Commit 64a028a6 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:
  Fix failure exit in ipathfs
  fix oops in fs/9p late mount failure
  fix leak in romfs_fill_super()
  get rid of pointless checks after simple_pin_fs()
  Fix failure exits in bfs_fill_super()
  fix affs parse_options()
  Fix remount races with symlink handling in affs
  Fix a leak in affs_fill_super()
parents 3d29935f 12e9a456
...@@ -346,10 +346,8 @@ static int ipathfs_fill_super(struct super_block *sb, void *data, ...@@ -346,10 +346,8 @@ static int ipathfs_fill_super(struct super_block *sb, void *data,
list_for_each_entry_safe(dd, tmp, &ipath_dev_list, ipath_list) { list_for_each_entry_safe(dd, tmp, &ipath_dev_list, ipath_list) {
spin_unlock_irqrestore(&ipath_devs_lock, flags); spin_unlock_irqrestore(&ipath_devs_lock, flags);
ret = create_device_files(sb, dd); ret = create_device_files(sb, dd);
if (ret) { if (ret)
deactivate_locked_super(sb);
goto bail; goto bail;
}
spin_lock_irqsave(&ipath_devs_lock, flags); spin_lock_irqsave(&ipath_devs_lock, flags);
} }
......
...@@ -188,7 +188,8 @@ static void v9fs_kill_super(struct super_block *s) ...@@ -188,7 +188,8 @@ static void v9fs_kill_super(struct super_block *s)
P9_DPRINTK(P9_DEBUG_VFS, " %p\n", s); P9_DPRINTK(P9_DEBUG_VFS, " %p\n", s);
v9fs_dentry_release(s->s_root); /* clunk root */ if (s->s_root)
v9fs_dentry_release(s->s_root); /* clunk root */
kill_anon_super(s); kill_anon_super(s);
......
...@@ -106,8 +106,8 @@ struct affs_sb_info { ...@@ -106,8 +106,8 @@ struct affs_sb_info {
u32 s_last_bmap; u32 s_last_bmap;
struct buffer_head *s_bmap_bh; struct buffer_head *s_bmap_bh;
char *s_prefix; /* Prefix for volumes and assigns. */ char *s_prefix; /* Prefix for volumes and assigns. */
int s_prefix_len; /* Length of prefix. */
char s_volume[32]; /* Volume prefix for absolute symlinks. */ char s_volume[32]; /* Volume prefix for absolute symlinks. */
spinlock_t symlink_lock; /* protects the previous two */
}; };
#define SF_INTL 0x0001 /* International filesystem. */ #define SF_INTL 0x0001 /* International filesystem. */
......
...@@ -341,10 +341,13 @@ affs_symlink(struct inode *dir, struct dentry *dentry, const char *symname) ...@@ -341,10 +341,13 @@ affs_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
p = (char *)AFFS_HEAD(bh)->table; p = (char *)AFFS_HEAD(bh)->table;
lc = '/'; lc = '/';
if (*symname == '/') { if (*symname == '/') {
struct affs_sb_info *sbi = AFFS_SB(sb);
while (*symname == '/') while (*symname == '/')
symname++; symname++;
while (AFFS_SB(sb)->s_volume[i]) /* Cannot overflow */ spin_lock(&sbi->symlink_lock);
*p++ = AFFS_SB(sb)->s_volume[i++]; while (sbi->s_volume[i]) /* Cannot overflow */
*p++ = sbi->s_volume[i++];
spin_unlock(&sbi->symlink_lock);
} }
while (i < maxlen && (c = *symname++)) { while (i < maxlen && (c = *symname++)) {
if (c == '.' && lc == '/' && *symname == '.' && symname[1] == '/') { if (c == '.' && lc == '/' && *symname == '.' && symname[1] == '/') {
......
...@@ -203,7 +203,7 @@ parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s ...@@ -203,7 +203,7 @@ parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s
switch (token) { switch (token) {
case Opt_bs: case Opt_bs:
if (match_int(&args[0], &n)) if (match_int(&args[0], &n))
return -EINVAL; return 0;
if (n != 512 && n != 1024 && n != 2048 if (n != 512 && n != 1024 && n != 2048
&& n != 4096) { && n != 4096) {
printk ("AFFS: Invalid blocksize (512, 1024, 2048, 4096 allowed)\n"); printk ("AFFS: Invalid blocksize (512, 1024, 2048, 4096 allowed)\n");
...@@ -213,7 +213,7 @@ parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s ...@@ -213,7 +213,7 @@ parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s
break; break;
case Opt_mode: case Opt_mode:
if (match_octal(&args[0], &option)) if (match_octal(&args[0], &option))
return 1; return 0;
*mode = option & 0777; *mode = option & 0777;
*mount_opts |= SF_SETMODE; *mount_opts |= SF_SETMODE;
break; break;
...@@ -221,8 +221,6 @@ parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s ...@@ -221,8 +221,6 @@ parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s
*mount_opts |= SF_MUFS; *mount_opts |= SF_MUFS;
break; break;
case Opt_prefix: case Opt_prefix:
/* Free any previous prefix */
kfree(*prefix);
*prefix = match_strdup(&args[0]); *prefix = match_strdup(&args[0]);
if (!*prefix) if (!*prefix)
return 0; return 0;
...@@ -233,21 +231,21 @@ parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s ...@@ -233,21 +231,21 @@ parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s
break; break;
case Opt_reserved: case Opt_reserved:
if (match_int(&args[0], reserved)) if (match_int(&args[0], reserved))
return 1; return 0;
break; break;
case Opt_root: case Opt_root:
if (match_int(&args[0], root)) if (match_int(&args[0], root))
return 1; return 0;
break; break;
case Opt_setgid: case Opt_setgid:
if (match_int(&args[0], &option)) if (match_int(&args[0], &option))
return 1; return 0;
*gid = option; *gid = option;
*mount_opts |= SF_SETGID; *mount_opts |= SF_SETGID;
break; break;
case Opt_setuid: case Opt_setuid:
if (match_int(&args[0], &option)) if (match_int(&args[0], &option))
return -EINVAL; return 0;
*uid = option; *uid = option;
*mount_opts |= SF_SETUID; *mount_opts |= SF_SETUID;
break; break;
...@@ -311,11 +309,14 @@ static int affs_fill_super(struct super_block *sb, void *data, int silent) ...@@ -311,11 +309,14 @@ static int affs_fill_super(struct super_block *sb, void *data, int silent)
return -ENOMEM; return -ENOMEM;
sb->s_fs_info = sbi; sb->s_fs_info = sbi;
mutex_init(&sbi->s_bmlock); mutex_init(&sbi->s_bmlock);
spin_lock_init(&sbi->symlink_lock);
if (!parse_options(data,&uid,&gid,&i,&reserved,&root_block, if (!parse_options(data,&uid,&gid,&i,&reserved,&root_block,
&blocksize,&sbi->s_prefix, &blocksize,&sbi->s_prefix,
sbi->s_volume, &mount_flags)) { sbi->s_volume, &mount_flags)) {
printk(KERN_ERR "AFFS: Error parsing options\n"); printk(KERN_ERR "AFFS: Error parsing options\n");
kfree(sbi->s_prefix);
kfree(sbi);
return -EINVAL; return -EINVAL;
} }
/* N.B. after this point s_prefix must be released */ /* N.B. after this point s_prefix must be released */
...@@ -516,14 +517,18 @@ affs_remount(struct super_block *sb, int *flags, char *data) ...@@ -516,14 +517,18 @@ affs_remount(struct super_block *sb, int *flags, char *data)
unsigned long mount_flags; unsigned long mount_flags;
int res = 0; int res = 0;
char *new_opts = kstrdup(data, GFP_KERNEL); char *new_opts = kstrdup(data, GFP_KERNEL);
char volume[32];
char *prefix = NULL;
pr_debug("AFFS: remount(flags=0x%x,opts=\"%s\")\n",*flags,data); pr_debug("AFFS: remount(flags=0x%x,opts=\"%s\")\n",*flags,data);
*flags |= MS_NODIRATIME; *flags |= MS_NODIRATIME;
memcpy(volume, sbi->s_volume, 32);
if (!parse_options(data, &uid, &gid, &mode, &reserved, &root_block, if (!parse_options(data, &uid, &gid, &mode, &reserved, &root_block,
&blocksize, &sbi->s_prefix, sbi->s_volume, &blocksize, &prefix, volume,
&mount_flags)) { &mount_flags)) {
kfree(prefix);
kfree(new_opts); kfree(new_opts);
return -EINVAL; return -EINVAL;
} }
...@@ -534,6 +539,14 @@ affs_remount(struct super_block *sb, int *flags, char *data) ...@@ -534,6 +539,14 @@ affs_remount(struct super_block *sb, int *flags, char *data)
sbi->s_mode = mode; sbi->s_mode = mode;
sbi->s_uid = uid; sbi->s_uid = uid;
sbi->s_gid = gid; sbi->s_gid = gid;
/* protect against readers */
spin_lock(&sbi->symlink_lock);
if (prefix) {
kfree(sbi->s_prefix);
sbi->s_prefix = prefix;
}
memcpy(sbi->s_volume, volume, 32);
spin_unlock(&sbi->symlink_lock);
if ((*flags & MS_RDONLY) == (sb->s_flags & MS_RDONLY)) { if ((*flags & MS_RDONLY) == (sb->s_flags & MS_RDONLY)) {
unlock_kernel(); unlock_kernel();
......
...@@ -20,7 +20,6 @@ static int affs_symlink_readpage(struct file *file, struct page *page) ...@@ -20,7 +20,6 @@ static int affs_symlink_readpage(struct file *file, struct page *page)
int i, j; int i, j;
char c; char c;
char lc; char lc;
char *pf;
pr_debug("AFFS: follow_link(ino=%lu)\n",inode->i_ino); pr_debug("AFFS: follow_link(ino=%lu)\n",inode->i_ino);
...@@ -32,11 +31,15 @@ static int affs_symlink_readpage(struct file *file, struct page *page) ...@@ -32,11 +31,15 @@ static int affs_symlink_readpage(struct file *file, struct page *page)
j = 0; j = 0;
lf = (struct slink_front *)bh->b_data; lf = (struct slink_front *)bh->b_data;
lc = 0; lc = 0;
pf = AFFS_SB(inode->i_sb)->s_prefix ? AFFS_SB(inode->i_sb)->s_prefix : "/";
if (strchr(lf->symname,':')) { /* Handle assign or volume name */ if (strchr(lf->symname,':')) { /* Handle assign or volume name */
struct affs_sb_info *sbi = AFFS_SB(inode->i_sb);
char *pf;
spin_lock(&sbi->symlink_lock);
pf = sbi->s_prefix ? sbi->s_prefix : "/";
while (i < 1023 && (c = pf[i])) while (i < 1023 && (c = pf[i]))
link[i++] = c; link[i++] = c;
spin_unlock(&sbi->symlink_lock);
while (i < 1023 && lf->symname[j] != ':') while (i < 1023 && lf->symname[j] != ':')
link[i++] = lf->symname[j++]; link[i++] = lf->symname[j++];
if (i < 1023) if (i < 1023)
......
...@@ -353,35 +353,35 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent) ...@@ -353,35 +353,35 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
struct inode *inode; struct inode *inode;
unsigned i, imap_len; unsigned i, imap_len;
struct bfs_sb_info *info; struct bfs_sb_info *info;
long ret = -EINVAL; int ret = -EINVAL;
unsigned long i_sblock, i_eblock, i_eoff, s_size; unsigned long i_sblock, i_eblock, i_eoff, s_size;
info = kzalloc(sizeof(*info), GFP_KERNEL); info = kzalloc(sizeof(*info), GFP_KERNEL);
if (!info) if (!info)
return -ENOMEM; return -ENOMEM;
mutex_init(&info->bfs_lock);
s->s_fs_info = info; s->s_fs_info = info;
sb_set_blocksize(s, BFS_BSIZE); sb_set_blocksize(s, BFS_BSIZE);
bh = sb_bread(s, 0); info->si_sbh = sb_bread(s, 0);
if(!bh) if (!info->si_sbh)
goto out; goto out;
bfs_sb = (struct bfs_super_block *)bh->b_data; bfs_sb = (struct bfs_super_block *)info->si_sbh->b_data;
if (le32_to_cpu(bfs_sb->s_magic) != BFS_MAGIC) { if (le32_to_cpu(bfs_sb->s_magic) != BFS_MAGIC) {
if (!silent) if (!silent)
printf("No BFS filesystem on %s (magic=%08x)\n", printf("No BFS filesystem on %s (magic=%08x)\n",
s->s_id, le32_to_cpu(bfs_sb->s_magic)); s->s_id, le32_to_cpu(bfs_sb->s_magic));
goto out; goto out1;
} }
if (BFS_UNCLEAN(bfs_sb, s) && !silent) if (BFS_UNCLEAN(bfs_sb, s) && !silent)
printf("%s is unclean, continuing\n", s->s_id); printf("%s is unclean, continuing\n", s->s_id);
s->s_magic = BFS_MAGIC; s->s_magic = BFS_MAGIC;
info->si_sbh = bh;
if (le32_to_cpu(bfs_sb->s_start) > le32_to_cpu(bfs_sb->s_end)) { if (le32_to_cpu(bfs_sb->s_start) > le32_to_cpu(bfs_sb->s_end)) {
printf("Superblock is corrupted\n"); printf("Superblock is corrupted\n");
goto out; goto out1;
} }
info->si_lasti = (le32_to_cpu(bfs_sb->s_start) - BFS_BSIZE) / info->si_lasti = (le32_to_cpu(bfs_sb->s_start) - BFS_BSIZE) /
...@@ -390,7 +390,7 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent) ...@@ -390,7 +390,7 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
imap_len = (info->si_lasti / 8) + 1; imap_len = (info->si_lasti / 8) + 1;
info->si_imap = kzalloc(imap_len, GFP_KERNEL); info->si_imap = kzalloc(imap_len, GFP_KERNEL);
if (!info->si_imap) if (!info->si_imap)
goto out; goto out1;
for (i = 0; i < BFS_ROOT_INO; i++) for (i = 0; i < BFS_ROOT_INO; i++)
set_bit(i, info->si_imap); set_bit(i, info->si_imap);
...@@ -398,15 +398,13 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent) ...@@ -398,15 +398,13 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
inode = bfs_iget(s, BFS_ROOT_INO); inode = bfs_iget(s, BFS_ROOT_INO);
if (IS_ERR(inode)) { if (IS_ERR(inode)) {
ret = PTR_ERR(inode); ret = PTR_ERR(inode);
kfree(info->si_imap); goto out2;
goto out;
} }
s->s_root = d_alloc_root(inode); s->s_root = d_alloc_root(inode);
if (!s->s_root) { if (!s->s_root) {
iput(inode); iput(inode);
ret = -ENOMEM; ret = -ENOMEM;
kfree(info->si_imap); goto out2;
goto out;
} }
info->si_blocks = (le32_to_cpu(bfs_sb->s_end) + 1) >> BFS_BSIZE_BITS; info->si_blocks = (le32_to_cpu(bfs_sb->s_end) + 1) >> BFS_BSIZE_BITS;
...@@ -419,10 +417,8 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent) ...@@ -419,10 +417,8 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
bh = sb_bread(s, info->si_blocks - 1); bh = sb_bread(s, info->si_blocks - 1);
if (!bh) { if (!bh) {
printf("Last block not available: %lu\n", info->si_blocks - 1); printf("Last block not available: %lu\n", info->si_blocks - 1);
iput(inode);
ret = -EIO; ret = -EIO;
kfree(info->si_imap); goto out3;
goto out;
} }
brelse(bh); brelse(bh);
...@@ -459,11 +455,8 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent) ...@@ -459,11 +455,8 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
printf("Inode 0x%08x corrupted\n", i); printf("Inode 0x%08x corrupted\n", i);
brelse(bh); brelse(bh);
s->s_root = NULL; ret = -EIO;
kfree(info->si_imap); goto out3;
kfree(info);
s->s_fs_info = NULL;
return -EIO;
} }
if (!di->i_ino) { if (!di->i_ino) {
...@@ -483,11 +476,17 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent) ...@@ -483,11 +476,17 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
s->s_dirt = 1; s->s_dirt = 1;
} }
dump_imap("read_super", s); dump_imap("read_super", s);
mutex_init(&info->bfs_lock);
return 0; return 0;
out3:
dput(s->s_root);
s->s_root = NULL;
out2:
kfree(info->si_imap);
out1:
brelse(info->si_sbh);
out: out:
brelse(bh); mutex_destroy(&info->bfs_lock);
kfree(info); kfree(info);
s->s_fs_info = NULL; s->s_fs_info = NULL;
return ret; return ret;
......
...@@ -160,15 +160,8 @@ static int debugfs_create_by_name(const char *name, mode_t mode, ...@@ -160,15 +160,8 @@ static int debugfs_create_by_name(const char *name, mode_t mode,
* block. A pointer to that is in the struct vfsmount that we * block. A pointer to that is in the struct vfsmount that we
* have around. * have around.
*/ */
if (!parent) { if (!parent)
if (debugfs_mount && debugfs_mount->mnt_sb) { parent = debugfs_mount->mnt_sb->s_root;
parent = debugfs_mount->mnt_sb->s_root;
}
}
if (!parent) {
pr_debug("debugfs: Ah! can not find a parent!\n");
return -EFAULT;
}
*dentry = NULL; *dentry = NULL;
mutex_lock(&parent->d_inode->i_mutex); mutex_lock(&parent->d_inode->i_mutex);
......
...@@ -544,6 +544,7 @@ static int romfs_fill_super(struct super_block *sb, void *data, int silent) ...@@ -544,6 +544,7 @@ static int romfs_fill_super(struct super_block *sb, void *data, int silent)
error_rsb_inval: error_rsb_inval:
ret = -EINVAL; ret = -EINVAL;
error_rsb: error_rsb:
kfree(rsb);
return ret; return ret;
} }
......
...@@ -156,15 +156,8 @@ static int create_by_name(const char *name, mode_t mode, ...@@ -156,15 +156,8 @@ static int create_by_name(const char *name, mode_t mode,
* block. A pointer to that is in the struct vfsmount that we * block. A pointer to that is in the struct vfsmount that we
* have around. * have around.
*/ */
if (!parent ) { if (!parent)
if (mount && mount->mnt_sb) { parent = mount->mnt_sb->s_root;
parent = mount->mnt_sb->s_root;
}
}
if (!parent) {
pr_debug("securityfs: Ah! can not find a parent!\n");
return -EFAULT;
}
mutex_lock(&parent->d_inode->i_mutex); mutex_lock(&parent->d_inode->i_mutex);
*dentry = lookup_one_len(name, parent, strlen(name)); *dentry = lookup_one_len(name, parent, strlen(name));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment