From 0c0c19b23d183b100ccecd0e535b396cd3cc0cf8 Mon Sep 17 00:00:00 2001 From: Jean-Francois Moine Date: Mon, 14 Dec 2009 14:57:49 -0300 Subject: [PATCH] --- yaml --- r: 179413 b: refs/heads/master c: 8c32aa5945cb05bb2ff8a91485d4477fbe55cf00 h: refs/heads/master i: 179411: fb68f08168a00b0cec6aafdfb58a10c93797533f v: v3 --- [refs] | 2 +- trunk/arch/um/drivers/mconsole_kern.c | 49 ++++++++++++++++--------- trunk/drivers/media/video/gspca/gspca.c | 2 + trunk/fs/9p/vfs_inode.c | 41 ++++++++++++++++++++- trunk/fs/cifs/cifs_dfs_ref.c | 3 +- trunk/fs/configfs/symlink.c | 4 +- trunk/fs/ecryptfs/inode.c | 24 ++++++------ trunk/fs/hppfs/hppfs.c | 18 +++------ trunk/fs/namei.c | 23 ++++++------ trunk/fs/namespace.c | 14 ++----- trunk/fs/proc/base.c | 1 + trunk/include/linux/fs.h | 2 +- trunk/scripts/mod/file2alias.c | 2 +- trunk/security/tomoyo/tomoyo.c | 7 +++- 14 files changed, 119 insertions(+), 73 deletions(-) diff --git a/[refs] b/[refs] index a6c9d4ce8365..decf50f32326 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 7dc9c484a71525794ca05cf7a47f283f1b54cd12 +refs/heads/master: 8c32aa5945cb05bb2ff8a91485d4477fbe55cf00 diff --git a/trunk/arch/um/drivers/mconsole_kern.c b/trunk/arch/um/drivers/mconsole_kern.c index 3b3c36601a7b..51069245b79a 100644 --- a/trunk/arch/um/drivers/mconsole_kern.c +++ b/trunk/arch/um/drivers/mconsole_kern.c @@ -125,36 +125,50 @@ void mconsole_log(struct mc_request *req) void mconsole_proc(struct mc_request *req) { struct nameidata nd; - struct vfsmount *mnt = current->nsproxy->pid_ns->proc_mnt; + struct file_system_type *proc; + struct super_block *super; struct file *file; int n, err; char *ptr = req->request.data, *buf; - mm_segment_t old_fs = get_fs(); ptr += strlen("proc"); ptr = skip_spaces(ptr); - err = vfs_path_lookup(mnt->mnt_root, mnt, ptr, LOOKUP_FOLLOW, &nd); - if (err) { - mconsole_reply(req, "Failed to look up file", 1, 0); + proc = get_fs_type("proc"); + if (proc == NULL) { + mconsole_reply(req, "procfs not registered", 1, 0); goto out; } - err = may_open(&nd.path, MAY_READ, FMODE_READ); - if (result) { - mconsole_reply(req, "Failed to open file", 1, 0); - path_put(&nd.path); + super = (*proc->get_sb)(proc, 0, NULL, NULL); + put_filesystem(proc); + if (super == NULL) { + mconsole_reply(req, "Failed to get procfs superblock", 1, 0); goto out; } + up_write(&super->s_umount); + + nd.path.dentry = super->s_root; + nd.path.mnt = NULL; + nd.flags = O_RDONLY + 1; + nd.last_type = LAST_ROOT; + + /* START: it was experienced that the stability problems are closed + * if commenting out these two calls + the below read cycle. To + * make UML crash again, it was enough to readd either one.*/ + err = link_path_walk(ptr, &nd); + if (err) { + mconsole_reply(req, "Failed to look up file", 1, 0); + goto out_kill; + } file = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY, current_cred()); - err = PTR_ERR(file); if (IS_ERR(file)) { mconsole_reply(req, "Failed to open file", 1, 0); - path_put(&nd.path); - goto out; + goto out_kill; } + /*END*/ buf = kmalloc(PAGE_SIZE, GFP_KERNEL); if (buf == NULL) { @@ -162,13 +176,10 @@ void mconsole_proc(struct mc_request *req) goto out_fput; } - if (file->f_op->read) { + if ((file->f_op != NULL) && (file->f_op->read != NULL)) { do { - loff_t pos; - set_fs(KERNEL_DS); - n = vfs_read(file, buf, PAGE_SIZE - 1, &pos); - file_pos_write(file, pos); - set_fs(old_fs); + n = (*file->f_op->read)(file, buf, PAGE_SIZE - 1, + &file->f_pos); if (n >= 0) { buf[n] = '\0'; mconsole_reply(req, buf, 0, (n > 0)); @@ -186,6 +197,8 @@ void mconsole_proc(struct mc_request *req) kfree(buf); out_fput: fput(file); + out_kill: + deactivate_super(super); out: ; } #endif diff --git a/trunk/drivers/media/video/gspca/gspca.c b/trunk/drivers/media/video/gspca/gspca.c index e930a67d526b..bd6214d4ab3b 100644 --- a/trunk/drivers/media/video/gspca/gspca.c +++ b/trunk/drivers/media/video/gspca/gspca.c @@ -1815,6 +1815,8 @@ static int vidioc_qbuf(struct file *file, void *priv, /* put the buffer in the 'queued' queue */ i = gspca_dev->fr_q; gspca_dev->fr_queue[i] = index; + if (gspca_dev->fr_i == i) + gspca_dev->cur_frame = frame; gspca_dev->fr_q = (i + 1) % gspca_dev->nframes; PDEBUG(D_FRAM, "qbuf q:%d i:%d o:%d", gspca_dev->fr_q, diff --git a/trunk/fs/9p/vfs_inode.c b/trunk/fs/9p/vfs_inode.c index 9d03d1ebca6f..18f74ec4dce9 100644 --- a/trunk/fs/9p/vfs_inode.c +++ b/trunk/fs/9p/vfs_inode.c @@ -1000,6 +1000,44 @@ static int v9fs_readlink(struct dentry *dentry, char *buffer, int buflen) return retval; } +/** + * v9fs_vfs_readlink - read a symlink's location + * @dentry: dentry for symlink + * @buffer: buffer to load symlink location into + * @buflen: length of buffer + * + */ + +static int v9fs_vfs_readlink(struct dentry *dentry, char __user * buffer, + int buflen) +{ + int retval; + int ret; + char *link = __getname(); + + if (unlikely(!link)) + return -ENOMEM; + + if (buflen > PATH_MAX) + buflen = PATH_MAX; + + P9_DPRINTK(P9_DEBUG_VFS, " dentry: %s (%p)\n", dentry->d_name.name, + dentry); + + retval = v9fs_readlink(dentry, link, buflen); + + if (retval > 0) { + if ((ret = copy_to_user(buffer, link, retval)) != 0) { + P9_DPRINTK(P9_DEBUG_ERROR, + "problem copying to user: %d\n", ret); + retval = ret; + } + } + + __putname(link); + return retval; +} + /** * v9fs_vfs_follow_link - follow a symlink path * @dentry: dentry for symlink @@ -1192,6 +1230,7 @@ static const struct inode_operations v9fs_dir_inode_operations_ext = { .rmdir = v9fs_vfs_rmdir, .mknod = v9fs_vfs_mknod, .rename = v9fs_vfs_rename, + .readlink = v9fs_vfs_readlink, .getattr = v9fs_vfs_getattr, .setattr = v9fs_vfs_setattr, }; @@ -1214,7 +1253,7 @@ static const struct inode_operations v9fs_file_inode_operations = { }; static const struct inode_operations v9fs_symlink_inode_operations = { - .readlink = generic_readlink, + .readlink = v9fs_vfs_readlink, .follow_link = v9fs_vfs_follow_link, .put_link = v9fs_vfs_put_link, .getattr = v9fs_vfs_getattr, diff --git a/trunk/fs/cifs/cifs_dfs_ref.c b/trunk/fs/cifs/cifs_dfs_ref.c index b44ce0a0711c..fea9e898c4ba 100644 --- a/trunk/fs/cifs/cifs_dfs_ref.c +++ b/trunk/fs/cifs/cifs_dfs_ref.c @@ -269,7 +269,7 @@ static int add_mount_helper(struct vfsmount *newmnt, struct nameidata *nd, int err; mntget(newmnt); - err = do_add_mount(newmnt, &nd->path, nd->path.mnt->mnt_flags | MNT_SHRINKABLE, mntlist); + err = do_add_mount(newmnt, &nd->path, nd->path.mnt->mnt_flags, mntlist); switch (err) { case 0: path_put(&nd->path); @@ -371,6 +371,7 @@ cifs_dfs_follow_mountpoint(struct dentry *dentry, struct nameidata *nd) if (IS_ERR(mnt)) goto out_err; + nd->path.mnt->mnt_flags |= MNT_SHRINKABLE; rc = add_mount_helper(mnt, nd, &cifs_dfs_automount_list); out: diff --git a/trunk/fs/configfs/symlink.c b/trunk/fs/configfs/symlink.c index 32a5f46b1157..c8afa6b1d91d 100644 --- a/trunk/fs/configfs/symlink.c +++ b/trunk/fs/configfs/symlink.c @@ -121,10 +121,8 @@ static int get_target(const char *symname, struct path *path, ret = -ENOENT; path_put(path); } - } else { + } else ret = -EPERM; - path_put(path); - } } return ret; diff --git a/trunk/fs/ecryptfs/inode.c b/trunk/fs/ecryptfs/inode.c index 7f8545032930..429ca0b3ba08 100644 --- a/trunk/fs/ecryptfs/inode.c +++ b/trunk/fs/ecryptfs/inode.c @@ -715,31 +715,31 @@ static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd) /* Released in ecryptfs_put_link(); only release here on error */ buf = kmalloc(len, GFP_KERNEL); if (!buf) { - buf = ERR_PTR(-ENOMEM); + rc = -ENOMEM; goto out; } old_fs = get_fs(); set_fs(get_ds()); rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len); set_fs(old_fs); - if (rc < 0) { - kfree(buf); - buf = ERR_PTR(rc); - } else + if (rc < 0) + goto out_free; + else buf[rc] = '\0'; -out: + rc = 0; nd_set_link(nd, buf); - return NULL; + goto out; +out_free: + kfree(buf); +out: + return ERR_PTR(rc); } static void ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr) { - char *buf = nd_get_link(nd); - if (!IS_ERR(buf)) { - /* Free the char* */ - kfree(buf); - } + /* Free the char* */ + kfree(nd_get_link(nd)); } /** diff --git a/trunk/fs/hppfs/hppfs.c b/trunk/fs/hppfs/hppfs.c index 7239efc690d8..a5089a6dd67a 100644 --- a/trunk/fs/hppfs/hppfs.c +++ b/trunk/fs/hppfs/hppfs.c @@ -646,25 +646,20 @@ static const struct super_operations hppfs_sbops = { static int hppfs_readlink(struct dentry *dentry, char __user *buffer, int buflen) { - struct dentry *proc_dentry = HPPFS_I(dentry->d_inode)->proc_dentry; + struct dentry *proc_dentry; + + proc_dentry = HPPFS_I(dentry->d_inode)->proc_dentry; return proc_dentry->d_inode->i_op->readlink(proc_dentry, buffer, buflen); } static void *hppfs_follow_link(struct dentry *dentry, struct nameidata *nd) { - struct dentry *proc_dentry = HPPFS_I(dentry->d_inode)->proc_dentry; - - return proc_dentry->d_inode->i_op->follow_link(proc_dentry, nd); -} + struct dentry *proc_dentry; -static void hppfs_put_link(struct dentry *dentry, struct nameidata *nd, - void *cookie) -{ - struct dentry *proc_dentry = HPPFS_I(dentry->d_inode)->proc_dentry; + proc_dentry = HPPFS_I(dentry->d_inode)->proc_dentry; - if (proc_dentry->d_inode->i_op->put_link) - proc_dentry->d_inode->i_op->put_link(proc_dentry, nd, cookie); + return proc_dentry->d_inode->i_op->follow_link(proc_dentry, nd); } static const struct inode_operations hppfs_dir_iops = { @@ -674,7 +669,6 @@ static const struct inode_operations hppfs_dir_iops = { static const struct inode_operations hppfs_link_iops = { .readlink = hppfs_readlink, .follow_link = hppfs_follow_link, - .put_link = hppfs_put_link, }; static struct inode *get_inode(struct super_block *sb, struct dentry *dentry) diff --git a/trunk/fs/namei.c b/trunk/fs/namei.c index 94a5e60779f9..b55440baf7ab 100644 --- a/trunk/fs/namei.c +++ b/trunk/fs/namei.c @@ -561,7 +561,6 @@ static __always_inline int __do_follow_link(struct path *path, struct nameidata dget(dentry); } mntget(path->mnt); - nd->last_type = LAST_BIND; cookie = dentry->d_inode->i_op->follow_link(dentry, nd); error = PTR_ERR(cookie); if (!IS_ERR(cookie)) { @@ -1604,12 +1603,11 @@ struct file *do_filp_open(int dfd, const char *pathname, struct file *filp; struct nameidata nd; int error; - struct path path; + struct path path, save; struct dentry *dir; int count = 0; int will_truncate; int flag = open_to_namei_flags(open_flag); - int force_reval = 0; /* * O_SYNC is implemented as __O_SYNC|O_DSYNC. As many places only @@ -1621,7 +1619,7 @@ struct file *do_filp_open(int dfd, const char *pathname, open_flag |= O_DSYNC; if (!acc_mode) - acc_mode = MAY_OPEN | ACC_MODE(open_flag); + acc_mode = MAY_OPEN | ACC_MODE(flag); /* O_TRUNC implies we need access checks for write permissions */ if (flag & O_TRUNC) @@ -1661,12 +1659,9 @@ struct file *do_filp_open(int dfd, const char *pathname, /* * Create - we need to know the parent. */ -reval: error = path_init(dfd, pathname, LOOKUP_PARENT, &nd); if (error) return ERR_PTR(error); - if (force_reval) - nd.flags |= LOOKUP_REVAL; error = path_walk(pathname, &nd); if (error) { if (nd.root.mnt) @@ -1858,7 +1853,17 @@ struct file *do_filp_open(int dfd, const char *pathname, error = security_inode_follow_link(path.dentry, &nd); if (error) goto exit_dput; + save = nd.path; + path_get(&save); error = __do_follow_link(&path, &nd); + if (error == -ESTALE) { + /* nd.path had been dropped */ + nd.path = save; + path_get(&nd.path); + nd.flags |= LOOKUP_REVAL; + error = __do_follow_link(&path, &nd); + } + path_put(&save); path_put(&path); if (error) { /* Does someone understand code flow here? Or it is only @@ -1868,10 +1873,6 @@ struct file *do_filp_open(int dfd, const char *pathname, release_open_intent(&nd); if (nd.root.mnt) path_put(&nd.root); - if (error == -ESTALE && !force_reval) { - force_reval = 1; - goto reval; - } return ERR_PTR(error); } nd.flags &= ~LOOKUP_PARENT; diff --git a/trunk/fs/namespace.c b/trunk/fs/namespace.c index c768f733c8d6..7d70d63ceb29 100644 --- a/trunk/fs/namespace.c +++ b/trunk/fs/namespace.c @@ -965,12 +965,10 @@ EXPORT_SYMBOL(may_umount_tree); int may_umount(struct vfsmount *mnt) { int ret = 1; - down_read(&namespace_sem); spin_lock(&vfsmount_lock); if (propagate_mount_busy(mnt, 2)) ret = 0; spin_unlock(&vfsmount_lock); - up_read(&namespace_sem); return ret; } @@ -1354,12 +1352,12 @@ static int attach_recursive_mnt(struct vfsmount *source_mnt, if (err) goto out_cleanup_ids; - spin_lock(&vfsmount_lock); - if (IS_MNT_SHARED(dest_mnt)) { for (p = source_mnt; p; p = next_mnt(p, source_mnt)) set_mnt_shared(p); } + + spin_lock(&vfsmount_lock); if (parent_path) { detach_mnt(source_mnt, parent_path); attach_mnt(source_mnt, path); @@ -1536,12 +1534,8 @@ static int do_remount(struct path *path, int flags, int mnt_flags, err = change_mount_flags(path->mnt, flags); else err = do_remount_sb(sb, flags, data, 0); - if (!err) { - spin_lock(&vfsmount_lock); - mnt_flags |= path->mnt->mnt_flags & MNT_PNODE_MASK; + if (!err) path->mnt->mnt_flags = mnt_flags; - spin_unlock(&vfsmount_lock); - } up_write(&sb->s_umount); if (!err) { security_sb_post_remount(path->mnt, flags, data); @@ -1671,8 +1665,6 @@ int do_add_mount(struct vfsmount *newmnt, struct path *path, { int err; - mnt_flags &= ~(MNT_SHARED | MNT_WRITE_HOLD); - down_write(&namespace_sem); /* Something was mounted here while we slept */ while (d_mountpoint(path->dentry) && diff --git a/trunk/fs/proc/base.c b/trunk/fs/proc/base.c index e42bbd843ed1..18d5cc62d8ed 100644 --- a/trunk/fs/proc/base.c +++ b/trunk/fs/proc/base.c @@ -1419,6 +1419,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) goto out; error = PROC_I(inode)->op.proc_get_link(inode, &nd->path); + nd->last_type = LAST_BIND; out: return ERR_PTR(error); } diff --git a/trunk/include/linux/fs.h b/trunk/include/linux/fs.h index b1bcb275b596..9147ca88f253 100644 --- a/trunk/include/linux/fs.h +++ b/trunk/include/linux/fs.h @@ -2463,7 +2463,7 @@ int proc_nr_files(struct ctl_table *table, int write, int __init get_filesystem_list(char *buf); -#define ACC_MODE(x) ("\004\002\006\006"[(x)&O_ACCMODE]) +#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) #define OPEN_FMODE(flag) ((__force fmode_t)((flag + 1) & O_ACCMODE)) #endif /* __KERNEL__ */ diff --git a/trunk/scripts/mod/file2alias.c b/trunk/scripts/mod/file2alias.c index 220213e603db..6f426afbc522 100644 --- a/trunk/scripts/mod/file2alias.c +++ b/trunk/scripts/mod/file2alias.c @@ -804,7 +804,7 @@ static inline int sym_is(const char *symbol, const char *name) match = strstr(symbol, name); if (!match) return 0; - return match[strlen(name)] == '\0'; + return match[strlen(symbol)] == '\0'; } static void do_table(void *symval, unsigned long size, diff --git a/trunk/security/tomoyo/tomoyo.c b/trunk/security/tomoyo/tomoyo.c index 2aceebf5f354..8a00ade85166 100644 --- a/trunk/security/tomoyo/tomoyo.c +++ b/trunk/security/tomoyo/tomoyo.c @@ -80,8 +80,9 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm) return tomoyo_find_next_domain(bprm); /* * Read permission is checked against interpreters using next domain. + * '1' is the result of open_to_namei_flags(O_RDONLY). */ - return tomoyo_check_open_permission(domain, &bprm->file->f_path, O_RDONLY); + return tomoyo_check_open_permission(domain, &bprm->file->f_path, 1); } static int tomoyo_path_truncate(struct path *path, loff_t length, @@ -183,6 +184,10 @@ static int tomoyo_file_fcntl(struct file *file, unsigned int cmd, static int tomoyo_dentry_open(struct file *f, const struct cred *cred) { int flags = f->f_flags; + + if ((flags + 1) & O_ACCMODE) + flags++; + flags |= f->f_flags & (O_APPEND | O_TRUNC); /* Don't check read permission here if called from do_execve(). */ if (current->in_execve) return 0;