Linux v3.3-rc6-131-g097d591
This commit is contained in:
		
							parent
							
								
									986c6ceb52
								
							
						
					
					
						commit
						bbec1598a7
					
				| @ -1,61 +0,0 @@ | |||||||
| From 5bccda0ebc7c0331b81ac47d39e4b920b198b2cd Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Jeff Layton <jlayton@redhat.com> |  | ||||||
| Date: Thu, 23 Feb 2012 09:37:45 -0500 |  | ||||||
| Subject: [PATCH] cifs: fix dentry refcount leak when opening a FIFO on lookup |  | ||||||
| 
 |  | ||||||
| The cifs code will attempt to open files on lookup under certain |  | ||||||
| circumstances. What happens though if we find that the file we opened |  | ||||||
| was actually a FIFO or other special file? |  | ||||||
| 
 |  | ||||||
| Currently, the open filehandle just ends up being leaked leading to |  | ||||||
| a dentry refcount mismatch and oops on umount. Fix this by having the |  | ||||||
| code close the filehandle on the server if it turns out not to be a |  | ||||||
| regular file. While we're at it, change this spaghetti if statement |  | ||||||
| into a switch too. |  | ||||||
| 
 |  | ||||||
| Cc: stable@vger.kernel.org |  | ||||||
| Reported-by: CAI Qian <caiqian@redhat.com> |  | ||||||
| Tested-by: CAI Qian <caiqian@redhat.com> |  | ||||||
| Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> |  | ||||||
| Signed-off-by: Jeff Layton <jlayton@redhat.com> |  | ||||||
| Signed-off-by: Steve French <smfrench@gmail.com> |  | ||||||
| ---
 |  | ||||||
|  fs/cifs/dir.c |   20 ++++++++++++++++++-- |  | ||||||
|  1 files changed, 18 insertions(+), 2 deletions(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
 |  | ||||||
| index 63a196b..bc7e244 100644
 |  | ||||||
| --- a/fs/cifs/dir.c
 |  | ||||||
| +++ b/fs/cifs/dir.c
 |  | ||||||
| @@ -584,10 +584,26 @@ cifs_lookup(struct inode *parent_dir_inode, struct dentry *direntry,
 |  | ||||||
|  			 * If either that or op not supported returned, follow |  | ||||||
|  			 * the normal lookup. |  | ||||||
|  			 */ |  | ||||||
| -			if ((rc == 0) || (rc == -ENOENT))
 |  | ||||||
| +			switch (rc) {
 |  | ||||||
| +			case 0:
 |  | ||||||
| +				/*
 |  | ||||||
| +				 * The server may allow us to open things like
 |  | ||||||
| +				 * FIFOs, but the client isn't set up to deal
 |  | ||||||
| +				 * with that. If it's not a regular file, just
 |  | ||||||
| +				 * close it and proceed as if it were a normal
 |  | ||||||
| +				 * lookup.
 |  | ||||||
| +				 */
 |  | ||||||
| +				if (newInode && !S_ISREG(newInode->i_mode)) {
 |  | ||||||
| +					CIFSSMBClose(xid, pTcon, fileHandle);
 |  | ||||||
| +					break;
 |  | ||||||
| +				}
 |  | ||||||
| +			case -ENOENT:
 |  | ||||||
|  				posix_open = true; |  | ||||||
| -			else if ((rc == -EINVAL) || (rc != -EOPNOTSUPP))
 |  | ||||||
| +			case -EOPNOTSUPP:
 |  | ||||||
| +				break;
 |  | ||||||
| +			default:
 |  | ||||||
|  				pTcon->broken_posix_open = true; |  | ||||||
| +			}
 |  | ||||||
|  		} |  | ||||||
|  		if (!posix_open) |  | ||||||
|  			rc = cifs_get_inode_info_unix(&newInode, full_path, |  | ||||||
| -- 
 |  | ||||||
| 1.7.0.4 |  | ||||||
| 
 |  | ||||||
							
								
								
									
										11
									
								
								kernel.spec
									
									
									
									
									
								
							
							
						
						
									
										11
									
								
								kernel.spec
									
									
									
									
									
								
							| @ -87,7 +87,7 @@ Summary: The Linux kernel | |||||||
| # The rc snapshot level | # The rc snapshot level | ||||||
| %define rcrev 6 | %define rcrev 6 | ||||||
| # The git snapshot level | # The git snapshot level | ||||||
| %define gitrev 0 | %define gitrev 1 | ||||||
| # Set rpm version accordingly | # Set rpm version accordingly | ||||||
| %define rpmversion 3.%{upstream_sublevel}.0 | %define rpmversion 3.%{upstream_sublevel}.0 | ||||||
| %endif | %endif | ||||||
| @ -774,9 +774,6 @@ Patch21280: ums_realtek-do-not-use-stack-memory-for-DMA-in-__do_.patch | |||||||
| #rhbz 727865 730007 | #rhbz 727865 730007 | ||||||
| Patch21300: ACPICA-Fix-regression-in-FADT-revision-checks.patch | Patch21300: ACPICA-Fix-regression-in-FADT-revision-checks.patch | ||||||
| 
 | 
 | ||||||
| #rhbz 798296 |  | ||||||
| Patch21301: cifs-fix-dentry-refcount-leak-when-opening-a-FIFO.patch |  | ||||||
| 
 |  | ||||||
| #rhbz 728478 | #rhbz 728478 | ||||||
| Patch21302: sony-laptop-Enable-keyboard-backlight-by-default.patch | Patch21302: sony-laptop-Enable-keyboard-backlight-by-default.patch | ||||||
| 
 | 
 | ||||||
| @ -1501,9 +1498,6 @@ ApplyPatch ums_realtek-do-not-use-stack-memory-for-DMA-in-__do_.patch | |||||||
| #rhbz 727865 730007 | #rhbz 727865 730007 | ||||||
| ApplyPatch ACPICA-Fix-regression-in-FADT-revision-checks.patch | ApplyPatch ACPICA-Fix-regression-in-FADT-revision-checks.patch | ||||||
| 
 | 
 | ||||||
| #rhbz 798296 |  | ||||||
| ApplyPatch cifs-fix-dentry-refcount-leak-when-opening-a-FIFO.patch |  | ||||||
| 
 |  | ||||||
| #rhbz 728478 | #rhbz 728478 | ||||||
| ApplyPatch sony-laptop-Enable-keyboard-backlight-by-default.patch | ApplyPatch sony-laptop-Enable-keyboard-backlight-by-default.patch | ||||||
| 
 | 
 | ||||||
| @ -2383,6 +2377,9 @@ fi | |||||||
| #                 ||----w | | #                 ||----w | | ||||||
| #                 ||     || | #                 ||     || | ||||||
| %changelog | %changelog | ||||||
|  | * Wed Mar 07 2012 Dave Jones <davej@redhat.com> - 3.3.0-0.rc6.git1.1 | ||||||
|  | - Linux v3.3-rc6-131-g097d591 | ||||||
|  | 
 | ||||||
| * Mon Mar 05 2012 Dave Jones <davej@redhat.com> | * Mon Mar 05 2012 Dave Jones <davej@redhat.com> | ||||||
| - Linux 3.3-rc6 | - Linux 3.3-rc6 | ||||||
| 
 | 
 | ||||||
|  | |||||||
							
								
								
									
										1
									
								
								sources
									
									
									
									
									
								
							
							
						
						
									
										1
									
								
								sources
									
									
									
									
									
								
							| @ -1,3 +1,4 @@ | |||||||
| 364066fa18767ec0ae5f4e4abcf9dc51  linux-3.2.tar.xz | 364066fa18767ec0ae5f4e4abcf9dc51  linux-3.2.tar.xz | ||||||
| 02c210a8fd24acca8c1ac93f6f1d3913  compat-wireless-2012-02-05.tar.bz2 | 02c210a8fd24acca8c1ac93f6f1d3913  compat-wireless-2012-02-05.tar.bz2 | ||||||
| cb0886dd96efbacc0c4923d36003b340  patch-3.3-rc6.xz | cb0886dd96efbacc0c4923d36003b340  patch-3.3-rc6.xz | ||||||
|  | 20ca19d241eda3dd11fadc885c9ebe27  patch-3.3-rc6-git1.xz | ||||||
|  | |||||||
							
								
								
									
										10
									
								
								utrace.patch
									
									
									
									
									
								
							
							
						
						
									
										10
									
								
								utrace.patch
									
									
									
									
									
								
							| @ -1873,15 +1873,15 @@ index e2cd3e2..fa40928 100644 | |||||||
|  	ftrace_graph_init_task(p); |  	ftrace_graph_init_task(p); | ||||||
|   |   | ||||||
|  	rt_mutex_init_task(p); |  	rt_mutex_init_task(p); | ||||||
| @@ -1550,6 +1555,8 @@ long do_fork(unsigned long clone_flags,
 | @@ -1583,6 +1583,8 @@ long do_fork(unsigned long clone_flags,
 | ||||||
|  			init_completion(&vfork); |  			get_task_struct(p); | ||||||
|  		} |  		} | ||||||
|   |   | ||||||
| +		UTRACE_HOOK(current, CLONE, report_clone(clone_flags, p));
 | +		UTRACE_HOOK(current, CLONE, report_clone(clone_flags, p));
 | ||||||
| +
 | +
 | ||||||
|  		/* |  		wake_up_new_task(p); | ||||||
|  		 * We set PF_STARTING at creation in case tracing wants to |   | ||||||
|  		 * use this to distinguish a fully live task from one that |  		/* forking complete and child started to run, tell ptracer */ | ||||||
| @@ -1561,6 +1568,8 @@ long do_fork(unsigned long clone_flags,
 | @@ -1561,6 +1568,8 @@ long do_fork(unsigned long clone_flags,
 | ||||||
|  		wake_up_new_task(p); |  		wake_up_new_task(p); | ||||||
|   |   | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user