diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-11 20:59:23 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-11 20:59:23 -0400 |
| commit | 940e3a8dd6683a3787faf769b3df7a06f1c2fa31 (patch) | |
| tree | 5f722b4a63fcaf288e2689576d75c16e0dfc700d | |
| parent | 12250d843e8489ee00b5b7726da855e51694e792 (diff) | |
| parent | 759f42987f98915764bad922ee123acb0eadbe33 (diff) | |
Merge tag 'for-linus-merge-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs
Pull v9fs update from Eric Van Hensbergen.
* tag 'for-linus-merge-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
9P: Fix race between p9_write_work() and p9_fd_request()
9P: Fix race in p9_write_work()
9P: fix test at the end of p9_write_work()
9P: Fix race in p9_read_work()
9p: don't use __getname/__putname for uname/aname
net/9p: Check errno validity
fs/9p: avoid debug OOPS when reading a long symlink
| -rw-r--r-- | fs/9p/v9fs.c | 30 | ||||
| -rw-r--r-- | fs/9p/vfs_inode.c | 8 | ||||
| -rw-r--r-- | net/9p/client.c | 18 | ||||
| -rw-r--r-- | net/9p/trans_fd.c | 38 |
4 files changed, 59 insertions, 35 deletions
diff --git a/fs/9p/v9fs.c b/fs/9p/v9fs.c index 392c5dac1981..d934f04e7736 100644 --- a/fs/9p/v9fs.c +++ b/fs/9p/v9fs.c | |||
| @@ -184,10 +184,20 @@ static int v9fs_parse_options(struct v9fs_session_info *v9ses, char *opts) | |||
| 184 | v9ses->afid = option; | 184 | v9ses->afid = option; |
| 185 | break; | 185 | break; |
| 186 | case Opt_uname: | 186 | case Opt_uname: |
| 187 | match_strlcpy(v9ses->uname, &args[0], PATH_MAX); | 187 | kfree(v9ses->uname); |
| 188 | v9ses->uname = match_strdup(&args[0]); | ||
| 189 | if (!v9ses->uname) { | ||
| 190 | ret = -ENOMEM; | ||
| 191 | goto free_and_return; | ||
| 192 | } | ||
| 188 | break; | 193 | break; |
| 189 | case Opt_remotename: | 194 | case Opt_remotename: |
| 190 | match_strlcpy(v9ses->aname, &args[0], PATH_MAX); | 195 | kfree(v9ses->aname); |
| 196 | v9ses->aname = match_strdup(&args[0]); | ||
| 197 | if (!v9ses->aname) { | ||
| 198 | ret = -ENOMEM; | ||
| 199 | goto free_and_return; | ||
| 200 | } | ||
| 191 | break; | 201 | break; |
| 192 | case Opt_nodevmap: | 202 | case Opt_nodevmap: |
| 193 | v9ses->nodev = 1; | 203 | v9ses->nodev = 1; |
| @@ -287,21 +297,21 @@ struct p9_fid *v9fs_session_init(struct v9fs_session_info *v9ses, | |||
| 287 | struct p9_fid *fid; | 297 | struct p9_fid *fid; |
| 288 | int rc; | 298 | int rc; |
| 289 | 299 | ||
| 290 | v9ses->uname = __getname(); | 300 | v9ses->uname = kstrdup(V9FS_DEFUSER, GFP_KERNEL); |
| 291 | if (!v9ses->uname) | 301 | if (!v9ses->uname) |
| 292 | return ERR_PTR(-ENOMEM); | 302 | return ERR_PTR(-ENOMEM); |
| 293 | 303 | ||
| 294 | v9ses->aname = __getname(); | 304 | v9ses->aname = kstrdup(V9FS_DEFANAME, GFP_KERNEL); |
| 295 | if (!v9ses->aname) { | 305 | if (!v9ses->aname) { |
| 296 | __putname(v9ses->uname); | 306 | kfree(v9ses->uname); |
| 297 | return ERR_PTR(-ENOMEM); | 307 | return ERR_PTR(-ENOMEM); |
| 298 | } | 308 | } |
| 299 | init_rwsem(&v9ses->rename_sem); | 309 | init_rwsem(&v9ses->rename_sem); |
| 300 | 310 | ||
| 301 | rc = bdi_setup_and_register(&v9ses->bdi, "9p", BDI_CAP_MAP_COPY); | 311 | rc = bdi_setup_and_register(&v9ses->bdi, "9p", BDI_CAP_MAP_COPY); |
| 302 | if (rc) { | 312 | if (rc) { |
| 303 | __putname(v9ses->aname); | 313 | kfree(v9ses->aname); |
| 304 | __putname(v9ses->uname); | 314 | kfree(v9ses->uname); |
| 305 | return ERR_PTR(rc); | 315 | return ERR_PTR(rc); |
| 306 | } | 316 | } |
| 307 | 317 | ||
| @@ -309,8 +319,6 @@ struct p9_fid *v9fs_session_init(struct v9fs_session_info *v9ses, | |||
| 309 | list_add(&v9ses->slist, &v9fs_sessionlist); | 319 | list_add(&v9ses->slist, &v9fs_sessionlist); |
| 310 | spin_unlock(&v9fs_sessionlist_lock); | 320 | spin_unlock(&v9fs_sessionlist_lock); |
| 311 | 321 | ||
| 312 | strcpy(v9ses->uname, V9FS_DEFUSER); | ||
| 313 | strcpy(v9ses->aname, V9FS_DEFANAME); | ||
| 314 | v9ses->uid = ~0; | 322 | v9ses->uid = ~0; |
| 315 | v9ses->dfltuid = V9FS_DEFUID; | 323 | v9ses->dfltuid = V9FS_DEFUID; |
| 316 | v9ses->dfltgid = V9FS_DEFGID; | 324 | v9ses->dfltgid = V9FS_DEFGID; |
| @@ -412,8 +420,8 @@ void v9fs_session_close(struct v9fs_session_info *v9ses) | |||
| 412 | kfree(v9ses->cachetag); | 420 | kfree(v9ses->cachetag); |
| 413 | } | 421 | } |
| 414 | #endif | 422 | #endif |
| 415 | __putname(v9ses->uname); | 423 | kfree(v9ses->uname); |
| 416 | __putname(v9ses->aname); | 424 | kfree(v9ses->aname); |
| 417 | 425 | ||
| 418 | bdi_destroy(&v9ses->bdi); | 426 | bdi_destroy(&v9ses->bdi); |
| 419 | 427 | ||
diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c index cbf9dbb1b2a2..890bed538f9b 100644 --- a/fs/9p/vfs_inode.c +++ b/fs/9p/vfs_inode.c | |||
| @@ -1276,12 +1276,12 @@ static int v9fs_readlink(struct dentry *dentry, char *buffer, int buflen) | |||
| 1276 | } | 1276 | } |
| 1277 | 1277 | ||
| 1278 | /* copy extension buffer into buffer */ | 1278 | /* copy extension buffer into buffer */ |
| 1279 | strncpy(buffer, st->extension, buflen); | 1279 | retval = min(strlen(st->extension)+1, (size_t)buflen); |
| 1280 | memcpy(buffer, st->extension, retval); | ||
| 1280 | 1281 | ||
| 1281 | p9_debug(P9_DEBUG_VFS, "%s -> %s (%s)\n", | 1282 | p9_debug(P9_DEBUG_VFS, "%s -> %s (%.*s)\n", |
| 1282 | dentry->d_name.name, st->extension, buffer); | 1283 | dentry->d_name.name, st->extension, buflen, buffer); |
| 1283 | 1284 | ||
| 1284 | retval = strnlen(buffer, buflen); | ||
| 1285 | done: | 1285 | done: |
| 1286 | p9stat_free(st); | 1286 | p9stat_free(st); |
| 1287 | kfree(st); | 1287 | kfree(st); |
diff --git a/net/9p/client.c b/net/9p/client.c index 8260f132b32e..34d417670935 100644 --- a/net/9p/client.c +++ b/net/9p/client.c | |||
| @@ -76,6 +76,20 @@ inline int p9_is_proto_dotu(struct p9_client *clnt) | |||
| 76 | } | 76 | } |
| 77 | EXPORT_SYMBOL(p9_is_proto_dotu); | 77 | EXPORT_SYMBOL(p9_is_proto_dotu); |
| 78 | 78 | ||
| 79 | /* | ||
| 80 | * Some error codes are taken directly from the server replies, | ||
| 81 | * make sure they are valid. | ||
| 82 | */ | ||
| 83 | static int safe_errno(int err) | ||
| 84 | { | ||
| 85 | if ((err > 0) || (err < -MAX_ERRNO)) { | ||
| 86 | p9_debug(P9_DEBUG_ERROR, "Invalid error code %d\n", err); | ||
| 87 | return -EPROTO; | ||
| 88 | } | ||
| 89 | return err; | ||
| 90 | } | ||
| 91 | |||
| 92 | |||
| 79 | /* Interpret mount option for protocol version */ | 93 | /* Interpret mount option for protocol version */ |
| 80 | static int get_protocol_version(char *s) | 94 | static int get_protocol_version(char *s) |
| 81 | { | 95 | { |
| @@ -782,7 +796,7 @@ again: | |||
| 782 | return req; | 796 | return req; |
| 783 | reterr: | 797 | reterr: |
| 784 | p9_free_req(c, req); | 798 | p9_free_req(c, req); |
| 785 | return ERR_PTR(err); | 799 | return ERR_PTR(safe_errno(err)); |
| 786 | } | 800 | } |
| 787 | 801 | ||
| 788 | /** | 802 | /** |
| @@ -865,7 +879,7 @@ static struct p9_req_t *p9_client_zc_rpc(struct p9_client *c, int8_t type, | |||
| 865 | return req; | 879 | return req; |
| 866 | reterr: | 880 | reterr: |
| 867 | p9_free_req(c, req); | 881 | p9_free_req(c, req); |
| 868 | return ERR_PTR(err); | 882 | return ERR_PTR(safe_errno(err)); |
| 869 | } | 883 | } |
| 870 | 884 | ||
| 871 | static struct p9_fid *p9_fid_create(struct p9_client *clnt) | 885 | static struct p9_fid *p9_fid_create(struct p9_client *clnt) |
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c index 15656b8573f3..02efb25c2957 100644 --- a/net/9p/trans_fd.c +++ b/net/9p/trans_fd.c | |||
| @@ -316,8 +316,7 @@ static void p9_read_work(struct work_struct *work) | |||
| 316 | m->rsize - m->rpos); | 316 | m->rsize - m->rpos); |
| 317 | p9_debug(P9_DEBUG_TRANS, "mux %p got %d bytes\n", m, err); | 317 | p9_debug(P9_DEBUG_TRANS, "mux %p got %d bytes\n", m, err); |
| 318 | if (err == -EAGAIN) { | 318 | if (err == -EAGAIN) { |
| 319 | clear_bit(Rworksched, &m->wsched); | 319 | goto end_clear; |
| 320 | return; | ||
| 321 | } | 320 | } |
| 322 | 321 | ||
| 323 | if (err <= 0) | 322 | if (err <= 0) |
| @@ -379,19 +378,20 @@ static void p9_read_work(struct work_struct *work) | |||
| 379 | m->req = NULL; | 378 | m->req = NULL; |
| 380 | } | 379 | } |
| 381 | 380 | ||
| 381 | end_clear: | ||
| 382 | clear_bit(Rworksched, &m->wsched); | ||
| 383 | |||
| 382 | if (!list_empty(&m->req_list)) { | 384 | if (!list_empty(&m->req_list)) { |
| 383 | if (test_and_clear_bit(Rpending, &m->wsched)) | 385 | if (test_and_clear_bit(Rpending, &m->wsched)) |
| 384 | n = POLLIN; | 386 | n = POLLIN; |
| 385 | else | 387 | else |
| 386 | n = p9_fd_poll(m->client, NULL); | 388 | n = p9_fd_poll(m->client, NULL); |
| 387 | 389 | ||
| 388 | if (n & POLLIN) { | 390 | if ((n & POLLIN) && !test_and_set_bit(Rworksched, &m->wsched)) { |
| 389 | p9_debug(P9_DEBUG_TRANS, "sched read work %p\n", m); | 391 | p9_debug(P9_DEBUG_TRANS, "sched read work %p\n", m); |
| 390 | schedule_work(&m->rq); | 392 | schedule_work(&m->rq); |
| 391 | } else | 393 | } |
| 392 | clear_bit(Rworksched, &m->wsched); | 394 | } |
| 393 | } else | ||
| 394 | clear_bit(Rworksched, &m->wsched); | ||
| 395 | 395 | ||
| 396 | return; | 396 | return; |
| 397 | error: | 397 | error: |
| @@ -453,12 +453,13 @@ static void p9_write_work(struct work_struct *work) | |||
| 453 | } | 453 | } |
| 454 | 454 | ||
| 455 | if (!m->wsize) { | 455 | if (!m->wsize) { |
| 456 | spin_lock(&m->client->lock); | ||
| 456 | if (list_empty(&m->unsent_req_list)) { | 457 | if (list_empty(&m->unsent_req_list)) { |
| 457 | clear_bit(Wworksched, &m->wsched); | 458 | clear_bit(Wworksched, &m->wsched); |
| 459 | spin_unlock(&m->client->lock); | ||
| 458 | return; | 460 | return; |
| 459 | } | 461 | } |
| 460 | 462 | ||
| 461 | spin_lock(&m->client->lock); | ||
| 462 | req = list_entry(m->unsent_req_list.next, struct p9_req_t, | 463 | req = list_entry(m->unsent_req_list.next, struct p9_req_t, |
| 463 | req_list); | 464 | req_list); |
| 464 | req->status = REQ_STATUS_SENT; | 465 | req->status = REQ_STATUS_SENT; |
| @@ -476,10 +477,9 @@ static void p9_write_work(struct work_struct *work) | |||
| 476 | clear_bit(Wpending, &m->wsched); | 477 | clear_bit(Wpending, &m->wsched); |
| 477 | err = p9_fd_write(m->client, m->wbuf + m->wpos, m->wsize - m->wpos); | 478 | err = p9_fd_write(m->client, m->wbuf + m->wpos, m->wsize - m->wpos); |
| 478 | p9_debug(P9_DEBUG_TRANS, "mux %p sent %d bytes\n", m, err); | 479 | p9_debug(P9_DEBUG_TRANS, "mux %p sent %d bytes\n", m, err); |
| 479 | if (err == -EAGAIN) { | 480 | if (err == -EAGAIN) |
| 480 | clear_bit(Wworksched, &m->wsched); | 481 | goto end_clear; |
| 481 | return; | 482 | |
| 482 | } | ||
| 483 | 483 | ||
| 484 | if (err < 0) | 484 | if (err < 0) |
| 485 | goto error; | 485 | goto error; |
| @@ -492,19 +492,21 @@ static void p9_write_work(struct work_struct *work) | |||
| 492 | if (m->wpos == m->wsize) | 492 | if (m->wpos == m->wsize) |
| 493 | m->wpos = m->wsize = 0; | 493 | m->wpos = m->wsize = 0; |
| 494 | 494 | ||
| 495 | if (m->wsize == 0 && !list_empty(&m->unsent_req_list)) { | 495 | end_clear: |
| 496 | clear_bit(Wworksched, &m->wsched); | ||
| 497 | |||
| 498 | if (m->wsize || !list_empty(&m->unsent_req_list)) { | ||
| 496 | if (test_and_clear_bit(Wpending, &m->wsched)) | 499 | if (test_and_clear_bit(Wpending, &m->wsched)) |
| 497 | n = POLLOUT; | 500 | n = POLLOUT; |
| 498 | else | 501 | else |
| 499 | n = p9_fd_poll(m->client, NULL); | 502 | n = p9_fd_poll(m->client, NULL); |
| 500 | 503 | ||
| 501 | if (n & POLLOUT) { | 504 | if ((n & POLLOUT) && |
| 505 | !test_and_set_bit(Wworksched, &m->wsched)) { | ||
| 502 | p9_debug(P9_DEBUG_TRANS, "sched write work %p\n", m); | 506 | p9_debug(P9_DEBUG_TRANS, "sched write work %p\n", m); |
| 503 | schedule_work(&m->wq); | 507 | schedule_work(&m->wq); |
| 504 | } else | 508 | } |
| 505 | clear_bit(Wworksched, &m->wsched); | 509 | } |
| 506 | } else | ||
| 507 | clear_bit(Wworksched, &m->wsched); | ||
| 508 | 510 | ||
| 509 | return; | 511 | return; |
| 510 | 512 | ||