aboutsummaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2009-05-22 18:40:59 +1000
committerJames Morris <jmorris@namei.org>2009-05-22 18:40:59 +1000
commit2c9e703c618106f5383226fbb1f526cb11034f8a (patch)
tree87d7548001ea82f655fede0640466fc16aabcdf7 /fs
parent6470c077cae12227318f40f3e6d756caadcce4b0 (diff)
parent5805977e63a36ad56594a623f3bd2bebcb7db233 (diff)
Merge branch 'master' into next
Conflicts: fs/exec.c Removed IMA changes (the IMA checks are now performed via may_open()). Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/9p/vfs_super.c12
-rw-r--r--fs/affs/super.c3
-rw-r--r--fs/afs/super.c7
-rw-r--r--fs/btrfs/ctree.c39
-rw-r--r--fs/btrfs/disk-io.c2
-rw-r--r--fs/btrfs/extent-tree.c2
-rw-r--r--fs/btrfs/inode.c2
-rw-r--r--fs/btrfs/ioctl.c4
-rw-r--r--fs/btrfs/super.c16
-rw-r--r--fs/cifs/CHANGES13
-rw-r--r--fs/cifs/README10
-rw-r--r--fs/cifs/cifs_dfs_ref.c32
-rw-r--r--fs/cifs/cifs_unicode.c198
-rw-r--r--fs/cifs/cifs_unicode.h23
-rw-r--r--fs/cifs/cifsfs.c6
-rw-r--r--fs/cifs/cifsfs.h2
-rw-r--r--fs/cifs/cifsglob.h16
-rw-r--r--fs/cifs/cifsproto.h5
-rw-r--r--fs/cifs/cifssmb.c215
-rw-r--r--fs/cifs/connect.c1190
-rw-r--r--fs/cifs/dir.c15
-rw-r--r--fs/cifs/file.c14
-rw-r--r--fs/cifs/inode.c21
-rw-r--r--fs/cifs/link.c162
-rw-r--r--fs/cifs/misc.c71
-rw-r--r--fs/cifs/netmisc.c2
-rw-r--r--fs/cifs/nterr.h9
-rw-r--r--fs/cifs/ntlmssp.h68
-rw-r--r--fs/cifs/readdir.c72
-rw-r--r--fs/cifs/sess.c340
-rw-r--r--fs/cifs/smberr.h1
-rw-r--r--fs/dcache.c2
-rw-r--r--fs/devpts/inode.c23
-rw-r--r--fs/ecryptfs/main.c5
-rw-r--r--fs/eventpoll.c2
-rw-r--r--fs/exec.c80
-rw-r--r--fs/ext4/extents.c19
-rw-r--r--fs/ext4/inode.c26
-rw-r--r--fs/fcntl.c6
-rw-r--r--fs/fuse/inode.c4
-rw-r--r--fs/gfs2/glock.c1
-rw-r--r--fs/gfs2/ops_fstype.c8
-rw-r--r--fs/hpfs/super.c3
-rw-r--r--fs/hugetlbfs/inode.c11
-rw-r--r--fs/inode.c81
-rw-r--r--fs/libfs.c3
-rw-r--r--fs/lockd/svc.c15
-rw-r--r--fs/namei.c13
-rw-r--r--fs/namespace.c23
-rw-r--r--fs/nfs/dir.c3
-rw-r--r--fs/nfs/super.c22
-rw-r--r--fs/nfsd/nfs4recover.c4
-rw-r--r--fs/nfsd/nfs4state.c1
-rw-r--r--fs/nfsd/nfs4xdr.c16
-rw-r--r--fs/nilfs2/ioctl.c281
-rw-r--r--fs/nilfs2/mdt.c15
-rw-r--r--fs/nilfs2/nilfs.h3
-rw-r--r--fs/nilfs2/page.c3
-rw-r--r--fs/nilfs2/recovery.c6
-rw-r--r--fs/nilfs2/segment.c5
-rw-r--r--fs/nilfs2/segment.h3
-rw-r--r--fs/ocfs2/symlink.c77
-rw-r--r--fs/open.c2
-rw-r--r--fs/proc/root.c3
-rw-r--r--fs/reiserfs/dir.c24
-rw-r--r--fs/reiserfs/namei.c17
-rw-r--r--fs/reiserfs/super.c11
-rw-r--r--fs/reiserfs/xattr.c260
-rw-r--r--fs/reiserfs/xattr_security.c12
-rw-r--r--fs/romfs/super.c3
-rw-r--r--fs/squashfs/Makefile1
-rw-r--r--fs/squashfs/cache.c1
-rw-r--r--fs/squashfs/super.c10
-rw-r--r--fs/super.c48
-rw-r--r--fs/ubifs/super.c3
-rw-r--r--fs/ufs/dir.c2
-rw-r--r--fs/ufs/file.c2
-rw-r--r--fs/ufs/ufs.h2
78 files changed, 1489 insertions, 2248 deletions
diff --git a/fs/9p/vfs_super.c b/fs/9p/vfs_super.c
index 5f8ab8adb5f..ab5547ff29a 100644
--- a/fs/9p/vfs_super.c
+++ b/fs/9p/vfs_super.c
@@ -37,6 +37,7 @@
#include <linux/mount.h>
#include <linux/idr.h>
#include <linux/sched.h>
+#include <linux/smp_lock.h>
#include <net/9p/9p.h>
#include <net/9p/client.h>
@@ -155,6 +156,7 @@ static int v9fs_get_sb(struct file_system_type *fs_type, int flags,
root = d_alloc_root(inode);
if (!root) {
+ iput(inode);
retval = -ENOMEM;
goto release_sb;
}
@@ -173,10 +175,7 @@ P9_DPRINTK(P9_DEBUG_VFS, " simple set mount, return 0\n");
return 0;
release_sb:
- if (sb) {
- up_write(&sb->s_umount);
- deactivate_super(sb);
- }
+ deactivate_locked_super(sb);
free_stat:
kfree(st);
@@ -230,9 +229,12 @@ static int v9fs_show_options(struct seq_file *m, struct vfsmount *mnt)
static void
v9fs_umount_begin(struct super_block *sb)
{
- struct v9fs_session_info *v9ses = sb->s_fs_info;
+ struct v9fs_session_info *v9ses;
+ lock_kernel();
+ v9ses = sb->s_fs_info;
v9fs_session_cancel(v9ses);
+ unlock_kernel();
}
static const struct super_operations v9fs_super_ops = {
diff --git a/fs/affs/super.c b/fs/affs/super.c
index 5ce695e707f..63f5183f263 100644
--- a/fs/affs/super.c
+++ b/fs/affs/super.c
@@ -507,8 +507,7 @@ affs_remount(struct super_block *sb, int *flags, char *data)
kfree(new_opts);
return -EINVAL;
}
- kfree(sb->s_options);
- sb->s_options = new_opts;
+ replace_mount_options(sb, new_opts);
sbi->s_flags = mount_flags;
sbi->s_mode = mode;
diff --git a/fs/afs/super.c b/fs/afs/super.c
index aee239a048c..76828e5f8a3 100644
--- a/fs/afs/super.c
+++ b/fs/afs/super.c
@@ -405,21 +405,20 @@ static int afs_get_sb(struct file_system_type *fs_type,
sb->s_flags = flags;
ret = afs_fill_super(sb, &params);
if (ret < 0) {
- up_write(&sb->s_umount);
- deactivate_super(sb);
+ deactivate_locked_super(sb);
goto error;
}
- sb->s_options = new_opts;
+ save_mount_options(sb, new_opts);
sb->s_flags |= MS_ACTIVE;
} else {
_debug("reuse");
- kfree(new_opts);
ASSERTCMP(sb->s_flags, &, MS_ACTIVE);
}
simple_set_mnt(mnt, sb);
afs_put_volume(params.volume);
afs_put_cell(params.cell);
+ kfree(new_opts);
_leave(" = 0 [%p]", sb);
return 0;
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
index a99f1c2a710..fedf8b9f03a 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -1469,6 +1469,7 @@ read_block_for_search(struct btrfs_trans_handle *trans,
u32 blocksize;
struct extent_buffer *b = *eb_ret;
struct extent_buffer *tmp;
+ int ret;
blocknr = btrfs_node_blockptr(b, slot);
gen = btrfs_node_ptr_generation(b, slot);
@@ -1476,6 +1477,10 @@ read_block_for_search(struct btrfs_trans_handle *trans,
tmp = btrfs_find_tree_block(root, blocknr, blocksize);
if (tmp && btrfs_buffer_uptodate(tmp, gen)) {
+ /*
+ * we found an up to date block without sleeping, return
+ * right away
+ */
*eb_ret = tmp;
return 0;
}
@@ -1483,7 +1488,9 @@ read_block_for_search(struct btrfs_trans_handle *trans,
/*
* reduce lock contention at high levels
* of the btree by dropping locks before
- * we read.
+ * we read. Don't release the lock on the current
+ * level because we need to walk this node to figure
+ * out which blocks to read.
*/
btrfs_unlock_up_safe(p, level + 1);
btrfs_set_path_blocking(p);
@@ -1494,10 +1501,21 @@ read_block_for_search(struct btrfs_trans_handle *trans,
reada_for_search(root, p, level, slot, key->objectid);
btrfs_release_path(NULL, p);
+
+ ret = -EAGAIN;
tmp = read_tree_block(root, blocknr, blocksize, gen);
- if (tmp)
+ if (tmp) {
+ /*
+ * If the read above didn't mark this buffer up to date,
+ * it will never end up being up to date. Set ret to EIO now
+ * and give up so that our caller doesn't loop forever
+ * on our EAGAINs.
+ */
+ if (!btrfs_buffer_uptodate(tmp, 0))
+ ret = -EIO;
free_extent_buffer(tmp);
- return -EAGAIN;
+ }
+ return ret;
}
/*
@@ -1696,6 +1714,9 @@ cow_done:
if (ret == -EAGAIN)
goto again;
+ if (ret == -EIO)
+ goto done;
+
if (!p->skip_locking) {
int lret;
@@ -1738,6 +1759,8 @@ done:
*/
if (!p->leave_spinning)
btrfs_set_path_blocking(p);
+ if (ret < 0)
+ btrfs_release_path(root, p);
return ret;
}
@@ -4212,6 +4235,11 @@ again:
if (ret == -EAGAIN)
goto again;
+ if (ret < 0) {
+ btrfs_release_path(root, path);
+ goto done;
+ }
+
if (!path->skip_locking) {
ret = btrfs_try_spin_lock(next);
if (!ret) {
@@ -4246,6 +4274,11 @@ again:
if (ret == -EAGAIN)
goto again;
+ if (ret < 0) {
+ btrfs_release_path(root, path);
+ goto done;
+ }
+
if (!path->skip_locking) {
btrfs_assert_tree_locked(path->nodes[level]);
ret = btrfs_try_spin_lock(next);
diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
index 0ff16d3331d..4b0ea0b80c2 100644
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -848,8 +848,6 @@ struct extent_buffer *read_tree_block(struct btrfs_root *root, u64 bytenr,
if (ret == 0)
set_bit(EXTENT_BUFFER_UPTODATE, &buf->bflags);
- else
- WARN_ON(1);
return buf;
}
diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
index e4966444811..3e2c7c738f2 100644
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -312,7 +312,7 @@ btrfs_lookup_first_block_group(struct btrfs_fs_info *info, u64 bytenr)
}
/*
- * return the block group that contains teh given bytenr
+ * return the block group that contains the given bytenr
*/
struct btrfs_block_group_cache *btrfs_lookup_block_group(
struct btrfs_fs_info *info,
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 90c23eb2882..1c8b0190d03 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -3122,6 +3122,7 @@ static noinline void init_btrfs_i(struct inode *inode)
bi->flags = 0;
bi->index_cnt = (u64)-1;
bi->last_unlink_trans = 0;
+ bi->ordered_data_close = 0;
extent_map_tree_init(&BTRFS_I(inode)->extent_tree, GFP_NOFS);
extent_io_tree_init(&BTRFS_I(inode)->io_tree,
inode->i_mapping, GFP_NOFS);
@@ -4295,7 +4296,6 @@ out:
}
if (err) {
free_extent_map(em);
- WARN_ON(1);
return ERR_PTR(err);
}
return em;
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 5e94ea6e1cb..2624b53ea78 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -437,10 +437,6 @@ out_unlock:
return 0;
}
-/*
- * Called inside transaction, so use GFP_NOFS
- */
-
static int btrfs_ioctl_resize(struct btrfs_root *root, void __user *arg)
{
u64 new_size;
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
index 3536bdb2d7c..2ff7cd2db25 100644
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -436,9 +436,9 @@ static int btrfs_show_options(struct seq_file *seq, struct vfsmount *vfs)
if (btrfs_test_opt(root, SSD))
seq_puts(seq, ",ssd");
if (btrfs_test_opt(root, NOTREELOG))
- seq_puts(seq, ",no-treelog");
+ seq_puts(seq, ",notreelog");
if (btrfs_test_opt(root, FLUSHONCOMMIT))
- seq_puts(seq, ",flush-on-commit");
+ seq_puts(seq, ",flushoncommit");
if (!(root->fs_info->sb->s_flags & MS_POSIXACL))
seq_puts(seq, ",noacl");
return 0;
@@ -502,8 +502,7 @@ static int btrfs_get_sb(struct file_system_type *fs_type, int flags,
if (s->s_root) {
if ((flags ^ s->s_flags) & MS_RDONLY) {
- up_write(&s->s_umount);
- deactivate_super(s);
+ deactivate_locked_super(s);
error = -EBUSY;
goto error_close_devices;
}
@@ -517,8 +516,7 @@ static int btrfs_get_sb(struct file_system_type *fs_type, int flags,
error = btrfs_fill_super(s, fs_devices, data,
flags & MS_SILENT ? 1 : 0);
if (error) {
- up_write(&s->s_umount);
- deactivate_super(s);
+ deactivate_locked_super(s);
goto error_free_subvol_name;
}
@@ -535,15 +533,13 @@ static int btrfs_get_sb(struct file_system_type *fs_type, int flags,
mutex_unlock(&s->s_root->d_inode->i_mutex);
if (IS_ERR(root)) {
- up_write(&s->s_umount);
- deactivate_super(s);
+ deactivate_locked_super(s);
error = PTR_ERR(root);
goto error_free_subvol_name;
}
if (!root->d_inode) {
dput(root);
- up_write(&s->s_umount);
- deactivate_super(s);
+ deactivate_locked_super(s);
error = -ENXIO;
goto error_free_subvol_name;
}
diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
index 9d1fb6ec8a5..f20c4069c22 100644
--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -1,3 +1,16 @@
+Version 1.58
+------------
+Guard against buffer overruns in various UCS-2 to UTF-8 string conversions
+when the UTF-8 string is composed of unusually long (more than 4 byte) converted
+characters. Add support for mounting root of a share which redirects immediately
+to DFS target. Convert string conversion functions from Unicode to more
+accurately mark string length before allocating memory (which may help the
+rare cases where a UTF-8 string is much larger than the UCS2 string that
+we converted from). Fix endianness of the vcnum field used during
+session setup to distinguish multiple mounts to same server from different
+userids. Raw NTLMSSP fixed (it requires /proc/fs/cifs/experimental
+flag to be set to 2, and mount must enable krb5 to turn on extended security).
+
Version 1.57
------------
Improve support for multiple security contexts to the same server. We
diff --git a/fs/cifs/README b/fs/cifs/README
index 07434181623..db208ddb989 100644
--- a/fs/cifs/README
+++ b/fs/cifs/README
@@ -651,7 +651,15 @@ Experimental When set to 1 used to enable certain experimental
signing turned on in case buffer was modified
just before it was sent, also this flag will
be used to use the new experimental directory change
- notification code).
+ notification code). When set to 2 enables
+ an additional experimental feature, "raw ntlmssp"
+ session establishment support (which allows
+ specifying "sec=ntlmssp" on mount). The Linux cifs
+ module will use ntlmv2 authentication encapsulated
+ in "raw ntlmssp" (not using SPNEGO) when
+ "sec=ntlmssp" is specified on mount.
+ This support also requires building cifs with
+ the CONFIG_CIFS_EXPERIMENTAL configuration flag.
These experimental features and tracing can be enabled by changing flags in
/proc/fs/cifs (after the cifs module has been installed or built into the
diff --git a/fs/cifs/cifs_dfs_ref.c b/fs/cifs/cifs_dfs_ref.c
index 5fdbf8a1447..83d62759c7c 100644
--- a/fs/cifs/cifs_dfs_ref.c
+++ b/fs/cifs/cifs_dfs_ref.c
@@ -340,28 +340,24 @@ cifs_dfs_follow_mountpoint(struct dentry *dentry, struct nameidata *nd)
cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
for (i = 0; i < num_referrals; i++) {
+ int len;
dump_referral(referrals+i);
- /* connect to a storage node */
- if (referrals[i].flags & DFSREF_STORAGE_SERVER) {
- int len;
- len = strlen(referrals[i].node_name);
- if (len < 2) {
- cERROR(1, ("%s: Net Address path too short: %s",
+ /* connect to a node */
+ len = strlen(referrals[i].node_name);
+ if (len < 2) {
+ cERROR(1, ("%s: Net Address path too short: %s",
__func__, referrals[i].node_name));
- rc = -EINVAL;
- goto out_err;
- }
- mnt = cifs_dfs_do_refmount(nd->path.mnt,
- nd->path.dentry,
- referrals + i);
- cFYI(1, ("%s: cifs_dfs_do_refmount:%s , mnt:%p",
- __func__,
+ rc = -EINVAL;
+ goto out_err;
+ }
+ mnt = cifs_dfs_do_refmount(nd->path.mnt,
+ nd->path.dentry, referrals + i);
+ cFYI(1, ("%s: cifs_dfs_do_refmount:%s , mnt:%p", __func__,
referrals[i].node_name, mnt));
- /* complete mount procedure if we accured submount */
- if (!IS_ERR(mnt))
- break;
- }
+ /* complete mount procedure if we accured submount */
+ if (!IS_ERR(mnt))
+ break;
}
/* we need it cause for() above could exit without valid submount */
diff --git a/fs/cifs/cifs_unicode.c b/fs/cifs/cifs_unicode.c
index 7d75272a6b3..60e3c4253de 100644
--- a/fs/cifs/cifs_unicode.c
+++ b/fs/cifs/cifs_unicode.c
@@ -1,7 +1,7 @@
/*
* fs/cifs/cifs_unicode.c
*
- * Copyright (c) International Business Machines Corp., 2000,2005
+ * Copyright (c) International Business Machines Corp., 2000,2009
* Modified by Steve French (sfrench@us.ibm.com)
*
* This program is free software; you can redistribute it and/or modify
@@ -26,31 +26,157 @@
#include "cifs_debug.h"
/*
- * NAME: cifs_strfromUCS()
- *
- * FUNCTION: Convert little-endian unicode string to character string
+ * cifs_ucs2_bytes - how long will a string be after conversion?
+ * @ucs - pointer to input string
+ * @maxbytes - don't go past this many bytes of input string
+ * @codepage - destination codepage
*
+ * Walk a ucs2le string and return the number of bytes that the string will
+ * be after being converted to the given charset, not including any null
+ * termination required. Don't walk past maxbytes in the source buffer.
*/
int
-cifs_strfromUCS_le(char *to, const __le16 *from,
- int len, const struct nls_table *codepage)
+cifs_ucs2_bytes(const __le16 *from, int maxbytes,
+ const struct nls_table *codepage)
{
int i;
- int outlen = 0;
+ int charlen, outlen = 0;
+ int maxwords = maxbytes / 2;
+ char tmp[NLS_MAX_CHARSET_SIZE];
- for (i = 0; (i < len) && from[i]; i++) {
- int charlen;
- /* 2.4.0 kernel or greater */
- charlen =
- codepage->uni2char(le16_to_cpu(from[i]), &to[outlen],
- NLS_MAX_CHARSET_SIZE);
- if (charlen > 0) {
+ for (i = 0; from[i] && i < maxwords; i++) {
+ charlen = codepage->uni2char(le16_to_cpu(from[i]), tmp,
+ NLS_MAX_CHARSET_SIZE);
+ if (charlen > 0)
outlen += charlen;
- } else {
- to[outlen++] = '?';
+ else
+ outlen++;
+ }
+
+ return outlen;
+}
+
+/*
+ * cifs_mapchar - convert a little-endian char to proper char in codepage
+ * @target - where converted character should be copied
+ * @src_char - 2 byte little-endian source character
+ * @cp - codepage to which character should be converted
+ * @mapchar - should character be mapped according to mapchars mount option?
+ *
+ * This function handles the conversion of a single character. It is the
+ * responsibility of the caller to ensure that the target buffer is large
+ * enough to hold the result of the conversion (at least NLS_MAX_CHARSET_SIZE).
+ */
+static int
+cifs_mapchar(char *target, const __le16 src_char, const struct nls_table *cp,
+ bool mapchar)
+{
+ int len = 1;
+
+ if (!mapchar)
+ goto cp_convert;
+
+ /*
+ * BB: Cannot handle remapping UNI_SLASH until all the calls to
+ * build_path_from_dentry are modified, as they use slash as
+ * separator.
+ */
+ switch (le16_to_cpu(src_char)) {
+ case UNI_COLON:
+ *target = ':';
+ break;