3.0-stable patches

added patches:
	cifs-fix-dentry-refcount-leak-when-opening-a-fifo-on-lookup.patch

diff --git a/queue-3.0/cifs-fix-dentry-refcount-leak-when-opening-a-fifo-on-lookup.patch b/queue-3.0/cifs-fix-dentry-refcount-leak-when-opening-a-fifo-on-lookup.patch
new file mode 100644 (file)
index 0000000..a594cbc
--- /dev/null
+++ b/queue-3.0/cifs-fix-dentry-refcount-leak-when-opening-a-fifo-on-lookup.patch
@@ -0,0 +1,61 @@
+From 5bccda0ebc7c0331b81ac47d39e4b920b198b2cd Mon Sep 17 00:00:00 2001
+From: Jeff Layton <jlayton@redhat.com>
+Date: Thu, 23 Feb 2012 09:37:45 -0500
+Subject: cifs: fix dentry refcount leak when opening a FIFO on lookup
+
+From: Jeff Layton <jlayton@redhat.com>
+
+commit 5bccda0ebc7c0331b81ac47d39e4b920b198b2cd upstream.
+
+The cifs code will attempt to open files on lookup under certain
+circumstances. What happens though if we find that the file we opened
+was actually a FIFO or other special file?
+
+Currently, the open filehandle just ends up being leaked leading to
+a dentry refcount mismatch and oops on umount. Fix this by having the
+code close the filehandle on the server if it turns out not to be a
+regular file. While we're at it, change this spaghetti if statement
+into a switch too.
+
+Reported-by: CAI Qian <caiqian@redhat.com>
+Tested-by: CAI Qian <caiqian@redhat.com>
+Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
+Signed-off-by: Jeff Layton <jlayton@redhat.com>
+Signed-off-by: Steve French <smfrench@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/dir.c |   20 ++++++++++++++++++--
+ 1 file changed, 18 insertions(+), 2 deletions(-)
+
+--- a/fs/cifs/dir.c
++++ b/fs/cifs/dir.c
+@@ -583,10 +583,26 @@ cifs_lookup(struct inode *parent_dir_ino
+                        * If either that or op not supported returned, follow
+                        * the normal lookup.
+                        */
+-                      if ((rc == 0) || (rc == -ENOENT))
++                      switch (rc) {
++                      case 0:
++                              /*
++                               * The server may allow us to open things like
++                               * FIFOs, but the client isn't set up to deal
++                               * with that. If it's not a regular file, just
++                               * close it and proceed as if it were a normal
++                               * lookup.
++                               */
++                              if (newInode && !S_ISREG(newInode->i_mode)) {
++                                      CIFSSMBClose(xid, pTcon, fileHandle);
++                                      break;
++                              }
++                      case -ENOENT:
+                               posix_open = true;
+-                      else if ((rc == -EINVAL) || (rc != -EOPNOTSUPP))
++                      case -EOPNOTSUPP:
++                              break;
++                      default:
+                               pTcon->broken_posix_open = true;
++                      }
+               }
+               if (!posix_open)
+                       rc = cifs_get_inode_info_unix(&newInode, full_path,

diff --git a/queue-3.0/series b/queue-3.0/series
index ce4f1e1f943ce48eab8fd7466cf81d3f5fc2c5f6..178e1dbc0a09b31db7f7d4b72bb5830daf378444 100644 (file)
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -23,3 +23,4 @@ alpha-fix-32-64-bit-bug-in-futex-support.patch
 mmc-sdhci-esdhc-imx-fix-for-mmc-cards-on-i.mx5.patch
 mm-memcg-correct-unregistring-of-events-attached-to-the-same-eventfd.patch
 nommu-don-t-need-to-clear-vm_mm-when-deleting-a-vma.patch
+cifs-fix-dentry-refcount-leak-when-opening-a-fifo-on-lookup.patch