7 files changed, 117 insertions, 115 deletions
diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c
index 69f44dcdb0b4..b1c902e319c1 100644
--- a/fs/binfmt_flat.c
+++ b/fs/binfmt_flat.c
@@ -428,7 +428,6 @@ static int load_flat_file(struct linux_binprm * bprm,
        loff_t fpos;
        unsigned long start_code, end_code;
        int ret;
-        int exec_fileno;
        hdr = ((struct flat_hdr *) bprm->buf);          /* exec-header */
        inode = bprm->file->f_dentry->d_inode;
@@ -502,21 +501,12 @@ static int load_flat_file(struct linux_binprm * bprm,
                goto err;
        }
-        /* check file descriptor */
-        exec_fileno = get_unused_fd();
-        if (exec_fileno < 0) {
-                ret = -EMFILE;
-                goto err;
-        }
-        get_file(bprm->file);
-        fd_install(exec_fileno, bprm->file);
        /* Flush all traces of the currently running executable */
        if (id == 0) {
                result = flush_old_exec(bprm);
                if (result) {
                        ret = result;
-                        goto err_close;
+                        goto err;
                }
                /* OK, This is the point of no return */
@@ -548,7 +538,7 @@ static int load_flat_file(struct linux_binprm * bprm,
                                textpos = (unsigned long) -ENOMEM;
                        printk("Unable to mmap process text, errno %d\n", (int)-textpos);
                        ret = textpos;
-                        goto err_close;
+                        goto err;
                }
                down_write(&current->mm->mmap_sem);
@@ -564,7 +554,7 @@ static int load_flat_file(struct linux_binprm * bprm,
                                        (int)-datapos);
                        do_munmap(current->mm, textpos, text_len);
                        ret = realdatastart;
-                        goto err_close;
+                        goto err;
                }
                datapos = realdatastart + MAX_SHARED_LIBS * sizeof(unsigned long);
@@ -587,7 +577,7 @@ static int load_flat_file(struct linux_binprm * bprm,
                        do_munmap(current->mm, textpos, text_len);
                        do_munmap(current->mm, realdatastart, data_len + extra);
                        ret = result;
-                        goto err_close;
+                        goto err;
                }
                reloc = (unsigned long *) (datapos+(ntohl(hdr->reloc_start)-text_len));
@@ -606,7 +596,7 @@ static int load_flat_file(struct linux_binprm * bprm,
                        printk("Unable to allocate RAM for process text/data, errno %d\n",
                                        (int)-textpos);
                        ret = textpos;
-                        goto err_close;
+                        goto err;
                }
                realdatastart = textpos + ntohl(hdr->data_start);
@@ -652,7 +642,7 @@ static int load_flat_file(struct linux_binprm * bprm,
                        do_munmap(current->mm, textpos, text_len + data_len + extra +
                                MAX_SHARED_LIBS * sizeof(unsigned long));
                        ret = result;
-                        goto err_close;
+                        goto err;
                }
        }
@@ -717,7 +707,7 @@ static int load_flat_file(struct linux_binprm * bprm,
                                addr = calc_reloc(*rp, libinfo, id, 0);
                                if (addr == RELOC_FAILED) {
                                        ret = -ENOEXEC;
-                                        goto err_close;
+                                        goto err;
                                }
                                *rp = addr;
                        }
@@ -747,7 +737,7 @@ static int load_flat_file(struct linux_binprm * bprm,
                        rp = (unsigned long *) calc_reloc(addr, libinfo, id, 1);
                        if (rp == (unsigned long *)RELOC_FAILED) {
                                ret = -ENOEXEC;
-                                goto err_close;
+                                goto err;
                        }
                        /* Get the pointer's value.  */
@@ -762,7 +752,7 @@ static int load_flat_file(struct linux_binprm * bprm,
                                addr = calc_reloc(addr, libinfo, id, 0);
                                if (addr == RELOC_FAILED) {
                                        ret = -ENOEXEC;
-                                        goto err_close;
+                                        goto err;
                                }
                                /* Write back the relocated pointer.  */
@@ -783,8 +773,6 @@ static int load_flat_file(struct linux_binprm * bprm,
                        stack_len);
        return 0;
-err_close:
-        sys_close(exec_fileno);
 err:
        return ret;
 }
diff --git a/fs/bio.c b/fs/bio.c
index eb8fbc53f2cd..098c12b2d60a 100644
--- a/fs/bio.c
+++ b/fs/bio.c
@@ -1116,6 +1116,9 @@ struct bio_pair *bio_split(struct bio *bi, mempool_t *pool, int first_sectors)
        bp->bio1.bi_io_vec = &bp->bv1;
        bp->bio2.bi_io_vec = &bp->bv2;
+        bp->bio1.bi_max_vecs = 1;
+        bp->bio2.bi_max_vecs = 1;
        bp->bio1.bi_end_io = bio_pair_end_1;
        bp->bio2.bi_end_io = bio_pair_end_2;
diff --git a/fs/compat.c b/fs/compat.c
index 01f39f87f372..b1f64786a613 100644
--- a/fs/compat.c
+++ b/fs/compat.c
@@ -2030,109 +2030,115 @@ union compat_nfsctl_res {
        struct knfsd_fh         cr32_getfs;
 };
-static int compat_nfs_svc_trans(struct nfsctl_arg *karg, struct compat_nfsctl_arg __user *arg)
+static int compat_nfs_svc_trans(struct nfsctl_arg *karg,
-{
+                                struct compat_nfsctl_arg __user *arg)
-        int err;
+{
+        if (!access_ok(VERIFY_READ, &arg->ca32_svc, sizeof(arg->ca32_svc)) ||
-        err = access_ok(VERIFY_READ, &arg->ca32_svc, sizeof(arg->ca32_svc));
+                get_user(karg->ca_version, &arg->ca32_version) ||
-        err |= get_user(karg->ca_version, &arg->ca32_version);
+                __get_user(karg->ca_svc.svc_port, &arg->ca32_svc.svc32_port) ||
-        err |= __get_user(karg->ca_svc.svc_port, &arg->ca32_svc.svc32_port);
+                __get_user(karg->ca_svc.svc_nthreads,
-        err |= __get_user(karg->ca_svc.svc_nthreads, &arg->ca32_svc.svc32_nthreads);
+                                &arg->ca32_svc.svc32_nthreads))
-        return (err) ? -EFAULT : 0;
+                return -EFAULT;
+        return 0;
 }
-static int compat_nfs_clnt_trans(struct nfsctl_arg *karg, struct compat_nfsctl_arg __user *arg)
+static int compat_nfs_clnt_trans(struct nfsctl_arg *karg,
-{
+                                struct compat_nfsctl_arg __user *arg)
-        int err;
+{
+        if (!access_ok(VERIFY_READ, &arg->ca32_client,
-        err = access_ok(VERIFY_READ, &arg->ca32_client, sizeof(arg->ca32_client));
+                        sizeof(arg->ca32_client)) ||
-        err |= get_user(karg->ca_version, &arg->ca32_version);
+                get_user(karg->ca_version, &arg->ca32_version) ||
-        err |= __copy_from_user(&karg->ca_client.cl_ident[0],
+                __copy_from_user(&karg->ca_client.cl_ident[0],
-                          &arg->ca32_client.cl32_ident[0],
+                                &arg->ca32_client.cl32_ident[0],
-                          NFSCLNT_IDMAX);
+                                NFSCLNT_IDMAX) ||
-        err |= __get_user(karg->ca_client.cl_naddr, &arg->ca32_client.cl32_naddr);
+                __get_user(karg->ca_client.cl_naddr,
-        err |= __copy_from_user(&karg->ca_client.cl_addrlist[0],
+                                &arg->ca32_client.cl32_naddr) ||
-                          &arg->ca32_client.cl32_addrlist[0],
+                __copy_from_user(&karg->ca_client.cl_addrlist[0],
-                          (sizeof(struct in_addr) * NFSCLNT_ADDRMAX));
+                                &arg->ca32_client.cl32_addrlist[0],
-        err |= __get_user(karg->ca_client.cl_fhkeytype,
+                                (sizeof(struct in_addr) * NFSCLNT_ADDRMAX)) ||
-                      &arg->ca32_client.cl32_fhkeytype);
+                __get_user(karg->ca_client.cl_fhkeytype,
-        err |= __get_user(karg->ca_client.cl_fhkeylen,
+                                &arg->ca32_client.cl32_fhkeytype) ||
-                      &arg->ca32_client.cl32_fhkeylen);
+                __get_user(karg->ca_client.cl_fhkeylen,
-        err |= __copy_from_user(&karg->ca_client.cl_fhkey[0],
+                                &arg->ca32_client.cl32_fhkeylen) ||
-                          &arg->ca32_client.cl32_fhkey[0],
+                __copy_from_user(&karg->ca_client.cl_fhkey[0],
-                          NFSCLNT_KEYMAX);
+                                &arg->ca32_client.cl32_fhkey[0],
+                                NFSCLNT_KEYMAX))
+                return -EFAULT;
-        return (err) ? -EFAULT : 0;
+        return 0;
 }
-static int compat_nfs_exp_trans(struct nfsctl_arg *karg, struct compat_nfsctl_arg __user *arg)
+static int compat_nfs_exp_trans(struct nfsctl_arg *karg,
-{
+                                struct compat_nfsctl_arg __user *arg)
-        int err;
+{
+        if (!access_ok(VERIFY_READ, &arg->ca32_export,
-        err = access_ok(VERIFY_READ, &arg->ca32_export, sizeof(arg->ca32_export));
+                                sizeof(arg->ca32_export)) ||
-        err |= get_user(karg->ca_version, &arg->ca32_version);
+                get_user(karg->ca_version, &arg->ca32_version) ||
-        err |= __copy_from_user(&karg->ca_export.ex_client[0],
+                __copy_from_user(&karg->ca_export.ex_client[0],
-                          &arg->ca32_export.ex32_client[0],
+                                &arg->ca32_export.ex32_client[0],
-                          NFSCLNT_IDMAX);
+                                NFSCLNT_IDMAX) ||
-        err |= __copy_from_user(&karg->ca_export.ex_path[0],
+                __copy_from_user(&karg->ca_export.ex_path[0],
-                          &arg->ca32_export.ex32_path[0],
+                                &arg->ca32_export.ex32_path[0],
-                          NFS_MAXPATHLEN);
+                                NFS_MAXPATHLEN) ||
-        err |= __get_user(karg->ca_export.ex_dev,
+                __get_user(karg->ca_export.ex_dev,
-                      &arg->ca32_export.ex32_dev);
+                                &arg->ca32_export.ex32_dev) ||
-        err |= __get_user(karg->ca_export.ex_ino,
+                __get_user(karg->ca_export.ex_ino,
-                      &arg->ca32_export.ex32_ino);
+                                &arg->ca32_export.ex32_ino) ||
-        err |= __get_user(karg->ca_export.ex_flags,
+                __get_user(karg->ca_export.ex_flags,
-                      &arg->ca32_export.ex32_flags);
+                                &arg->ca32_export.ex32_flags) ||
-        err |= __get_user(karg->ca_export.ex_anon_uid,
+                __get_user(karg->ca_export.ex_anon_uid,
-                      &arg->ca32_export.ex32_anon_uid);
+                                &arg->ca32_export.ex32_anon_uid) ||
-        err |= __get_user(karg->ca_export.ex_anon_gid,
+                __get_user(karg->ca_export.ex_anon_gid,
-                      &arg->ca32_export.ex32_anon_gid);
+                                &arg->ca32_export.ex32_anon_gid))
+                return -EFAULT;
        SET_UID(karg->ca_export.ex_anon_uid, karg->ca_export.ex_anon_uid);
        SET_GID(karg->ca_export.ex_anon_gid, karg->ca_export.ex_anon_gid);
-        return (err) ? -EFAULT : 0;
+        return 0;
 }
-static int compat_nfs_getfd_trans(struct nfsctl_arg *karg, struct compat_nfsctl_arg __user *arg)
+static int compat_nfs_getfd_trans(struct nfsctl_arg *karg,
-{
+                                struct compat_nfsctl_arg __user *arg)
-        int err;
+{
+        if (!access_ok(VERIFY_READ, &arg->ca32_getfd,
-        err = access_ok(VERIFY_READ, &arg->ca32_getfd, sizeof(arg->ca32_getfd));
+                        sizeof(arg->ca32_getfd)) ||
-        err |= get_user(karg->ca_version, &arg->ca32_version);
+                get_user(karg->ca_version, &arg->ca32_version) ||
-        err |= __copy_from_user(&karg->ca_getfd.gd_addr,
+                __copy_from_user(&karg->ca_getfd.gd_addr,
-                          &arg->ca32_getfd.gd32_addr,
+                                &arg->ca32_getfd.gd32_addr,
-                          (sizeof(struct sockaddr)));
+                                (sizeof(struct sockaddr))) ||
-        err |= __copy_from_user(&karg->ca_getfd.gd_path,
+                __copy_from_user(&karg->ca_getfd.gd_path,
-                          &arg->ca32_getfd.gd32_path,
+                                &arg->ca32_getfd.gd32_path,
-                          (NFS_MAXPATHLEN+1));
+                                (NFS_MAXPATHLEN+1)) ||
-        err |= __get_user(karg->ca_getfd.gd_version,
+                __get_user(karg->ca_getfd.gd_version,
-                      &arg->ca32_getfd.gd32_version);
+                                &arg->ca32_getfd.gd32_version))
+                return -EFAULT;
-        return (err) ? -EFAULT : 0;
+        return 0;
 }
-static int compat_nfs_getfs_trans(struct nfsctl_arg *karg, struct compat_nfsctl_arg __user *arg)
+static int compat_nfs_getfs_trans(struct nfsctl_arg *karg,
+                                struct compat_nfsctl_arg __user *arg)
 {
-        int err;
+        if (!access_ok(VERIFY_READ,&arg->ca32_getfs,sizeof(arg->ca32_getfs)) ||
+                get_user(karg->ca_version, &arg->ca32_version) ||
-        err = access_ok(VERIFY_READ, &arg->ca32_getfs, sizeof(arg->ca32_getfs));
+                __copy_from_user(&karg->ca_getfs.gd_addr,
-        err |= get_user(karg->ca_version, &arg->ca32_version);
+                                &arg->ca32_getfs.gd32_addr,
-        err |= __copy_from_user(&karg->ca_getfs.gd_addr,
+                                (sizeof(struct sockaddr))) ||
-                          &arg->ca32_getfs.gd32_addr,
+                __copy_from_user(&karg->ca_getfs.gd_path,
-                          (sizeof(struct sockaddr)));
+                                &arg->ca32_getfs.gd32_path,
-        err |= __copy_from_user(&karg->ca_getfs.gd_path,
+                                (NFS_MAXPATHLEN+1)) ||
-                          &arg->ca32_getfs.gd32_path,
+                __get_user(karg->ca_getfs.gd_maxlen,
-                          (NFS_MAXPATHLEN+1));
+                                &arg->ca32_getfs.gd32_maxlen))
-        err |= __get_user(karg->ca_getfs.gd_maxlen,
+                return -EFAULT;
-                      &arg->ca32_getfs.gd32_maxlen);
-        return (err) ? -EFAULT : 0;
+        return 0;
 }
 /* This really doesn't need translations, we are only passing
 * back a union which contains opaque nfs file handle data.
 */
-static int compat_nfs_getfh_res_trans(union nfsctl_res *kres, union compat_nfsctl_res __user *res)
+static int compat_nfs_getfh_res_trans(union nfsctl_res *kres,
+                                union compat_nfsctl_res __user *res)
 {
        int err;
@@ -2141,8 +2147,9 @@ static int compat_nfs_getfh_res_trans(union nfsctl_res *kres, union compat_nfsct
        return (err) ? -EFAULT : 0;
 }
-asmlinkage long compat_sys_nfsservctl(int cmd, struct compat_nfsctl_arg __user *arg,
+asmlinkage long compat_sys_nfsservctl(int cmd,
-                                        union compat_nfsctl_res __user *res)
+                                struct compat_nfsctl_arg __user *arg,
+                                union compat_nfsctl_res __user *res)
 {
        struct nfsctl_arg *karg;
        union nfsctl_res *kres;
diff --git a/fs/exportfs/expfs.c b/fs/exportfs/expfs.c
index b06b54f1bbbb..4c39009350f3 100644
--- a/fs/exportfs/expfs.c
+++ b/fs/exportfs/expfs.c
@@ -102,7 +102,7 @@ find_exported_dentry(struct super_block *sb, void *obj, void *parent,
                if (acceptable(context, result))
                        return result;
                if (S_ISDIR(result->d_inode->i_mode)) {
-                        /* there is no other dentry, so fail */
+                        err = -EACCES;
                        goto err_result;
                }
diff --git a/fs/inotify.c b/fs/inotify.c
index 1f50302849c5..732ec4bd5774 100644
--- a/fs/inotify.c
+++ b/fs/inotify.c
@@ -848,7 +848,11 @@ static int inotify_release(struct inode *ignored, struct file *file)
                inode = watch->inode;
                mutex_lock(&inode->inotify_mutex);
                mutex_lock(&dev->mutex);
-                remove_watch_no_event(watch, dev);
+                /* make sure we didn't race with another list removal */
+                if (likely(idr_find(&dev->idr, watch->wd)))
+                        remove_watch_no_event(watch, dev);
                mutex_unlock(&dev->mutex);
                mutex_unlock(&inode->inotify_mutex);
                put_inotify_watch(watch);
@@ -890,8 +894,7 @@ static int inotify_ignore(struct inotify_device *dev, s32 wd)
        mutex_lock(&dev->mutex);
        /* make sure that we did not race */
-        watch = idr_find(&dev->idr, wd);
+        if (likely(idr_find(&dev->idr, wd) == watch))
-        if (likely(watch))
                remove_watch(watch, dev);
        mutex_unlock(&dev->mutex);
diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
index 4e0578121d9a..3eec30000f3f 100644
--- a/fs/nfsd/export.c
+++ b/fs/nfsd/export.c
@@ -1066,9 +1066,11 @@ exp_pseudoroot(struct auth_domain *clp, struct svc_fh *fhp,
                rv = nfserr_perm;
        else if (IS_ERR(exp))
                rv = nfserrno(PTR_ERR(exp));
-        else
+        else {
                rv = fh_compose(fhp, exp,
                                fsid_key->ek_dentry, NULL);
+                exp_put(exp);
+        }
        cache_put(&fsid_key->h, &svc_expkey_cache);
        return rv;
 }
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index 6aa92d0e6876..1d65f13f458c 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -1922,11 +1922,10 @@ nfsd_set_posix_acl(struct svc_fh *fhp, int type, struct posix_acl *acl)
                value = kmalloc(size, GFP_KERNEL);
                if (!value)
                        return -ENOMEM;
-                size = posix_acl_to_xattr(acl, value, size);
+                error = posix_acl_to_xattr(acl, value, size);
-                if (size < 0) {
+                if (error < 0)
-                        error = size;
                        goto getout;
-                }
+                size = error;
        } else
                size = 0;

diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c index 69f44dcdb0b4..b1c902e319c1 100644 --- a/fs/binfmt_flat.c +++ b/fs/binfmt_flat.c
@@ -428,7 +428,6 @@ static int load_flat_file(struct linux_binprm * bprm,
428	loff_t fpos;	428	loff_t fpos;
429	unsigned long start_code, end_code;	429	unsigned long start_code, end_code;
430	int ret;	430	int ret;
431	int exec_fileno;
432		431
433	hdr = ((struct flat_hdr ) bprm->buf); / exec-header */	432	hdr = ((struct flat_hdr ) bprm->buf); / exec-header */
434	inode = bprm->file->f_dentry->d_inode;	433	inode = bprm->file->f_dentry->d_inode;
@@ -502,21 +501,12 @@ static int load_flat_file(struct linux_binprm * bprm,
502	goto err;	501	goto err;
503	}	502	}
504		503
505	/* check file descriptor */
506	exec_fileno = get_unused_fd();
507	if (exec_fileno < 0) {
508	ret = -EMFILE;
509	goto err;
510	}
511	get_file(bprm->file);
512	fd_install(exec_fileno, bprm->file);
513
514	/* Flush all traces of the currently running executable */	504	/* Flush all traces of the currently running executable */
515	if (id == 0) {	505	if (id == 0) {
516	result = flush_old_exec(bprm);	506	result = flush_old_exec(bprm);
517	if (result) {	507	if (result) {
518	ret = result;	508	ret = result;
519	goto err_close;	509	goto err;
520	}	510	}
521		511
522	/* OK, This is the point of no return */	512	/* OK, This is the point of no return */
@@ -548,7 +538,7 @@ static int load_flat_file(struct linux_binprm * bprm,
548	textpos = (unsigned long) -ENOMEM;	538	textpos = (unsigned long) -ENOMEM;
549	printk("Unable to mmap process text, errno %d\n", (int)-textpos);	539	printk("Unable to mmap process text, errno %d\n", (int)-textpos);
550	ret = textpos;	540	ret = textpos;
551	goto err_close;	541	goto err;
552	}	542	}
553		543
554	down_write(&current->mm->mmap_sem);	544	down_write(&current->mm->mmap_sem);
@@ -564,7 +554,7 @@ static int load_flat_file(struct linux_binprm * bprm,
564	(int)-datapos);	554	(int)-datapos);
565	do_munmap(current->mm, textpos, text_len);	555	do_munmap(current->mm, textpos, text_len);
566	ret = realdatastart;	556	ret = realdatastart;
567	goto err_close;	557	goto err;
568	}	558	}
569	datapos = realdatastart + MAX_SHARED_LIBS * sizeof(unsigned long);	559	datapos = realdatastart + MAX_SHARED_LIBS * sizeof(unsigned long);
570		560
@@ -587,7 +577,7 @@ static int load_flat_file(struct linux_binprm * bprm,
587	do_munmap(current->mm, textpos, text_len);	577	do_munmap(current->mm, textpos, text_len);
588	do_munmap(current->mm, realdatastart, data_len + extra);	578	do_munmap(current->mm, realdatastart, data_len + extra);
589	ret = result;	579	ret = result;
590	goto err_close;	580	goto err;
591	}	581	}
592		582
593	reloc = (unsigned long *) (datapos+(ntohl(hdr->reloc_start)-text_len));	583	reloc = (unsigned long *) (datapos+(ntohl(hdr->reloc_start)-text_len));
@@ -606,7 +596,7 @@ static int load_flat_file(struct linux_binprm * bprm,
606	printk("Unable to allocate RAM for process text/data, errno %d\n",	596	printk("Unable to allocate RAM for process text/data, errno %d\n",
607	(int)-textpos);	597	(int)-textpos);
608	ret = textpos;	598	ret = textpos;
609	goto err_close;	599	goto err;
610	}	600	}
611		601
612	realdatastart = textpos + ntohl(hdr->data_start);	602	realdatastart = textpos + ntohl(hdr->data_start);
@@ -652,7 +642,7 @@ static int load_flat_file(struct linux_binprm * bprm,
652	do_munmap(current->mm, textpos, text_len + data_len + extra +	642	do_munmap(current->mm, textpos, text_len + data_len + extra +
653	MAX_SHARED_LIBS * sizeof(unsigned long));	643	MAX_SHARED_LIBS * sizeof(unsigned long));
654	ret = result;	644	ret = result;
655	goto err_close;	645	goto err;
656	}	646	}
657	}	647	}
658		648
@@ -717,7 +707,7 @@ static int load_flat_file(struct linux_binprm * bprm,
717	addr = calc_reloc(*rp, libinfo, id, 0);	707	addr = calc_reloc(*rp, libinfo, id, 0);
718	if (addr == RELOC_FAILED) {	708	if (addr == RELOC_FAILED) {
719	ret = -ENOEXEC;	709	ret = -ENOEXEC;
720	goto err_close;	710	goto err;
721	}	711	}
722	*rp = addr;	712	*rp = addr;
723	}	713	}
@@ -747,7 +737,7 @@ static int load_flat_file(struct linux_binprm * bprm,
747	rp = (unsigned long *) calc_reloc(addr, libinfo, id, 1);	737	rp = (unsigned long *) calc_reloc(addr, libinfo, id, 1);
748	if (rp == (unsigned long *)RELOC_FAILED) {	738	if (rp == (unsigned long *)RELOC_FAILED) {
749	ret = -ENOEXEC;	739	ret = -ENOEXEC;
750	goto err_close;	740	goto err;
751	}	741	}
752		742
753	/* Get the pointer's value. */	743	/* Get the pointer's value. */
@@ -762,7 +752,7 @@ static int load_flat_file(struct linux_binprm * bprm,
762	addr = calc_reloc(addr, libinfo, id, 0);	752	addr = calc_reloc(addr, libinfo, id, 0);
763	if (addr == RELOC_FAILED) {	753	if (addr == RELOC_FAILED) {
764	ret = -ENOEXEC;	754	ret = -ENOEXEC;
765	goto err_close;	755	goto err;
766	}	756	}
767		757
768	/* Write back the relocated pointer. */	758	/* Write back the relocated pointer. */
@@ -783,8 +773,6 @@ static int load_flat_file(struct linux_binprm * bprm,
783	stack_len);	773	stack_len);
784		774
785	return 0;	775	return 0;
786	err_close:
787	sys_close(exec_fileno);
788	err:	776	err:
789	return ret;	777	return ret;
790	}	778	}


diff --git a/fs/bio.c b/fs/bio.c index eb8fbc53f2cd..098c12b2d60a 100644 --- a/fs/bio.c +++ b/fs/bio.c
@@ -1116,6 +1116,9 @@ struct bio_pair bio_split(struct bio bi, mempool_t *pool, int first_sectors)
1116	bp->bio1.bi_io_vec = &bp->bv1;	1116	bp->bio1.bi_io_vec = &bp->bv1;
1117	bp->bio2.bi_io_vec = &bp->bv2;	1117	bp->bio2.bi_io_vec = &bp->bv2;
1118		1118
		1119	bp->bio1.bi_max_vecs = 1;
		1120	bp->bio2.bi_max_vecs = 1;
		1121
1119	bp->bio1.bi_end_io = bio_pair_end_1;	1122	bp->bio1.bi_end_io = bio_pair_end_1;
1120	bp->bio2.bi_end_io = bio_pair_end_2;	1123	bp->bio2.bi_end_io = bio_pair_end_2;
1121		1124


diff --git a/fs/compat.c b/fs/compat.c index 01f39f87f372..b1f64786a613 100644 --- a/fs/compat.c +++ b/fs/compat.c
@@ -2030,109 +2030,115 @@ union compat_nfsctl_res {
2030	struct knfsd_fh cr32_getfs;	2030	struct knfsd_fh cr32_getfs;
2031	};	2031	};
2032		2032
2033	static int compat_nfs_svc_trans(struct nfsctl_arg karg, struct compat_nfsctl_arg __user arg)	2033	static int compat_nfs_svc_trans(struct nfsctl_arg *karg,
2034	{	2034	struct compat_nfsctl_arg __user *arg)
2035	int err;	2035	{
2036		2036	if (!access_ok(VERIFY_READ, &arg->ca32_svc, sizeof(arg->ca32_svc)) \|\|
2037	err = access_ok(VERIFY_READ, &arg->ca32_svc, sizeof(arg->ca32_svc));	2037	get_user(karg->ca_version, &arg->ca32_version) \|\|
2038	err \|= get_user(karg->ca_version, &arg->ca32_version);	2038	__get_user(karg->ca_svc.svc_port, &arg->ca32_svc.svc32_port) \|\|
2039	err \|= __get_user(karg->ca_svc.svc_port, &arg->ca32_svc.svc32_port);	2039	__get_user(karg->ca_svc.svc_nthreads,
2040	err \|= __get_user(karg->ca_svc.svc_nthreads, &arg->ca32_svc.svc32_nthreads);	2040	&arg->ca32_svc.svc32_nthreads))
2041	return (err) ? -EFAULT : 0;	2041	return -EFAULT;
		2042	return 0;
2042	}	2043	}
2043		2044
2044	static int compat_nfs_clnt_trans(struct nfsctl_arg karg, struct compat_nfsctl_arg __user arg)	2045	static int compat_nfs_clnt_trans(struct nfsctl_arg *karg,
2045	{	2046	struct compat_nfsctl_arg __user *arg)
2046	int err;	2047	{
2047		2048	if (!access_ok(VERIFY_READ, &arg->ca32_client,
2048	err = access_ok(VERIFY_READ, &arg->ca32_client, sizeof(arg->ca32_client));	2049	sizeof(arg->ca32_client)) \|\|
2049	err \|= get_user(karg->ca_version, &arg->ca32_version);	2050	get_user(karg->ca_version, &arg->ca32_version) \|\|
2050	err \|= __copy_from_user(&karg->ca_client.cl_ident[0],	2051	__copy_from_user(&karg->ca_client.cl_ident[0],
2051	&arg->ca32_client.cl32_ident[0],	2052	&arg->ca32_client.cl32_ident[0],
2052	NFSCLNT_IDMAX);	2053	NFSCLNT_IDMAX) \|\|
2053	err \|= __get_user(karg->ca_client.cl_naddr, &arg->ca32_client.cl32_naddr);	2054	__get_user(karg->ca_client.cl_naddr,
2054	err \|= __copy_from_user(&karg->ca_client.cl_addrlist[0],	2055	&arg->ca32_client.cl32_naddr) \|\|
2055	&arg->ca32_client.cl32_addrlist[0],	2056	__copy_from_user(&karg->ca_client.cl_addrlist[0],
2056	(sizeof(struct in_addr) * NFSCLNT_ADDRMAX));	2057	&arg->ca32_client.cl32_addrlist[0],
2057	err \|= __get_user(karg->ca_client.cl_fhkeytype,	2058	(sizeof(struct in_addr) * NFSCLNT_ADDRMAX)) \|\|
2058	&arg->ca32_client.cl32_fhkeytype);	2059	__get_user(karg->ca_client.cl_fhkeytype,
2059	err \|= __get_user(karg->ca_client.cl_fhkeylen,	2060	&arg->ca32_client.cl32_fhkeytype) \|\|
2060	&arg->ca32_client.cl32_fhkeylen);	2061	__get_user(karg->ca_client.cl_fhkeylen,
2061	err \|= __copy_from_user(&karg->ca_client.cl_fhkey[0],	2062	&arg->ca32_client.cl32_fhkeylen) \|\|
2062	&arg->ca32_client.cl32_fhkey[0],	2063	__copy_from_user(&karg->ca_client.cl_fhkey[0],
2063	NFSCLNT_KEYMAX);	2064	&arg->ca32_client.cl32_fhkey[0],
		2065	NFSCLNT_KEYMAX))
		2066	return -EFAULT;
2064		2067
2065	return (err) ? -EFAULT : 0;	2068	return 0;
2066	}	2069	}
2067		2070
2068	static int compat_nfs_exp_trans(struct nfsctl_arg karg, struct compat_nfsctl_arg __user arg)	2071	static int compat_nfs_exp_trans(struct nfsctl_arg *karg,
2069	{	2072	struct compat_nfsctl_arg __user *arg)
2070	int err;	2073	{
2071		2074	if (!access_ok(VERIFY_READ, &arg->ca32_export,
2072	err = access_ok(VERIFY_READ, &arg->ca32_export, sizeof(arg->ca32_export));	2075	sizeof(arg->ca32_export)) \|\|
2073	err \|= get_user(karg->ca_version, &arg->ca32_version);	2076	get_user(karg->ca_version, &arg->ca32_version) \|\|
2074	err \|= __copy_from_user(&karg->ca_export.ex_client[0],	2077	__copy_from_user(&karg->ca_export.ex_client[0],
2075	&arg->ca32_export.ex32_client[0],	2078	&arg->ca32_export.ex32_client[0],
2076	NFSCLNT_IDMAX);	2079	NFSCLNT_IDMAX) \|\|
2077	err \|= __copy_from_user(&karg->ca_export.ex_path[0],	2080	__copy_from_user(&karg->ca_export.ex_path[0],
2078	&arg->ca32_export.ex32_path[0],	2081	&arg->ca32_export.ex32_path[0],
2079	NFS_MAXPATHLEN);	2082	NFS_MAXPATHLEN) \|\|
2080	err \|= __get_user(karg->ca_export.ex_dev,	2083	__get_user(karg->ca_export.ex_dev,
2081	&arg->ca32_export.ex32_dev);	2084	&arg->ca32_export.ex32_dev) \|\|
2082	err \|= __get_user(karg->ca_export.ex_ino,	2085	__get_user(karg->ca_export.ex_ino,
2083	&arg->ca32_export.ex32_ino);	2086	&arg->ca32_export.ex32_ino) \|\|
2084	err \|= __get_user(karg->ca_export.ex_flags,	2087	__get_user(karg->ca_export.ex_flags,
2085	&arg->ca32_export.ex32_flags);	2088	&arg->ca32_export.ex32_flags) \|\|
2086	err \|= __get_user(karg->ca_export.ex_anon_uid,	2089	__get_user(karg->ca_export.ex_anon_uid,
2087	&arg->ca32_export.ex32_anon_uid);	2090	&arg->ca32_export.ex32_anon_uid) \|\|
2088	err \|= __get_user(karg->ca_export.ex_anon_gid,	2091	__get_user(karg->ca_export.ex_anon_gid,
2089	&arg->ca32_export.ex32_anon_gid);	2092	&arg->ca32_export.ex32_anon_gid))
		2093	return -EFAULT;
2090	SET_UID(karg->ca_export.ex_anon_uid, karg->ca_export.ex_anon_uid);	2094	SET_UID(karg->ca_export.ex_anon_uid, karg->ca_export.ex_anon_uid);
2091	SET_GID(karg->ca_export.ex_anon_gid, karg->ca_export.ex_anon_gid);	2095	SET_GID(karg->ca_export.ex_anon_gid, karg->ca_export.ex_anon_gid);
2092		2096
2093	return (err) ? -EFAULT : 0;	2097	return 0;
2094	}	2098	}
2095		2099
2096	static int compat_nfs_getfd_trans(struct nfsctl_arg karg, struct compat_nfsctl_arg __user arg)	2100	static int compat_nfs_getfd_trans(struct nfsctl_arg *karg,
2097	{	2101	struct compat_nfsctl_arg __user *arg)
2098	int err;	2102	{
2099		2103	if (!access_ok(VERIFY_READ, &arg->ca32_getfd,
2100	err = access_ok(VERIFY_READ, &arg->ca32_getfd, sizeof(arg->ca32_getfd));	2104	sizeof(arg->ca32_getfd)) \|\|
2101	err \|= get_user(karg->ca_version, &arg->ca32_version);	2105	get_user(karg->ca_version, &arg->ca32_version) \|\|
2102	err \|= __copy_from_user(&karg->ca_getfd.gd_addr,	2106	__copy_from_user(&karg->ca_getfd.gd_addr,
2103	&arg->ca32_getfd.gd32_addr,	2107	&arg->ca32_getfd.gd32_addr,
2104	(sizeof(struct sockaddr)));	2108	(sizeof(struct sockaddr))) \|\|
2105	err \|= __copy_from_user(&karg->ca_getfd.gd_path,	2109	__copy_from_user(&karg->ca_getfd.gd_path,
2106	&arg->ca32_getfd.gd32_path,	2110	&arg->ca32_getfd.gd32_path,
2107	(NFS_MAXPATHLEN+1));	2111	(NFS_MAXPATHLEN+1)) \|\|
2108	err \|= __get_user(karg->ca_getfd.gd_version,	2112	__get_user(karg->ca_getfd.gd_version,
2109	&arg->ca32_getfd.gd32_version);	2113	&arg->ca32_getfd.gd32_version))
		2114	return -EFAULT;
2110		2115
2111	return (err) ? -EFAULT : 0;	2116	return 0;
2112	}	2117	}
2113		2118
2114	static int compat_nfs_getfs_trans(struct nfsctl_arg karg, struct compat_nfsctl_arg __user arg)	2119	static int compat_nfs_getfs_trans(struct nfsctl_arg *karg,
		2120	struct compat_nfsctl_arg __user *arg)
2115	{	2121	{
2116	int err;	2122	if (!access_ok(VERIFY_READ,&arg->ca32_getfs,sizeof(arg->ca32_getfs)) \|\|
2117		2123	get_user(karg->ca_version, &arg->ca32_version) \|\|
2118	err = access_ok(VERIFY_READ, &arg->ca32_getfs, sizeof(arg->ca32_getfs));	2124	__copy_from_user(&karg->ca_getfs.gd_addr,
2119	err \|= get_user(karg->ca_version, &arg->ca32_version);	2125	&arg->ca32_getfs.gd32_addr,
2120	err \|= __copy_from_user(&karg->ca_getfs.gd_addr,	2126	(sizeof(struct sockaddr))) \|\|
2121	&arg->ca32_getfs.gd32_addr,	2127	__copy_from_user(&karg->ca_getfs.gd_path,
2122	(sizeof(struct sockaddr)));	2128	&arg->ca32_getfs.gd32_path,
2123	err \|= __copy_from_user(&karg->ca_getfs.gd_path,	2129	(NFS_MAXPATHLEN+1)) \|\|
2124	&arg->ca32_getfs.gd32_path,	2130	__get_user(karg->ca_getfs.gd_maxlen,
2125	(NFS_MAXPATHLEN+1));	2131	&arg->ca32_getfs.gd32_maxlen))
2126	err \|= __get_user(karg->ca_getfs.gd_maxlen,	2132	return -EFAULT;
2127	&arg->ca32_getfs.gd32_maxlen);
2128		2133
2129	return (err) ? -EFAULT : 0;	2134	return 0;
2130	}	2135	}
2131		2136
2132	/* This really doesn't need translations, we are only passing	2137	/* This really doesn't need translations, we are only passing
2133	* back a union which contains opaque nfs file handle data.	2138	* back a union which contains opaque nfs file handle data.
2134	*/	2139	*/
2135	static int compat_nfs_getfh_res_trans(union nfsctl_res kres, union compat_nfsctl_res __user res)	2140	static int compat_nfs_getfh_res_trans(union nfsctl_res *kres,
		2141	union compat_nfsctl_res __user *res)
2136	{	2142	{
2137	int err;	2143	int err;
2138		2144
@@ -2141,8 +2147,9 @@ static int compat_nfs_getfh_res_trans(union nfsctl_res *kres, union compat_nfsct
2141	return (err) ? -EFAULT : 0;	2147	return (err) ? -EFAULT : 0;
2142	}	2148	}
2143		2149
2144	asmlinkage long compat_sys_nfsservctl(int cmd, struct compat_nfsctl_arg __user *arg,	2150	asmlinkage long compat_sys_nfsservctl(int cmd,
2145	union compat_nfsctl_res __user *res)	2151	struct compat_nfsctl_arg __user *arg,
		2152	union compat_nfsctl_res __user *res)
2146	{	2153	{
2147	struct nfsctl_arg *karg;	2154	struct nfsctl_arg *karg;
2148	union nfsctl_res *kres;	2155	union nfsctl_res *kres;


diff --git a/fs/exportfs/expfs.c b/fs/exportfs/expfs.c index b06b54f1bbbb..4c39009350f3 100644 --- a/fs/exportfs/expfs.c +++ b/fs/exportfs/expfs.c
@@ -102,7 +102,7 @@ find_exported_dentry(struct super_block sb, void obj, void *parent,
102	if (acceptable(context, result))	102	if (acceptable(context, result))
103	return result;	103	return result;
104	if (S_ISDIR(result->d_inode->i_mode)) {	104	if (S_ISDIR(result->d_inode->i_mode)) {
105	/* there is no other dentry, so fail */	105	err = -EACCES;
106	goto err_result;	106	goto err_result;
107	}	107	}
108		108


diff --git a/fs/inotify.c b/fs/inotify.c index 1f50302849c5..732ec4bd5774 100644 --- a/fs/inotify.c +++ b/fs/inotify.c
@@ -848,7 +848,11 @@ static int inotify_release(struct inode ignored, struct file file)
848	inode = watch->inode;	848	inode = watch->inode;
849	mutex_lock(&inode->inotify_mutex);	849	mutex_lock(&inode->inotify_mutex);
850	mutex_lock(&dev->mutex);	850	mutex_lock(&dev->mutex);
851	remove_watch_no_event(watch, dev);	851
		852	/* make sure we didn't race with another list removal */
		853	if (likely(idr_find(&dev->idr, watch->wd)))
		854	remove_watch_no_event(watch, dev);
		855
852	mutex_unlock(&dev->mutex);	856	mutex_unlock(&dev->mutex);
853	mutex_unlock(&inode->inotify_mutex);	857	mutex_unlock(&inode->inotify_mutex);
854	put_inotify_watch(watch);	858	put_inotify_watch(watch);
@@ -890,8 +894,7 @@ static int inotify_ignore(struct inotify_device *dev, s32 wd)
890	mutex_lock(&dev->mutex);	894	mutex_lock(&dev->mutex);
891		895
892	/* make sure that we did not race */	896	/* make sure that we did not race */
893	watch = idr_find(&dev->idr, wd);	897	if (likely(idr_find(&dev->idr, wd) == watch))
894	if (likely(watch))
895	remove_watch(watch, dev);	898	remove_watch(watch, dev);
896		899
897	mutex_unlock(&dev->mutex);	900	mutex_unlock(&dev->mutex);


diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c index 4e0578121d9a..3eec30000f3f 100644 --- a/fs/nfsd/export.c +++ b/fs/nfsd/export.c
@@ -1066,9 +1066,11 @@ exp_pseudoroot(struct auth_domain clp, struct svc_fh fhp,
1066	rv = nfserr_perm;	1066	rv = nfserr_perm;
1067	else if (IS_ERR(exp))	1067	else if (IS_ERR(exp))
1068	rv = nfserrno(PTR_ERR(exp));	1068	rv = nfserrno(PTR_ERR(exp));
1069	else	1069	else {
1070	rv = fh_compose(fhp, exp,	1070	rv = fh_compose(fhp, exp,
1071	fsid_key->ek_dentry, NULL);	1071	fsid_key->ek_dentry, NULL);
		1072	exp_put(exp);
		1073	}
1072	cache_put(&fsid_key->h, &svc_expkey_cache);	1074	cache_put(&fsid_key->h, &svc_expkey_cache);
1073	return rv;	1075	return rv;
1074	}	1076	}


diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 6aa92d0e6876..1d65f13f458c 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c
@@ -1922,11 +1922,10 @@ nfsd_set_posix_acl(struct svc_fh fhp, int type, struct posix_acl acl)
1922	value = kmalloc(size, GFP_KERNEL);	1922	value = kmalloc(size, GFP_KERNEL);
1923	if (!value)	1923	if (!value)
1924	return -ENOMEM;	1924	return -ENOMEM;
1925	size = posix_acl_to_xattr(acl, value, size);	1925	error = posix_acl_to_xattr(acl, value, size);
1926	if (size < 0) {	1926	if (error < 0)
1927	error = size;
1928	goto getout;	1927	goto getout;
1929	}	1928	size = error;
1930	} else	1929	} else
1931	size = 0;	1930	size = 0;
1932		1931