aboutsummaryrefslogtreecommitdiffstats
path: root/fs
Commit message (Collapse)AuthorAgeFilesLines
...
| * [COMPAT] net: SIOCGIFCONF data corruptionAlexandra Kossovsky2005-11-201-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From: Alexandra Kossovsky <Alexandra.Kossovsky@oktetlabs.ru> From http://bugzilla.kernel.org/show_bug.cgi?id=4746 There is user data corruption when using ioctl(SIOCGIFCONF) in 32-bit application running amd64 kernel. I do not think that this problem is exploitable, but any data corruption may lead to security problems. Following code demonstrates the problem #include <stdint.h> #include <stdio.h> #include <sys/time.h> #include <sys/socket.h> #include <net/if.h> #include <sys/ioctl.h> char buf[256]; main() { int s = socket(AF_INET, SOCK_DGRAM, 0); struct ifconf req; int i; req.ifc_buf = buf; req.ifc_len = 41; printf("Result %d\n", ioctl(s, SIOCGIFCONF, &req)); printf("Len %d\n", req.ifc_len); for (i = 41; i < 256; i++) if (buf[i] != 0) printf("Byte %d is corrupted\n", i); } Steps to reproduce: Compile the code above into 32-bit elf and run it. You'll get Result 0 Len 32 Byte 48 is corrupted Byte 52 is corrupted Byte 53 is corrupted Byte 54 is corrupted Byte 55 is corrupted Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [PATCH] Remove compat ioctl semaphoreAndi Kleen2005-11-201-7/+0
|/ | | | | | | | | | | Originally for 2.6.16, but the semaphore causes problems for some people so get rid of it now. It's not needed anymore because the ioctl hash table is never changed at run time now. Signed-off-by: Andi Kleen <ak@suse.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Merge with /pub/scm/linux/kernel/git/torvalds/linux-2.6.gitSteve French2005-11-191-0/+169
|\
| * [COMPAT]: EXT3_IOC_SETVERSION is _IOW() not _IOR().David S. Miller2005-11-181-1/+1
| | | | | | | | | | | | Noticed by Helge Deller. Signed-off-by: David S. Miller <davem@davemloft.net>
| * [COMPAT]: Add ext3 ioctl translations.David S. Miller2005-11-171-0/+36
| | | | | | | | | | | | | | | | So things like on-line resizing et al. work. Based almost entirely upon a patch by Guido Günther <agx@sigxcpu.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [DVB]: Add compat ioctl handling.David S. Miller2005-11-161-0/+133
| | | | | | | | | | | | | | | | | | Based upon a patch by Guido Guenther <agx@sigxcpu.org>. Some of these ioctls had embedded time_t objects or pointers, so needed translation. Signed-off-by: David S. Miller <davem@davemloft.net>
* | [CIFS] Fix setattr of mode only (e.g. in some chmod cases) to WindowsSteve French2005-11-191-0/+1
| | | | | | | | | | | | so it does not return EACCESS (unless server really returns that). Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Fix mknod of block and chardev over SFU mountsSteve French2005-11-183-13/+62
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Missing part of previous patchSteve French2005-11-182-0/+3
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Fix scheduling while atomic when pending writes at file close timeSteve French2005-11-182-22/+56
| | | | | | | | | | | | | | | | | | | | Fix the case in which readdir reset file type when SFU mount option specified. Also fix sfu related functions to not request EAs (xattrs) when not configured in Kconfig Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Vectored and async i/o turned on and correct theSteve French2005-11-171-72/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | writev and aio_write to flush properly. This is Christoph's patch merged with the new nobrl file operations Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> From: Christoph Hellwig <hch@lst.de> - support vectored and async aio ops unconditionally - this is above the pagecache and transparent to the fs - remove cifs_read_wrapper. it was only doing silly checks and calling generic_file_write in all cases. - use do_sync_read/do_sync_write as read/write operations. They call ->readv/->writev which we now always implemente. - add the filemap_fdatawrite calls to writev/aio_write which were missing previously compared to plain write. no idea what the point behind them is, but let's be consistent at least.. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Steven French <sfrench@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org>
* | [CIFS] Recognize properly symlinks and char/blk devices (not justSteve French2005-11-171-4/+44
| | | | | | | | | | | | | | | | FIFOs) created by SFU (part 2 of 2). Thanks to Martin Koeppe for useful analysis. Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Fix sparse warnings on smb bcc (byte count)Steve French2005-11-162-3/+3
| | | | | | | | | | Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Fix endian errors (setfacl/getfacl failures) in handling ACLsSteve French2005-11-151-14/+17
| | | | | | | | | | | | | | (and a ppc64 compiler warning) Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Recognize properly symlinks and char/blk devices (not just FIFOs)Steve French2005-11-152-10/+66
| | | | | | | | | | | | created by SFU (part 1 of 2). Signed-off-by: Steve French <sfrench@us.ibm.com>
* | Merge with /pub/scm/linux/kernel/git/torvalds/linux-2.6.gitSteve French2005-11-136-31/+27
|\ \ | |/
| * [PATCH] ext2: remove duplicate newlines in ext2_fill_superJohann Lombardi2005-11-131-1/+1
| | | | | | | | | | | | | | | | ext2_warning() already adds a newline. Signed-off-by: Johann Lombardi <johann.lombardi@bull.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| * [PATCH] aio: replace locking comments with assert_spin_locked()Zach Brown2005-11-131-5/+12
| | | | | | | | | | | | | | | | | | aio: replace locking comments with assert_spin_locked() Signed-off-by: Zach Brown <zach.brown@oracle.com> Acked-by: Benjamin LaHaise <bcrl@kvack.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| * [PATCH] aio: remove kioctx from mm_structZach Brown2005-11-131-18/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sync iocbs have a life cycle that don't need a kioctx. Their retrying, if any, is done in the context of their owner who has allocated them on the stack. The sole user of a sync iocb's ctx reference was aio_complete() checking for an elevated iocb ref count that could never happen. No path which grabs an iocb ref has access to sync iocbs. If we were to implement sync iocb cancelation it would be done by the owner of the iocb using its on-stack reference. Removing this chunk from aio_complete allows us to remove the entire kioctx instance from mm_struct, reducing its size by a third. On a i386 testing box the slab size went from 768 to 504 bytes and from 5 to 8 per page. Signed-off-by: Zach Brown <zach.brown@oracle.com> Acked-by: Benjamin LaHaise <bcrl@kvack.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| * [PATCH] Fix sparse warning in proc/task_mmu.cLuiz Fernando Capitulino2005-11-131-1/+1
| | | | | | | | | | | | | | | | fs/proc/task_mmu.c:198:33: warning: Using plain integer as NULL pointer Signed-off-by: Luiz Capitulino <lcapitulino@mandriva.com.br> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| * [PATCH] ext3: journal handling on error path in ext3_journalled_writepage()Denis Lunev2005-11-131-1/+3
| | | | | | | | | | | | | | | | | | | | This patch fixes lost referrence on ext3 current handle in ext3_journalled_writepage(). Signed-Off-By: Denis Lunev <den@sw.ru> Cc: Kirill Korotaev <dev@sw.ru> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| * Merge master.kernel.org:/pub/scm/linux/kernel/git/tglx/mtd-2.6Linus Torvalds2005-11-131-3/+0
| |\
| | * [JFFS2] Remove broken and useless debug codeThomas Gleixner2005-11-131-3/+0
| | | | | | | | | | | | Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
| * | [PATCH] VFS: local denial-of-service with file leasesChris Wright2005-11-131-1/+0
| | | | | | | | | | | | | | | | | | | | | Remove time_out_leases() printk that's easily triggered by users. Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * | [PATCH] VFS: Fix memory leak with file leasesJ. Bruce Fields2005-11-131-1/+1
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | The patch http://linux.bkbits.net:8080/linux-2.6/diffs/fs/locks.c@1.70??nav=index.html introduced a pretty nasty memory leak in the lease code. When freeing the lease, the code in locks_delete_lock() will correctly clean up the fasync queue, but when we return to fcntl_setlease(), the freed fasync entry will be reinstated. This patch ensures that we skip the call to fasync_helper() when we're freeing up the lease. Signed-off-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | Merge with /pub/scm/linux/kernel/git/torvalds/linux-2.6.gitSteve French2005-11-128-117/+7
|\ \ | |/
| * Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivialLinus Torvalds2005-11-118-117/+7
| |\
| | * fs/ioprio.c should #include <linux/syscalls.h>Adrian Bunk2005-11-081-0/+1
| | | | | | | | | | | | | | | | | | | | | Every file should include the headers containing the prototypes for it's global functions. Signed-off-by: Adrian Bunk <bunk@stusta.de>
| | * fs/afs/callback.c should #include "cmservice.h"Adrian Bunk2005-11-081-0/+1
| | | | | | | | | | | | | | | | | | | | | Every file should include the headers containing the prototypes for it's global functions. Signed-off-by: Adrian Bunk <bunk@stusta.de>
| | * remove unused fs/befs/attribute.cWill Dyson2005-11-081-117/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If anyone needs a fully-functional befs driver, the easiest route to that would probably be getting Haiku's befs driver to compile in userland as a FUSE fs. At any rate, attribute.c can go. It is easy enough to add back in if anyone ever wants to do the (relativly minor) refactoring nessisary to get it working. Signed-off-by: Will Dyson <will.dyson@gmail.com> Signed-off-by: Adrian Bunk <bunk@stusta.de>
| | * fs/reiserfs/hashes.c should #include <linux/reiserfs_fs.h>Adrian Bunk2005-11-081-0/+1
| | | | | | | | | | | | | | | | | | | | | Every file should #include the headers containing the prototypes for it's global functions. Signed-off-by: Adrian Bunk <bunk@stusta.de>
| | * fs/partitions/ultrix.c should #include "ultrix.h"Adrian Bunk2005-11-081-0/+1
| | | | | | | | | | | | | | | | | | | | | Every file should #include the headers containing the prototypes for it's global functions. Signed-off-by: Adrian Bunk <bunk@stusta.de>
| | * jffs_fm.c should #include "intrep.h"Adrian Bunk2005-11-081-0/+1
| | | | | | | | | | | | | | | | | | | | | Every file should #include the headers containing the prototypes for it's global functions. Signed-off-by: Adrian Bunk <bunk@stusta.de>
| | * fs/freevxfs/: add #include'sAdrian Bunk2005-11-082-0/+2
| | | | | | | | | | | | | | | | | | | | | Every file should #include the headers containing the prototypes for it's global functions. Signed-off-by: Adrian Bunk <bunk@stusta.de>
* | | [CIFS] Cleanup sparse warnings for unicode little endian castsSteve French2005-11-117-68/+60
| | | | | | | | | | | | | | | | | | | | | | | | Following Shaggy's suggestion, do a better job on the unicode string handling routines in cifs in specifying that the wchar_t are really little endian widechars (__le16). Signed-off-by: Steve French <sfrench@us.ibm.com>
* | | [CIFS] Fix CIFS "nobrl" mount option so does not disable sending brl requestsSteve French2005-11-114-17/+75
|/ / | | | | | | | | | | | | | | for all mounts just that particular mount. Found by Arjan Vand de Ven Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Fix spaces in cifs kconfig entrySteve French2005-11-101-3/+2
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Reduce sparse endian warningsSteve French2005-11-101-2/+3
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Update CIFS change logSteve French2005-11-102-1/+38
| | | | | | | | Signed-off-by: Steve French <sfrench@us.ibm.com>
* | [CIFS] Reserve upcall IDX value for CIFS with connector header and addSteve French2005-11-102-0/+13
| | | | | | | | | | | | Kconfig option for CIFS upcall. Signed-off-by: Steve French <sfrench@us.ibm.com>
* | (no commit message)Steve French2005-11-091-3/+8
| |
* | Merge with /pub/scm/linux/kernel/git/torvalds/linux-2.6.gitSteve French2005-11-09322-15560/+12084
|\ \
| * \ Merge branch 'for-linus' of ↵Linus Torvalds2005-11-091-0/+3
| |\ \ | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/shaggy/jfs-2.6
| | * | JFS: set i_ctime & i_mtime on target directory when creating linksDave Kleikamp2005-10-311-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | jfs has never been setting i_ctime or i_mtime when creating either hard or symbolic links. I'm surprised nobody had noticed until now. Thanks to Chris Spiegel for reporting the problem. Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
| * | | [PATCH] fs/hugetlbfs/inode.c: make a function staticAdrian Bunk2005-11-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch makes a needlessly global function static. Signed-off-by: Adrian Bunk <bunk@stusta.de> Acked-by: William Irwin <wli@holomorphy.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| * | | [PATCH] fs/namei.c: make path_lookup_create() staticAdrian Bunk2005-11-091-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch makes the needlessly global function path_lookup_create() static. Signed-off-by: Adrian Bunk <bunk@stusta.de> Acked-by: Trond Myklebust <trond.myklebust@fys.uio.no> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| * | | [PATCH] fbdev: move ioctl32 code to fbmem.cArnd Bergmann2005-11-091-143/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The frame buffer layer already had some code dealing with compat ioctls, this patch moves over the remaining code from fs/compat_ioctl.c Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Antonino Daplas <adaplas@pol.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| * | | [PATCH] re-add TIOCSTART and TIOCSTOP compat_ioctl handlersChristoph Hellwig2005-11-091-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We don't implement these ioctls, but some architectures define them in the headers. Bash picks them up and issues them frequently. Add compat_ioctl handlers to silence warnings about unhandled copat ioctls. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| * | | [PATCH] sanitize lookup_hash prototypeChristoph Hellwig2005-11-091-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ->permission and ->lookup have a struct nameidata * argument these days to pass down lookup intents. Unfortunately some callers of lookup_hash don't actually pass this one down. For lookup_one_len() we don't have a struct nameidata to pass down, but as this function is a library function only used by filesystem code this is an acceptable limitation. All other callers should pass down the nameidata, so this patch changes the lookup_hash interface to only take a struct nameidata argument and derives the other two arguments to __lookup_hash from it. All callers already have the nameidata argument available so this is not a problem. At the same time I'd like to deprecate the lookup_hash interface as there are better exported interfaces for filesystem usage. Before it can actually be removed I need to fix up rpc_pipefs. Signed-off-by: Christoph Hellwig <hch@lst.de> Cc: Ram Pai <linuxram@us.ibm.com> Cc: Jeff Mahoney <jeffm@suse.com> Cc: Al Viro <viro@ftp.linux.org.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| * | | [PATCH] add a file_permission helperChristoph Hellwig2005-11-096-19/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A few more callers of permission() just want to check for a different access pattern on an already open file. This patch adds a wrapper for permission() that takes a file in preparation of per-mount read-only support and to clean up the callers a little. The helper is not intended for new code, everything without the interface set in stone should use vfs_permission() Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>