Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: truncate: use new helpers truncate: new helpers fs: fix overflow in sys_mount() for in-kernel calls fs: Make unload_nls() NULL pointer safe freeze_bdev: grab active reference to frozen superblocks freeze_bdev: kill bd_mount_sem exofs: remove BKL from super operations fs/romfs: correct error-handling code vfs: seq_file: add helpers for data filling vfs: remove redundant position check in do_sendfile vfs: change sb->s_maxbytes to a loff_t vfs: explicitly cast s_maxbytes in fiemap_check_ranges libfs: return error code on failed attr set seq_file: return a negative error code when seq_path_root() fails. vfs: optimize touch_time() too vfs: optimization for touch_atime() vfs: split generic_forget_inode() so that hugetlbfs does not have to copy it fs/inode.c: add dev-id and inode number for debugging in init_special_inode() libfs: make simple_read_from_buffer conventional
author: Linus Torvalds <torvalds@linux-foundation.org> 2009-09-24 11:32:11 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2009-09-24 11:32:11 -0400
commit: 6c5daf012c9155aafd2c7973e4278766c30dfad0 (patch)
tree: 33959d7b36d03e1610615641a2940cb2de5e8603 /fs/namespace.c
parent: 6d39b27f0ac7e805ae3bd9efa51d7da04bec0360 (diff)
parent: c08d3b0e33edce28e9cfa7b64f7fe5bdeeb29248 (diff)
1 files changed, 47 insertions, 30 deletions
diff --git a/fs/namespace.c b/fs/namespace.c
index 7230787d18b0..bdc3cb4fd222 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1640,7 +1640,7 @@ static int do_new_mount(struct path *path, char *type, int flags,
 {
        struct vfsmount *mnt;
-        if (!type || !memchr(type, 0, PAGE_SIZE))
+        if (!type)
                return -EINVAL;
        /* we need capabilities... */
@@ -1871,6 +1871,23 @@ int copy_mount_options(const void __user * data, unsigned long *where)
        return 0;
 }
+int copy_mount_string(const void __user *data, char **where)
+{
+        char *tmp;
+        if (!data) {
+                *where = NULL;
+                return 0;
+        }
+        tmp = strndup_user(data, PAGE_SIZE);
+        if (IS_ERR(tmp))
+                return PTR_ERR(tmp);
+        *where = tmp;
+        return 0;
+}
 /*
 * Flags is a 32-bit value that allows up to 31 non-fs dependent flags to
 * be given to the mount() call (ie: read-only, no-dev, no-suid etc).
@@ -1900,8 +1917,6 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
        if (!dir_name || !*dir_name || !memchr(dir_name, 0, PAGE_SIZE))
                return -EINVAL;
-        if (dev_name && !memchr(dev_name, 0, PAGE_SIZE))
-                return -EINVAL;
        if (data_page)
                ((char *)data_page)[PAGE_SIZE - 1] = 0;
@@ -2070,40 +2085,42 @@ EXPORT_SYMBOL(create_mnt_ns);
 SYSCALL_DEFINE5(mount, char __user *, dev_name, char __user *, dir_name,
                char __user *, type, unsigned long, flags, void __user *, data)
 {
-        int retval;
+        int ret;
+        char *kernel_type;
+        char *kernel_dir;
+        char *kernel_dev;
        unsigned long data_page;
-        unsigned long type_page;
-        unsigned long dev_page;
-        char *dir_page;
-        retval = copy_mount_options(type, &type_page);
+        ret = copy_mount_string(type, &kernel_type);
-        if (retval < 0)
+        if (ret < 0)
-                return retval;
+                goto out_type;
-        dir_page = getname(dir_name);
+        kernel_dir = getname(dir_name);
-        retval = PTR_ERR(dir_page);
+        if (IS_ERR(kernel_dir)) {
-        if (IS_ERR(dir_page))
+                ret = PTR_ERR(kernel_dir);
-                goto out1;
+                goto out_dir;
+        }
-        retval = copy_mount_options(dev_name, &dev_page);
+        ret = copy_mount_string(dev_name, &kernel_dev);
-        if (retval < 0)
+        if (ret < 0)
-                goto out2;
+                goto out_dev;
-        retval = copy_mount_options(data, &data_page);
+        ret = copy_mount_options(data, &data_page);
-        if (retval < 0)
+        if (ret < 0)
-                goto out3;
+                goto out_data;
-        retval = do_mount((char *)dev_page, dir_page, (char *)type_page,
+        ret = do_mount(kernel_dev, kernel_dir, kernel_type, flags,
-                          flags, (void *)data_page);
+                (void *) data_page);
-        free_page(data_page);
-out3:
+        free_page(data_page);
-        free_page(dev_page);
+out_data:
-out2:
+        kfree(kernel_dev);
-        putname(dir_page);
+out_dev:
-out1:
+        putname(kernel_dir);
-        free_page(type_page);
+out_dir:
-        return retval;
+        kfree(kernel_type);
+out_type:
+        return ret;
 }
 /*
author	Linus Torvalds <torvalds@linux-foundation.org>	2009-09-24 11:32:11 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2009-09-24 11:32:11 -0400
commit	6c5daf012c9155aafd2c7973e4278766c30dfad0 (patch)
tree	33959d7b36d03e1610615641a2940cb2de5e8603 /fs/namespace.c
parent	6d39b27f0ac7e805ae3bd9efa51d7da04bec0360 (diff)
parent	c08d3b0e33edce28e9cfa7b64f7fe5bdeeb29248 (diff)