--- /dev/null
+From bfe3891a5f5d3b78146a45f40e435d14f5ae39dd Mon Sep 17 00:00:00 2001
+From: Davide Libenzi <davidel@xmailserver.org>
+Date: Tue, 12 May 2009 13:19:44 -0700
+Subject: epoll: fix size check in epoll_create()
+
+From: Davide Libenzi <davidel@xmailserver.org>
+
+commit bfe3891a5f5d3b78146a45f40e435d14f5ae39dd upstream.
+
+Fix a size check WRT the manual pages. This was inadvertently broken by
+commit 9fe5ad9c8cef9ad5873d8ee55d1cf00d9b607df0 ("flag parameters
+add-on: remove epoll_create size param").
+
+Signed-off-by: Davide Libenzi <davidel@xmailserver.org>
+Cc: <Hiroyuki.Mach@gmail.com>
+Cc: rohit verma <rohit.170309@gmail.com>
+Cc: Ulrich Drepper <drepper@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/eventpoll.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/eventpoll.c
++++ b/fs/eventpoll.c
+@@ -1132,7 +1132,7 @@ error_return:
+
+ SYSCALL_DEFINE1(epoll_create, int, size)
+ {
+- if (size < 0)
++ if (size <= 0)
+ return -EINVAL;
+
+ return sys_epoll_create1(0);
--- /dev/null
+From b1e4adf4ea41bb8b5a7bfc1a7001f137e65495df Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Thu, 19 Mar 2009 15:35:49 -0400
+Subject: NFS: Fix the notifications when renaming onto an existing file
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+commit b1e4adf4ea41bb8b5a7bfc1a7001f137e65495df upstream.
+
+NFS appears to be returning an unnecessary "delete" notification when
+we're doing an atomic rename. See
+
+ http://bugzilla.gnome.org/show_bug.cgi?id=575684
+
+The fix is to get rid of the redundant call to d_delete().
+
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/nfs/dir.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+--- a/fs/nfs/dir.c
++++ b/fs/nfs/dir.c
+@@ -1613,8 +1613,7 @@ static int nfs_rename(struct inode *old_
+ } else if (atomic_read(&new_dentry->d_count) > 1)
+ /* dentry still busy? */
+ goto out;
+- } else
+- nfs_drop_nlink(new_inode);
++ }
+
+ go_ahead:
+ /*
+@@ -1627,10 +1626,8 @@ go_ahead:
+ }
+ nfs_inode_return_delegation(old_inode);
+
+- if (new_inode != NULL) {
++ if (new_inode != NULL)
+ nfs_inode_return_delegation(new_inode);
+- d_delete(new_dentry);
+- }
+
+ error = NFS_PROTO(old_dir)->rename(old_dir, &old_dentry->d_name,
+ new_dir, &new_dentry->d_name);
+@@ -1639,6 +1636,8 @@ out:
+ if (rehash)
+ d_rehash(rehash);
+ if (!error) {
++ if (new_inode != NULL)
++ nfs_drop_nlink(new_inode);
+ d_move(old_dentry, new_dentry);
+ nfs_set_verifier(new_dentry,
+ nfs_save_change_attribute(new_dir));
--- /dev/null
+From b2c0cea6b1cb210e962f07047df602875564069e Mon Sep 17 00:00:00 2001
+From: J. Bruce Fields <bfields@citi.umich.edu>
+Date: Tue, 5 May 2009 19:04:29 -0400
+Subject: nfsd4: check for negative dentry before use in nfsv4 readdir
+
+From: J. Bruce Fields <bfields@citi.umich.edu>
+
+commit b2c0cea6b1cb210e962f07047df602875564069e upstream.
+
+After 2f9092e1020246168b1309b35e085ecd7ff9ff72 "Fix i_mutex vs. readdir
+handling in nfsd" (and 14f7dd63 "Copy XFS readdir hack into nfsd code"),
+an entry may be removed between the first mutex_unlock and the second
+mutex_lock. In this case, lookup_one_len() will return a negative
+dentry. Check for this case to avoid a NULL dereference.
+
+Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
+Reviewed-by: J. R. Okajima <hooanon05@yahoo.co.jp>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/nfsd/nfs4xdr.c | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+--- a/fs/nfsd/nfs4xdr.c
++++ b/fs/nfsd/nfs4xdr.c
+@@ -1833,6 +1833,15 @@ nfsd4_encode_dirent_fattr(struct nfsd4_r
+ dentry = lookup_one_len(name, cd->rd_fhp->fh_dentry, namlen);
+ if (IS_ERR(dentry))
+ return nfserrno(PTR_ERR(dentry));
++ if (!dentry->d_inode) {
++ /*
++ * nfsd_buffered_readdir drops the i_mutex between
++ * readdir and calling this callback, leaving a window
++ * where this directory entry could have gone away.
++ */
++ dput(dentry);
++ return nfserr_noent;
++ }
+
+ exp_get(exp);
+ /*
+@@ -1895,6 +1904,7 @@ nfsd4_encode_dirent(void *ccdv, const ch
+ struct nfsd4_readdir *cd = container_of(ccd, struct nfsd4_readdir, common);
+ int buflen;
+ __be32 *p = cd->buffer;
++ __be32 *cookiep;
+ __be32 nfserr = nfserr_toosmall;
+
+ /* In nfsv4, "." and ".." never make it onto the wire.. */
+@@ -1911,7 +1921,7 @@ nfsd4_encode_dirent(void *ccdv, const ch
+ goto fail;
+
+ *p++ = xdr_one; /* mark entry present */
+- cd->offset = p; /* remember pointer */
++ cookiep = p;
+ p = xdr_encode_hyper(p, NFS_OFFSET_MAX); /* offset of next entry */
+ p = xdr_encode_array(p, name, namlen); /* name length & name */
+
+@@ -1925,6 +1935,8 @@ nfsd4_encode_dirent(void *ccdv, const ch
+ goto fail;
+ case nfserr_dropit:
+ goto fail;
++ case nfserr_noent:
++ goto skip_entry;
+ default:
+ /*
+ * If the client requested the RDATTR_ERROR attribute,
+@@ -1943,6 +1955,8 @@ nfsd4_encode_dirent(void *ccdv, const ch
+ }
+ cd->buflen -= (p - cd->buffer);
+ cd->buffer = p;
++ cd->offset = cookiep;
++skip_entry:
+ cd->common.err = nfs_ok;
+ return 0;
+ fail:
cifs-fix-incorrect-destination-buffer-size-in-cifs_strncpy_to_host.patch
cifs-fix-buffer-size-in-cifs_convertucspath.patch
cifs-fix-unicode-string-area-word-alignment-in-session-setup.patch
+epoll-fix-size-check-in-epoll_create.patch
+nfsd4-check-for-negative-dentry-before-use-in-nfsv4-readdir.patch
+nfs-fix-the-notifications-when-renaming-onto-an-existing-file.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
