aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
Diffstat (limited to 'fs')
-rw-r--r--fs/9p/v9fs_vfs.h2
-rw-r--r--fs/9p/vfs_file.c4
-rw-r--r--fs/9p/vfs_inode.c18
-rw-r--r--fs/Kconfig2
-rw-r--r--fs/block_dev.c10
-rw-r--r--fs/buffer.c13
-rw-r--r--fs/dcache.c68
-rw-r--r--fs/ecryptfs/miscdev.c2
-rw-r--r--fs/ext3/super.c4
-rw-r--r--fs/ext4/super.c4
-rw-r--r--fs/gfs2/bmap.c23
-rw-r--r--fs/gfs2/rgrp.c2
-rw-r--r--fs/libfs.c28
-rw-r--r--fs/locks.c6
-rw-r--r--fs/namei.c26
-rw-r--r--fs/nfs/mount_clnt.c5
-rw-r--r--fs/nfs/super.c76
-rw-r--r--fs/nfs/write.c7
-rw-r--r--fs/open.c37
-rw-r--r--fs/pipe.c10
-rw-r--r--fs/proc/task_mmu.c8
-rw-r--r--fs/reiserfs/super.c4
-rw-r--r--fs/select.c2
-rw-r--r--fs/udf/super.c57
-rw-r--r--fs/utimes.c59
25 files changed, 259 insertions, 218 deletions
diff --git a/fs/9p/v9fs_vfs.h b/fs/9p/v9fs_vfs.h
index fd01d90cada5..57997fa14e69 100644
--- a/fs/9p/v9fs_vfs.h
+++ b/fs/9p/v9fs_vfs.h
@@ -51,4 +51,4 @@ int v9fs_dir_release(struct inode *inode, struct file *filp);
51int v9fs_file_open(struct inode *inode, struct file *file); 51int v9fs_file_open(struct inode *inode, struct file *file);
52void v9fs_inode2stat(struct inode *inode, struct p9_stat *stat); 52void v9fs_inode2stat(struct inode *inode, struct p9_stat *stat);
53void v9fs_dentry_release(struct dentry *); 53void v9fs_dentry_release(struct dentry *);
54int v9fs_uflags2omode(int uflags); 54int v9fs_uflags2omode(int uflags, int extended);
diff --git a/fs/9p/vfs_file.c b/fs/9p/vfs_file.c
index 0d55affe37d4..52944d2249a4 100644
--- a/fs/9p/vfs_file.c
+++ b/fs/9p/vfs_file.c
@@ -59,7 +59,7 @@ int v9fs_file_open(struct inode *inode, struct file *file)
59 59
60 P9_DPRINTK(P9_DEBUG_VFS, "inode: %p file: %p \n", inode, file); 60 P9_DPRINTK(P9_DEBUG_VFS, "inode: %p file: %p \n", inode, file);
61 v9ses = v9fs_inode2v9ses(inode); 61 v9ses = v9fs_inode2v9ses(inode);
62 omode = v9fs_uflags2omode(file->f_flags); 62 omode = v9fs_uflags2omode(file->f_flags, v9fs_extended(v9ses));
63 fid = file->private_data; 63 fid = file->private_data;
64 if (!fid) { 64 if (!fid) {
65 fid = v9fs_fid_clone(file->f_path.dentry); 65 fid = v9fs_fid_clone(file->f_path.dentry);
@@ -75,6 +75,8 @@ int v9fs_file_open(struct inode *inode, struct file *file)
75 inode->i_size = 0; 75 inode->i_size = 0;
76 inode->i_blocks = 0; 76 inode->i_blocks = 0;
77 } 77 }
78 if ((file->f_flags & O_APPEND) && (!v9fs_extended(v9ses)))
79 generic_file_llseek(file, 0, SEEK_END);
78 } 80 }
79 81
80 file->private_data = fid; 82 file->private_data = fid;
diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c
index 40fa807bd929..c95295c65045 100644
--- a/fs/9p/vfs_inode.c
+++ b/fs/9p/vfs_inode.c
@@ -132,10 +132,10 @@ static int p9mode2unixmode(struct v9fs_session_info *v9ses, int mode)
132/** 132/**
133 * v9fs_uflags2omode- convert posix open flags to plan 9 mode bits 133 * v9fs_uflags2omode- convert posix open flags to plan 9 mode bits
134 * @uflags: flags to convert 134 * @uflags: flags to convert
135 * 135 * @extended: if .u extensions are active
136 */ 136 */
137 137
138int v9fs_uflags2omode(int uflags) 138int v9fs_uflags2omode(int uflags, int extended)
139{ 139{
140 int ret; 140 int ret;
141 141
@@ -155,14 +155,16 @@ int v9fs_uflags2omode(int uflags)
155 break; 155 break;
156 } 156 }
157 157
158 if (uflags & O_EXCL)
159 ret |= P9_OEXCL;
160
161 if (uflags & O_TRUNC) 158 if (uflags & O_TRUNC)
162 ret |= P9_OTRUNC; 159 ret |= P9_OTRUNC;
163 160
164 if (uflags & O_APPEND) 161 if (extended) {
165 ret |= P9_OAPPEND; 162 if (uflags & O_EXCL)
163 ret |= P9_OEXCL;
164
165 if (uflags & O_APPEND)
166 ret |= P9_OAPPEND;
167 }
166 168
167 return ret; 169 return ret;
168} 170}
@@ -506,7 +508,7 @@ v9fs_vfs_create(struct inode *dir, struct dentry *dentry, int mode,
506 flags = O_RDWR; 508 flags = O_RDWR;
507 509
508 fid = v9fs_create(v9ses, dir, dentry, NULL, perm, 510 fid = v9fs_create(v9ses, dir, dentry, NULL, perm,
509 v9fs_uflags2omode(flags)); 511 v9fs_uflags2omode(flags, v9fs_extended(v9ses)));
510 if (IS_ERR(fid)) { 512 if (IS_ERR(fid)) {
511 err = PTR_ERR(fid); 513 err = PTR_ERR(fid);
512 fid = NULL; 514 fid = NULL;
diff --git a/fs/Kconfig b/fs/Kconfig
index cf12c403b8c7..2694648cbd1b 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -830,7 +830,7 @@ config NTFS_FS
830 from the project web site. 830 from the project web site.
831 831
832 For more information see <file:Documentation/filesystems/ntfs.txt> 832 For more information see <file:Documentation/filesystems/ntfs.txt>
833 and <http://linux-ntfs.sourceforge.net/>. 833 and <http://www.linux-ntfs.org/>.
834 834
835 To compile this file system support as a module, choose M here: the 835 To compile this file system support as a module, choose M here: the
836 module will be called ntfs. 836 module will be called ntfs.
diff --git a/fs/block_dev.c b/fs/block_dev.c
index 470c10ceb0fb..10d8a0aa871a 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -931,8 +931,16 @@ static int do_open(struct block_device *bdev, struct file *file, int for_part)
931 struct gendisk *disk; 931 struct gendisk *disk;
932 int ret; 932 int ret;
933 int part; 933 int part;
934 int perm = 0;
934 935
935 ret = devcgroup_inode_permission(bdev->bd_inode, file->f_mode); 936 if (file->f_mode & FMODE_READ)
937 perm |= MAY_READ;
938 if (file->f_mode & FMODE_WRITE)
939 perm |= MAY_WRITE;
940 /*
941 * hooks: /n/, see "layering violations".
942 */
943 ret = devcgroup_inode_permission(bdev->bd_inode, perm);
936 if (ret != 0) 944 if (ret != 0)
937 return ret; 945 return ret;
938 946
diff --git a/fs/buffer.c b/fs/buffer.c
index a073f3f4f013..0f51c0f7c266 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -821,7 +821,7 @@ static int fsync_buffers_list(spinlock_t *lock, struct list_head *list)
821 * contents - it is a noop if I/O is still in 821 * contents - it is a noop if I/O is still in
822 * flight on potentially older contents. 822 * flight on potentially older contents.
823 */ 823 */
824 ll_rw_block(SWRITE, 1, &bh); 824 ll_rw_block(SWRITE_SYNC, 1, &bh);
825 brelse(bh); 825 brelse(bh);
826 spin_lock(lock); 826 spin_lock(lock);
827 } 827 }
@@ -2940,16 +2940,19 @@ void ll_rw_block(int rw, int nr, struct buffer_head *bhs[])
2940 for (i = 0; i < nr; i++) { 2940 for (i = 0; i < nr; i++) {
2941 struct buffer_head *bh = bhs[i]; 2941 struct buffer_head *bh = bhs[i];
2942 2942
2943 if (rw == SWRITE) 2943 if (rw == SWRITE || rw == SWRITE_SYNC)
2944 lock_buffer(bh); 2944 lock_buffer(bh);
2945 else if (test_set_buffer_locked(bh)) 2945 else if (test_set_buffer_locked(bh))
2946 continue; 2946 continue;
2947 2947
2948 if (rw == WRITE || rw == SWRITE) { 2948 if (rw == WRITE || rw == SWRITE || rw == SWRITE_SYNC) {
2949 if (test_clear_buffer_dirty(bh)) { 2949 if (test_clear_buffer_dirty(bh)) {
2950 bh->b_end_io = end_buffer_write_sync; 2950 bh->b_end_io = end_buffer_write_sync;
2951 get_bh(bh); 2951 get_bh(bh);
2952 submit_bh(WRITE, bh); 2952 if (rw == SWRITE_SYNC)
2953 submit_bh(WRITE_SYNC, bh);
2954 else
2955 submit_bh(WRITE, bh);
2953 continue; 2956 continue;
2954 } 2957 }
2955 } else { 2958 } else {
@@ -2978,7 +2981,7 @@ int sync_dirty_buffer(struct buffer_head *bh)
2978 if (test_clear_buffer_dirty(bh)) { 2981 if (test_clear_buffer_dirty(bh)) {
2979 get_bh(bh); 2982 get_bh(bh);
2980 bh->b_end_io = end_buffer_write_sync; 2983 bh->b_end_io = end_buffer_write_sync;
2981 ret = submit_bh(WRITE, bh); 2984 ret = submit_bh(WRITE_SYNC, bh);
2982 wait_on_buffer(bh); 2985 wait_on_buffer(bh);
2983 if (buffer_eopnotsupp(bh)) { 2986 if (buffer_eopnotsupp(bh)) {
2984 clear_buffer_eopnotsupp(bh); 2987 clear_buffer_eopnotsupp(bh);
diff --git a/fs/dcache.c b/fs/dcache.c
index 3ee588d5f585..6068c25b393c 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -17,6 +17,7 @@
17#include <linux/syscalls.h> 17#include <linux/syscalls.h>
18#include <linux/string.h> 18#include <linux/string.h>
19#include <linux/mm.h> 19#include <linux/mm.h>
20#include <linux/fdtable.h>
20#include <linux/fs.h> 21#include <linux/fs.h>
21#include <linux/fsnotify.h> 22#include <linux/fsnotify.h>
22#include <linux/slab.h> 23#include <linux/slab.h>
@@ -106,9 +107,10 @@ static void dentry_lru_remove(struct dentry *dentry)
106/* 107/*
107 * Release the dentry's inode, using the filesystem 108 * Release the dentry's inode, using the filesystem
108 * d_iput() operation if defined. 109 * d_iput() operation if defined.
109 * Called with dcache_lock and per dentry lock held, drops both.
110 */ 110 */
111static void dentry_iput(struct dentry * dentry) 111static void dentry_iput(struct dentry * dentry)
112 __releases(dentry->d_lock)
113 __releases(dcache_lock)
112{ 114{
113 struct inode *inode = dentry->d_inode; 115 struct inode *inode = dentry->d_inode;
114 if (inode) { 116 if (inode) {
@@ -132,12 +134,13 @@ static void dentry_iput(struct dentry * dentry)
132 * d_kill - kill dentry and return parent 134 * d_kill - kill dentry and return parent
133 * @dentry: dentry to kill 135 * @dentry: dentry to kill
134 * 136 *
135 * Called with dcache_lock and d_lock, releases both. The dentry must 137 * The dentry must already be unhashed and removed from the LRU.
136 * already be unhashed and removed from the LRU.
137 * 138 *
138 * If this is the root of the dentry tree, return NULL. 139 * If this is the root of the dentry tree, return NULL.
139 */ 140 */
140static struct dentry *d_kill(struct dentry *dentry) 141static struct dentry *d_kill(struct dentry *dentry)
142 __releases(dentry->d_lock)
143 __releases(dcache_lock)
141{ 144{
142 struct dentry *parent; 145 struct dentry *parent;
143 146
@@ -383,11 +386,11 @@ restart:
383 * Try to prune ancestors as well. This is necessary to prevent 386 * Try to prune ancestors as well. This is necessary to prevent
384 * quadratic behavior of shrink_dcache_parent(), but is also expected 387 * quadratic behavior of shrink_dcache_parent(), but is also expected
385 * to be beneficial in reducing dentry cache fragmentation. 388 * to be beneficial in reducing dentry cache fragmentation.
386 *
387 * Called with dcache_lock, drops it and then regains.
388 * Called with dentry->d_lock held, drops it.
389 */ 389 */
390static void prune_one_dentry(struct dentry * dentry) 390static void prune_one_dentry(struct dentry * dentry)
391 __releases(dentry->d_lock)
392 __releases(dcache_lock)
393 __acquires(dcache_lock)
391{ 394{
392 __d_drop(dentry); 395 __d_drop(dentry);
393 dentry = d_kill(dentry); 396 dentry = d_kill(dentry);
@@ -1604,10 +1607,9 @@ static int d_isparent(struct dentry *p1, struct dentry *p2)
1604 * 1607 *
1605 * Note: If ever the locking in lock_rename() changes, then please 1608 * Note: If ever the locking in lock_rename() changes, then please
1606 * remember to update this too... 1609 * remember to update this too...
1607 *
1608 * On return, dcache_lock will have been unlocked.
1609 */ 1610 */
1610static struct dentry *__d_unalias(struct dentry *dentry, struct dentry *alias) 1611static struct dentry *__d_unalias(struct dentry *dentry, struct dentry *alias)
1612 __releases(dcache_lock)
1611{ 1613{
1612 struct mutex *m1 = NULL, *m2 = NULL; 1614 struct mutex *m1 = NULL, *m2 = NULL;
1613 struct dentry *ret; 1615 struct dentry *ret;
@@ -1743,11 +1745,9 @@ out_nolock:
1743shouldnt_be_hashed: 1745shouldnt_be_hashed:
1744 spin_unlock(&dcache_lock); 1746 spin_unlock(&dcache_lock);
1745 BUG(); 1747 BUG();
1746 goto shouldnt_be_hashed;
1747} 1748}
1748 1749
1749static int prepend(char **buffer, int *buflen, const char *str, 1750static int prepend(char **buffer, int *buflen, const char *str, int namelen)
1750 int namelen)
1751{ 1751{
1752 *buflen -= namelen; 1752 *buflen -= namelen;
1753 if (*buflen < 0) 1753 if (*buflen < 0)
@@ -1757,8 +1757,13 @@ static int prepend(char **buffer, int *buflen, const char *str,
1757 return 0; 1757 return 0;
1758} 1758}
1759 1759
1760static int prepend_name(char **buffer, int *buflen, struct qstr *name)
1761{
1762 return prepend(buffer, buflen, name->name, name->len);
1763}
1764
1760/** 1765/**
1761 * d_path - return the path of a dentry 1766 * __d_path - return the path of a dentry
1762 * @path: the dentry/vfsmount to report 1767 * @path: the dentry/vfsmount to report
1763 * @root: root vfsmnt/dentry (may be modified by this function) 1768 * @root: root vfsmnt/dentry (may be modified by this function)
1764 * @buffer: buffer to return value in 1769 * @buffer: buffer to return value in
@@ -1779,9 +1784,10 @@ char *__d_path(const struct path *path, struct path *root,
1779{ 1784{
1780 struct dentry *dentry = path->dentry; 1785 struct dentry *dentry = path->dentry;
1781 struct vfsmount *vfsmnt = path->mnt; 1786 struct vfsmount *vfsmnt = path->mnt;
1782 char * end = buffer+buflen; 1787 char *end = buffer + buflen;
1783 char * retval; 1788 char *retval;
1784 1789
1790 spin_lock(&vfsmount_lock);
1785 prepend(&end, &buflen, "\0", 1); 1791 prepend(&end, &buflen, "\0", 1);
1786 if (!IS_ROOT(dentry) && d_unhashed(dentry) && 1792 if (!IS_ROOT(dentry) && d_unhashed(dentry) &&
1787 (prepend(&end, &buflen, " (deleted)", 10) != 0)) 1793 (prepend(&end, &buflen, " (deleted)", 10) != 0))
@@ -1800,38 +1806,37 @@ char *__d_path(const struct path *path, struct path *root,
1800 break; 1806 break;
1801 if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) { 1807 if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
1802 /* Global root? */ 1808 /* Global root? */
1803 spin_lock(&vfsmount_lock);
1804 if (vfsmnt->mnt_parent == vfsmnt) { 1809 if (vfsmnt->mnt_parent == vfsmnt) {
1805 spin_unlock(&vfsmount_lock);
1806 goto global_root; 1810 goto global_root;
1807 } 1811 }
1808 dentry = vfsmnt->mnt_mountpoint; 1812 dentry = vfsmnt->mnt_mountpoint;
1809 vfsmnt = vfsmnt->mnt_parent; 1813 vfsmnt = vfsmnt->mnt_parent;
1810 spin_unlock(&vfsmount_lock);
1811 continue; 1814 continue;
1812 } 1815 }
1813 parent = dentry->d_parent; 1816 parent = dentry->d_parent;
1814 prefetch(parent); 1817 prefetch(parent);
1815 if ((prepend(&end, &buflen, dentry->d_name.name, 1818 if ((prepend_name(&end, &buflen, &dentry->d_name) != 0) ||
1816 dentry->d_name.len) != 0) ||
1817 (prepend(&end, &buflen, "/", 1) != 0)) 1819 (prepend(&end, &buflen, "/", 1) != 0))
1818 goto Elong; 1820 goto Elong;
1819 retval = end; 1821 retval = end;
1820 dentry = parent; 1822 dentry = parent;
1821 } 1823 }
1822 1824
1825out:
1826 spin_unlock(&vfsmount_lock);
1823 return retval; 1827 return retval;
1824 1828
1825global_root: 1829global_root:
1826 retval += 1; /* hit the slash */ 1830 retval += 1; /* hit the slash */
1827 if (prepend(&retval, &buflen, dentry->d_name.name, 1831 if (prepend_name(&retval, &buflen, &dentry->d_name) != 0)
1828 dentry->d_name.len) != 0)
1829 goto Elong; 1832 goto Elong;
1830 root->mnt = vfsmnt; 1833 root->mnt = vfsmnt;
1831 root->dentry = dentry; 1834 root->dentry = dentry;
1832 return retval; 1835 goto out;
1836
1833Elong: 1837Elong:
1834 return ERR_PTR(-ENAMETOOLONG); 1838 retval = ERR_PTR(-ENAMETOOLONG);
1839 goto out;
1835} 1840}
1836 1841
1837/** 1842/**
@@ -1845,9 +1850,9 @@ Elong:
1845 * 1850 *
1846 * Returns the buffer or an error code if the path was too long. 1851 * Returns the buffer or an error code if the path was too long.
1847 * 1852 *
1848 * "buflen" should be positive. Caller holds the dcache_lock. 1853 * "buflen" should be positive.
1849 */ 1854 */
1850char *d_path(struct path *path, char *buf, int buflen) 1855char *d_path(const struct path *path, char *buf, int buflen)
1851{ 1856{
1852 char *res; 1857 char *res;
1853 struct path root; 1858 struct path root;
@@ -1915,16 +1920,11 @@ char *dentry_path(struct dentry *dentry, char *buf, int buflen)
1915 retval = end-1; 1920 retval = end-1;
1916 *retval = '/'; 1921 *retval = '/';
1917 1922
1918 for (;;) { 1923 while (!IS_ROOT(dentry)) {
1919 struct dentry *parent; 1924 struct dentry *parent = dentry->d_parent;
1920 if (IS_ROOT(dentry))
1921 break;
1922 1925
1923 parent = dentry->d_parent;
1924 prefetch(parent); 1926 prefetch(parent);
1925 1927 if ((prepend_name(&end, &buflen, &dentry->d_name) != 0) ||
1926 if ((prepend(&end, &buflen, dentry->d_name.name,
1927 dentry->d_name.len) != 0) ||
1928 (prepend(&end, &buflen, "/", 1) != 0)) 1928 (prepend(&end, &buflen, "/", 1) != 0))
1929 goto Elong; 1929 goto Elong;
1930 1930
@@ -1975,7 +1975,7 @@ asmlinkage long sys_getcwd(char __user *buf, unsigned long size)
1975 error = -ENOENT; 1975 error = -ENOENT;
1976 /* Has the current directory has been unlinked? */ 1976 /* Has the current directory has been unlinked? */
1977 spin_lock(&dcache_lock); 1977 spin_lock(&dcache_lock);
1978 if (pwd.dentry->d_parent == pwd.dentry || !d_unhashed(pwd.dentry)) { 1978 if (IS_ROOT(pwd.dentry) || !d_unhashed(pwd.dentry)) {
1979 unsigned long len; 1979 unsigned long len;
1980 struct path tmp = root; 1980 struct path tmp = root;
1981 char * cwd; 1981 char * cwd;
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
index 50c994a249a5..09a4522f65e6 100644
--- a/fs/ecryptfs/miscdev.c
+++ b/fs/ecryptfs/miscdev.c
@@ -575,13 +575,11 @@ int ecryptfs_init_ecryptfs_miscdev(void)
575 int rc; 575 int rc;
576 576
577 atomic_set(&ecryptfs_num_miscdev_opens, 0); 577 atomic_set(&ecryptfs_num_miscdev_opens, 0);
578 mutex_lock(&ecryptfs_daemon_hash_mux);
579 rc = misc_register(&ecryptfs_miscdev); 578 rc = misc_register(&ecryptfs_miscdev);
580 if (rc) 579 if (rc)
581 printk(KERN_ERR "%s: Failed to register miscellaneous device " 580 printk(KERN_ERR "%s: Failed to register miscellaneous device "
582 "for communications with userspace daemons; rc = [%d]\n", 581 "for communications with userspace daemons; rc = [%d]\n",
583 __func__, rc); 582 __func__, rc);
584 mutex_unlock(&ecryptfs_daemon_hash_mux);
585 return rc; 583 return rc;
586} 584}
587 585
diff --git a/fs/ext3/super.c b/fs/ext3/super.c
index fe3119a71ada..2845425077e8 100644
--- a/fs/ext3/super.c
+++ b/fs/ext3/super.c
@@ -2875,8 +2875,10 @@ static ssize_t ext3_quota_write(struct super_block *sb, int type,
2875 blk++; 2875 blk++;
2876 } 2876 }
2877out: 2877out:
2878 if (len == towrite) 2878 if (len == towrite) {
2879 mutex_unlock(&inode->i_mutex);
2879 return err; 2880 return err;
2881 }
2880 if (inode->i_size < off+len-towrite) { 2882 if (inode->i_size < off+len-towrite) {
2881 i_size_write(inode, off+len-towrite); 2883 i_size_write(inode, off+len-towrite);
2882 EXT3_I(inode)->i_disksize = inode->i_size; 2884 EXT3_I(inode)->i_disksize = inode->i_size;
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index cb96f127c366..02bf24343979 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -3337,8 +3337,10 @@ static ssize_t ext4_quota_write(struct super_block *sb, int type,
3337 blk++; 3337 blk++;
3338 } 3338 }
3339out: 3339out:
3340 if (len == towrite) 3340 if (len == towrite) {
3341 mutex_unlock(&inode->i_mutex);
3341 return err; 3342 return err;
3343 }
3342 if (inode->i_size < off+len-towrite) { 3344 if (inode->i_size < off+len-towrite) {
3343 i_size_write(inode, off+len-towrite); 3345 i_size_write(inode, off+len-towrite);
3344 EXT4_I(inode)->i_disksize = inode->i_size; 3346 EXT4_I(inode)->i_disksize = inode->i_size;
diff --git a/fs/gfs2/bmap.c b/fs/gfs2/bmap.c
index c19184f2e70e..bec76b1c2bb0 100644
--- a/fs/gfs2/bmap.c
+++ b/fs/gfs2/bmap.c
@@ -246,15 +246,11 @@ static void find_metapath(const struct gfs2_sbd *sdp, u64 block,
246 246
247} 247}
248 248
249static inline unsigned int zero_metapath_length(const struct metapath *mp, 249static inline unsigned int metapath_branch_start(const struct metapath *mp)
250 unsigned height)
251{ 250{
252 unsigned int i; 251 if (mp->mp_list[0] == 0)
253 for (i = 0; i < height - 1; i++) { 252 return 2;
254 if (mp->mp_list[i] != 0) 253 return 1;
255 return i;
256 }
257 return height;
258} 254}
259 255
260/** 256/**
@@ -436,7 +432,7 @@ static int gfs2_bmap_alloc(struct inode *inode, const sector_t lblock,
436 struct gfs2_sbd *sdp = GFS2_SB(inode); 432 struct gfs2_sbd *sdp = GFS2_SB(inode);
437 struct buffer_head *dibh = mp->mp_bh[0]; 433 struct buffer_head *dibh = mp->mp_bh[0];
438 u64 bn, dblock = 0; 434 u64 bn, dblock = 0;
439 unsigned n, i, blks, alloced = 0, iblks = 0, zmpl = 0; 435 unsigned n, i, blks, alloced = 0, iblks = 0, branch_start = 0;
440 unsigned dblks = 0; 436 unsigned dblks = 0;
441 unsigned ptrs_per_blk; 437 unsigned ptrs_per_blk;
442 const unsigned end_of_metadata = height - 1; 438 const unsigned end_of_metadata = height - 1;
@@ -471,9 +467,8 @@ static int gfs2_bmap_alloc(struct inode *inode, const sector_t lblock,
471 /* Building up tree height */ 467 /* Building up tree height */
472 state = ALLOC_GROW_HEIGHT; 468 state = ALLOC_GROW_HEIGHT;
473 iblks = height - ip->i_height; 469 iblks = height - ip->i_height;
474 zmpl = zero_metapath_length(mp, height); 470 branch_start = metapath_branch_start(mp);
475 iblks -= zmpl; 471 iblks += (height - branch_start);
476 iblks += height;
477 } 472 }
478 } 473 }
479 474
@@ -509,13 +504,13 @@ static int gfs2_bmap_alloc(struct inode *inode, const sector_t lblock,
509 sizeof(struct gfs2_meta_header)); 504 sizeof(struct gfs2_meta_header));
510 *ptr = zero_bn; 505 *ptr = zero_bn;
511 state = ALLOC_GROW_DEPTH; 506 state = ALLOC_GROW_DEPTH;
512 for(i = zmpl; i < height; i++) { 507 for(i = branch_start; i < height; i++) {
513 if (mp->mp_bh[i] == NULL) 508 if (mp->mp_bh[i] == NULL)
514 break; 509 break;
515 brelse(mp->mp_bh[i]); 510 brelse(mp->mp_bh[i]);
516 mp->mp_bh[i] = NULL; 511 mp->mp_bh[i] = NULL;
517 } 512 }
518 i = zmpl; 513 i = branch_start;
519 } 514 }
520 if (n == 0) 515 if (n == 0)
521 break; 516 break;
diff --git a/fs/gfs2/rgrp.c b/fs/gfs2/rgrp.c
index 6387523a3153..3401628d742b 100644
--- a/fs/gfs2/rgrp.c
+++ b/fs/gfs2/rgrp.c
@@ -195,7 +195,7 @@ ulong_aligned:
195 depending on architecture. I've experimented with several ways 195 depending on architecture. I've experimented with several ways
196 of writing this section such as using an else before the goto 196 of writing this section such as using an else before the goto
197 but this one seems to be the fastest. */ 197 but this one seems to be the fastest. */
198 while ((unsigned char *)plong < end - 1) { 198 while ((unsigned char *)plong < end - sizeof(unsigned long)) {
199 prefetch(plong + 1); 199 prefetch(plong + 1);
200 if (((*plong) & LBITMASK) != lskipval) 200 if (((*plong) & LBITMASK) != lskipval)
201 break; 201 break;
diff --git a/fs/libfs.c b/fs/libfs.c
index 892d41cb3382..baeb71ee1cde 100644
--- a/fs/libfs.c
+++ b/fs/libfs.c
@@ -512,6 +512,20 @@ void simple_release_fs(struct vfsmount **mount, int *count)
512 mntput(mnt); 512 mntput(mnt);
513} 513}
514 514
515/**
516 * simple_read_from_buffer - copy data from the buffer to user space
517 * @to: the user space buffer to read to
518 * @count: the maximum number of bytes to read
519 * @ppos: the current position in the buffer
520 * @from: the buffer to read from
521 * @available: the size of the buffer
522 *
523 * The simple_read_from_buffer() function reads up to @count bytes from the
524 * buffer @from at offset @ppos into the user space address starting at @to.
525 *
526 * On success, the number of bytes read is returned and the offset @ppos is
527 * advanced by this number, or negative value is returned on error.
528 **/
515ssize_t simple_read_from_buffer(void __user *to, size_t count, loff_t *ppos, 529ssize_t simple_read_from_buffer(void __user *to, size_t count, loff_t *ppos,
516 const void *from, size_t available) 530 const void *from, size_t available)
517{ 531{
@@ -528,6 +542,20 @@ ssize_t simple_read_from_buffer(void __user *to, size_t count, loff_t *ppos,
528 return count; 542 return count;
529} 543}
530 544
545/**
546 * memory_read_from_buffer - copy data from the buffer
547 * @to: the kernel space buffer to read to
548 * @count: the maximum number of bytes to read
549 * @ppos: the current position in the buffer
550 * @from: the buffer to read from
551 * @available: the size of the buffer
552 *
553 * The memory_read_from_buffer() function reads up to @count bytes from the
554 * buffer @from at offset @ppos into the kernel space address starting at @to.
555 *
556 * On success, the number of bytes read is returned and the offset @ppos is
557 * advanced by this number, or negative value is returned on error.
558 **/
531ssize_t memory_read_from_buffer(void *to, size_t count, loff_t *ppos, 559ssize_t memory_read_from_buffer(void *to, size_t count, loff_t *ppos,
532 const void *from, size_t available) 560 const void *from, size_t available)
533{ 561{
diff --git a/fs/locks.c b/fs/locks.c
index 11dbf08651b7..dce8c747371c 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -561,9 +561,6 @@ static void locks_insert_lock(struct file_lock **pos, struct file_lock *fl)
561 /* insert into file's list */ 561 /* insert into file's list */
562 fl->fl_next = *pos; 562 fl->fl_next = *pos;
563 *pos = fl; 563 *pos = fl;
564
565 if (fl->fl_ops && fl->fl_ops->fl_insert)
566 fl->fl_ops->fl_insert(fl);
567} 564}
568 565
569/* 566/*
@@ -586,9 +583,6 @@ static void locks_delete_lock(struct file_lock **thisfl_p)
586 fl->fl_fasync = NULL; 583 fl->fl_fasync = NULL;
587 } 584 }
588 585
589 if (fl->fl_ops && fl->fl_ops->fl_remove)
590 fl->fl_ops->fl_remove(fl);
591
592 if (fl->fl_nspid) { 586 if (fl->fl_nspid) {
593 put_pid(fl->fl_nspid); 587 put_pid(fl->fl_nspid);
594 fl->fl_nspid = NULL; 588 fl->fl_nspid = NULL;
diff --git a/fs/namei.c b/fs/namei.c
index c7e43536c49a..01e67dddcc3d 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -581,15 +581,13 @@ static __always_inline int link_path_walk(const char *name, struct nameidata *nd
581 int result; 581 int result;
582 582
583 /* make sure the stuff we saved doesn't go away */ 583 /* make sure the stuff we saved doesn't go away */
584 dget(save.dentry); 584 path_get(&save);
585 mntget(save.mnt);
586 585
587 result = __link_path_walk(name, nd); 586 result = __link_path_walk(name, nd);
588 if (result == -ESTALE) { 587 if (result == -ESTALE) {
589 /* nd->path had been dropped */ 588 /* nd->path had been dropped */
590 nd->path = save; 589 nd->path = save;
591 dget(nd->path.dentry); 590 path_get(&nd->path);
592 mntget(nd->path.mnt);
593 nd->flags |= LOOKUP_REVAL; 591 nd->flags |= LOOKUP_REVAL;
594 result = __link_path_walk(name, nd); 592 result = __link_path_walk(name, nd);
595 } 593 }
@@ -1216,8 +1214,9 @@ int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt,
1216 nd->flags = flags; 1214 nd->flags = flags;
1217 nd->depth = 0; 1215 nd->depth = 0;
1218 1216
1219 nd->path.mnt = mntget(mnt); 1217 nd->path.dentry = dentry;
1220 nd->path.dentry = dget(dentry); 1218 nd->path.mnt = mnt;
1219 path_get(&nd->path);
1221 1220
1222 retval = path_walk(name, nd); 1221 retval = path_walk(name, nd);
1223 if (unlikely(!retval && !audit_dummy_context() && nd->path.dentry && 1222 if (unlikely(!retval && !audit_dummy_context() && nd->path.dentry &&
@@ -2857,16 +2856,17 @@ int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
2857{ 2856{
2858 struct nameidata nd; 2857 struct nameidata nd;
2859 void *cookie; 2858 void *cookie;
2859 int res;
2860 2860
2861 nd.depth = 0; 2861 nd.depth = 0;
2862 cookie = dentry->d_inode->i_op->follow_link(dentry, &nd); 2862 cookie = dentry->d_inode->i_op->follow_link(dentry, &nd);
2863 if (!IS_ERR(cookie)) { 2863 if (IS_ERR(cookie))
2864 int res = vfs_readlink(dentry, buffer, buflen, nd_get_link(&nd)); 2864 return PTR_ERR(cookie);
2865 if (dentry->d_inode->i_op->put_link) 2865
2866 dentry->d_inode->i_op->put_link(dentry, &nd, cookie); 2866 res = vfs_readlink(dentry, buffer, buflen, nd_get_link(&nd));
2867 cookie = ERR_PTR(res); 2867 if (dentry->d_inode->i_op->put_link)
2868 } 2868 dentry->d_inode->i_op->put_link(dentry, &nd, cookie);
2869 return PTR_ERR(cookie); 2869 return res;
2870} 2870}
2871 2871
2872int vfs_follow_link(struct nameidata *nd, const char *link) 2872int vfs_follow_link(struct nameidata *nd, const char *link)
diff --git a/fs/nfs/mount_clnt.c b/fs/nfs/mount_clnt.c
index 49c7cd0502cc..779d2eb649c5 100644
--- a/fs/nfs/mount_clnt.c
+++ b/fs/nfs/mount_clnt.c
@@ -130,10 +130,11 @@ static int xdr_decode_fhstatus3(struct rpc_rqst *req, __be32 *p,
130 struct mnt_fhstatus *res) 130 struct mnt_fhstatus *res)
131{ 131{
132 struct nfs_fh *fh = res->fh; 132 struct nfs_fh *fh = res->fh;
133 unsigned size;
133 134
134 if ((res->status = ntohl(*p++)) == 0) { 135 if ((res->status = ntohl(*p++)) == 0) {
135 int size = ntohl(*p++); 136 size = ntohl(*p++);
136 if (size <= NFS3_FHSIZE) { 137 if (size <= NFS3_FHSIZE && size != 0) {
137 fh->size = size; 138 fh->size = size;
138 memcpy(fh->data, p, size); 139 memcpy(fh->data, p, size);
139 } else 140 } else
diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index 2a4a024a4e7b..614efeed5437 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -1216,8 +1216,6 @@ static int nfs_validate_mount_data(void *options,
1216{ 1216{
1217 struct nfs_mount_data *data = (struct nfs_mount_data *)options; 1217 struct nfs_mount_data *data = (struct nfs_mount_data *)options;
1218 1218
1219 memset(args, 0, sizeof(*args));
1220
1221 if (data == NULL) 1219 if (data == NULL)
1222 goto out_no_data; 1220 goto out_no_data;
1223 1221
@@ -1251,13 +1249,13 @@ static int nfs_validate_mount_data(void *options,
1251 case 5: 1249 case 5:
1252 memset(data->context, 0, sizeof(data->context)); 1250 memset(data->context, 0, sizeof(data->context));
1253 case 6: 1251 case 6:
1254 if (data->flags & NFS_MOUNT_VER3) 1252 if (data->flags & NFS_MOUNT_VER3) {
1253 if (data->root.size > NFS3_FHSIZE || data->root.size == 0)
1254 goto out_invalid_fh;
1255 mntfh->size = data->root.size; 1255 mntfh->size = data->root.size;
1256 else 1256 } else
1257 mntfh->size = NFS2_FHSIZE; 1257 mntfh->size = NFS2_FHSIZE;
1258 1258
1259 if (mntfh->size > sizeof(mntfh->data))
1260 goto out_invalid_fh;
1261 1259
1262 memcpy(mntfh->data, data->root.data, mntfh->size); 1260 memcpy(mntfh->data, data->root.data, mntfh->size);
1263 if (mntfh->size < sizeof(mntfh->data)) 1261 if (mntfh->size < sizeof(mntfh->data))
@@ -1585,24 +1583,29 @@ static int nfs_get_sb(struct file_system_type *fs_type,
1585{ 1583{
1586 struct nfs_server *server = NULL; 1584 struct nfs_server *server = NULL;
1587 struct super_block *s; 1585 struct super_block *s;
1588 struct nfs_fh mntfh; 1586 struct nfs_parsed_mount_data *data;
1589 struct nfs_parsed_mount_data data; 1587 struct nfs_fh *mntfh;
1590 struct dentry *mntroot; 1588 struct dentry *mntroot;
1591 int (*compare_super)(struct super_block *, void *) = nfs_compare_super; 1589 int (*compare_super)(struct super_block *, void *) = nfs_compare_super;
1592 struct nfs_sb_mountdata sb_mntdata = { 1590 struct nfs_sb_mountdata sb_mntdata = {
1593 .mntflags = flags, 1591 .mntflags = flags,
1594 }; 1592 };
1595 int error; 1593 int error = -ENOMEM;
1594
1595 data = kzalloc(sizeof(*data), GFP_KERNEL);
1596 mntfh = kzalloc(sizeof(*mntfh), GFP_KERNEL);
1597 if (data == NULL || mntfh == NULL)
1598 goto out_free_fh;
1596 1599
1597 security_init_mnt_opts(&data.lsm_opts); 1600 security_init_mnt_opts(&data->lsm_opts);
1598 1601
1599 /* Validate the mount data */ 1602 /* Validate the mount data */
1600 error = nfs_validate_mount_data(raw_data, &data, &mntfh, dev_name); 1603 error = nfs_validate_mount_data(raw_data, data, mntfh, dev_name);
1601 if (error < 0) 1604 if (error < 0)
1602 goto out; 1605 goto out;
1603 1606
1604 /* Get a volume representation */ 1607 /* Get a volume representation */
1605 server = nfs_create_server(&data, &mntfh); 1608 server = nfs_create_server(data, mntfh);
1606 if (IS_ERR(server)) { 1609 if (IS_ERR(server)) {
1607 error = PTR_ERR(server); 1610 error = PTR_ERR(server);
1608 goto out; 1611 goto out;
@@ -1630,16 +1633,16 @@ static int nfs_get_sb(struct file_system_type *fs_type,
1630 1633
1631 if (!s->s_root) { 1634 if (!s->s_root) {
1632 /* initial superblock/root creation */ 1635 /* initial superblock/root creation */
1633 nfs_fill_super(s, &data); 1636 nfs_fill_super(s, data);
1634 } 1637 }
1635 1638
1636 mntroot = nfs_get_root(s, &mntfh); 1639 mntroot = nfs_get_root(s, mntfh);
1637 if (IS_ERR(mntroot)) { 1640 if (IS_ERR(mntroot)) {
1638 error = PTR_ERR(mntroot); 1641 error = PTR_ERR(mntroot);
1639 goto error_splat_super; 1642 goto error_splat_super;
1640 } 1643 }
1641 1644
1642 error = security_sb_set_mnt_opts(s, &data.lsm_opts); 1645 error = security_sb_set_mnt_opts(s, &data->lsm_opts);
1643 if (error) 1646 if (error)
1644 goto error_splat_root; 1647 goto error_splat_root;
1645 1648
@@ -1649,9 +1652,12 @@ static int nfs_get_sb(struct file_system_type *fs_type,
1649 error = 0; 1652 error = 0;
1650 1653
1651out: 1654out:
1652 kfree(data.nfs_server.hostname); 1655 kfree(data->nfs_server.hostname);
1653 kfree(data.mount_server.hostname); 1656 kfree(data->mount_server.hostname);
1654 security_free_mnt_opts(&data.lsm_opts); 1657 security_free_mnt_opts(&data->lsm_opts);
1658out_free_fh:
1659 kfree(mntfh);
1660 kfree(data);
1655 return error; 1661 return error;
1656 1662
1657out_err_nosb: 1663out_err_nosb:
@@ -1800,8 +1806,6 @@ static int nfs4_validate_mount_data(void *options,
1800 struct nfs4_mount_data *data = (struct nfs4_mount_data *)options; 1806 struct nfs4_mount_data *data = (struct nfs4_mount_data *)options;
1801 char *c; 1807 char *c;
1802 1808
1803 memset(args, 0, sizeof(*args));
1804
1805 if (data == NULL) 1809 if (data == NULL)
1806 goto out_no_data; 1810 goto out_no_data;
1807 1811
@@ -1959,26 +1963,31 @@ out_no_client_address:
1959static int nfs4_get_sb(struct file_system_type *fs_type, 1963static int nfs4_get_sb(struct file_system_type *fs_type,
1960 int flags, const char *dev_name, void *raw_data, struct vfsmount *mnt) 1964 int flags, const char *dev_name, void *raw_data, struct vfsmount *mnt)
1961{ 1965{
1962 struct nfs_parsed_mount_data data; 1966 struct nfs_parsed_mount_data *data;
1963 struct super_block *s; 1967 struct super_block *s;
1964 struct nfs_server *server; 1968 struct nfs_server *server;
1965 struct nfs_fh mntfh; 1969 struct nfs_fh *mntfh;
1966 struct dentry *mntroot; 1970 struct dentry *mntroot;
1967 int (*compare_super)(struct super_block *, void *) = nfs_compare_super; 1971 int (*compare_super)(struct super_block *, void *) = nfs_compare_super;
1968 struct nfs_sb_mountdata sb_mntdata = { 1972 struct nfs_sb_mountdata sb_mntdata = {
1969 .mntflags = flags, 1973 .mntflags = flags,
1970 }; 1974 };
1971 int error; 1975 int error = -ENOMEM;
1972 1976
1973 security_init_mnt_opts(&data.lsm_opts); 1977 data = kzalloc(sizeof(*data), GFP_KERNEL);
1978 mntfh = kzalloc(sizeof(*mntfh), GFP_KERNEL);
1979 if (data == NULL || mntfh == NULL)
1980 goto out_free_fh;
1981
1982 security_init_mnt_opts(&data->lsm_opts);
1974 1983
1975 /* Validate the mount data */ 1984 /* Validate the mount data */
1976 error = nfs4_validate_mount_data(raw_data, &data, dev_name); 1985 error = nfs4_validate_mount_data(raw_data, data, dev_name);
1977 if (error < 0) 1986 if (error < 0)
1978 goto out; 1987 goto out;
1979 1988
1980 /* Get a volume representation */ 1989 /* Get a volume representation */
1981 server = nfs4_create_server(&data, &mntfh); 1990 server = nfs4_create_server(data, mntfh);
1982 if (IS_ERR(server)) { 1991 if (IS_ERR(server)) {
1983 error = PTR_ERR(server); 1992 error = PTR_ERR(server);
1984 goto out; 1993 goto out;
@@ -2009,13 +2018,13 @@ static int nfs4_get_sb(struct file_system_type *fs_type,
2009 nfs4_fill_super(s); 2018 nfs4_fill_super(s);
2010 } 2019 }
2011 2020
2012 mntroot = nfs4_get_root(s, &mntfh); 2021 mntroot = nfs4_get_root(s, mntfh);
2013 if (IS_ERR(mntroot)) { 2022 if (IS_ERR(mntroot)) {
2014 error = PTR_ERR(mntroot); 2023 error = PTR_ERR(mntroot);
2015 goto error_splat_super; 2024 goto error_splat_super;
2016 } 2025 }
2017 2026
2018 error = security_sb_set_mnt_opts(s, &data.lsm_opts); 2027 error = security_sb_set_mnt_opts(s, &data->lsm_opts);
2019 if (error) 2028 if (error)
2020 goto error_splat_root; 2029 goto error_splat_root;
2021 2030
@@ -2025,10 +2034,13 @@ static int nfs4_get_sb(struct file_system_type *fs_type,
2025 error = 0; 2034 error = 0;
2026 2035
2027out: 2036out:
2028 kfree(data.client_address); 2037 kfree(data->client_address);
2029 kfree(data.nfs_server.export_path); 2038 kfree(data->nfs_server.export_path);
2030 kfree(data.nfs_server.hostname); 2039 kfree(data->nfs_server.hostname);
2031 security_free_mnt_opts(&data.lsm_opts); 2040 security_free_mnt_opts(&data->lsm_opts);
2041out_free_fh:
2042 kfree(mntfh);
2043 kfree(data);
2032 return error; 2044 return error;
2033 2045
2034out_free: 2046out_free:
diff --git a/fs/nfs/write.c b/fs/nfs/write.c
index 6d8ace3e3259..f333848fd3be 100644
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -739,12 +739,13 @@ int nfs_updatepage(struct file *file, struct page *page,
739 } 739 }
740 740
741 status = nfs_writepage_setup(ctx, page, offset, count); 741 status = nfs_writepage_setup(ctx, page, offset, count);
742 __set_page_dirty_nobuffers(page); 742 if (status < 0)
743 nfs_set_pageerror(page);
744 else
745 __set_page_dirty_nobuffers(page);
743 746
744 dprintk("NFS: nfs_updatepage returns %d (isize %Ld)\n", 747 dprintk("NFS: nfs_updatepage returns %d (isize %Ld)\n",
745 status, (long long)i_size_read(inode)); 748 status, (long long)i_size_read(inode));
746 if (status < 0)
747 nfs_set_pageerror(page);
748 return status; 749 return status;
749} 750}
750 751
diff --git a/fs/open.c b/fs/open.c
index a1450086e92f..a99ad09c3197 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -16,6 +16,7 @@
16#include <linux/namei.h> 16#include <linux/namei.h>
17#include <linux/backing-dev.h> 17#include <linux/backing-dev.h>
18#include <linux/capability.h> 18#include <linux/capability.h>
19#include <linux/securebits.h>
19#include <linux/security.h> 20#include <linux/security.h>
20#include <linux/mount.h> 21#include <linux/mount.h>
21#include <linux/vfs.h> 22#include <linux/vfs.h>
@@ -425,7 +426,7 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
425{ 426{
426 struct nameidata nd; 427 struct nameidata nd;
427 int old_fsuid, old_fsgid; 428 int old_fsuid, old_fsgid;
428 kernel_cap_t old_cap; 429 kernel_cap_t uninitialized_var(old_cap); /* !SECURE_NO_SETUID_FIXUP */
429 int res; 430 int res;
430 431
431 if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ 432 if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */
@@ -433,23 +434,27 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
433 434
434 old_fsuid = current->fsuid; 435 old_fsuid = current->fsuid;
435 old_fsgid = current->fsgid; 436 old_fsgid = current->fsgid;
436 old_cap = current->cap_effective;
437 437
438 current->fsuid = current->uid; 438 current->fsuid = current->uid;
439 current->fsgid = current->gid; 439 current->fsgid = current->gid;
440 440
441 /* 441 if (!issecure(SECURE_NO_SETUID_FIXUP)) {
442 * Clear the capabilities if we switch to a non-root user 442 /*
443 * 443 * Clear the capabilities if we switch to a non-root user
444 * FIXME: There is a race here against sys_capset. The 444 */
445 * capabilities can change yet we will restore the old 445#ifndef CONFIG_SECURITY_FILE_CAPABILITIES
446 * value below. We should hold task_capabilities_lock, 446 /*
447 * but we cannot because user_path_walk can sleep. 447 * FIXME: There is a race here against sys_capset. The
448 */ 448 * capabilities can change yet we will restore the old
449 if (current->uid) 449 * value below. We should hold task_capabilities_lock,
450 cap_clear(current->cap_effective); 450 * but we cannot because user_path_walk can sleep.
451 else 451 */
452 current->cap_effective = current->cap_permitted; 452#endif /* ndef CONFIG_SECURITY_FILE_CAPABILITIES */
453 if (current->uid)
454 old_cap = cap_set_effective(__cap_empty_set);
455 else
456 old_cap = cap_set_effective(current->cap_permitted);
457 }
453 458
454 res = __user_walk_fd(dfd, filename, LOOKUP_FOLLOW|LOOKUP_ACCESS, &nd); 459 res = __user_walk_fd(dfd, filename, LOOKUP_FOLLOW|LOOKUP_ACCESS, &nd);
455 if (res) 460 if (res)
@@ -478,7 +483,9 @@ out_path_release:
478out: 483out:
479 current->fsuid = old_fsuid; 484 current->fsuid = old_fsuid;
480 current->fsgid = old_fsgid; 485 current->fsgid = old_fsgid;
481 current->cap_effective = old_cap; 486
487 if (!issecure(SECURE_NO_SETUID_FIXUP))
488 cap_set_effective(old_cap);
482 489
483 return res; 490 return res;
484} 491}
diff --git a/fs/pipe.c b/fs/pipe.c
index ec228bc9f882..700f4e0d9572 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -1003,8 +1003,7 @@ struct file *create_write_pipe(void)
1003void free_write_pipe(struct file *f) 1003void free_write_pipe(struct file *f)
1004{ 1004{
1005 free_pipe_info(f->f_dentry->d_inode); 1005 free_pipe_info(f->f_dentry->d_inode);
1006 dput(f->f_path.dentry); 1006 path_put(&f->f_path);
1007 mntput(f->f_path.mnt);
1008 put_filp(f); 1007 put_filp(f);
1009} 1008}
1010 1009
@@ -1015,8 +1014,8 @@ struct file *create_read_pipe(struct file *wrf)
1015 return ERR_PTR(-ENFILE); 1014 return ERR_PTR(-ENFILE);
1016 1015
1017 /* Grab pipe from the writer */ 1016 /* Grab pipe from the writer */
1018 f->f_path.mnt = mntget(wrf->f_path.mnt); 1017 f->f_path = wrf->f_path;
1019 f->f_path.dentry = dget(wrf->f_path.dentry); 1018 path_get(&wrf->f_path);
1020 f->f_mapping = wrf->f_path.dentry->d_inode->i_mapping; 1019 f->f_mapping = wrf->f_path.dentry->d_inode->i_mapping;
1021 1020
1022 f->f_pos = 0; 1021 f->f_pos = 0;
@@ -1068,8 +1067,7 @@ int do_pipe(int *fd)
1068 err_fdr: 1067 err_fdr:
1069 put_unused_fd(fdr); 1068 put_unused_fd(fdr);
1070 err_read_pipe: 1069 err_read_pipe:
1071 dput(fr->f_dentry); 1070 path_put(&fr->f_path);
1072 mntput(fr->f_vfsmnt);
1073 put_filp(fr); 1071 put_filp(fr);
1074 err_write_pipe: 1072 err_write_pipe:
1075 free_write_pipe(fw); 1073 free_write_pipe(fw);
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index ab8ccc9d14ff..05053d701ac5 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -476,10 +476,10 @@ static ssize_t clear_refs_write(struct file *file, const char __user *buf,
476 return -ESRCH; 476 return -ESRCH;
477 mm = get_task_mm(task); 477 mm = get_task_mm(task);
478 if (mm) { 478 if (mm) {
479 static struct mm_walk clear_refs_walk; 479 struct mm_walk clear_refs_walk = {
480 memset(&clear_refs_walk, 0, sizeof(clear_refs_walk)); 480 .pmd_entry = clear_refs_pte_range,
481 clear_refs_walk.pmd_entry = clear_refs_pte_range; 481 .mm = mm,
482 clear_refs_walk.mm = mm; 482 };
483 down_read(&mm->mmap_sem); 483 down_read(&mm->mmap_sem);
484 for (vma = mm->mmap; vma; vma = vma->vm_next) { 484 for (vma = mm->mmap; vma; vma = vma->vm_next) {
485 clear_refs_walk.private = vma; 485 clear_refs_walk.private = vma;
diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c
index ed424d708e69..1d40f2bd1970 100644
--- a/fs/reiserfs/super.c
+++ b/fs/reiserfs/super.c
@@ -2165,8 +2165,10 @@ static ssize_t reiserfs_quota_write(struct super_block *sb, int type,
2165 blk++; 2165 blk++;
2166 } 2166 }
2167out: 2167out:
2168 if (len == towrite) 2168 if (len == towrite) {
2169 mutex_unlock(&inode->i_mutex);
2169 return err; 2170 return err;
2171 }
2170 if (inode->i_size < off + len - towrite) 2172 if (inode->i_size < off + len - towrite)
2171 i_size_write(inode, off + len - towrite); 2173 i_size_write(inode, off + len - towrite);
2172 inode->i_version++; 2174 inode->i_version++;
diff --git a/fs/select.c b/fs/select.c
index 8dda969614a9..da0e88201c3a 100644
--- a/fs/select.c
+++ b/fs/select.c
@@ -249,7 +249,6 @@ int do_select(int n, fd_set_bits *fds, s64 *timeout)
249 retval++; 249 retval++;
250 } 250 }
251 } 251 }
252 cond_resched();
253 } 252 }
254 if (res_in) 253 if (res_in)
255 *rinp = res_in; 254 *rinp = res_in;
@@ -257,6 +256,7 @@ int do_select(int n, fd_set_bits *fds, s64 *timeout)
257 *routp = res_out; 256 *routp = res_out;
258 if (res_ex) 257 if (res_ex)
259 *rexp = res_ex; 258 *rexp = res_ex;
259 cond_resched();
260 } 260 }
261 wait = NULL; 261 wait = NULL;
262 if (retval || !*timeout || signal_pending(current)) 262 if (retval || !*timeout || signal_pending(current))
diff --git a/fs/udf/super.c b/fs/udf/super.c
index 7a5f69be6ac2..44cc702f96cc 100644
--- a/fs/udf/super.c
+++ b/fs/udf/super.c
@@ -682,38 +682,26 @@ static int udf_vrs(struct super_block *sb, int silent)
682/* 682/*
683 * Check whether there is an anchor block in the given block 683 * Check whether there is an anchor block in the given block
684 */ 684 */
685static int udf_check_anchor_block(struct super_block *sb, sector_t block, 685static int udf_check_anchor_block(struct super_block *sb, sector_t block)
686 bool varconv)
687{ 686{
688 struct buffer_head *bh = NULL; 687 struct buffer_head *bh;
689 tag *t;
690 uint16_t ident; 688 uint16_t ident;
691 uint32_t location;
692 689
693 if (varconv) { 690 if (UDF_QUERY_FLAG(sb, UDF_FLAG_VARCONV) &&
694 if (udf_fixed_to_variable(block) >= 691 udf_fixed_to_variable(block) >=
695 sb->s_bdev->bd_inode->i_size >> sb->s_blocksize_bits) 692 sb->s_bdev->bd_inode->i_size >> sb->s_blocksize_bits)
696 return 0; 693 return 0;
697 bh = sb_bread(sb, udf_fixed_to_variable(block));
698 }
699 else
700 bh = sb_bread(sb, block);
701 694
695 bh = udf_read_tagged(sb, block, block, &ident);
702 if (!bh) 696 if (!bh)
703 return 0; 697 return 0;
704
705 t = (tag *)bh->b_data;
706 ident = le16_to_cpu(t->tagIdent);
707 location = le32_to_cpu(t->tagLocation);
708 brelse(bh); 698 brelse(bh);
709 if (ident != TAG_IDENT_AVDP) 699
710 return 0; 700 return ident == TAG_IDENT_AVDP;
711 return location == block;
712} 701}
713 702
714/* Search for an anchor volume descriptor pointer */ 703/* Search for an anchor volume descriptor pointer */
715static sector_t udf_scan_anchors(struct super_block *sb, bool varconv, 704static sector_t udf_scan_anchors(struct super_block *sb, sector_t lastblock)
716 sector_t lastblock)
717{ 705{
718 sector_t last[6]; 706 sector_t last[6];
719 int i; 707 int i;
@@ -739,7 +727,7 @@ static sector_t udf_scan_anchors(struct super_block *sb, bool varconv,
739 sb->s_blocksize_bits) 727 sb->s_blocksize_bits)
740 continue; 728 continue;
741 729
742 if (udf_check_anchor_block(sb, last[i], varconv)) { 730 if (udf_check_anchor_block(sb, last[i])) {
743 sbi->s_anchor[0] = last[i]; 731 sbi->s_anchor[0] = last[i];
744 sbi->s_anchor[1] = last[i] - 256; 732 sbi->s_anchor[1] = last[i] - 256;
745 return last[i]; 733 return last[i];
@@ -748,17 +736,17 @@ static sector_t udf_scan_anchors(struct super_block *sb, bool varconv,
748 if (last[i] < 256) 736 if (last[i] < 256)
749 continue; 737 continue;
750 738
751 if (udf_check_anchor_block(sb, last[i] - 256, varconv)) { 739 if (udf_check_anchor_block(sb, last[i] - 256)) {
752 sbi->s_anchor[1] = last[i] - 256; 740 sbi->s_anchor[1] = last[i] - 256;
753 return last[i]; 741 return last[i];
754 } 742 }
755 } 743 }
756 744
757 if (udf_check_anchor_block(sb, sbi->s_session + 256, varconv)) { 745 if (udf_check_anchor_block(sb, sbi->s_session + 256)) {
758 sbi->s_anchor[0] = sbi->s_session + 256; 746 sbi->s_anchor[0] = sbi->s_session + 256;
759 return last[0]; 747 return last[0];
760 } 748 }
761 if (udf_check_anchor_block(sb, sbi->s_session + 512, varconv)) { 749 if (udf_check_anchor_block(sb, sbi->s_session + 512)) {
762 sbi->s_anchor[0] = sbi->s_session + 512; 750 sbi->s_anchor[0] = sbi->s_session + 512;
763 return last[0]; 751 return last[0];
764 } 752 }
@@ -780,23 +768,24 @@ static void udf_find_anchor(struct super_block *sb)
780 int i; 768 int i;
781 struct udf_sb_info *sbi = UDF_SB(sb); 769 struct udf_sb_info *sbi = UDF_SB(sb);
782 770
783 lastblock = udf_scan_anchors(sb, 0, sbi->s_last_block); 771 lastblock = udf_scan_anchors(sb, sbi->s_last_block);
784 if (lastblock) 772 if (lastblock)
785 goto check_anchor; 773 goto check_anchor;
786 774
787 /* No anchor found? Try VARCONV conversion of block numbers */ 775 /* No anchor found? Try VARCONV conversion of block numbers */
776 UDF_SET_FLAG(sb, UDF_FLAG_VARCONV);
788 /* Firstly, we try to not convert number of the last block */ 777 /* Firstly, we try to not convert number of the last block */
789 lastblock = udf_scan_anchors(sb, 1, 778 lastblock = udf_scan_anchors(sb,
790 udf_variable_to_fixed(sbi->s_last_block)); 779 udf_variable_to_fixed(sbi->s_last_block));
791 if (lastblock) { 780 if (lastblock)
792 UDF_SET_FLAG(sb, UDF_FLAG_VARCONV);
793 goto check_anchor; 781 goto check_anchor;
794 }
795 782
796 /* Secondly, we try with converted number of the last block */ 783 /* Secondly, we try with converted number of the last block */
797 lastblock = udf_scan_anchors(sb, 1, sbi->s_last_block); 784 lastblock = udf_scan_anchors(sb, sbi->s_last_block);
798 if (lastblock) 785 if (!lastblock) {
799 UDF_SET_FLAG(sb, UDF_FLAG_VARCONV); 786 /* VARCONV didn't help. Clear it. */
787 UDF_CLEAR_FLAG(sb, UDF_FLAG_VARCONV);
788 }
800 789
801check_anchor: 790check_anchor:
802 /* 791 /*
diff --git a/fs/utimes.c b/fs/utimes.c
index af059d5cb485..b6b664e7145e 100644
--- a/fs/utimes.c
+++ b/fs/utimes.c
@@ -40,14 +40,9 @@ asmlinkage long sys_utime(char __user *filename, struct utimbuf __user *times)
40 40
41#endif 41#endif
42 42
43static bool nsec_special(long nsec)
44{
45 return nsec == UTIME_OMIT || nsec == UTIME_NOW;
46}
47
48static bool nsec_valid(long nsec) 43static bool nsec_valid(long nsec)
49{ 44{
50 if (nsec_special(nsec)) 45 if (nsec == UTIME_OMIT || nsec == UTIME_NOW)
51 return true; 46 return true;
52 47
53 return nsec >= 0 && nsec <= 999999999; 48 return nsec >= 0 && nsec <= 999999999;
@@ -102,7 +97,11 @@ long do_utimes(int dfd, char __user *filename, struct timespec *times, int flags
102 if (error) 97 if (error)
103 goto dput_and_out; 98 goto dput_and_out;
104 99
105 /* Don't worry, the checks are done in inode_change_ok() */ 100 if (times && times[0].tv_nsec == UTIME_NOW &&
101 times[1].tv_nsec == UTIME_NOW)
102 times = NULL;
103
104 /* In most cases, the checks are done in inode_change_ok() */
106 newattrs.ia_valid = ATTR_CTIME | ATTR_MTIME | ATTR_ATIME; 105 newattrs.ia_valid = ATTR_CTIME | ATTR_MTIME | ATTR_ATIME;
107 if (times) { 106 if (times) {
108 error = -EPERM; 107 error = -EPERM;
@@ -124,28 +123,34 @@ long do_utimes(int dfd, char __user *filename, struct timespec *times, int flags
124 newattrs.ia_mtime.tv_nsec = times[1].tv_nsec; 123 newattrs.ia_mtime.tv_nsec = times[1].tv_nsec;
125 newattrs.ia_valid |= ATTR_MTIME_SET; 124 newattrs.ia_valid |= ATTR_MTIME_SET;
126 } 125 }
127 }
128 126
129 /* 127 /*
130 * If times is NULL or both times are either UTIME_OMIT or 128 * For the UTIME_OMIT/UTIME_NOW and UTIME_NOW/UTIME_OMIT
131 * UTIME_NOW, then need to check permissions, because 129 * cases, we need to make an extra check that is not done by
132 * inode_change_ok() won't do it. 130 * inode_change_ok().
133 */ 131 */
134 if (!times || (nsec_special(times[0].tv_nsec) && 132 if (((times[0].tv_nsec == UTIME_NOW &&
135 nsec_special(times[1].tv_nsec))) { 133 times[1].tv_nsec == UTIME_OMIT)
134 ||
135 (times[0].tv_nsec == UTIME_OMIT &&
136 times[1].tv_nsec == UTIME_NOW))
137 && !is_owner_or_cap(inode))
138 goto mnt_drop_write_and_out;
139 } else {
140
141 /*
142 * If times is NULL (or both times are UTIME_NOW),
143 * then we need to check permissions, because
144 * inode_change_ok() won't do it.
145 */
136 error = -EACCES; 146 error = -EACCES;
137 if (IS_IMMUTABLE(inode)) 147 if (IS_IMMUTABLE(inode))
138 goto mnt_drop_write_and_out; 148 goto mnt_drop_write_and_out;
139 149
140 if (!is_owner_or_cap(inode)) { 150 if (!is_owner_or_cap(inode)) {
141 if (f) { 151 error = permission(inode, MAY_WRITE, NULL);
142 if (!(f->f_mode & FMODE_WRITE)) 152 if (error)
143 goto mnt_drop_write_and_out; 153 goto mnt_drop_write_and_out;
144 } else {
145 error = vfs_permission(&nd, MAY_WRITE);
146 if (error)
147 goto mnt_drop_write_and_out;
148 }
149 } 154 }
150 } 155 }
151 mutex_lock(&inode->i_mutex); 156 mutex_lock(&inode->i_mutex);
@@ -169,14 +174,6 @@ asmlinkage long sys_utimensat(int dfd, char __user *filename, struct timespec __
169 if (utimes) { 174 if (utimes) {
170 if (copy_from_user(&tstimes, utimes, sizeof(tstimes))) 175 if (copy_from_user(&tstimes, utimes, sizeof(tstimes)))
171 return -EFAULT; 176 return -EFAULT;
172 if ((tstimes[0].tv_nsec == UTIME_OMIT ||
173 tstimes[0].tv_nsec == UTIME_NOW) &&
174 tstimes[0].tv_sec != 0)
175 return -EINVAL;
176 if ((tstimes[1].tv_nsec == UTIME_OMIT ||
177 tstimes[1].tv_nsec == UTIME_NOW) &&
178 tstimes[1].tv_sec != 0)
179 return -EINVAL;
180 177
181 /* Nothing to do, we must not even check the path. */ 178 /* Nothing to do, we must not even check the path. */
182 if (tstimes[0].tv_nsec == UTIME_OMIT && 179 if (tstimes[0].tv_nsec == UTIME_OMIT &&
generated by cgit v1.2.2 (git 2.25.0) at 2025-12-27 23:37:19 -0500