super.c
index 104fdcb3a7fc..d41e9673cd97 100644
--- a/fs/affs/super.c
+++ b/fs/affs/super.c
@@ -203,7 +203,7 @@ parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s
203 switch (token) { 203 switch (token) {
204 case Opt_bs: 204 case Opt_bs:
205 if (match_int(&args[0], &n)) 205 if (match_int(&args[0], &n))
206 return -EINVAL; 206 return 0;
207 if (n != 512 && n != 1024 && n != 2048 207 if (n != 512 && n != 1024 && n != 2048
208 && n != 4096) { 208 && n != 4096) {
209 printk ("AFFS: Invalid blocksize (512, 1024, 2048, 4096 allowed)\n"); 209 printk ("AFFS: Invalid blocksize (512, 1024, 2048, 4096 allowed)\n");
@@ -213,7 +213,7 @@ parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s
213 break; 213 break;
214 case Opt_mode: 214 case Opt_mode:
215 if (match_octal(&args[0], &option)) 215 if (match_octal(&args[0], &option))
216 return 1; 216 return 0;
217 *mode = option & 0777; 217 *mode = option & 0777;
218 *mount_opts |= SF_SETMODE; 218 *mount_opts |= SF_SETMODE;
219 break; 219 break;
@@ -221,8 +221,6 @@ parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s
221 *mount_opts |= SF_MUFS; 221 *mount_opts |= SF_MUFS;
222 break; 222 break;
223 case Opt_prefix: 223 case Opt_prefix:
224 /* Free any previous prefix */
225 kfree(*prefix);
226 *prefix = match_strdup(&args[0]); 224 *prefix = match_strdup(&args[0]);
227 if (!*prefix) 225 if (!*prefix)
228 return 0; 226 return 0;
@@ -233,21 +231,21 @@ parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s
233 break; 231 break;
234 case Opt_reserved: 232 case Opt_reserved:
235 if (match_int(&args[0], reserved)) 233 if (match_int(&args[0], reserved))
236 return 1; 234 return 0;
237 break; 235 break;
238 case Opt_root: 236 case Opt_root:
239 if (match_int(&args[0], root)) 237 if (match_int(&args[0], root))
240 return 1; 238 return 0;
241 break; 239 break;
242 case Opt_setgid: 240 case Opt_setgid:
243 if (match_int(&args[0], &option)) 241 if (match_int(&args[0], &option))
244 return 1; 242 return 0;
245 *gid = option; 243 *gid = option;
246 *mount_opts |= SF_SETGID; 244 *mount_opts |= SF_SETGID;
247 break; 245 break;
248 case Opt_setuid: 246 case Opt_setuid:
249 if (match_int(&args[0], &option)) 247 if (match_int(&args[0], &option))
250 return -EINVAL; 248 return 0;
251 *uid = option; 249 *uid = option;
252 *mount_opts |= SF_SETUID; 250 *mount_opts |= SF_SETUID;
253 break; 251 break;
@@ -311,11 +309,14 @@ static int affs_fill_super(struct super_block *sb, void *data, int silent)
311 return -ENOMEM; 309 return -ENOMEM;
312 sb->s_fs_info = sbi; 310 sb->s_fs_info = sbi;
313 mutex_init(&sbi->s_bmlock); 311 mutex_init(&sbi->s_bmlock);
312 spin_lock_init(&sbi->symlink_lock);
314 313
315 if (!parse_options(data,&uid,&gid,&i,&reserved,&root_block, 314 if (!parse_options(data,&uid,&gid,&i,&reserved,&root_block,
316 &blocksize,&sbi->s_prefix, 315 &blocksize,&sbi->s_prefix,
317 sbi->s_volume, &mount_flags)) { 316 sbi->s_volume, &mount_flags)) {
318 printk(KERN_ERR "AFFS: Error parsing options\n"); 317 printk(KERN_ERR "AFFS: Error parsing options\n");
318 kfree(sbi->s_prefix);
319 kfree(sbi);
319 return -EINVAL; 320 return -EINVAL;
320 } 321 }
321 /* N.B. after this point s_prefix must be released */ 322 /* N.B. after this point s_prefix must be released */
@@ -516,14 +517,18 @@ affs_remount(struct super_block *sb, int *flags, char *data)
516 unsigned long mount_flags; 517 unsigned long mount_flags;
517 int res = 0; 518 int res = 0;
518 char *new_opts = kstrdup(data, GFP_KERNEL); 519 char *new_opts = kstrdup(data, GFP_KERNEL);
520 char volume[32];
521 char *prefix = NULL;
519 522
520 pr_debug("AFFS: remount(flags=0x%x,opts=\"%s\")\n",*flags,data); 523 pr_debug("AFFS: remount(flags=0x%x,opts=\"%s\")\n",*flags,data);
521 524
522 *flags |= MS_NODIRATIME; 525 *flags |= MS_NODIRATIME;
523 526
527 memcpy(volume, sbi->s_volume, 32);
524 if (!parse_options(data, &uid, &gid, &mode, &reserved, &root_block, 528 if (!parse_options(data, &uid, &gid, &mode, &reserved, &root_block,
525 &blocksize, &sbi->s_prefix, sbi->s_volume, 529 &blocksize, &prefix, volume,
526 &mount_flags)) { 530 &mount_flags)) {
531 kfree(prefix);
527 kfree(new_opts); 532 kfree(new_opts);
528 return -EINVAL; 533 return -EINVAL;
529 } 534 }
@@ -534,6 +539,14 @@ affs_remount(struct super_block *sb, int *flags, char *data)
534 sbi->s_mode = mode; 539 sbi->s_mode = mode;
535 sbi->s_uid = uid; 540 sbi->s_uid = uid;
536 sbi->s_gid = gid; 541 sbi->s_gid = gid;
542 /* protect against readers */
543 spin_lock(&sbi->symlink_lock);
544 if (prefix) {
545 kfree(sbi->s_prefix);
546 sbi->s_prefix = prefix;
547 }
548 memcpy(sbi->s_volume, volume, 32);
549 spin_unlock(&sbi->symlink_lock);
537 550
538 if ((*flags & MS_RDONLY) == (sb->s_flags & MS_RDONLY)) { 551 if ((*flags & MS_RDONLY) == (sb->s_flags & MS_RDONLY)) {
539 unlock_kernel(); 552 unlock_kernel();
diff --git a/fs/affs/symlink.c b/fs/affs/symlink.c
index 41782539c907..ee00f08c4f53 100644
--- a/fs/affs/symlink.c
+++ b/fs/affs/symlink.c
@@ -20,7 +20,6 @@ static int affs_symlink_readpage(struct file *file, struct page *page)
20 int i, j; 20 int i, j;
21 char c; 21 char c;
22 char lc; 22 char lc;
23 char *pf;
24 23
25 pr_debug("AFFS: follow_link(ino=%lu)\n",inode->i_ino); 24 pr_debug("AFFS: follow_link(ino=%lu)\n",inode->i_ino);
26 25
@@ -32,11 +31,15 @@ static int affs_symlink_readpage(struct file *file, struct page *page)
32 j = 0; 31 j = 0;
33 lf = (struct slink_front *)bh->b_data; 32 lf = (struct slink_front *)bh->b_data;
34 lc = 0; 33 lc = 0;
35 pf = AFFS_SB(inode->i_sb)->s_prefix ? AFFS_SB(inode->i_sb)->s_prefix : "/";
36 34
37 if (strchr(lf->symname,':')) { /* Handle assign or volume name */ 35 if (strchr(lf->symname,':')) { /* Handle assign or volume name */
36 struct affs_sb_info *sbi = AFFS_SB(inode->i_sb);
37 char *pf;
38 spin_lock(&sbi->symlink_lock);
39 pf = sbi->s_prefix ? sbi->s_prefix : "/";
38 while (i < 1023 && (c = pf[i])) 40 while (i < 1023 && (c = pf[i]))
39 link[i++] = c; 41 link[i++] = c;
42 spin_unlock(&sbi->symlink_lock);
40 while (i < 1023 && lf->symname[j] != ':') 43 while (i < 1023 && lf->symname[j] != ':')
41 link[i++] = lf->symname[j++]; 44 link[i++] = lf->symname[j++];
42 if (i < 1023) 45 if (i < 1023)
diff --git a/fs/bfs/inode.c b/fs/bfs/inode.c
index 6f60336c6628..8f3d9fd89604 100644
--- a/fs/bfs/inode.c
+++ b/fs/bfs/inode.c
@@ -353,35 +353,35 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
353 struct inode *inode; 353 struct inode *inode;
354 unsigned i, imap_len; 354 unsigned i, imap_len;
355 struct bfs_sb_info *info; 355 struct bfs_sb_info *info;
356 long ret = -EINVAL; 356 int ret = -EINVAL;
357 unsigned long i_sblock, i_eblock, i_eoff, s_size; 357 unsigned long i_sblock, i_eblock, i_eoff, s_size;
358 358
359 info = kzalloc(sizeof(*info), GFP_KERNEL); 359 info = kzalloc(sizeof(*info), GFP_KERNEL);
360 if (!info) 360 if (!info)
361 return -ENOMEM; 361 return -ENOMEM;
362 mutex_init(&info->bfs_lock);
362 s->s_fs_info = info; 363 s->s_fs_info = info;
363 364
364 sb_set_blocksize(s, BFS_BSIZE); 365 sb_set_blocksize(s, BFS_BSIZE);
365 366
366 bh = sb_bread(s, 0); 367 info->si_sbh = sb_bread(s, 0);
367 if(!bh) 368 if (!info->si_sbh)
368 goto out; 369 goto out;
369 bfs_sb = (struct bfs_super_block *)bh->b_data; 370 bfs_sb = (struct bfs_super_block *)info->si_sbh->b_data;
370 if (le32_to_cpu(bfs_sb->s_magic) != BFS_MAGIC) { 371 if (le32_to_cpu(bfs_sb->s_magic) != BFS_MAGIC) {
371 if (!silent) 372 if (!silent)
372 printf("No BFS filesystem on %s (magic=%08x)\n", 373 printf("No BFS filesystem on %s (magic=%08x)\n",
373 s->s_id, le32_to_cpu(bfs_sb->s_magic)); 374 s->s_id, le32_to_cpu(bfs_sb->s_magic));
374 goto out; 375 goto out1;
375 } 376 }
376 if (BFS_UNCLEAN(bfs_sb, s) && !silent) 377 if (BFS_UNCLEAN(bfs_sb, s) && !silent)
377 printf("%s is unclean, continuing\n", s->s_id); 378 printf("%s is unclean, continuing\n", s->s_id);
378 379
379 s->s_magic = BFS_MAGIC; 380 s->s_magic = BFS_MAGIC;
380 info->si_sbh = bh;
381 381
382 if (le32_to_cpu(bfs_sb->s_start) > le32_to_cpu(bfs_sb->s_end)) { 382 if (le32_to_cpu(bfs_sb->s_start) > le32_to_cpu(bfs_sb->s_end)) {
383 printf("Superblock is corrupted\n"); 383 printf("Superblock is corrupted\n");
384 goto out; 384 goto out1;
385 } 385 }
386 386
387 info->si_lasti = (le32_to_cpu(bfs_sb->s_start) - BFS_BSIZE) / 387 info->si_lasti = (le32_to_cpu(bfs_sb->s_start) - BFS_BSIZE) /
@@ -390,7 +390,7 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
390 imap_len = (info->si_lasti / 8) + 1; 390 imap_len = (info->si_lasti / 8) + 1;
391 info->si_imap = kzalloc(imap_len, GFP_KERNEL); 391 info->si_imap = kzalloc(imap_len, GFP_KERNEL);
392 if (!info->si_imap) 392 if (!info->si_imap)
393 goto out; 393 goto out1;
394 for (i = 0; i < BFS_ROOT_INO; i++) 394 for (i = 0; i < BFS_ROOT_INO; i++)
395 set_bit(i, info->si_imap); 395 set_bit(i, info->si_imap);
396 396
@@ -398,15 +398,13 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
398 inode = bfs_iget(s, BFS_ROOT_INO); 398 inode = bfs_iget(s, BFS_ROOT_INO);
399 if (IS_ERR(inode)) { 399 if (IS_ERR(inode)) {
400 ret = PTR_ERR(inode); 400 ret = PTR_ERR(inode);
401 kfree(info->si_imap); 401 goto out2;
402 goto out;
403 } 402 }
404 s->s_root = d_alloc_root(inode); 403 s->s_root = d_alloc_root(inode);
405 if (!s->s_root) { 404 if (!s->s_root) {
406 iput(inode); 405 iput(inode);
407 ret = -ENOMEM; 406 ret = -ENOMEM;
408 kfree(info->si_imap); 407 goto out2;
409 goto out;
410 } 408 }
411 409
412 info->si_blocks = (le32_to_cpu(bfs_sb->s_end) + 1) >> BFS_BSIZE_BITS; 410 info->si_blocks = (le32_to_cpu(bfs_sb->s_end) + 1) >> BFS_BSIZE_BITS;
@@ -419,10 +417,8 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
419 bh = sb_bread(s, info->si_blocks - 1); 417 bh = sb_bread(s, info->si_blocks - 1);
420 if (!bh) { 418 if (!bh) {
421 printf("Last block not available: %lu\n", info->si_blocks - 1); 419 printf("Last block not available: %lu\n", info->si_blocks - 1);
422 iput(inode);
423 ret = -EIO; 420 ret = -EIO;
424 kfree(info->si_imap); 421 goto out3;
425 goto out;
426 } 422 }
427 brelse(bh); 423 brelse(bh);
428 424
@@ -459,11 +455,8 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
459 printf("Inode 0x%08x corrupted\n", i); 455 printf("Inode 0x%08x corrupted\n", i);
460 456
461 brelse(bh); 457 brelse(bh);
462 s->s_root = NULL; 458 ret = -EIO;
463 kfree(info->si_imap); 459 goto out3;
464 kfree(info);
465 s->s_fs_info = NULL;
466 return -EIO;
467 } 460 }
468 461
469 if (!di->i_ino) { 462 if (!di->i_ino) {
@@ -483,11 +476,17 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
483 s->s_dirt = 1; 476 s->s_dirt = 1;
484 } 477 }
485 dump_imap("read_super", s); 478 dump_imap("read_super", s);
486 mutex_init(&info->bfs_lock);
487 return 0; 479 return 0;
488 480
481out3:
482 dput(s->s_root);
483 s->s_root = NULL;
484out2:
485 kfree(info->si_imap);
486out1:
487 brelse(info->si_sbh);
489out: 488out:
490 brelse(bh); 489 mutex_destroy(&info->bfs_lock);
491 kfree(info); 490 kfree(info);
492 s->s_fs_info = NULL; 491 s->s_fs_info = NULL;
493 return ret; 492 return ret;
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
index b486169f42bf..274ac865bae8 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
@@ -160,15 +160,8 @@ static int debugfs_create_by_name(const char *name, mode_t mode,
160 * block. A pointer to that is in the struct vfsmount that we 160 * block. A pointer to that is in the struct vfsmount that we
161 * have around. 161 * have around.
162 */ 162 */
163 if (!parent) { 163 if (!parent)
164 if (debugfs_mount && debugfs_mount->mnt_sb) { 164 parent = debugfs_mount->mnt_sb->s_root;
165 parent = debugfs_mount->mnt_sb->s_root;
166 }
167 }
168 if (!parent) {
169 pr_debug("debugfs: Ah! can not find a parent!\n");
170 return -EFAULT;
171 }
172 165
173 *dentry = NULL; 166 *dentry = NULL;
174 mutex_lock(&parent->d_inode->i_mutex); 167 mutex_lock(&parent->d_inode->i_mutex);
diff --git a/fs/romfs/super.c b/fs/romfs/super.c
index c117fa80d1e9..42d213546894 100644
--- a/fs/romfs/super.c
+++ b/fs/romfs/super.c
@@ -544,6 +544,7 @@ error:
544error_rsb_inval: 544error_rsb_inval:
545 ret = -EINVAL; 545 ret = -EINVAL;
546error_rsb: 546error_rsb:
547 kfree(rsb);
547 return ret; 548 return ret;
548} 549}
549 550
diff --git a/security/inode.c b/security/inode.c
index f7496c6a022b..c3a793881d04 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -156,15 +156,8 @@ static int create_by_name(const char *name, mode_t mode,
156 * block. A pointer to that is in the struct vfsmount that we 156 * block. A pointer to that is in the struct vfsmount that we
157 * have around. 157 * have around.
158 */ 158 */
159 if (!parent ) { 159 if (!parent)
160 if (mount && mount->mnt_sb) { 160 parent = mount->mnt_sb->s_root;
161 parent = mount->mnt_sb->s_root;
162 }
163 }
164 if (!parent) {
165 pr_debug("securityfs: Ah! can not find a parent!\n");
166 return -EFAULT;
167 }
168 161
169 mutex_lock(&parent->d_inode->i_mutex); 162 mutex_lock(&parent->d_inode->i_mutex);
170 *dentry = lookup_one_len(name, parent, strlen(name)); 163 *dentry = lookup_one_len(name, parent, strlen(name));
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-21 07:55:19 -0500