Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Jul 16, 2012
  1. @colincross

    Merge commit 'v3.4.5' into android-3.4

    colincross authored
    Change-Id: I0c7d106d2de75d0e40f167245ad4cc37e1556bb0
  2. @gregkh

    ocfs2: fix NULL pointer dereference in __ocfs2_change_file_space()

    Luis Henriques authored gregkh committed
    commit a4e08d0 upstream.
    As ocfs2_fallocate() will invoke __ocfs2_change_file_space() with a NULL
    as the first parameter (file), it may trigger a NULL pointer dereferrence
    due to a missing check.
    Signed-off-by: Luis Henriques <>
    Reported-by: Bret Towe <>
    Tested-by: Bret Towe <>
    Cc: Sunil Mushran <>
    Acked-by: Joel Becker <>
    Acked-by: Mark Fasheh <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  3. @lliubbo @gregkh

    fs: ramfs: file-nommu: add SetPageUptodate()

    lliubbo authored gregkh committed
    commit fea9f71 upstream.
    There is a bug in the below scenario for !CONFIG_MMU:
     1. create a new file
     2. mmap the file and write to it
     3. read the file can't get the correct value
      sys_read() -> generic_file_aio_read() -> simple_readpage() -> clear_page()
    which causes the page to be zeroed.
    Add SetPageUptodate() to ramfs_nommu_expand_for_mapping() so that
    generic_file_aio_read() do not call simple_readpage().
    Signed-off-by: Bob Liu <>
    Cc: Hugh Dickins <>
    Cc: David Howells <>
    Cc: Geert Uytterhoeven <>
    Cc: Greg Ungerer <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  4. @gregkh

    splice: fix racy pipe->buffers uses

    Eric Dumazet authored gregkh committed
    commit 047fe36 upstream.
    Dave Jones reported a kernel BUG at mm/slub.c:3474! triggered
    by splice_shrink_spd() called from vmsplice_to_pipe()
    commit 35f3d14 (pipe: add support for shrinking and growing pipes)
    added capability to adjust pipe->buffers.
    Problem is some paths don't hold pipe mutex and assume pipe->buffers
    doesn't change for their duration.
    Fix this by adding nr_pages_max field in struct splice_pipe_desc, and
    use it in place of pipe->buffers where appropriate.
    splice_shrink_spd() loses its struct pipe_inode_info argument.
    Reported-by: Dave Jones <>
    Signed-off-by: Eric Dumazet <>
    Cc: Jens Axboe <>
    Cc: Alexander Viro <>
    Cc: Tom Herbert <>
    Tested-by: Dave Jones <>
    Signed-off-by: Jens Axboe <>
    [bwh: Backported to 3.2:
     - Adjust context in vmsplice_to_pipe()
     - Update one more call to splice_shrink_spd(), from skb_splice_bits()]
    Signed-off-by: Ben Hutchings <>
    Signed-off-by: Greg Kroah-Hartman <>
  5. @gregkh

    NFS: hard-code init_net for NFS callback transports

    Stanislav Kinsbursky authored gregkh committed
    upstream commit 12918b1.
    In case of destroying mount namespace on child reaper exit, nsproxy is zeroed
    to the point already. So, dereferencing of it is invalid.
    This patch hard-code "init_net" for all network namespace references for NFS
    callback services. This will be fixed with proper NFS callback
    Signed-off-by: Stanislav Kinsbursky <>
    Signed-off-by: J. Bruce Fields <>
    Signed-off-by: Greg Kroah-Hartman <>
  6. @gregkh

    SUNRPC: move per-net operations from svc_destroy()

    Stanislav Kinsbursky authored gregkh committed
    upstream commit 786185b.
    The idea is to separate service destruction and per-net operations,
    because these are two different things and the mix looks ugly.
    1) For NFS server this patch looks ugly (sorry for that). But these
    place will be rewritten soon during NFSd containerization.
    2) LockD per-net counter increase int lockd_up() was moved prior to
    make_socks() to make lockd_down_net() call safe in case of error.
    Signed-off-by: Stanislav Kinsbursky <>
    Signed-off-by: J. Bruce Fields <>
    Signed-off-by: Greg Kroah-Hartman <>
  7. @gregkh

    SUNRPC: new svc_bind() routine introduced

    Stanislav Kinsbursky authored gregkh committed
    upstream commit 9793f7c.
    This new routine is responsible for service registration in a specified
    network context.
    The idea is to separate service creation from per-net operations.
    Note also: since registering service with svc_bind() can fail, the
    service will be destroyed and during destruction it will try to
    unregister itself from rpcbind. In this case unregistration has to be
    Signed-off-by: Stanislav Kinsbursky <>
    Signed-off-by: J. Bruce Fields <>
    Signed-off-by: Greg Kroah-Hartman <>
  8. @gregkh

    Lockd: pass network namespace to creation and destruction routines

    Stanislav Kinsbursky authored gregkh committed
    upstream commit e3f70ea.
    v2: dereference of most probably already released nlm_host removed in
    nlmclnt_done() and reclaimer().
    These routines are called from locks reclaimer() kernel thread. This thread
    works in "init_net" network context and currently relays on persence on lockd
    thread and it's per-net resources. Thus lockd_up() and lockd_down() can't relay
    on current network context. So let's pass corrent one into them.
    Signed-off-by: Stanislav Kinsbursky <>
    Signed-off-by: J. Bruce Fields <>
    Signed-off-by: Greg Kroah-Hartman <>
  9. @gregkh

    eCryptfs: Properly check for O_RDONLY flag before doing privileged open

    Tyler Hicks authored gregkh committed
    commit 9fe79d7 upstream.
    If the first attempt at opening the lower file read/write fails,
    eCryptfs will retry using a privileged kthread. However, the privileged
    retry should not happen if the lower file's inode is read-only because a
    read/write open will still be unsuccessful.
    The check for determining if the open should be retried was intended to
    be based on the access mode of the lower file's open flags being
    O_RDONLY, but the check was incorrectly performed. This would cause the
    open to be retried by the privileged kthread, resulting in a second
    failed open of the lower file. This patch corrects the check to
    determine if the open request should be handled by the privileged
    Signed-off-by: Tyler Hicks <>
    Reported-by: Dan Carpenter <>
    Acked-by: Dan Carpenter <>
    Signed-off-by: Greg Kroah-Hartman <>
  10. @gregkh

    eCryptfs: Fix lockdep warning in miscdev operations

    Tyler Hicks authored gregkh committed
    commit 60d65f1 upstream.
    Don't grab the daemon mutex while holding the message context mutex.
    Addresses this lockdep warning:
     ecryptfsd/2141 is trying to acquire lock:
      (&ecryptfs_msg_ctx_arr[i].mux){+.+.+.}, at: [<ffffffffa029c213>] ecryptfs_miscdev_read+0x143/0x470 [ecryptfs]
     but task is already holding lock:
      (&(*daemon)->mux){+.+...}, at: [<ffffffffa029c2ec>] ecryptfs_miscdev_read+0x21c/0x470 [ecryptfs]
     which lock already depends on the new lock.
     the existing dependency chain (in reverse order) is:
     -> #1 (&(*daemon)->mux){+.+...}:
            [<ffffffff810a3b8d>] lock_acquire+0x9d/0x220
            [<ffffffff8151c6da>] __mutex_lock_common+0x5a/0x4b0
            [<ffffffff8151cc64>] mutex_lock_nested+0x44/0x50
            [<ffffffffa029c5d7>] ecryptfs_send_miscdev+0x97/0x120 [ecryptfs]
            [<ffffffffa029b744>] ecryptfs_send_message+0x134/0x1e0 [ecryptfs]
            [<ffffffffa029a24e>] ecryptfs_generate_key_packet_set+0x2fe/0xa80 [ecryptfs]
            [<ffffffffa02960f8>] ecryptfs_write_metadata+0x108/0x250 [ecryptfs]
            [<ffffffffa0290f80>] ecryptfs_create+0x130/0x250 [ecryptfs]
            [<ffffffff811963a4>] vfs_create+0xb4/0x120
            [<ffffffff81197865>] do_last+0x8c5/0xa10
            [<ffffffff811998f9>] path_openat+0xd9/0x460
            [<ffffffff81199da2>] do_filp_open+0x42/0xa0
            [<ffffffff81187998>] do_sys_open+0xf8/0x1d0
            [<ffffffff81187a91>] sys_open+0x21/0x30
            [<ffffffff81527d69>] system_call_fastpath+0x16/0x1b
     -> #0 (&ecryptfs_msg_ctx_arr[i].mux){+.+.+.}:
            [<ffffffff810a3418>] __lock_acquire+0x1bf8/0x1c50
            [<ffffffff810a3b8d>] lock_acquire+0x9d/0x220
            [<ffffffff8151c6da>] __mutex_lock_common+0x5a/0x4b0
            [<ffffffff8151cc64>] mutex_lock_nested+0x44/0x50
            [<ffffffffa029c213>] ecryptfs_miscdev_read+0x143/0x470 [ecryptfs]
            [<ffffffff811887d3>] vfs_read+0xb3/0x180
            [<ffffffff811888ed>] sys_read+0x4d/0x90
            [<ffffffff81527d69>] system_call_fastpath+0x16/0x1b
    Signed-off-by: Tyler Hicks <>
    Signed-off-by: Greg Kroah-Hartman <>
  11. @gregkh

    eCryptfs: Gracefully refuse miscdev file ops on inherited/passed files

    Tyler Hicks authored gregkh committed
    commit 8dc6780 upstream.
    File operations on /dev/ecryptfs would BUG() when the operations were
    performed by processes other than the process that originally opened the
    file. This could happen with open files inherited after fork() or file
    descriptors passed through IPC mechanisms. Rather than calling BUG(), an
    error code can be safely returned in most situations.
    In ecryptfs_miscdev_release(), eCryptfs still needs to handle the
    release even if the last file reference is being held by a process that
    didn't originally open the file. ecryptfs_find_daemon_by_euid() will not
    be successful, so a pointer to the daemon is stored in the file's
    private_data. The private_data pointer is initialized when the miscdev
    file is opened and only used when the file is released.
    Signed-off-by: Tyler Hicks <>
    Reported-by: Sasha Levin <>
    Tested-by: Sasha Levin <>
    Signed-off-by: Greg Kroah-Hartman <>
  12. @gregkh

    ocfs2: clear unaligned io flag when dio fails

    Junxiao Bi authored gregkh committed
    commit 3e5d3c3 upstream.
    The unaligned io flag is set in the kiocb when an unaligned
    dio is issued, it should be cleared even when the dio fails,
    or it may affect the following io which are using the same
    Signed-off-by: Junxiao Bi <>
    Signed-off-by: Joel Becker <>
    Signed-off-by: Greg Kroah-Hartman <>
  13. @torvalds @gregkh

    vfs: make O_PATH file descriptors usable for 'fchdir()'

    torvalds authored gregkh committed
    commit 332a2e1 upstream.
    We already use them for openat() and friends, but fchdir() also wants to
    be able to use O_PATH file descriptors.  This should make it comparable
    to the O_SEARCH of Solaris.  In particular, O_PATH allows you to access
    (not-quite-open) a directory you don't have read persmission to, only
    execute permission.
    Noticed during development of multithread support for ksh93.
    Reported-by: ольга крыжановская <>
    Cc: Al Viro <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  14. @gregkh

    NFS: Force the legacy idmapper to be single threaded

    Bryan Schumaker authored gregkh committed
    commit b102743 upstream.
    It was initially coded under the assumption that there would only be one
    request at a time, so use a lock to enforce this requirement..
    Signed-off-by: Bryan Schumaker <>
    Signed-off-by: Trond Myklebust <>
    Signed-off-by: Greg Kroah-Hartman <>
  15. @koct9i @gregkh

    mm: correctly synchronize rss-counters at exit/exec

    koct9i authored gregkh committed
    commit 4fe7efd upstream.
    do_exit() and exec_mmap() call sync_mm_rss() before mm_release() does
    put_user(clear_child_tid) which can update task->rss_stat and thus make
    mm->rss_stat inconsistent.  This triggers the "BUG:" printk in check_mm().
    Let's fix this bug in the safest way, and optimize/cleanup this later.
    Reported-by: Markus Trippelsdorf <>
    Signed-off-by: Konstantin Khlebnikov <>
    Cc: Oleg Nesterov <>
    Cc: KAMEZAWA Hiroyuki <>
    Cc: Hugh Dickins <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  16. @gregkh

    Btrfs: run delayed directory updates during log replay

    Chris Mason authored gregkh committed
    commit b630556 upstream.
    While we are resolving directory modifications in the
    tree log, we are triggering delayed metadata updates to
    the filesystem btrees.
    This commit forces the delayed updates to run so the
    replay code can find any modifications done.  It stops
    us from crashing because the directory deleltion replay
    expects items to be removed immediately from the tree.
    Signed-off-by: Chris Mason <>
    Signed-off-by: Greg Kroah-Hartman <>
  17. @gregkh

    cifs: when server doesn't set CAP_LARGE_READ_X, cap default rsize at …

    Jeff Layton authored gregkh committed
    commit ec01d73 upstream.
    When the server doesn't advertise CAP_LARGE_READ_X, then MS-CIFS states
    that you must cap the size of the read at the client's MaxBufferSize.
    Unfortunately, testing with many older servers shows that they often
    can't service a read larger than their own MaxBufferSize.
    Since we can't assume what the server will do in this situation, we must
    be conservative here for the default. When the server can't do large
    reads, then assume that it can't satisfy any read larger than its
    MaxBufferSize either.
    Luckily almost all modern servers can do large reads, so this won't
    affect them. This is really just for older win9x and OS/2 era servers.
    Also, note that this patch just governs the default rsize. The admin can
    always override this if he so chooses.
    Reported-by: David H. Durgee <>
    Signed-off-by: Jeff Layton <>
    Signed-off-by: Steven French <sfrench@w500smf.none>
    Signed-off-by: Greg Kroah-Hartman <>
  18. @gregkh

    cifs: fix parsing of password mount option

    Suresh Jayaraman authored gregkh committed
    commit e73f843 upstream.
    The double delimiter check that allows a comma in the password parsing code is
    unconditional. We set "tmp_end" to the end of the string and we continue to
    check for double delimiter. In the case where the password doesn't contain a
    comma we end up setting tmp_end to NULL and eventually setting "options" to
    "end". This results in the premature termination of the options string and hence
    the values of UNCip and UNC are being set to NULL. This results in mount failure
    with "Connecting to DFS root not implemented yet" error.
    This error is usually not noticable as we have password as the last option in
    the superblock mountdata. But when we call expand_dfs_referral() from
    cifs_mount() and try to compose mount options for the submount, the resulting
    mountdata will be of the form
    and hence results in the above error. This bug has been seen with older NAS
    servers running Samba 3.0.24.
    Fix this by moving the double delimiter check inside the conditional loop.
    Changes since -v1
       - removed the wrong strlen() micro optimization.
    Signed-off-by: Suresh Jayaraman <>
    Acked-by: Sachin Prabhu <>
    Signed-off-by: Steve French <>
    Signed-off-by: Greg Kroah-Hartman <>
  19. @jankara @gregkh

    udf: Fortify loading of sparing table

    jankara authored gregkh committed
    commit 1df2ae3 upstream.
    Add sanity checks when loading sparing table from disk to avoid accessing
    unallocated memory or writing to it.
    Signed-off-by: Jan Kara <>
    Signed-off-by: Greg Kroah-Hartman <>
  20. @jankara @gregkh

    udf: Avoid run away loop when partition table length is corrupted

    jankara authored gregkh committed
    commit adee11b upstream.
    Check provided length of partition table so that (possibly maliciously)
    corrupted partition table cannot cause accessing data beyond current buffer.
    Signed-off-by: Jan Kara <>
    Signed-off-by: Greg Kroah-Hartman <>
  21. @jankara @gregkh

    udf: Use 'ret' instead of abusing 'i' in udf_load_logicalvol()

    jankara authored gregkh committed
    commit cb14d34 upstream.
    Signed-off-by: Jan Kara <>
    Signed-off-by: Greg Kroah-Hartman <>
  22. @konis @gregkh

    nilfs2: ensure proper cache clearing for gc-inodes

    konis authored gregkh committed
    commit fbb24a3 upstream.
    A gc-inode is a pseudo inode used to buffer the blocks to be moved by
    garbage collection.
    Block caches of gc-inodes must be cleared every time a garbage collection
    function (nilfs_clean_segments) completes.  Otherwise, stale blocks
    buffered in the caches may be wrongly reused in successive calls of the GC
    For user files, this is not a problem because their gc-inodes are
    distinguished by a checkpoint number as well as an inode number.  They
    never buffer different blocks if either an inode number, a checkpoint
    number, or a block offset differs.
    However, gc-inodes of sufile, cpfile and DAT file can store different data
    for the same block offset.  Thus, the nilfs_clean_segments function can
    move incorrect block for these meta-data files if an old block is cached.
    I found this is really causing meta-data corruption in nilfs.
    This fixes the issue by ensuring cache clear of gc-inodes and resolves
    reported GC problems including checkpoint file corruption, b-tree
    corruption, and the following warning during GC.
      nilfs_palloc_freev: entry number 307234 already freed.
    Signed-off-by: Ryusuke Konishi <>
    Tested-by: Ryusuke Konishi <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
Commits on Jun 22, 2012
  1. @gregkh

    hfsplus: fix bless ioctl when used with hardlinks

    Matthew Garrett authored gregkh committed
    commit 7dea966 upstream.
    HFS+ doesn't really implement hard links - instead, hardlinks are indicated
    by a magic file type which refers to an indirect node in a hidden
    directory. The spec indicates that stat() should return the inode number
    of the indirect node, but it turns out that this doesn't satisfy the
    firmware when it's looking for a bootloader - it wants the catalog ID of
    the hardlink file instead. Fix up this case.
    Signed-off-by: Matthew Garrett <>
    Signed-off-by: Christoph Hellwig <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  2. @gregkh

    hfsplus: fix overflow in sector calculations in hfsplus_submit_bio

    Janne Kalliomäki authored gregkh committed
    commit a6dc8c0 upstream.
    The variable io_size was unsigned int, which caused the wrong sector number
    to be calculated after aligning it. This then caused mount to fail with big
    volumes, as backup volume header information was searched from a
    wrong sector.
    Signed-off-by: Janne Kalliomäki <>
    Signed-off-by: Christoph Hellwig <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  3. @gregkh

    nfsd4: BUG_ON(!is_spin_locked()) no good on UP kernels

    J. Bruce Fields authored gregkh committed
    commit bc2df47 upstream.
    Most frequent symptom was a BUG triggering in expire_client, with the
    server locking up shortly thereafter.
    Introduced by 508dc6e "nfsd41:
    free_session/free_client must be called under the client_lock".
    Cc: Benny Halevy <>
    Signed-off-by: J. Bruce Fields <>
    Signed-off-by: Greg Kroah-Hartman <>
  4. @gregkh

    NFSv4: Fix unnecessary delegation returns in nfs4_do_open

    Trond Myklebust authored gregkh committed
    commit 2d0dbc6 upstream.
    While nfs4_do_open() expects the fmode argument to be restricted to
    combinations of FMODE_READ and FMODE_WRITE, both nfs4_atomic_open()
    and nfs4_proc_create will pass the nfs_open_context->mode,
    which contains the full fmode_t.
    This patch ensures that nfs4_do_open strips the other fmode_t bits,
    fixing a problem in which the nfs4_do_open call would result in an
    unnecessary delegation return.
    Reported-by: Fred Isaman <>
    Signed-off-by: Trond Myklebust <>
    Signed-off-by: Greg Kroah-Hartman <>
Commits on Jun 17, 2012
  1. @gregkh

    fuse: fix stat call on 32 bit platforms

    Pavel Shilovsky authored gregkh committed
    commit 45c72cd upstream.
    Now we store attr->ino at inode->i_ino, return attr->ino at the
    first time and then return inode->i_ino if the attribute timeout
    isn't expired. That's wrong on 32 bit platforms because attr->ino
    is 64 bit and inode->i_ino is 32 bit in this case.
    Fix this by saving 64 bit ino in fuse_inode structure and returning
    it every time we call getattr. Also squash attr->ino into inode->i_ino
    Signed-off-by: Pavel Shilovsky <>
    Signed-off-by: Miklos Szeredi <>
    Signed-off-by: Greg Kroah-Hartman <>
  2. @gregkh

    Btrfs: fall back to non-inline if we don't have enough space

    Josef Bacik authored gregkh committed
    commit 2adcac1 upstream.
    If cow_file_range_inline fails with ENOSPC we abort the transaction which
    isn't very nice.  This really shouldn't be happening anyways but there's no
    sense in making it a horrible error when we can easily just go allocate
    normal data space for this stuff.  Thanks,
    Signed-off-by: Josef Bacik <>
    Acked-by: Chris Mason <>
    Cc: Alexandre Oliva <>
    Signed-off-by: Greg Kroah-Hartman <>
  3. @tytso @gregkh

    ext4: fix the free blocks calculation for ext3 file systems w/ uninit_bg

    tytso authored gregkh committed
    commit b0dd6b7 upstream.
    Ext3 filesystems that are converted to use as many ext4 file system
    features as possible will enable uninit_bg to speed up e2fsck times.
    These file systems will have a native ext3 layout of inode tables and
    block allocation bitmaps (as opposed to ext4's flex_bg layout).
    Unfortunately, in these cases, when first allocating a block in an
    uninitialized block group, ext4 would incorrectly calculate the number
    of free blocks in that block group, and then errorneously report that
    the file system was corrupt:
    EXT4-fs error (device vdd): ext4_mb_generate_buddy:741: group 30, 32254 clusters in bitmap, 32258 in gd
    This problem can be reproduced via:
        mke2fs -q -t ext4 -O ^flex_bg /dev/vdd 5g
        mount -t ext4 /dev/vdd /mnt
        fallocate -l 4600m /mnt/test
    The problem was caused by a bone headed mistake in the check to see if a
    particular metadata block was part of the block group.
    Many thanks to Kees Cook for finding and bisecting the buggy commit
    which introduced this bug (commit fd034a8, present since v3.2).
    Reported-by: Sander Eikelenboom <>
    Reported-by: Kees Cook <>
    Signed-off-by: "Theodore Ts'o" <>
    Tested-by: Kees Cook <>
    Signed-off-by: Greg Kroah-Hartman <>
Commits on Jun 9, 2012
  1. @taoma-tm @gregkh

    ext4: don't set i_flags in EXT4_IOC_SETFLAGS

    taoma-tm authored gregkh committed
    commit b22b1f1 upstream.
    Commit 7990696 uses the ext4_{set,clear}_inode_flags() functions to
    change the i_flags automatically but fails to remove the error setting
    of i_flags.  So we still have the problem of trashing state flags.
    Fix this by removing the assignment.
    Signed-off-by: Tao Ma <>
    Signed-off-by: "Theodore Ts'o" <>
    Signed-off-by: Greg Kroah-Hartman <>
  2. @torvalds @gregkh

    vfs: Fix /proc/<tid>/fdinfo/<fd> file handling

    torvalds authored gregkh committed
    commit 0640113 upstream.
    Cyrill Gorcunov reports that I broke the fdinfo files with commit
    30a08bf ("proc: move fd symlink i_mode calculations into
    tid_fd_revalidate()"), and he's quite right.
    The tid_fd_revalidate() function is not just used for the <tid>/fd
    symlinks, it's also used for the <tid>/fdinfo/<fd> files, and the
    permission model for those are different.
    So do the dynamic symlink permission handling just for symlinks, making
    the fdinfo files once more appear as the proper regular files they are.
    Of course, Al Viro argued (probably correctly) that we shouldn't do the
    symlink permission games at all, and make the symlinks always just be
    the normal 'lrwxrwxrwx'.  That would have avoided this issue too, but
    since somebody noticed that the permissions had changed (which was the
    reason for that original commit 30a08bf in the first place), people
    do apparently use this feature.
    [ Basically, you can use the symlink permission data as a cheap "fdinfo"
      replacement, since you see whether the file is open for reading and/or
      writing by just looking at st_mode of the symlink.  So the feature
      does make sense, even if the pain it has caused means we probably
      shouldn't have done it to begin with. ]
    Reported-and-tested-by: Cyrill Gorcunov <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  3. @sqazi @gregkh

    ext4: remove mb_groups before tearing down the buddy_cache

    sqazi authored gregkh committed
    commit 9559996 upstream.
    We can't have references held on pages in the s_buddy_cache while we are
    trying to truncate its pages and put the inode.  All the pages must be
    gone before we reach clear_inode.  This can only be gauranteed if we
    can prevent new users from grabbing references to s_buddy_cache's pages.
    The original bug can be reproduced and the bug fix can be verified by:
    while true; do mount -t ext4 /dev/ram0 /export/hda3/ram0; \
    	umount /export/hda3/ram0; done &
    while true; do cat /proc/fs/ext4/ram0/mb_groups; done
    Signed-off-by: Salman Qazi <>
    Signed-off-by: "Theodore Ts'o" <>
    Signed-off-by: Greg Kroah-Hartman <>
  4. @sqazi @gregkh

    ext4: add ext4_mb_unload_buddy in the error path

    sqazi authored gregkh committed
    commit 02b7831 upstream.
    ext4_free_blocks fails to pair an ext4_mb_load_buddy with a matching
    ext4_mb_unload_buddy when it fails a memory allocation.
    Signed-off-by: Salman Qazi <>
    Signed-off-by: "Theodore Ts'o" <>
    Signed-off-by: Greg Kroah-Hartman <>
  5. @tytso @gregkh

    ext4: don't trash state flags in EXT4_IOC_SETFLAGS

    tytso authored gregkh committed
    commit 7990696 upstream.
    In commit 353eb83 we removed i_state_flags with 64-bit longs, But
    when handling the EXT4_IOC_SETFLAGS ioctl, we replace i_flags
    directly, which trashes the state flags which are stored in the high
    32-bits of i_flags on 64-bit platforms.  So use the the
    ext4_{set,clear}_inode_flags() functions which use atomic bit
    manipulation functions instead.
    Reported-by: Tao Ma <>
    Signed-off-by: "Theodore Ts'o" <>
    Signed-off-by: Greg Kroah-Hartman <>
  6. @tytso @gregkh

    ext4: add missing save_error_info() to ext4_error()

    tytso authored gregkh committed
    commit f3fc021 upstream.
    The ext4_error() function is missing a call to save_error_info().
    Since this is the function which marks the file system as containing
    an error, this oversight (which was introduced in 2.6.36) is quite
    significant, and should be backported to older stable kernels with
    high urgency.
    Reported-by: Ken Sumrall <>
    Signed-off-by: "Theodore Ts'o" <>
    Signed-off-by: Greg Kroah-Hartman <>
Something went wrong with that request. Please try again.