From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: stable-review@kernel.org, torvalds@linux-foundation.org,
akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk,
Al Viro <viro@zeniv.linux.org.uk>,
Greg Kroah-Hartman <gregkh@suse.de>
Subject: [25/74] Fix remount races with symlink handling in affs
Date: Thu, 04 Feb 2010 09:11:56 -0800 [thread overview]
Message-ID: <20100204171502.712906861@linux.site> (raw)
In-Reply-To: <20100204171850.GA16539@kroah.com>
2.6.32-stable review patch. If anyone has any objections, please let us know.
------------------
From: Al Viro <viro@zeniv.linux.org.uk>
commit 29333920a5a46edcc9b728e2cf0134d5a9b516ee upstream.
A couple of fields in affs_sb_info is used in follow_link() and
symlink() for handling AFFS "absolute" symlinks. Need locking
against affs_remount() updates.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/affs/affs.h | 2 +-
fs/affs/namei.c | 7 +++++--
fs/affs/super.c | 17 ++++++++++++++---
fs/affs/symlink.c | 7 +++++--
4 files changed, 25 insertions(+), 8 deletions(-)
--- a/fs/affs/affs.h
+++ b/fs/affs/affs.h
@@ -106,8 +106,8 @@ struct affs_sb_info {
u32 s_last_bmap;
struct buffer_head *s_bmap_bh;
char *s_prefix; /* Prefix for volumes and assigns. */
- int s_prefix_len; /* Length of prefix. */
char s_volume[32]; /* Volume prefix for absolute symlinks. */
+ spinlock_t symlink_lock; /* protects the previous two */
};
#define SF_INTL 0x0001 /* International filesystem. */
--- a/fs/affs/namei.c
+++ b/fs/affs/namei.c
@@ -341,10 +341,13 @@ affs_symlink(struct inode *dir, struct d
p = (char *)AFFS_HEAD(bh)->table;
lc = '/';
if (*symname == '/') {
+ struct affs_sb_info *sbi = AFFS_SB(sb);
while (*symname == '/')
symname++;
- while (AFFS_SB(sb)->s_volume[i]) /* Cannot overflow */
- *p++ = AFFS_SB(sb)->s_volume[i++];
+ spin_lock(&sbi->symlink_lock);
+ while (sbi->s_volume[i]) /* Cannot overflow */
+ *p++ = sbi->s_volume[i++];
+ spin_unlock(&sbi->symlink_lock);
}
while (i < maxlen && (c = *symname++)) {
if (c == '.' && lc == '/' && *symname == '.' && symname[1] == '/') {
--- a/fs/affs/super.c
+++ b/fs/affs/super.c
@@ -221,8 +221,6 @@ parse_options(char *options, uid_t *uid,
*mount_opts |= SF_MUFS;
break;
case Opt_prefix:
- /* Free any previous prefix */
- kfree(*prefix);
*prefix = match_strdup(&args[0]);
if (!*prefix)
return 0;
@@ -311,6 +309,7 @@ static int affs_fill_super(struct super_
return -ENOMEM;
sb->s_fs_info = sbi;
mutex_init(&sbi->s_bmlock);
+ spin_lock_init(&sbi->symlink_lock);
if (!parse_options(data,&uid,&gid,&i,&reserved,&root_block,
&blocksize,&sbi->s_prefix,
@@ -518,14 +517,18 @@ affs_remount(struct super_block *sb, int
unsigned long mount_flags;
int res = 0;
char *new_opts = kstrdup(data, GFP_KERNEL);
+ char volume[32];
+ char *prefix = NULL;
pr_debug("AFFS: remount(flags=0x%x,opts=\"%s\")\n",*flags,data);
*flags |= MS_NODIRATIME;
+ memcpy(volume, sbi->s_volume, 32);
if (!parse_options(data, &uid, &gid, &mode, &reserved, &root_block,
- &blocksize, &sbi->s_prefix, sbi->s_volume,
+ &blocksize, &prefix, volume,
&mount_flags)) {
+ kfree(prefix);
kfree(new_opts);
return -EINVAL;
}
@@ -536,6 +539,14 @@ affs_remount(struct super_block *sb, int
sbi->s_mode = mode;
sbi->s_uid = uid;
sbi->s_gid = gid;
+ /* protect against readers */
+ spin_lock(&sbi->symlink_lock);
+ if (prefix) {
+ kfree(sbi->s_prefix);
+ sbi->s_prefix = prefix;
+ }
+ memcpy(sbi->s_volume, volume, 32);
+ spin_unlock(&sbi->symlink_lock);
if ((*flags & MS_RDONLY) == (sb->s_flags & MS_RDONLY)) {
unlock_kernel();
--- a/fs/affs/symlink.c
+++ b/fs/affs/symlink.c
@@ -20,7 +20,6 @@ static int affs_symlink_readpage(struct
int i, j;
char c;
char lc;
- char *pf;
pr_debug("AFFS: follow_link(ino=%lu)\n",inode->i_ino);
@@ -32,11 +31,15 @@ static int affs_symlink_readpage(struct
j = 0;
lf = (struct slink_front *)bh->b_data;
lc = 0;
- pf = AFFS_SB(inode->i_sb)->s_prefix ? AFFS_SB(inode->i_sb)->s_prefix : "/";
if (strchr(lf->symname,':')) { /* Handle assign or volume name */
+ struct affs_sb_info *sbi = AFFS_SB(inode->i_sb);
+ char *pf;
+ spin_lock(&sbi->symlink_lock);
+ pf = sbi->s_prefix ? sbi->s_prefix : "/";
while (i < 1023 && (c = pf[i]))
link[i++] = c;
+ spin_unlock(&sbi->symlink_lock);
while (i < 1023 && lf->symname[j] != ':')
link[i++] = lf->symname[j++];
if (i < 1023)
next prev parent reply other threads:[~2010-02-04 17:22 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-04 17:18 [00/74] 2.6.32.8-stable review Greg KH
2010-02-04 17:11 ` [01/74] [SCSI] scsi_lib: Fix bug in completion of bidi commands Greg KH
2010-02-04 17:11 ` [02/74] [SCSI] mptsas: Fix issue with chain pools allocation on katmai Greg KH
2010-02-04 17:11 ` [03/74] mm: add new read_cache_page_gfp() helper function Greg KH
2010-02-04 17:11 ` [04/74] drm/i915: Selectively enable self-reclaim Greg KH
2010-02-04 17:11 ` [05/74] firewire: ohci: fix crashes with TSB43AB23 on 64bit systems Greg KH
2010-02-04 17:11 ` [06/74] S390: fix single stepped svcs with TRACE_IRQFLAGS=y Greg KH
2010-02-04 17:11 ` [07/74] x86: Set hotpluggable nodes in nodes_possible_map Greg KH
2010-02-04 17:11 ` [08/74] x86: Remove "x86 CPU features in debugfs" (CONFIG_X86_CPU_DEBUG) Greg KH
2010-02-04 17:11 ` [09/74] libata: retry FS IOs even if it has failed with AC_ERR_INVALID Greg KH
2010-02-04 17:11 ` [10/74] [S390] zcrypt: Do not remove coprocessor for error 8/72 Greg KH
2010-02-04 17:11 ` [11/74] [S390] dasd: fix possible NULL pointer errors Greg KH
2010-02-11 23:15 ` Bastian Blank
2010-02-11 23:38 ` Greg KH
2010-02-04 17:11 ` [12/74] ACPI: Add a generic API for _OSC -v2 Greg KH
2010-02-04 17:11 ` [13/74] ACPI: Add platform-wide _OSC support Greg KH
2010-02-04 17:11 ` [14/74] ACPI: fix OSC regression that caused aer and pciehp not to load Greg KH
2010-02-04 17:11 ` [15/74] ACPI: Advertise to BIOS in _OSC: _OST on _PPC changes Greg KH
2010-02-04 17:11 ` [16/74] UBI: fix volume creation input checking Greg KH
2010-02-04 17:11 ` [17/74] e1000: enhance frame fragment detection Greg KH
2010-02-04 17:11 ` [18/74] e1000e: " Greg KH
2010-02-04 17:11 ` [19/74] e1000/e1000e: dont use small hardware rx buffers Greg KH
2010-02-04 17:11 ` [20/74] drm/i915: Reload hangcheck timer too for Ironlake Greg KH
2010-02-04 17:11 ` [21/74] Fix a leak in affs_fill_super() Greg KH
2010-02-04 17:11 ` [22/74] Fix failure exits in bfs_fill_super() Greg KH
2010-02-04 17:11 ` [23/74] fix oops in fs/9p late mount failure Greg KH
2010-02-04 17:11 ` [24/74] fix leak in romfs_fill_super() Greg KH
2010-02-04 17:11 ` Greg KH [this message]
2010-02-04 17:11 ` [26/74] fix affs parse_options() Greg KH
2010-02-04 17:11 ` [27/74] Fix failure exit in ipathfs Greg KH
2010-02-04 17:11 ` [28/74] mm: fix migratetype bug which slowed swapping Greg KH
2010-02-04 17:12 ` [29/74] FDPIC: Respect PT_GNU_STACK exec protection markings when creating NOMMU stack Greg KH
2010-02-04 17:12 ` [30/74] Split flush_old_exec into two functions Greg KH
2010-02-04 17:12 ` [31/74] sparc: TIF_ABI_PENDING bit removal Greg KH
2010-02-04 17:12 ` [32/74] x86: get rid of the insane TIF_ABI_PENDING bit Greg KH
2010-02-04 17:12 ` [33/74] Input: winbond-cir - remove dmesg spam Greg KH
2010-02-04 17:12 ` [34/74] x86: Disable HPET MSI on ATI SB700/SB800 Greg KH
2010-02-04 17:12 ` [35/74] iwlwifi: set default aggregation frame count limit to 31 Greg KH
2010-02-04 17:12 ` [36/74] drm/i915: only enable hotplug for detected outputs Greg KH
2010-02-04 17:12 ` [37/74] firewire: core: add_descriptor size check Greg KH
2010-02-04 17:12 ` [38/74] SECURITY: selinux, fix update_rlimit_cpu parameter Greg KH
2010-02-04 17:12 ` [39/74] regulator: Specify REGULATOR_CHANGE_STATUS for WM835x LED constraints Greg KH
2010-02-04 17:12 ` [40/74] x86: Add Dell OptiPlex 760 reboot quirk Greg KH
2010-02-04 17:12 ` [41/74] x86: Add quirk for Intel DG45FC board to avoid low memory corruption Greg KH
2010-02-04 17:12 ` [42/74] x86/amd-iommu: Fix possible integer overflow Greg KH
2010-02-04 17:12 ` [43/74] clocksource: fix compilation if no GENERIC_TIME Greg KH
2010-02-04 17:12 ` [44/74] tcp: update the netstamp_needed counter when cloning sockets Greg KH
2010-02-04 17:12 ` [45/74] sky2: Fix oops in sky2_xmit_frame() after TX timeout Greg KH
2010-02-04 17:12 ` [46/74] net: restore ip source validation Greg KH
2010-02-05 10:16 ` Sven Joachim
2010-02-04 17:12 ` [47/74] af_packet: Dont use skb after dev_queue_xmit() Greg KH
2010-02-04 17:12 ` [48/74] ax25: netrom: rose: Fix timer oopses Greg KH
2010-02-04 17:12 ` [49/74] KVM: allow userspace to adjust kvmclock offset Greg KH
2010-02-04 17:12 ` [50/74] oprofile/x86: add Xeon 7500 series support Greg KH
2010-02-04 17:12 ` [51/74] oprofile/x86: fix crash when profiling more than 28 events Greg KH
2010-02-04 17:12 ` [52/74] libata: retry link resume if necessary Greg KH
2010-02-04 17:12 ` [53/74] mm: percpu-vmap fix RCU list walking Greg KH
2010-02-04 17:12 ` Greg KH
2010-02-04 17:12 ` [54/74] mm: purge fragmented percpu vmap blocks Greg KH
2010-02-04 17:12 ` Greg KH
2010-02-04 17:12 ` [55/74] block: fix bio_add_page for non trivial merge_bvec_fn case Greg KH
2010-02-04 17:12 ` [56/74] Fix flush_old_exec()/setup_new_exec() split Greg KH
2010-02-04 17:12 ` [57/74] random: drop weird m_time/a_time manipulation Greg KH
2010-02-04 17:12 ` [58/74] random: Remove unused inode variable Greg KH
2010-02-04 17:12 ` [59/74] block: fix bugs in bio-integrity mempool usage Greg KH
2010-02-04 17:12 ` [60/74] usb: r8a66597-hdc disable interrupts fix Greg KH
2010-02-04 17:12 ` [61/74] connector: Delete buggy notification code Greg KH
2010-02-04 17:12 ` [62/74] be2net: Bug fix to support newer generation of BE ASIC Greg KH
2010-02-04 17:12 ` [63/74] be2net: Fix memset() arg ordering Greg KH
2010-02-04 17:12 ` [64/74] mm: flush dcache before writing into page to avoid alias Greg KH
2010-02-04 17:12 ` Greg KH
2010-02-04 17:12 ` [65/74] mac80211: fix NULL pointer dereference when ftrace is enabled Greg KH
2010-02-04 17:12 ` [66/74] imxfb: correct location of callbacks in suspend and resume Greg KH
2010-02-04 17:12 ` [67/74] mx3fb: some debug and initialisation fixes Greg KH
2010-02-04 17:12 ` [68/74] starfire: clean up properly if firmware loading fails Greg KH
2010-02-04 17:12 ` [69/74] kernel/cred.c: use kmem_cache_free Greg KH
2010-02-04 17:12 ` [70/74] uartlite: fix crash when using as console Greg KH
2010-02-04 17:12 ` [71/74] pktcdvd: removing device does not remove its sysfs dir Greg KH
2010-02-04 17:12 ` [72/74] ath9k: fix eeprom INI values override for 2GHz-only cards Greg KH
2010-02-04 17:12 ` [73/74] ath9k: fix beacon slot/buffer leak Greg KH
2010-02-04 17:12 ` [74/74] powerpc: TIF_ABI_PENDING bit removal Greg KH
2010-02-05 7:36 ` [Stable-review] [00/74] 2.6.32.8-stable review Nikola Ciprich
2010-02-05 17:12 ` Greg KH
2010-02-07 10:26 ` Nikola Ciprich
2010-02-05 16:53 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100204171502.712906861@linux.site \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=stable-review@kernel.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.