From: Greg Kroah-Hartman Date: Tue, 6 Jun 2006 07:24:53 +0000 (-0700) Subject: add nfs bugfix and add signed off for other patches X-Git-Tag: v2.6.16.21~19 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=77853bce36fad541dd178c4a558aa9a9b7de58ac;p=thirdparty%2Fkernel%2Fstable-queue.git add nfs bugfix and add signed off for other patches --- diff --git a/queue-2.6.16/missed-error-checking-for-intent-s-filp-in-open_namei.patch b/queue-2.6.16/missed-error-checking-for-intent-s-filp-in-open_namei.patch new file mode 100644 index 00000000000..e84eeb71078 --- /dev/null +++ b/queue-2.6.16/missed-error-checking-for-intent-s-filp-in-open_namei.patch @@ -0,0 +1,53 @@ +From nobody Mon Sep 17 00:00:00 2001 +From: Oleg Drokin +Date: Sat, 25 Mar 2006 03:06:54 -0800 +Subject: [PATCH] Missed error checking for intent's filp in open_namei(). + +It seems there is error check missing in open_namei for errors returned +through intent.open.file (from lookup_instantiate_filp). + +If there is plain open performed, then such a check done inside +__path_lookup_intent_open called from path_lookup_open(), but when the open +is performed with O_CREAT flag set, then __path_lookup_intent_open is only +called with LOOKUP_PARENT set where no file opening can occur yet. + +Later on lookup_hash is called where exact opening might take place and +intent.open.file may be filled. If it is filled with error value of some +sort, then we get kernel attempting to dereference this error value as +address (and corresponding oops) in nameidata_to_filp() called from +filp_open(). + +While this is relatively simple to workaround in ->lookup() method by just +checking lookup_instantiate_filp() return value and returning error as +needed, this is not so easy in ->d_revalidate(), where we can only return +"yes, dentry is valid" or "no, dentry is invalid, perform full lookup +again", and just returning 0 on error would cause extra lookup (with +potential extra costly RPCs). + +So in short, I believe that there should be no difference in error handling +for opening a file and creating a file in open_namei() and propose this +simple patch as a solution. + +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/namei.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- linux-2.6.16.20.orig/fs/namei.c ++++ linux-2.6.16.20/fs/namei.c +@@ -1628,6 +1628,12 @@ do_last: + goto exit; + } + ++ if (IS_ERR(nd->intent.open.file)) { ++ mutex_unlock(&dir->d_inode->i_mutex); ++ error = PTR_ERR(nd->intent.open.file); ++ goto exit_dput; ++ } ++ + /* Negative dentry, just create the file */ + if (!path.dentry->d_inode) { + if (!IS_POSIXACL(dir->d_inode)) diff --git a/queue-2.6.16/series b/queue-2.6.16/series index e722024a5ff..6a883893493 100644 --- a/queue-2.6.16/series +++ b/queue-2.6.16/series @@ -2,3 +2,4 @@ usb-whiteheat-fix-firmware-spurious-errors.patch sparc64-fix-d-cache-corruption-in-mremap.patch sparc64-respect-gfp_t-argument-to-dma_alloc_coherent.patch sparc64-fix-missing-fold-at-end-of-checksums.patch +missed-error-checking-for-intent-s-filp-in-open_namei.patch diff --git a/queue-2.6.16/sparc64-fix-d-cache-corruption-in-mremap.patch b/queue-2.6.16/sparc64-fix-d-cache-corruption-in-mremap.patch index 7be4d58be5c..4736c325b4e 100644 --- a/queue-2.6.16/sparc64-fix-d-cache-corruption-in-mremap.patch +++ b/queue-2.6.16/sparc64-fix-d-cache-corruption-in-mremap.patch @@ -19,6 +19,7 @@ files on sparc64 boxes. Signed-off-by: David S. Miller Signed-off-by: Chris Wright +Signed-off-by: Greg Kroah-Hartman --- include/asm-generic/pgtable.h | 11 +---------- diff --git a/queue-2.6.16/sparc64-fix-missing-fold-at-end-of-checksums.patch b/queue-2.6.16/sparc64-fix-missing-fold-at-end-of-checksums.patch index a539dba0404..f5ed435d920 100644 --- a/queue-2.6.16/sparc64-fix-missing-fold-at-end-of-checksums.patch +++ b/queue-2.6.16/sparc64-fix-missing-fold-at-end-of-checksums.patch @@ -16,6 +16,7 @@ Richard Braun and Samuel Thibault. Signed-off-by: David S. Miller Signed-off-by: Chris Wright +Signed-off-by: Greg Kroah-Hartman --- arch/sparc64/lib/checksum.S | 5 +++-- diff --git a/queue-2.6.16/sparc64-respect-gfp_t-argument-to-dma_alloc_coherent.patch b/queue-2.6.16/sparc64-respect-gfp_t-argument-to-dma_alloc_coherent.patch index 73a9d6e9137..0c1811a4338 100644 --- a/queue-2.6.16/sparc64-respect-gfp_t-argument-to-dma_alloc_coherent.patch +++ b/queue-2.6.16/sparc64-respect-gfp_t-argument-to-dma_alloc_coherent.patch @@ -21,6 +21,7 @@ This is a disk eater when sound is used, so it's pretty critical. Signed-off-by: David S. Miller Signed-off-by: Chris Wright +Signed-off-by: Greg Kroah-Hartman --- arch/sparc64/kernel/pci_iommu.c | 4 - diff --git a/queue-2.6.16/usb-whiteheat-fix-firmware-spurious-errors.patch b/queue-2.6.16/usb-whiteheat-fix-firmware-spurious-errors.patch index 90aed9df233..143125c32b3 100644 --- a/queue-2.6.16/usb-whiteheat-fix-firmware-spurious-errors.patch +++ b/queue-2.6.16/usb-whiteheat-fix-firmware-spurious-errors.patch @@ -15,8 +15,8 @@ Signed-off-by: Greg Kroah-Hartman drivers/usb/serial/whiteheat.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) ---- gregkh-2.6.orig/drivers/usb/serial/whiteheat.c -+++ gregkh-2.6/drivers/usb/serial/whiteheat.c +--- linux-2.6.16.20.orig/drivers/usb/serial/whiteheat.c ++++ linux-2.6.16.20/drivers/usb/serial/whiteheat.c @@ -388,7 +388,7 @@ static int whiteheat_attach (struct usb_ if (ret) { err("%s: Couldn't send command [%d]", serial->type->description, ret);