Update 2.6.36 to 2.6.36.4wip-dissipation2-jerickso

author: Jeremy Erickson <jerickso@cs.unc.edu> 2014-04-18 17:06:00 -0400
committer: Jeremy Erickson <jerickso@cs.unc.edu> 2014-04-18 17:06:00 -0400
commit: a215aa7b9ab3759c047201199fba64d3042d7f13 (patch)
tree: bca37493d9b2233450e6d3ffced1261d0e4f71fe /fs
parent: d31199a77ef606f1d06894385f1852181ba6136b (diff)
33 files changed, 289 insertions, 141 deletions
diff --git a/fs/bio.c b/fs/bio.c
index 8abb2dfb2e7c..4bd454fa844e 100644
--- a/fs/bio.c
+++ b/fs/bio.c
@@ -370,6 +370,9 @@ struct bio *bio_kmalloc(gfp_t gfp_mask, int nr_iovecs)
 {
        struct bio *bio;
+        if (nr_iovecs > UIO_MAXIOV)
+                return NULL;
        bio = kmalloc(sizeof(struct bio) + nr_iovecs * sizeof(struct bio_vec),
                      gfp_mask);
        if (unlikely(!bio))
@@ -697,8 +700,12 @@ static void bio_free_map_data(struct bio_map_data *bmd)
 static struct bio_map_data *bio_alloc_map_data(int nr_segs, int iov_count,
                                               gfp_t gfp_mask)
 {
-        struct bio_map_data *bmd = kmalloc(sizeof(*bmd), gfp_mask);
+        struct bio_map_data *bmd;
+        if (iov_count > UIO_MAXIOV)
+                return NULL;
+        bmd = kmalloc(sizeof(*bmd), gfp_mask);
        if (!bmd)
                return NULL;
@@ -827,6 +834,12 @@ struct bio *bio_copy_user_iov(struct request_queue *q,
                end = (uaddr + iov[i].iov_len + PAGE_SIZE - 1) >> PAGE_SHIFT;
                start = uaddr >> PAGE_SHIFT;
+                /*
+                 * Overflow, abort
+                 */
+                if (end < start)
+                        return ERR_PTR(-EINVAL);
                nr_pages += end - start;
                len += iov[i].iov_len;
        }
@@ -955,6 +968,12 @@ static struct bio *__bio_map_user_iov(struct request_queue *q,
                unsigned long end = (uaddr + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
                unsigned long start = uaddr >> PAGE_SHIFT;
+                /*
+                 * Overflow, abort
+                 */
+                if (end < start)
+                        return ERR_PTR(-EINVAL);
                nr_pages += end - start;
                /*
                 * buffer must be aligned to at least hardsector size for now
@@ -982,7 +1001,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q,
                unsigned long start = uaddr >> PAGE_SHIFT;
                const int local_nr_pages = end - start;
                const int page_limit = cur_page + local_nr_pages;
-                
                ret = get_user_pages_fast(uaddr, local_nr_pages,
                                write_to_vm, &pages[cur_page]);
                if (ret < local_nr_pages) {
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
index 1d60c655e3e0..f110e0e7e947 100644
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -107,7 +107,8 @@ extern struct timespec cnvrtDosUnixTm(__le16 le_date, __le16 le_time,
 extern struct cifsFileInfo *cifs_new_fileinfo(struct inode *newinode,
                                __u16 fileHandle, struct file *file,
-                                struct vfsmount *mnt, unsigned int oflags);
+                                struct vfsmount *mnt, unsigned int oflags,
+                                __u32 oplock);
 extern int cifs_posix_open(char *full_path, struct inode **pinode,
                                struct super_block *sb,
                                int mode, int oflags,
diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
index f9ed0751cc12..0f947bf73f8e 100644
--- a/fs/cifs/dir.c
+++ b/fs/cifs/dir.c
@@ -132,9 +132,9 @@ cifs_bp_rename_retry:
 struct cifsFileInfo *
 cifs_new_fileinfo(struct inode *newinode, __u16 fileHandle,
-                  struct file *file, struct vfsmount *mnt, unsigned int oflags)
+                  struct file *file, struct vfsmount *mnt, unsigned int oflags,
+                  __u32 oplock)
 {
-        int oplock = 0;
        struct cifsFileInfo *pCifsFile;
        struct cifsInodeInfo *pCifsInode;
        struct cifs_sb_info *cifs_sb = CIFS_SB(mnt->mnt_sb);
@@ -143,9 +143,6 @@ cifs_new_fileinfo(struct inode *newinode, __u16 fileHandle,
        if (pCifsFile == NULL)
                return pCifsFile;
-        if (oplockEnabled)
-                oplock = REQ_OPLOCK;
        pCifsFile->netfid = fileHandle;
        pCifsFile->pid = current->tgid;
        pCifsFile->pInode = igrab(newinode);
@@ -468,7 +465,7 @@ cifs_create_set_dentry:
                }
                pfile_info = cifs_new_fileinfo(newinode, fileHandle, filp,
-                                               nd->path.mnt, oflags);
+                                               nd->path.mnt, oflags, oplock);
                if (pfile_info == NULL) {
                        fput(filp);
                        CIFSSMBClose(xid, tcon, fileHandle);
@@ -729,7 +726,8 @@ cifs_lookup(struct inode *parent_dir_inode, struct dentry *direntry,
                        cfile = cifs_new_fileinfo(newInode, fileHandle, filp,
                                                  nd->path.mnt,
-                                                  nd->intent.open.flags);
+                                                  nd->intent.open.flags,
+                                                  oplock);
                        if (cfile == NULL) {
                                fput(filp);
                                CIFSSMBClose(xid, pTcon, fileHandle);
diff --git a/fs/cifs/dns_resolve.c b/fs/cifs/dns_resolve.c
index 0eb87026cad3..548f06230a6d 100644
--- a/fs/cifs/dns_resolve.c
+++ b/fs/cifs/dns_resolve.c
@@ -66,7 +66,7 @@ dns_resolve_server_name_to_ip(const char *unc, char **ip_addr)
        /* Search for server name delimiter */
        sep = memchr(hostname, '\\', len);
        if (sep)
-                len = sep - unc;
+                len = sep - hostname;
        else
                cFYI(1, "%s: probably server name is whole unc: %s",
                     __func__, unc);
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index de748c652d11..681761c3e90c 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -277,7 +277,7 @@ int cifs_open(struct inode *inode, struct file *file)
                        pCifsFile = cifs_new_fileinfo(inode, netfid, file,
                                                        file->f_path.mnt,
-                                                        oflags);
+                                                        oflags, oplock);
                        if (pCifsFile == NULL) {
                                CIFSSMBClose(xid, tcon, netfid);
                                rc = -ENOMEM;
@@ -370,7 +370,7 @@ int cifs_open(struct inode *inode, struct file *file)
                goto out;
        pCifsFile = cifs_new_fileinfo(inode, netfid, file, file->f_path.mnt,
-                                        file->f_flags);
+                                        file->f_flags, oplock);
        if (pCifsFile == NULL) {
                rc = -ENOMEM;
                goto out;
diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
index 53cce8cc2224..00d1ff339ae6 100644
--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@@ -835,8 +835,10 @@ struct inode *cifs_root_iget(struct super_block *sb, unsigned long ino)
                rc = cifs_get_inode_info(&inode, full_path, NULL, sb,
                                                xid, NULL);
-        if (!inode)
+        if (!inode) {
-                return ERR_PTR(rc);
+                inode = ERR_PTR(rc);
+                goto out;
+        }
 #ifdef CONFIG_CIFS_FSCACHE
        /* populate tcon->resource_id */
@@ -852,13 +854,11 @@ struct inode *cifs_root_iget(struct super_block *sb, unsigned long ino)
                inode->i_uid = cifs_sb->mnt_uid;
                inode->i_gid = cifs_sb->mnt_gid;
        } else if (rc) {
-                kfree(full_path);
-                _FreeXid(xid);
                iget_failed(inode);
-                return ERR_PTR(rc);
+                inode = ERR_PTR(rc);
        }
+out:
        kfree(full_path);
        /* can not call macro FreeXid here since in a void func
         * TODO: This is no longer true
diff --git a/fs/compat.c b/fs/compat.c
index 0644a154672b..8b41dcdcdc67 100644
--- a/fs/compat.c
+++ b/fs/compat.c
@@ -1378,6 +1378,10 @@ static int compat_count(compat_uptr_t __user *argv, int max)
                        argv++;
                        if (i++ >= max)
                                return -E2BIG;
+                        if (fatal_signal_pending(current))
+                                return -ERESTARTNOHAND;
+                        cond_resched();
                }
        }
        return i;
@@ -1419,6 +1423,12 @@ static int compat_copy_strings(int argc, compat_uptr_t __user *argv,
                while (len > 0) {
                        int offset, bytes_to_copy;
+                        if (fatal_signal_pending(current)) {
+                                ret = -ERESTARTNOHAND;
+                                goto out;
+                        }
+                        cond_resched();
                        offset = pos % PAGE_SIZE;
                        if (offset == 0)
                                offset = PAGE_SIZE;
@@ -1435,18 +1445,8 @@ static int compat_copy_strings(int argc, compat_uptr_t __user *argv,
                        if (!kmapped_page || kpos != (pos & PAGE_MASK)) {
                                struct page *page;
-#ifdef CONFIG_STACK_GROWSUP
+                                page = get_arg_page(bprm, pos, 1);
-                                ret = expand_stack_downwards(bprm->vma, pos);
+                                if (!page) {
-                                if (ret < 0) {
-                                        /* We've exceed the stack rlimit. */
-                                        ret = -E2BIG;
-                                        goto out;
-                                }
-#endif
-                                ret = get_user_pages(current, bprm->mm, pos,
-                                                     1, 1, 1, &page, NULL);
-                                if (ret <= 0) {
-                                        /* We've exceed the stack rlimit. */
                                        ret = -E2BIG;
                                        goto out;
                                }
@@ -1567,8 +1567,10 @@ int compat_do_execve(char * filename,
        return retval;
 out:
-        if (bprm->mm)
+        if (bprm->mm) {
+                acct_arg_size(bprm, 0);
                mmput(bprm->mm);
+        }
 out_file:
        if (bprm->file) {
diff --git a/fs/direct-io.c b/fs/direct-io.c
index 48d74c7391d1..92030e371a94 100644
--- a/fs/direct-io.c
+++ b/fs/direct-io.c
@@ -325,12 +325,16 @@ void dio_end_io(struct bio *bio, int error)
 }
 EXPORT_SYMBOL_GPL(dio_end_io);
-static int
+static void
 dio_bio_alloc(struct dio *dio, struct block_device *bdev,
                sector_t first_sector, int nr_vecs)
 {
        struct bio *bio;
+        /*
+         * bio_alloc() is guaranteed to return a bio when called with
+         * __GFP_WAIT and we request a valid number of vectors.
+         */
        bio = bio_alloc(GFP_KERNEL, nr_vecs);
        bio->bi_bdev = bdev;
@@ -342,7 +346,6 @@ dio_bio_alloc(struct dio *dio, struct block_device *bdev,
        dio->bio = bio;
        dio->logical_offset_in_bio = dio->cur_page_fs_offset;
-        return 0;
 }
 /*
@@ -583,8 +586,9 @@ static int dio_new_bio(struct dio *dio, sector_t start_sector)
                goto out;
        sector = start_sector << (dio->blkbits - 9);
        nr_pages = min(dio->pages_in_io, bio_get_nr_vecs(dio->map_bh.b_bdev));
+        nr_pages = min(nr_pages, BIO_MAX_PAGES);
        BUG_ON(nr_pages <= 0);
-        ret = dio_bio_alloc(dio, dio->map_bh.b_bdev, sector, nr_pages);
+        dio_bio_alloc(dio, dio->map_bh.b_bdev, sector, nr_pages);
        dio->boundary = 0;
 out:
        return ret;
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index 3fbc94203380..9d1a22d62765 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -32,6 +32,7 @@
 #include <linux/crypto.h>
 #include <linux/fs_stack.h>
 #include <linux/slab.h>
+#include <linux/xattr.h>
 #include <asm/unaligned.h>
 #include "ecryptfs_kernel.h"
@@ -70,15 +71,19 @@ ecryptfs_create_underlying_file(struct inode *lower_dir_inode,
        struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry);
        struct dentry *dentry_save;
        struct vfsmount *vfsmount_save;
+        unsigned int flags_save;
        int rc;
        dentry_save = nd->path.dentry;
        vfsmount_save = nd->path.mnt;
+        flags_save = nd->flags;
        nd->path.dentry = lower_dentry;
        nd->path.mnt = lower_mnt;
+        nd->flags &= ~LOOKUP_OPEN;
        rc = vfs_create(lower_dir_inode, lower_dentry, mode, nd);
        nd->path.dentry = dentry_save;
        nd->path.mnt = vfsmount_save;
+        nd->flags = flags_save;
        return rc;
 }
@@ -1108,10 +1113,8 @@ ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value,
                rc = -EOPNOTSUPP;
                goto out;
        }
-        mutex_lock(&lower_dentry->d_inode->i_mutex);
-        rc = lower_dentry->d_inode->i_op->setxattr(lower_dentry, name, value,
+        rc = vfs_setxattr(lower_dentry, name, value, size, flags);
-                                                   size, flags);
-        mutex_unlock(&lower_dentry->d_inode->i_mutex);
 out:
        return rc;
 }
diff --git a/fs/exec.c b/fs/exec.c
index 56536ad0e7cc..4b8f716b786d 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -159,7 +159,26 @@ out:
 #ifdef CONFIG_MMU
-static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
+void acct_arg_size(struct linux_binprm *bprm, unsigned long pages)
+{
+        struct mm_struct *mm = current->mm;
+        long diff = (long)(pages - bprm->vma_pages);
+        if (!mm || !diff)
+                return;
+        bprm->vma_pages = pages;
+#ifdef SPLIT_RSS_COUNTING
+        add_mm_counter(mm, MM_ANONPAGES, diff);
+#else
+        spin_lock(&mm->page_table_lock);
+        add_mm_counter(mm, MM_ANONPAGES, diff);
+        spin_unlock(&mm->page_table_lock);
+#endif
+}
+struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
                int write)
 {
        struct page *page;
@@ -181,6 +200,8 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
                unsigned long size = bprm->vma->vm_end - bprm->vma->vm_start;
                struct rlimit *rlim;
+                acct_arg_size(bprm, size / PAGE_SIZE);
                /*
                 * We've historically supported up to 32 pages (ARG_MAX)
                 * of argument strings even with small stacks
@@ -249,6 +270,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
        vma->vm_flags = VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP;
        vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
        INIT_LIST_HEAD(&vma->anon_vma_chain);
+        err = security_file_mmap(NULL, 0, 0, 0, vma->vm_start, 1);
+        if (err)
+                goto err;
        err = insert_vm_struct(mm, vma);
        if (err)
                goto err;
@@ -271,7 +297,11 @@ static bool valid_arg_len(struct linux_binprm *bprm, long len)
 #else
-static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
+void acct_arg_size(struct linux_binprm *bprm, unsigned long pages)
+{
+}
+struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
                int write)
 {
        struct page *page;
@@ -994,6 +1024,7 @@ int flush_old_exec(struct linux_binprm * bprm)
        /*
         * Release all of the old mmap stuff
         */
+        acct_arg_size(bprm, 0);
        retval = exec_mmap(bprm->mm);
        if (retval)
                goto out;
@@ -1419,8 +1450,10 @@ int do_execve(const char * filename,
        return retval;
 out:
-        if (bprm->mm)
+        if (bprm->mm) {
-                mmput (bprm->mm);
+                acct_arg_size(bprm, 0);
+                mmput(bprm->mm);
+        }
 out_file:
        if (bprm->file) {
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 4b8debeb3965..8705e36f32d6 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4530,6 +4530,7 @@ static void ext4_free_branches(handle_t *handle, struct inode *inode,
                                        (__le32 *) bh->b_data,
                                        (__le32 *) bh->b_data + addr_per_block,
                                        depth);
+                        brelse(bh);
                        /*
                         * Everything below this this pointer has been
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 26147746c272..751997d2cefe 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -719,6 +719,7 @@ static void ext4_put_super(struct super_block *sb)
                        ext4_abort(sb, "Couldn't clean up the journal");
        }
+        del_timer(&sbi->s_err_report);
        ext4_release_system_zone(sb);
        ext4_mb_release(sb);
        ext4_ext_release(sb);
diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index c8224587123f..6c2717d421e8 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -13,6 +13,7 @@
 #include <linux/kernel.h>
 #include <linux/sched.h>
 #include <linux/module.h>
+#include <linux/compat.h>
 static const struct file_operations fuse_direct_io_file_operations;
@@ -134,6 +135,7 @@ EXPORT_SYMBOL_GPL(fuse_do_open);
 void fuse_finish_open(struct inode *inode, struct file *file)
 {
        struct fuse_file *ff = file->private_data;
+        struct fuse_conn *fc = get_fuse_conn(inode);
        if (ff->open_flags & FOPEN_DIRECT_IO)
                file->f_op = &fuse_direct_io_file_operations;
@@ -141,6 +143,15 @@ void fuse_finish_open(struct inode *inode, struct file *file)
                invalidate_inode_pages2(inode->i_mapping);
        if (ff->open_flags & FOPEN_NONSEEKABLE)
                nonseekable_open(inode, file);
+        if (fc->atomic_o_trunc && (file->f_flags & O_TRUNC)) {
+                struct fuse_inode *fi = get_fuse_inode(inode);
+                spin_lock(&fc->lock);
+                fi->attr_version = ++fc->attr_version;
+                i_size_write(inode, 0);
+                spin_unlock(&fc->lock);
+                fuse_invalidate_attr(inode);
+        }
 }
 int fuse_open_common(struct inode *inode, struct file *file, bool isdir)
@@ -1617,6 +1628,58 @@ static int fuse_ioctl_copy_user(struct page **pages, struct iovec *iov,
        return 0;
 }
+/* Make sure iov_length() won't overflow */
+static int fuse_verify_ioctl_iov(struct iovec *iov, size_t count)
+{
+        size_t n;
+        u32 max = FUSE_MAX_PAGES_PER_REQ << PAGE_SHIFT;
+        for (n = 0; n < count; n++) {
+                if (iov->iov_len > (size_t) max)
+                        return -ENOMEM;
+                max -= iov->iov_len;
+        }
+        return 0;
+}
+/*
+ * CUSE servers compiled on 32bit broke on 64bit kernels because the
+ * ABI was defined to be 'struct iovec' which is different on 32bit
+ * and 64bit.  Fortunately we can determine which structure the server
+ * used from the size of the reply.
+ */
+static int fuse_copy_ioctl_iovec(struct iovec *dst, void *src,
+                                 size_t transferred, unsigned count,
+                                 bool is_compat)
+{
+#ifdef CONFIG_COMPAT
+        if (count * sizeof(struct compat_iovec) == transferred) {
+                struct compat_iovec *ciov = src;
+                unsigned i;
+                /*
+                 * With this interface a 32bit server cannot support
+                 * non-compat (i.e. ones coming from 64bit apps) ioctl
+                 * requests
+                 */
+                if (!is_compat)
+                        return -EINVAL;
+                for (i = 0; i < count; i++) {
+                        dst[i].iov_base = compat_ptr(ciov[i].iov_base);
+                        dst[i].iov_len = ciov[i].iov_len;
+                }
+                return 0;
+        }
+#endif
+        if (count * sizeof(struct iovec) != transferred)
+                return -EIO;
+        memcpy(dst, src, transferred);
+        return 0;
+}
 /*
 * For ioctls, there is no generic way to determine how much memory
 * needs to be read and/or written.  Furthermore, ioctls are allowed
@@ -1798,18 +1861,25 @@ long fuse_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg,
                    in_iovs + out_iovs > FUSE_IOCTL_MAX_IOV)
                        goto out;
-                err = -EIO;
-                if ((in_iovs + out_iovs) * sizeof(struct iovec) != transferred)
-                        goto out;
-                /* okay, copy in iovs and retry */
                vaddr = kmap_atomic(pages[0], KM_USER0);
-                memcpy(page_address(iov_page), vaddr, transferred);
+                err = fuse_copy_ioctl_iovec(page_address(iov_page), vaddr,
+                                            transferred, in_iovs + out_iovs,
+                                            (flags & FUSE_IOCTL_COMPAT) != 0);
                kunmap_atomic(vaddr, KM_USER0);
+                if (err)
+                        goto out;
                in_iov = page_address(iov_page);
                out_iov = in_iov + in_iovs;
+                err = fuse_verify_ioctl_iov(in_iov, in_iovs);
+                if (err)
+                        goto out;
+                err = fuse_verify_ioctl_iov(out_iov, out_iovs);
+                if (err)
+                        goto out;
                goto retry;
        }
diff --git a/fs/hostfs/hostfs.h b/fs/hostfs/hostfs.h
index 6bbd75c5589b..3ccb4e45b8dc 100644
--- a/fs/hostfs/hostfs.h
+++ b/fs/hostfs/hostfs.h
@@ -96,7 +96,6 @@ extern int rename_file(char *from, char *to);
 extern int do_statfs(char *root, long *bsize_out, long long *blocks_out,
                     long long *bfree_out, long long *bavail_out,
                     long long *files_out, long long *ffree_out,
-                     void *fsid_out, int fsid_size, long *namelen_out,
+                     void *fsid_out, int fsid_size, long *namelen_out);
-                     long *spare_out);
 #endif
diff --git a/fs/hostfs/hostfs_kern.c b/fs/hostfs/hostfs_kern.c
index f7dc9b5f9ef8..cd7c93917cc7 100644
--- a/fs/hostfs/hostfs_kern.c
+++ b/fs/hostfs/hostfs_kern.c
@@ -217,7 +217,7 @@ int hostfs_statfs(struct dentry *dentry, struct kstatfs *sf)
        err = do_statfs(dentry->d_sb->s_fs_info,
                        &sf->f_bsize, &f_blocks, &f_bfree, &f_bavail, &f_files,
                        &f_ffree, &sf->f_fsid, sizeof(sf->f_fsid),
-                        &sf->f_namelen, sf->f_spare);
+                        &sf->f_namelen);
        if (err)
                return err;
        sf->f_blocks = f_blocks;
diff --git a/fs/hostfs/hostfs_user.c b/fs/hostfs/hostfs_user.c
index 6777aa06ce2c..8d02683585e0 100644
--- a/fs/hostfs/hostfs_user.c
+++ b/fs/hostfs/hostfs_user.c
@@ -364,8 +364,7 @@ int rename_file(char *from, char *to)
 int do_statfs(char *root, long *bsize_out, long long *blocks_out,
              long long *bfree_out, long long *bavail_out,
              long long *files_out, long long *ffree_out,
-              void *fsid_out, int fsid_size, long *namelen_out,
+              void *fsid_out, int fsid_size, long *namelen_out)
-              long *spare_out)
 {
        struct statfs64 buf;
        int err;
@@ -384,10 +383,6 @@ int do_statfs(char *root, long *bsize_out, long long *blocks_out,
               sizeof(buf.f_fsid) > fsid_size ? fsid_size :
               sizeof(buf.f_fsid));
        *namelen_out = buf.f_namelen;
-        spare_out[0] = buf.f_spare[0];
-        spare_out[1] = buf.f_spare[1];
-        spare_out[2] = buf.f_spare[2];
-        spare_out[3] = buf.f_spare[3];
-        spare_out[4] = buf.f_spare[4];
        return 0;
 }
diff --git a/fs/nfs/delegation.c b/fs/nfs/delegation.c
index b9c3c43cea1d..98e8e35c4408 100644
--- a/fs/nfs/delegation.c
+++ b/fs/nfs/delegation.c
@@ -24,8 +24,6 @@
 static void nfs_do_free_delegation(struct nfs_delegation *delegation)
 {
-        if (delegation->cred)
-                put_rpccred(delegation->cred);
        kfree(delegation);
 }
@@ -38,6 +36,10 @@ static void nfs_free_delegation_callback(struct rcu_head *head)
 static void nfs_free_delegation(struct nfs_delegation *delegation)
 {
+        if (delegation->cred) {
+                put_rpccred(delegation->cred);
+                delegation->cred = NULL;
+        }
        call_rcu(&delegation->rcu, nfs_free_delegation_callback);
 }
diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c
index 064a80961677..e0e9d49773bd 100644
--- a/fs/nfs/direct.c
+++ b/fs/nfs/direct.c
@@ -407,15 +407,18 @@ static ssize_t nfs_direct_read_schedule_iovec(struct nfs_direct_req *dreq,
                pos += vec->iov_len;
        }
+        /*
+         * If no bytes were started, return the error, and let the
+         * generic layer handle the completion.
+         */
+        if (requested_bytes == 0) {
+                nfs_direct_req_release(dreq);
+                return result < 0 ? result : -EIO;
+        }
        if (put_dreq(dreq))
                nfs_direct_complete(dreq);
+        return 0;
-        if (requested_bytes != 0)
-                return 0;
-        if (result < 0)
-                return result;
-        return -EIO;
 }
 static ssize_t nfs_direct_read(struct kiocb *iocb, const struct iovec *iov,
@@ -841,15 +844,18 @@ static ssize_t nfs_direct_write_schedule_iovec(struct nfs_direct_req *dreq,
                pos += vec->iov_len;
        }
+        /*
+         * If no bytes were started, return the error, and let the
+         * generic layer handle the completion.
+         */
+        if (requested_bytes == 0) {
+                nfs_direct_req_release(dreq);
+                return result < 0 ? result : -EIO;
+        }
        if (put_dreq(dreq))
                nfs_direct_write_complete(dreq, dreq->inode);
+        return 0;
-        if (requested_bytes != 0)
-                return 0;
-        if (result < 0)
-                return result;
-        return -EIO;
 }
 static ssize_t nfs_direct_write(struct kiocb *iocb, const struct iovec *iov,
@@ -873,7 +879,7 @@ static ssize_t nfs_direct_write(struct kiocb *iocb, const struct iovec *iov,
        dreq->inode = inode;
        dreq->ctx = get_nfs_open_context(nfs_file_open_context(iocb->ki_filp));
        dreq->l_ctx = nfs_get_lock_context(dreq->ctx);
-        if (dreq->l_ctx != NULL)
+        if (dreq->l_ctx == NULL)
                goto out_release;
        if (!is_sync_kiocb(iocb))
                dreq->iocb = iocb;
diff --git a/fs/nfs/file.c b/fs/nfs/file.c
index 05bf3c0dc751..22a185b328ef 100644
--- a/fs/nfs/file.c
+++ b/fs/nfs/file.c
@@ -551,7 +551,7 @@ static int nfs_vm_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf)
        struct file *filp = vma->vm_file;
        struct dentry *dentry = filp->f_path.dentry;
        unsigned pagelen;
-        int ret = -EINVAL;
+        int ret = VM_FAULT_NOPAGE;
        struct address_space *mapping;
        dfprintk(PAGECACHE, "NFS: vm_page_mkwrite(%s/%s(%ld), offset %lld)\n",
@@ -567,21 +567,20 @@ static int nfs_vm_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf)
        if (mapping != dentry->d_inode->i_mapping)
                goto out_unlock;
-        ret = 0;
        pagelen = nfs_page_length(page);
        if (pagelen == 0)
                goto out_unlock;
-        ret = nfs_flush_incompatible(filp, page);
+        ret = VM_FAULT_LOCKED;
-        if (ret != 0)
+        if (nfs_flush_incompatible(filp, page) == 0 &&
-                goto out_unlock;
+            nfs_updatepage(filp, page, 0, pagelen) == 0)
+                goto out;
-        ret = nfs_updatepage(filp, page, 0, pagelen);
+        ret = VM_FAULT_SIGBUS;
 out_unlock:
-        if (!ret)
-                return VM_FAULT_LOCKED;
        unlock_page(page);
-        return VM_FAULT_SIGBUS;
+out:
+        return ret;
 }
 static const struct vm_operations_struct nfs_file_vm_ops = {
@@ -688,6 +687,7 @@ static int do_getlk(struct file *filp, int cmd, struct file_lock *fl)
 {
        struct inode *inode = filp->f_mapping->host;
        int status = 0;
+        unsigned int saved_type = fl->fl_type;
        /* Try local locking first */
        posix_test_lock(filp, fl);
@@ -695,6 +695,7 @@ static int do_getlk(struct file *filp, int cmd, struct file_lock *fl)
                /* found a conflict */
                goto out;
        }
+        fl->fl_type = saved_type;
        if (nfs_have_delegation(inode, FMODE_READ))
                goto out_noconflict;
diff --git a/fs/nfs/mount_clnt.c b/fs/nfs/mount_clnt.c
index 59047f8d7d72..3dde50c093b5 100644
--- a/fs/nfs/mount_clnt.c
+++ b/fs/nfs/mount_clnt.c
@@ -503,13 +503,13 @@ static struct rpc_procinfo mnt3_procedures[] = {
 static struct rpc_version mnt_version1 = {
        .number         = 1,
-        .nrprocs        = 2,
+        .nrprocs        = ARRAY_SIZE(mnt_procedures),
        .procs          = mnt_procedures,
 };
 static struct rpc_version mnt_version3 = {
        .number         = 3,
-        .nrprocs        = 2,
+        .nrprocs        = ARRAY_SIZE(mnt3_procedures),
        .procs          = mnt3_procedures,
 };
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 089da5b5d20a..74aa54e1712e 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -255,9 +255,6 @@ static int nfs4_handle_exception(const struct nfs_server *server, int errorcode,
                        nfs4_state_mark_reclaim_nograce(clp, state);
                        goto do_state_recovery;
                case -NFS4ERR_STALE_STATEID:
-                        if (state == NULL)
-                                break;
-                        nfs4_state_mark_reclaim_reboot(clp, state);
                case -NFS4ERR_STALE_CLIENTID:
                case -NFS4ERR_EXPIRED:
                        goto do_state_recovery;
@@ -1120,6 +1117,7 @@ static int nfs4_open_recover(struct nfs4_opendata *opendata, struct nfs4_state *
        clear_bit(NFS_DELEGATED_STATE, &state->flags);
        smp_rmb();
        if (state->n_rdwr != 0) {
+                clear_bit(NFS_O_RDWR_STATE, &state->flags);
                ret = nfs4_open_recover_helper(opendata, FMODE_READ|FMODE_WRITE, &newstate);
                if (ret != 0)
                        return ret;
@@ -1127,6 +1125,7 @@ static int nfs4_open_recover(struct nfs4_opendata *opendata, struct nfs4_state *
                        return -ESTALE;
        }
        if (state->n_wronly != 0) {
+                clear_bit(NFS_O_WRONLY_STATE, &state->flags);
                ret = nfs4_open_recover_helper(opendata, FMODE_WRITE, &newstate);
                if (ret != 0)
                        return ret;
@@ -1134,6 +1133,7 @@ static int nfs4_open_recover(struct nfs4_opendata *opendata, struct nfs4_state *
                        return -ESTALE;
        }
        if (state->n_rdonly != 0) {
+                clear_bit(NFS_O_RDONLY_STATE, &state->flags);
                ret = nfs4_open_recover_helper(opendata, FMODE_READ, &newstate);
                if (ret != 0)
                        return ret;
@@ -3490,9 +3490,6 @@ nfs4_async_handle_error(struct rpc_task *task, const struct nfs_server *server,
                        nfs4_state_mark_reclaim_nograce(clp, state);
                        goto do_state_recovery;
                case -NFS4ERR_STALE_STATEID:
-                        if (state == NULL)
-                                break;
-                        nfs4_state_mark_reclaim_reboot(clp, state);
                case -NFS4ERR_STALE_CLIENTID:
                case -NFS4ERR_EXPIRED:
                        goto do_state_recovery;
diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
index 3e2f19b04c06..940cf7c070af 100644
--- a/fs/nfs/nfs4state.c
+++ b/fs/nfs/nfs4state.c
@@ -1138,16 +1138,14 @@ static void nfs4_reclaim_complete(struct nfs_client *clp,
                (void)ops->reclaim_complete(clp);
 }
-static void nfs4_state_end_reclaim_reboot(struct nfs_client *clp)
+static int nfs4_state_clear_reclaim_reboot(struct nfs_client *clp)
 {
        struct nfs4_state_owner *sp;
        struct rb_node *pos;
        struct nfs4_state *state;
        if (!test_and_clear_bit(NFS4CLNT_RECLAIM_REBOOT, &clp->cl_state))
-                return;
+                return 0;
-        nfs4_reclaim_complete(clp, clp->cl_mvops->reboot_recovery_ops);
        for (pos = rb_first(&clp->cl_state_owners); pos != NULL; pos = rb_next(pos)) {
                sp = rb_entry(pos, struct nfs4_state_owner, so_client_node);
@@ -1161,6 +1159,14 @@ static void nfs4_state_end_reclaim_reboot(struct nfs_client *clp)
        }
        nfs_delegation_reap_unclaimed(clp);
+        return 1;
+}
+static void nfs4_state_end_reclaim_reboot(struct nfs_client *clp)
+{
+        if (!nfs4_state_clear_reclaim_reboot(clp))
+                return;
+        nfs4_reclaim_complete(clp, clp->cl_mvops->reboot_recovery_ops);
 }
 static void nfs_delegation_clear_all(struct nfs_client *clp)
@@ -1187,7 +1193,7 @@ static int nfs4_recovery_handle_error(struct nfs_client *clp, int error)
                case -NFS4ERR_STALE_CLIENTID:
                case -NFS4ERR_LEASE_MOVED:
                        set_bit(NFS4CLNT_LEASE_EXPIRED, &clp->cl_state);
-                        nfs4_state_end_reclaim_reboot(clp);
+                        nfs4_state_clear_reclaim_reboot(clp);
                        nfs4_state_start_reclaim_reboot(clp);
                        break;
                case -NFS4ERR_EXPIRED:
diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c
index 919490232e17..137b549e63db 100644
--- a/fs/nfs/pagelist.c
+++ b/fs/nfs/pagelist.c
@@ -65,6 +65,13 @@ nfs_create_request(struct nfs_open_context *ctx, struct inode *inode,
        if (req == NULL)
                return ERR_PTR(-ENOMEM);
+        /* get lock context early so we can deal with alloc failures */
+        req->wb_lock_context = nfs_get_lock_context(ctx);
+        if (req->wb_lock_context == NULL) {
+                nfs_page_free(req);
+                return ERR_PTR(-ENOMEM);
+        }
        /* Initialize the request struct. Initially, we assume a
         * long write-back delay. This will be adjusted in
         * update_nfs_request below if the region is not locked. */
@@ -79,7 +86,6 @@ nfs_create_request(struct nfs_open_context *ctx, struct inode *inode,
        req->wb_pgbase  = offset;
        req->wb_bytes   = count;
        req->wb_context = get_nfs_open_context(ctx);
-        req->wb_lock_context = nfs_get_lock_context(ctx);
        kref_init(&req->wb_kref);
        return req;
 }
diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c
index 2a533a0af2a9..7e84a852cdae 100644
--- a/fs/nfsd/nfs3xdr.c
+++ b/fs/nfsd/nfs3xdr.c
@@ -260,9 +260,11 @@ void fill_post_wcc(struct svc_fh *fhp)
        err = vfs_getattr(fhp->fh_export->ex_path.mnt, fhp->fh_dentry,
                        &fhp->fh_post_attr);
        fhp->fh_post_change = fhp->fh_dentry->d_inode->i_version;
-        if (err)
+        if (err) {
                fhp->fh_post_saved = 0;
-        else
+                /* Grab the ctime anyway - set_change_info might use it */
+                fhp->fh_post_attr.ctime = fhp->fh_dentry->d_inode->i_ctime;
+        } else
                fhp->fh_post_saved = 1;
 }
diff --git a/fs/nfsd/xdr4.h b/fs/nfsd/xdr4.h
index 4d476ff08ae6..60fce3dc5cb5 100644
--- a/fs/nfsd/xdr4.h
+++ b/fs/nfsd/xdr4.h
@@ -484,18 +484,17 @@ static inline bool nfsd4_not_cached(struct nfsd4_compoundres *resp)
 static inline void
 set_change_info(struct nfsd4_change_info *cinfo, struct svc_fh *fhp)
 {
-        BUG_ON(!fhp->fh_pre_saved || !fhp->fh_post_saved);
+        BUG_ON(!fhp->fh_pre_saved);
-        cinfo->atomic = 1;
+        cinfo->atomic = fhp->fh_post_saved;
        cinfo->change_supported = IS_I_VERSION(fhp->fh_dentry->d_inode);
-        if (cinfo->change_supported) {
-                cinfo->before_change = fhp->fh_pre_change;
+        cinfo->before_change = fhp->fh_pre_change;
-                cinfo->after_change = fhp->fh_post_change;
+        cinfo->after_change = fhp->fh_post_change;
-        } else {
+        cinfo->before_ctime_sec = fhp->fh_pre_ctime.tv_sec;
-                cinfo->before_ctime_sec = fhp->fh_pre_ctime.tv_sec;
+        cinfo->before_ctime_nsec = fhp->fh_pre_ctime.tv_nsec;
-                cinfo->before_ctime_nsec = fhp->fh_pre_ctime.tv_nsec;
+        cinfo->after_ctime_sec = fhp->fh_post_attr.ctime.tv_sec;
-                cinfo->after_ctime_sec = fhp->fh_post_attr.ctime.tv_sec;
+        cinfo->after_ctime_nsec = fhp->fh_post_attr.ctime.tv_nsec;
-                cinfo->after_ctime_nsec = fhp->fh_post_attr.ctime.tv_nsec;
-        }
 }
 int nfs4svc_encode_voidres(struct svc_rqst *, __be32 *, void *);
diff --git a/fs/nilfs2/super.c b/fs/nilfs2/super.c
index 922263393c76..57878bd94411 100644
--- a/fs/nilfs2/super.c
+++ b/fs/nilfs2/super.c
@@ -733,7 +733,8 @@ static int nilfs_setup_super(struct nilfs_sb_info *sbi)
                cpu_to_le16(le16_to_cpu(sbp[0]->s_state) & ~NILFS_VALID_FS);
        sbp[0]->s_mtime = cpu_to_le64(get_seconds());
        /* synchronize sbp[1] with sbp[0] */
-        memcpy(sbp[1], sbp[0], nilfs->ns_sbsize);
+        if (sbp[1])
+                memcpy(sbp[1], sbp[0], nilfs->ns_sbsize);
        return nilfs_commit_super(sbi, NILFS_SB_COMMIT_ALL);
 }
diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
index bf7f6d776c31..5b7c6fe7fb61 100644
--- a/fs/notify/inotify/inotify_user.c
+++ b/fs/notify/inotify/inotify_user.c
@@ -751,6 +751,7 @@ SYSCALL_DEFINE1(inotify_init1, int, flags)
        if (ret >= 0)
                return ret;
+        fsnotify_put_group(group);
        atomic_dec(&user->inotify_devs);
 out_free_uid:
        free_uid(user);
diff --git a/fs/pipe.c b/fs/pipe.c
index 279eef96c51c..a58d7ee7ad18 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -382,7 +382,7 @@ pipe_read(struct kiocb *iocb, const struct iovec *_iov,
                        error = ops->confirm(pipe, buf);
                        if (error) {
                                if (!ret)
-                                        error = ret;
+                                        ret = error;
                                break;
                        }
@@ -1197,12 +1197,24 @@ int pipe_proc_fn(struct ctl_table *table, int write, void __user *buf,
        return ret;
 }
+/*
+ * After the inode slimming patch, i_pipe/i_bdev/i_cdev share the same
+ * location, so checking ->i_pipe is not enough to verify that this is a
+ * pipe.
+ */
+struct pipe_inode_info *get_pipe_info(struct file *file)
+{
+        struct inode *i = file->f_path.dentry->d_inode;
+        return S_ISFIFO(i->i_mode) ? i->i_pipe : NULL;
+}
 long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
 {
        struct pipe_inode_info *pipe;
        long ret;
-        pipe = file->f_path.dentry->d_inode->i_pipe;
+        pipe = get_pipe_info(file);
        if (!pipe)
                return -EBADF;
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 8e4addaa5424..632b9071ad2e 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1526,7 +1526,7 @@ static int do_proc_readlink(struct path *path, char __user *buffer, int buflen)
        if (!tmp)
                return -ENOMEM;
-        pathname = d_path_with_unreachable(path, tmp, PAGE_SIZE);
+        pathname = d_path(path, tmp, PAGE_SIZE);
        len = PTR_ERR(pathname);
        if (IS_ERR(pathname))
                goto out;
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
index 6f37c391468d..d245cb23dd72 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -558,7 +558,7 @@ static int open_kcore(struct inode *inode, struct file *filp)
 static const struct file_operations proc_kcore_operations = {
        .read           = read_kcore,
        .open           = open_kcore,
-        .llseek         = generic_file_llseek,
+        .llseek         = default_llseek,
 };
 #ifdef CONFIG_MEMORY_HOTPLUG
diff --git a/fs/reiserfs/ioctl.c b/fs/reiserfs/ioctl.c
index 5cbb81e134ac..4131f4a49391 100644
--- a/fs/reiserfs/ioctl.c
+++ b/fs/reiserfs/ioctl.c
@@ -186,12 +186,11 @@ int reiserfs_unpack(struct inode *inode, struct file *filp)
                return 0;
        }
-        /* we need to make sure nobody is changing the file size beneath
-         ** us
-         */
-        reiserfs_mutex_lock_safe(&inode->i_mutex, inode->i_sb);
        depth = reiserfs_write_lock_once(inode->i_sb);
+        /* we need to make sure nobody is changing the file size beneath us */
+        reiserfs_mutex_lock_safe(&inode->i_mutex, inode->i_sb);
        write_from = inode->i_size & (blocksize - 1);
        /* if we are on a block boundary, we are already unpacked.  */
        if (write_from == 0) {
diff --git a/fs/reiserfs/xattr_acl.c b/fs/reiserfs/xattr_acl.c
index 536d697a8a28..90d2fcb67a31 100644
--- a/fs/reiserfs/xattr_acl.c
+++ b/fs/reiserfs/xattr_acl.c
@@ -472,7 +472,9 @@ int reiserfs_acl_chmod(struct inode *inode)
                struct reiserfs_transaction_handle th;
                size_t size = reiserfs_xattr_nblocks(inode,
                                             reiserfs_acl_size(clone->a_count));
-                reiserfs_write_lock(inode->i_sb);
+                int depth;
+                depth = reiserfs_write_lock_once(inode->i_sb);
                error = journal_begin(&th, inode->i_sb, size * 2);
                if (!error) {
                        int error2;
@@ -482,7 +484,7 @@ int reiserfs_acl_chmod(struct inode *inode)
                        if (error2)
                                error = error2;
                }
-                reiserfs_write_unlock(inode->i_sb);
+                reiserfs_write_unlock_once(inode->i_sb, depth);
        }
        posix_acl_release(clone);
        return error;
diff --git a/fs/splice.c b/fs/splice.c
index 8f1dfaecc8f0..ce2f02579e35 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1311,18 +1311,6 @@ long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
 static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
                               struct pipe_inode_info *opipe,
                               size_t len, unsigned int flags);
-/*
- * After the inode slimming patch, i_pipe/i_bdev/i_cdev share the same
- * location, so checking ->i_pipe is not enough to verify that this is a
- * pipe.
- */
-static inline struct pipe_inode_info *pipe_info(struct inode *inode)
-{
-        if (S_ISFIFO(inode->i_mode))
-                return inode->i_pipe;
-        return NULL;
-}
 /*
 * Determine where to splice to/from.
@@ -1336,8 +1324,8 @@ static long do_splice(struct file *in, loff_t __user *off_in,
        loff_t offset, *off;
        long ret;
-        ipipe = pipe_info(in->f_path.dentry->d_inode);
+        ipipe = get_pipe_info(in);
-        opipe = pipe_info(out->f_path.dentry->d_inode);
+        opipe = get_pipe_info(out);
        if (ipipe && opipe) {
                if (off_in || off_out)
@@ -1555,7 +1543,7 @@ static long vmsplice_to_user(struct file *file, const struct iovec __user *iov,
        int error;
        long ret;
-        pipe = pipe_info(file->f_path.dentry->d_inode);
+        pipe = get_pipe_info(file);
        if (!pipe)
                return -EBADF;
@@ -1642,7 +1630,7 @@ static long vmsplice_to_pipe(struct file *file, const struct iovec __user *iov,
        };
        long ret;
-        pipe = pipe_info(file->f_path.dentry->d_inode);
+        pipe = get_pipe_info(file);
        if (!pipe)
                return -EBADF;
@@ -2022,8 +2010,8 @@ static int link_pipe(struct pipe_inode_info *ipipe,
 static long do_tee(struct file *in, struct file *out, size_t len,
                   unsigned int flags)
 {
-        struct pipe_inode_info *ipipe = pipe_info(in->f_path.dentry->d_inode);
+        struct pipe_inode_info *ipipe = get_pipe_info(in);
-        struct pipe_inode_info *opipe = pipe_info(out->f_path.dentry->d_inode);
+        struct pipe_inode_info *opipe = get_pipe_info(out);
        int ret = -EINVAL;
        /*
author	Jeremy Erickson <jerickso@cs.unc.edu>	2014-04-18 17:06:00 -0400
committer	Jeremy Erickson <jerickso@cs.unc.edu>	2014-04-18 17:06:00 -0400
commit	a215aa7b9ab3759c047201199fba64d3042d7f13 (patch)
tree	bca37493d9b2233450e6d3ffced1261d0e4f71fe /fs
parent	d31199a77ef606f1d06894385f1852181ba6136b (diff)