From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Wed, 13 May 2009 05:18:53 +0000 (-0700)
Subject: .27 patch
X-Git-Tag: v2.6.29.4~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6c9e1edd2e2b33cb6756fbe80d4cf2a4237962f0;p=thirdparty%2Fkernel%2Fstable-queue.git

.27 patch
---

diff --git a/queue-2.6.27/epoll-fix-size-check-in-epoll_create.patch b/queue-2.6.27/epoll-fix-size-check-in-epoll_create.patch
new file mode 100644
index 00000000000..9950a4c8f4b
--- /dev/null
+++ b/queue-2.6.27/epoll-fix-size-check-in-epoll_create.patch
@@ -0,0 +1,36 @@
+From bfe3891a5f5d3b78146a45f40e435d14f5ae39dd Mon Sep 17 00:00:00 2001
+From: Davide Libenzi <davidel@xmailserver.org>
+Date: Tue, 12 May 2009 13:19:44 -0700
+Subject: epoll: fix size check in epoll_create()
+
+From: Davide Libenzi <davidel@xmailserver.org>
+
+commit bfe3891a5f5d3b78146a45f40e435d14f5ae39dd upstream.
+
+Fix a size check WRT the manual pages.  This was inadvertently broken by
+commit 9fe5ad9c8cef9ad5873d8ee55d1cf00d9b607df0 ("flag parameters
+add-on: remove epoll_create size param").
+
+Signed-off-by: Davide Libenzi <davidel@xmailserver.org>
+Cc: <Hiroyuki.Mach@gmail.com>
+Cc: rohit verma <rohit.170309@gmail.com>
+Cc: Ulrich Drepper <drepper@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/eventpoll.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/eventpoll.c
++++ b/fs/eventpoll.c
+@@ -1132,7 +1132,7 @@ error_return:
+ 
+ SYSCALL_DEFINE1(epoll_create, int, size)
+ {
+-	if (size < 0)
++	if (size <= 0)
+ 		return -EINVAL;
+ 
+ 	return sys_epoll_create1(0);
diff --git a/queue-2.6.27/nfs-fix-the-notifications-when-renaming-onto-an-existing-file.patch b/queue-2.6.27/nfs-fix-the-notifications-when-renaming-onto-an-existing-file.patch
new file mode 100644
index 00000000000..e5261243ed1
--- /dev/null
+++ b/queue-2.6.27/nfs-fix-the-notifications-when-renaming-onto-an-existing-file.patch
@@ -0,0 +1,56 @@
+From b1e4adf4ea41bb8b5a7bfc1a7001f137e65495df Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Thu, 19 Mar 2009 15:35:49 -0400
+Subject: NFS: Fix the notifications when renaming onto an existing file
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+commit b1e4adf4ea41bb8b5a7bfc1a7001f137e65495df upstream.
+
+NFS appears to be returning an unnecessary "delete" notification when
+we're doing an atomic rename. See
+
+  http://bugzilla.gnome.org/show_bug.cgi?id=575684
+
+The fix is to get rid of the redundant call to d_delete().
+
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/nfs/dir.c |    9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+--- a/fs/nfs/dir.c
++++ b/fs/nfs/dir.c
+@@ -1613,8 +1613,7 @@ static int nfs_rename(struct inode *old_
+ 		} else if (atomic_read(&new_dentry->d_count) > 1)
+ 			/* dentry still busy? */
+ 			goto out;
+-	} else
+-		nfs_drop_nlink(new_inode);
++	}
+ 
+ go_ahead:
+ 	/*
+@@ -1627,10 +1626,8 @@ go_ahead:
+ 	}
+ 	nfs_inode_return_delegation(old_inode);
+ 
+-	if (new_inode != NULL) {
++	if (new_inode != NULL)
+ 		nfs_inode_return_delegation(new_inode);
+-		d_delete(new_dentry);
+-	}
+ 
+ 	error = NFS_PROTO(old_dir)->rename(old_dir, &old_dentry->d_name,
+ 					   new_dir, &new_dentry->d_name);
+@@ -1639,6 +1636,8 @@ out:
+ 	if (rehash)
+ 		d_rehash(rehash);
+ 	if (!error) {
++		if (new_inode != NULL)
++			nfs_drop_nlink(new_inode);
+ 		d_move(old_dentry, new_dentry);
+ 		nfs_set_verifier(new_dentry,
+ 					nfs_save_change_attribute(new_dir));
diff --git a/queue-2.6.27/nfsd4-check-for-negative-dentry-before-use-in-nfsv4-readdir.patch b/queue-2.6.27/nfsd4-check-for-negative-dentry-before-use-in-nfsv4-readdir.patch
new file mode 100644
index 00000000000..3d223b44dd3
--- /dev/null
+++ b/queue-2.6.27/nfsd4-check-for-negative-dentry-before-use-in-nfsv4-readdir.patch
@@ -0,0 +1,76 @@
+From b2c0cea6b1cb210e962f07047df602875564069e Mon Sep 17 00:00:00 2001
+From: J. Bruce Fields <bfields@citi.umich.edu>
+Date: Tue, 5 May 2009 19:04:29 -0400
+Subject: nfsd4: check for negative dentry before use in nfsv4 readdir
+
+From: J. Bruce Fields <bfields@citi.umich.edu>
+
+commit b2c0cea6b1cb210e962f07047df602875564069e upstream.
+
+After 2f9092e1020246168b1309b35e085ecd7ff9ff72 "Fix i_mutex vs.  readdir
+handling in nfsd" (and 14f7dd63 "Copy XFS readdir hack into nfsd code"),
+an entry may be removed between the first mutex_unlock and the second
+mutex_lock. In this case, lookup_one_len() will return a negative
+dentry.  Check for this case to avoid a NULL dereference.
+
+Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
+Reviewed-by: J. R. Okajima <hooanon05@yahoo.co.jp>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/nfsd/nfs4xdr.c |   16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+--- a/fs/nfsd/nfs4xdr.c
++++ b/fs/nfsd/nfs4xdr.c
+@@ -1833,6 +1833,15 @@ nfsd4_encode_dirent_fattr(struct nfsd4_r
+ 	dentry = lookup_one_len(name, cd->rd_fhp->fh_dentry, namlen);
+ 	if (IS_ERR(dentry))
+ 		return nfserrno(PTR_ERR(dentry));
++	if (!dentry->d_inode) {
++		/*
++		 * nfsd_buffered_readdir drops the i_mutex between
++		 * readdir and calling this callback, leaving a window
++		 * where this directory entry could have gone away.
++		 */
++		dput(dentry);
++		return nfserr_noent;
++	}
+ 
+ 	exp_get(exp);
+ 	/*
+@@ -1895,6 +1904,7 @@ nfsd4_encode_dirent(void *ccdv, const ch
+ 	struct nfsd4_readdir *cd = container_of(ccd, struct nfsd4_readdir, common);
+ 	int buflen;
+ 	__be32 *p = cd->buffer;
++	__be32 *cookiep;
+ 	__be32 nfserr = nfserr_toosmall;
+ 
+ 	/* In nfsv4, "." and ".." never make it onto the wire.. */
+@@ -1911,7 +1921,7 @@ nfsd4_encode_dirent(void *ccdv, const ch
+ 		goto fail;
+ 
+ 	*p++ = xdr_one;                             /* mark entry present */
+-	cd->offset = p;                             /* remember pointer */
++	cookiep = p;
+ 	p = xdr_encode_hyper(p, NFS_OFFSET_MAX);    /* offset of next entry */
+ 	p = xdr_encode_array(p, name, namlen);      /* name length & name */
+ 
+@@ -1925,6 +1935,8 @@ nfsd4_encode_dirent(void *ccdv, const ch
+ 		goto fail;
+ 	case nfserr_dropit:
+ 		goto fail;
++	case nfserr_noent:
++		goto skip_entry;
+ 	default:
+ 		/*
+ 		 * If the client requested the RDATTR_ERROR attribute,
+@@ -1943,6 +1955,8 @@ nfsd4_encode_dirent(void *ccdv, const ch
+ 	}
+ 	cd->buflen -= (p - cd->buffer);
+ 	cd->buffer = p;
++	cd->offset = cookiep;
++skip_entry:
+ 	cd->common.err = nfs_ok;
+ 	return 0;
+ fail:
diff --git a/queue-2.6.27/series b/queue-2.6.27/series
index 6dd69ab5baa..f116aa4078a 100644
--- a/queue-2.6.27/series
+++ b/queue-2.6.27/series
@@ -17,3 +17,6 @@ cifs-increase-size-of-tmp_buf-in-cifs_readdir-to-avoid-potential-overflows.patch
 cifs-fix-incorrect-destination-buffer-size-in-cifs_strncpy_to_host.patch
 cifs-fix-buffer-size-in-cifs_convertucspath.patch
 cifs-fix-unicode-string-area-word-alignment-in-session-setup.patch
+epoll-fix-size-check-in-epoll_create.patch
+nfsd4-check-for-negative-dentry-before-use-in-nfsv4-readdir.patch
+nfs-fix-the-notifications-when-renaming-onto-an-existing-file.patch