From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Fri, 22 Feb 2008 20:42:31 +0000 (-0800)
Subject: more .22 patches
X-Git-Tag: v2.6.22.19~18
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=dbcd240ab6eed4af3437a2d53d5115b804c8455d;p=thirdparty%2Fkernel%2Fstable-queue.git

more .22 patches
---

diff --git a/queue-2.6.22/knfsd-query-filesystem-for-nfsv4-getattr-of-fattr4_maxname.patch b/queue-2.6.22/knfsd-query-filesystem-for-nfsv4-getattr-of-fattr4_maxname.patch
new file mode 100644
index 00000000000..b30b7aaf500
--- /dev/null
+++ b/queue-2.6.22/knfsd-query-filesystem-for-nfsv4-getattr-of-fattr4_maxname.patch
@@ -0,0 +1,43 @@
+From stable-bounces@linux.kernel.org Thu Feb  7 12:05:04 2008
+From: J. Bruce Fields <bfields@citi.umich.edu>
+Date: Thu, 7 Feb 2008 21:03:57 +0100
+Subject: knfsd: query filesystem for NFSv4 getattr of FATTR4_MAXNAME
+Message-ID: <6101e8c40802071203r69a1fd9fge2b65c611e5a8e71@mail.gmail.com>
+Content-Disposition: inline
+
+From: J. Bruce Fields <bfields@citi.umich.edu>
+
+mainline: a16e92edcd0a2846455a30823e1bac964e743baa
+
+Without this we always return 2^32-1 as the the maximum namelength.
+
+Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
+Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+CC: Oliver Pinter <oliver.pntr@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/nfsd/nfs4xdr.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/fs/nfsd/nfs4xdr.c
++++ b/fs/nfsd/nfs4xdr.c
+@@ -1453,7 +1453,8 @@ nfsd4_encode_fattr(struct svc_fh *fhp, s
+ 	err = vfs_getattr(exp->ex_mnt, dentry, &stat);
+ 	if (err)
+ 		goto out_nfserr;
+-	if ((bmval0 & (FATTR4_WORD0_FILES_FREE | FATTR4_WORD0_FILES_TOTAL)) ||
++	if ((bmval0 & (FATTR4_WORD0_FILES_FREE | FATTR4_WORD0_FILES_TOTAL |
++			FATTR4_WORD0_MAXNAME)) ||
+ 	    (bmval1 & (FATTR4_WORD1_SPACE_AVAIL | FATTR4_WORD1_SPACE_FREE |
+ 		       FATTR4_WORD1_SPACE_TOTAL))) {
+ 		err = vfs_statfs(dentry, &statfs);
+@@ -1699,7 +1700,7 @@ out_acl:
+ 	if (bmval0 & FATTR4_WORD0_MAXNAME) {
+ 		if ((buflen -= 4) < 0)
+ 			goto out_resource;
+-		WRITE32(~(u32) 0);
++		WRITE32(statfs.f_namelen);
+ 	}
+ 	if (bmval0 & FATTR4_WORD0_MAXREAD) {
+ 		if ((buflen -= 8) < 0)
diff --git a/queue-2.6.22/nfs-fix-an-oops-in-encode_lookup.patch b/queue-2.6.22/nfs-fix-an-oops-in-encode_lookup.patch
new file mode 100644
index 00000000000..13c508718bc
--- /dev/null
+++ b/queue-2.6.22/nfs-fix-an-oops-in-encode_lookup.patch
@@ -0,0 +1,120 @@
+From stable-bounces@linux.kernel.org Thu Feb  7 12:04:53 2008
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Thu, 7 Feb 2008 21:03:49 +0100
+Subject: NFS: Fix an Oops in encode_lookup()
+Message-ID: <6101e8c40802071203g2118a4el192726164ee11fd0@mail.gmail.com>
+Content-Disposition: inline
+
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+mainline: 54af3bb543c071769141387a42deaaab5074da55
+
+It doesn't look as if the NFS file name limit is being initialised correctly
+in the struct nfs_server. Make sure that we limit whatever is being set in
+nfs_probe_fsinfo() and nfs_init_server().
+
+Also ensure that readdirplus and nfs4_path_walk respect our file name
+limits.
+
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Acked-by: Neil Brown <neilb@suse.de>
+CC: Oliver Pinter <oliver.pntr@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/nfs/client.c  |   29 +++++++++++++++++++----------
+ fs/nfs/dir.c     |    2 ++
+ fs/nfs/getroot.c |    3 +++
+ 3 files changed, 24 insertions(+), 10 deletions(-)
+
+--- a/fs/nfs/client.c
++++ b/fs/nfs/client.c
+@@ -611,16 +611,6 @@ static int nfs_init_server(struct nfs_se
+ 	server->namelen  = data->namlen;
+ 	/* Create a client RPC handle for the NFSv3 ACL management interface */
+ 	nfs_init_server_aclclient(server);
+-	if (clp->cl_nfsversion == 3) {
+-		if (server->namelen == 0 || server->namelen > NFS3_MAXNAMLEN)
+-			server->namelen = NFS3_MAXNAMLEN;
+-		if (!(data->flags & NFS_MOUNT_NORDIRPLUS))
+-			server->caps |= NFS_CAP_READDIRPLUS;
+-	} else {
+-		if (server->namelen == 0 || server->namelen > NFS2_MAXNAMLEN)
+-			server->namelen = NFS2_MAXNAMLEN;
+-	}
+-
+ 	dprintk("<-- nfs_init_server() = 0 [new %p]\n", clp);
+ 	return 0;
+ 
+@@ -820,6 +810,16 @@ struct nfs_server *nfs_create_server(con
+ 	error = nfs_probe_fsinfo(server, mntfh, &fattr);
+ 	if (error < 0)
+ 		goto error;
++	if (server->nfs_client->rpc_ops->version == 3) {
++		if (server->namelen == 0 || server->namelen > NFS3_MAXNAMLEN)
++			server->namelen = NFS3_MAXNAMLEN;
++		if (!(data->flags & NFS_MOUNT_NORDIRPLUS))
++			server->caps |= NFS_CAP_READDIRPLUS;
++	} else {
++		if (server->namelen == 0 || server->namelen > NFS2_MAXNAMLEN)
++			server->namelen = NFS2_MAXNAMLEN;
++	}
++
+ 	if (!(fattr.valid & NFS_ATTR_FATTR)) {
+ 		error = server->nfs_client->rpc_ops->getattr(server, mntfh, &fattr);
+ 		if (error < 0) {
+@@ -1010,6 +1010,9 @@ struct nfs_server *nfs4_create_server(co
+ 	if (error < 0)
+ 		goto error;
+ 
++	if (server->namelen == 0 || server->namelen > NFS4_MAXNAMLEN)
++		server->namelen = NFS4_MAXNAMLEN;
++
+ 	BUG_ON(!server->nfs_client);
+ 	BUG_ON(!server->nfs_client->rpc_ops);
+ 	BUG_ON(!server->nfs_client->rpc_ops->file_inode_ops);
+@@ -1082,6 +1085,9 @@ struct nfs_server *nfs4_create_referral_
+ 	if (error < 0)
+ 		goto error;
+ 
++	if (server->namelen == 0 || server->namelen > NFS4_MAXNAMLEN)
++		server->namelen = NFS4_MAXNAMLEN;
++
+ 	dprintk("Referral FSID: %llx:%llx\n",
+ 		(unsigned long long) server->fsid.major,
+ 		(unsigned long long) server->fsid.minor);
+@@ -1141,6 +1147,9 @@ struct nfs_server *nfs_clone_server(stru
+ 	if (error < 0)
+ 		goto out_free_server;
+ 
++	if (server->namelen == 0 || server->namelen > NFS4_MAXNAMLEN)
++		server->namelen = NFS4_MAXNAMLEN;
++
+ 	dprintk("Cloned FSID: %llx:%llx\n",
+ 		(unsigned long long) server->fsid.major,
+ 		(unsigned long long) server->fsid.minor);
+--- a/fs/nfs/dir.c
++++ b/fs/nfs/dir.c
+@@ -1162,6 +1162,8 @@ static struct dentry *nfs_readdir_lookup
+ 	}
+ 	if (!desc->plus || !(entry->fattr->valid & NFS_ATTR_FATTR))
+ 		return NULL;
++	if (name.len > NFS_SERVER(dir)->namelen)
++		return NULL;
+ 	/* Note: caller is already holding the dir->i_mutex! */
+ 	dentry = d_alloc(parent, &name);
+ 	if (dentry == NULL)
+--- a/fs/nfs/getroot.c
++++ b/fs/nfs/getroot.c
+@@ -175,6 +175,9 @@ next_component:
+ 		path++;
+ 	name.len = path - (const char *) name.name;
+ 
++	if (name.len > NFS4_MAXNAMLEN)
++		return -ENAMETOOLONG;
++
+ eat_dot_dir:
+ 	while (*path == '/')
+ 		path++;
diff --git a/queue-2.6.22/series b/queue-2.6.22/series
index b1617b76c05..aa14747612f 100644
--- a/queue-2.6.22/series
+++ b/queue-2.6.22/series
@@ -15,3 +15,5 @@ via-velocity-don-t-oops-on-mtu-change.patch
 knfsd-fix-spurious-einval-errors-on-first-access-of-new-filesystem.patch
 nfs-fix-nfs_reval_fsid.patch
 nfsv2-v3-fix-a-memory-leak-when-using-onolock.patch
+nfs-fix-an-oops-in-encode_lookup.patch
+knfsd-query-filesystem-for-nfsv4-getattr-of-fattr4_maxname.patch