[git pull] VFS patches

[git pull] VFS patches

[Al Viro]

	Tonight's pile: getting ->umount_begin() back to sanity, race fixes
around execve(), general cleanups.  Please, pull from

git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6.git/ for-linus

Shortlog:

Al Viro (5):
      restore sane ->umount_begin() API
      close race in unshare_files()
      sanitize handling of shared descriptor tables in failing execve()
      sanitize unshare_files/reset_files_struct
      sanitize locate_fd()

Igor Mammedov (1):
      cifs: timeout dfs automounts +little fix.

Diffstat:

 fs/9p/vfs_super.c      |    7 ++---
 fs/binfmt_elf.c        |   23 +------------------
 fs/binfmt_misc.c       |   18 +--------------
 fs/binfmt_som.c        |   10 --------
 fs/cifs/cifs_dfs_ref.c |   29 +++++++++++++++++------
 fs/cifs/cifsfs.c       |   10 ++-----
 fs/cifs/cifsproto.h    |    8 +-----
 fs/exec.c              |   28 ++++++++++-------------
 fs/fcntl.c             |   40 +++++++++++---------------------
 fs/fuse/inode.c        |    5 +--
 fs/namespace.c         |    9 ++++---
 fs/nfs/super.c         |    8 ++----
 include/linux/file.h   |    3 +-
 include/linux/fs.h     |    5 +---
 kernel/exit.c          |    6 +---
 kernel/fork.c          |   58 +++++++++++++++++++----------------------------
 16 files changed, 95 insertions(+), 172 deletions(-)

[fix] Re: [git pull] VFS patches

[Al Viro]

	Arrgghhh...

Sorry about that, I'd been sure I'd folded that one, but it actually got
lost.  Please apply - that breaks execve().

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---

diff --git a/kernel/fork.c b/kernel/fork.c
index 4df3949..a647542 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1788,7 +1788,7 @@ bad_unshare_out:
 int unshare_files(struct files_struct **displaced)
 {
 	struct task_struct *task = current;
-	struct files_struct *copy;
+	struct files_struct *copy = NULL;
 	int error;
 
 	error = unshare_fd(CLONE_FILES, &copy);

Re: [git pull] VFS patches

[Ingo Molnar]

* Al Viro <viro@ZenIV.linux.org.uk> wrote:

>      sanitize unshare_files/reset_files_struct

today's -git started crashing on me in randconfig boot tests:

[    0.124077] BUG: unable to handle kernel NULL pointer dereference at 00000296
[    0.126981] IP: [<c01217fb>] put_files_struct+0xb/0xa0
[    0.128981] *pdpt = 0000000000f73001 *pde = 0000000000000000
[    0.131231] Oops: 0002 [#1] PREEMPT

crash log and config at:

  http://redhat.com/~mingo/misc/log-Sat_Apr_26_11_20_58_CEST_2008.bad
  http://redhat.com/~mingo/misc/config-Sat_Apr_26_11_20_58_CEST_2008.bad

bisected it down to:

| 3b1253880b7a9e6db54b943b2d40bcf2202f58ab is first bad commit
| commit 3b1253880b7a9e6db54b943b2d40bcf2202f58ab
| Author: Al Viro <viro@zeniv.linux.org.uk>
| Date:   Tue Apr 22 05:31:30 2008 -0400
|
|     [PATCH] sanitize unshare_files/reset_files_struct

find the git-bisect log output below.

	Ingo

----------------->
git-bisect start
# bad: [b1721d0da266b4af8cb4419473b4ca36206ab200] v4l/dvb: add statics to avoid multiple definitions
git-bisect bad b1721d0da266b4af8cb4419473b4ca36206ab200
# bad: [cf2ec150fc5f59dbf2260863225c79aa0cfc46af] Merge branch 'for-linus' of git://linux-nfs.org/~bfields/linux
git-bisect bad cf2ec150fc5f59dbf2260863225c79aa0cfc46af
# good: [cf2ec150fc5f59dbf2260863225c79aa0cfc46af] Merge branch 'for-linus' of git://linux-nfs.org/~bfields/linux
git-bisect good cf2ec150fc5f59dbf2260863225c79aa0cfc46af
# good: [cf2ec150fc5f59dbf2260863225c79aa0cfc46af] Merge branch 'for-linus' of git://linux-nfs.org/~bfields/linux
git-bisect good cf2ec150fc5f59dbf2260863225c79aa0cfc46af
# bad: [b1721d0da266b4af8cb4419473b4ca36206ab200] v4l/dvb: add statics to avoid multiple definitions
git-bisect bad b1721d0da266b4af8cb4419473b4ca36206ab200
# good: [ad5e1b0f5d913d2c8bddfba81049cc07228da1a6] Merge git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild
git-bisect good ad5e1b0f5d913d2c8bddfba81049cc07228da1a6
# good: [4953d141dc5db748475001cfbfdcc42e66cf900e] usb: don't update devnum for wusb devices
git-bisect good 4953d141dc5db748475001cfbfdcc42e66cf900e
# good: [bf16ae250999e76aff0491a362073a552db965fc] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86-pat
git-bisect good bf16ae250999e76aff0491a362073a552db965fc
# good: [6ec859e1b21ab42bfc36bb3b51db275480165c8a] [POWERPC] celleb: Consolidate io-workarounds code
git-bisect good 6ec859e1b21ab42bfc36bb3b51db275480165c8a
# good: [f360bf0015e5b3e82be61c68e0863b3f98852ee2] [POWERPC] Add zImage.iseries to arch/powerpc/boot/.gitignore
git-bisect good f360bf0015e5b3e82be61c68e0863b3f98852ee2
# good: [6e18933f2b6156d0a0ec9d5522ab6a6033cf7241] Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
git-bisect good 6e18933f2b6156d0a0ec9d5522ab6a6033cf7241
# bad: [f8f95702f0c4529b0f59488f4509608f0c160e77] sanitize locate_fd()
git-bisect bad f8f95702f0c4529b0f59488f4509608f0c160e77
# good: [6b335d9c80d7f3c2a3f6545f664ae9007a0f3821] close race in unshare_files()
git-bisect good 6b335d9c80d7f3c2a3f6545f664ae9007a0f3821
# bad: [3b1253880b7a9e6db54b943b2d40bcf2202f58ab] sanitize unshare_files/reset_files_struct
git-bisect bad 3b1253880b7a9e6db54b943b2d40bcf2202f58ab
# good: [fd8328be874f4190a811c58cd4778ec2c74d2c05] sanitize handling of shared descriptor tables in failing execve()
git-bisect good fd8328be874f4190a811c58cd4778ec2c74d2c05

Re: [git pull] VFS patches

[Matthew Wilcox]

On Sat, Apr 26, 2008 at 01:01:39PM +0200, Ingo Molnar wrote:
> 
> * Al Viro <viro@ZenIV.linux.org.uk> wrote:
> 
> >      sanitize unshare_files/reset_files_struct
> 
> today's -git started crashing on me in randconfig boot tests:
> 
> [    0.124077] BUG: unable to handle kernel NULL pointer dereference at 00000296
> [    0.126981] IP: [<c01217fb>] put_files_struct+0xb/0xa0
> [    0.128981] *pdpt = 0000000000f73001 *pde = 0000000000000000
> [    0.131231] Oops: 0002 [#1] PREEMPT

Did you have http://lkml.org/lkml/2008/4/26/1 applied?

-- 
Intel are signing my paycheques ... these opinions are still mine
"Bill, look, we understand that you're interested in selling us this
operating system, but compare it to ours.  We can't possibly take such
a retrograde step."

Re: [git pull] VFS patches

[Ingo Molnar]

* Matthew Wilcox <matthew@wil.cx> wrote:

> On Sat, Apr 26, 2008 at 01:01:39PM +0200, Ingo Molnar wrote:
> > 
> > * Al Viro <viro@ZenIV.linux.org.uk> wrote:
> > 
> > >      sanitize unshare_files/reset_files_struct
> > 
> > today's -git started crashing on me in randconfig boot tests:
> > 
> > [    0.124077] BUG: unable to handle kernel NULL pointer dereference at 00000296
> > [    0.126981] IP: [<c01217fb>] put_files_struct+0xb/0xa0
> > [    0.128981] *pdpt = 0000000000f73001 *pde = 0000000000000000
> > [    0.131231] Oops: 0002 [#1] PREEMPT
> 
> Did you have http://lkml.org/lkml/2008/4/26/1 applied?

not yet - will try that. (but i suspect it will fix it)

	Ingo

Re: [git pull] VFS patches

[Ingo Molnar]

* Ingo Molnar <mingo@elte.hu> wrote:

> > Did you have http://lkml.org/lkml/2008/4/26/1 applied?
> 
> not yet - will try that. (but i suspect it will fix it)

yep, that did the trick - thanks.

	Ingo

Re: [fix] [git pull] VFS patches

[Jean Delvare]

On Sat, 26 Apr 2008 05:25:00 +0100, Al Viro wrote:
> 	Arrgghhh...
> 
> Sorry about that, I'd been sure I'd folded that one, but it actually got
> lost.  Please apply - that breaks execve().
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---
> 
> diff --git a/kernel/fork.c b/kernel/fork.c
> index 4df3949..a647542 100644
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
> @@ -1788,7 +1788,7 @@ bad_unshare_out:
>  int unshare_files(struct files_struct **displaced)
>  {
>  	struct task_struct *task = current;
> -	struct files_struct *copy;
> +	struct files_struct *copy = NULL;
>  	int error;
>  
>  	error = unshare_fd(CLONE_FILES, &copy);

This apparently prevents the general protection faults I was hitting
with 2.6.25-git8. Linus, please apply Al's fixup patch quickly, as it
will probably hit pretty much everyone trying it.

Thanks,
-- 
Jean Delvare

Re: [git pull] VFS patches

[Mike Galbraith]

On Sat, 2008-04-26 at 07:35 -0600, Matthew Wilcox wrote:
> On Sat, Apr 26, 2008 at 01:01:39PM +0200, Ingo Molnar wrote:
> > 
> > * Al Viro <viro@ZenIV.linux.org.uk> wrote:
> > 
> > >      sanitize unshare_files/reset_files_struct
> > 
> > today's -git started crashing on me in randconfig boot tests:
> > 
> > [    0.124077] BUG: unable to handle kernel NULL pointer dereference at 00000296
> > [    0.126981] IP: [<c01217fb>] put_files_struct+0xb/0xa0
> > [    0.128981] *pdpt = 0000000000f73001 *pde = 0000000000000000
> > [    0.131231] Oops: 0002 [#1] PREEMPT
> 
> Did you have http://lkml.org/lkml/2008/4/26/1 applied?

(Al: fixed my crash report as well)

Re: [git pull] VFS patches

[hooanon05]

Hello Al,

I have a question about the commit you made last month.
When an application issues sys_oldumount(), ->umount_begin() will not be
called because the flag is 0. Is this behaviour intended?
And it it better to put the paranthesis around (flags & MNT_FORCE).


Junjiro Okajima


Al Viro:
> 	Tonight's pile: getting ->umount_begin() back to sanity, race fixes
> around execve(), general cleanups.  Please, pull from
> 
> git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6.git/ for-linus
> 
> Shortlog:
> 
> Al Viro (5):
>       restore sane ->umount_begin() API
	:::
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 0505fb6..f48f981 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -1061,10 +1061,11 @@ static int do_umount(struct vfsmount *mnt, int flags)
>  	 * about for the moment.
>  	 */
>  
> -	lock_kernel();
> -	if (sb->s_op->umount_begin)
> -		sb->s_op->umount_begin(mnt, flags);
> -	unlock_kernel();
> +	if (flags & MNT_FORCE && sb->s_op->umount_begin) {
> +		lock_kernel();
> +		sb->s_op->umount_begin(sb);
> +		unlock_kernel();
> +	}
>  
>  	/*
>  	 * No sense to grab the lock for this test, but test itself looks