Skip to content
Branch: rhel-2.6.32-35…
Commits on May 26, 2013
  1. Backport 0009-net-fix-get_net_ns_by_fd-for-CONFIG_NET_NS

    unicell committed May 26, 2013
    Skipping 0008-ns-proc-Return-ENOENT-for-a-nonexistent-proc-self-ns
    as it has already been merged.
Commits on May 24, 2013
  1. RHEL kernel 2.6.32-358.6.1.el6 to 2.6.32-358.6.2.el6

    plouj-oracle committed May 14, 2013
    * Tue May 14 2013 Nikola Pajkovsky <> [2.6.32-358.6.2.el6]
    - [kernel] perf: fix perf_swevent_enabled array out-of-bound access (Petr Matousek) [962793 962794] {CVE-2013-2094}
  2. xfs: remove log force from xfs_buf_trylock()

    Brian Foster authored and plouj-oracle committed Feb 11, 2013
    The trylock log force invoked via xfs_buf_item_push() can attempt
    to acquire xa_lock, thus leading to a recursion bug when called
    with xa_lock held.
    This log force was originally added to xfs_buf_trylock() to address
    xfsaild stalls due to pinned and stale buffers. Since the addition
    of this behavior, the log item pushing code had been reworked to
    detect and track pinned items to inform xfsaild to issue a log
    force itself when necessary. As such, the log force on trylock
    failure is redundant and safe to remove.
    Signed-off-by: Brian Foster <>
    Reviewed-by: Dave Chinner <>
    Signed-off-by: Ben Myers <>
    Signed-off-by: Sasha Levin <>
    (based on fa5566e)
  3. xfs: recheck buffer pinned status after push trylock failure

    Brian Foster authored and plouj-oracle committed Feb 11, 2013
    The buffer pinned check and trylock sequence in xfs_buf_item_push()
    can race with an active transaction on marking the buffer pinned.
    This can result in the buffer becoming pinned and stale after the
    initial check and the trylock failure, but before the check in
    xfs_buf_trylock() that issues a log force. If the log force is
    issued from this context, a spinlock recursion occurs on xa_lock.
    Prepare xfs_buf_item_push() to handle the race by detecting a
    pinned buffer after the trylock failure so xfsaild issues a log
    force from a safe context. This, along with various previous fixes,
    renders the log force in xfs_buf_trylock() redundant.
    Signed-off-by: Brian Foster <>
    Reviewed-by: Dave Chinner <>
    Signed-off-by: Ben Myers <>
    Signed-off-by: Sasha Levin <>
    (based on 5337fe9)
  4. [fs] xfs: use maximum schedule timeout when ail is empty (Brian Foste…

    sashalevin authored and plouj-oracle committed Apr 23, 2013
    …r) [921958 883905]
    Signed-off-by: Sasha Levin <>
  5. block: disable discard request merge temporarily

    shaohuali authored and plouj-oracle committed Aug 9, 2012
    The SCSI discard request merge never worked, and looks no solution
    for in future, let's disable it temporarily.
    Signed-off-by: Shaohua Li <>
    Reviewed-by: Christoph Hellwig <>
    Signed-off-by: Jens Axboe <>
    Signed-off-by: Sasha Levin <>
    (based on commit 276f0f5)
  6. NFS: Don't allow NFS silly-renamed files to be deleted, no signal

    Trond Myklebust authored and plouj-oracle committed Feb 22, 2013
    Commit 73ca100 broke the code that prevents the client from deleting
    a silly renamed dentry.  This affected "delete on last close"
    semantics as after that commit, nothing prevented removal of
    silly-renamed files.  As a result, a process holding a file open
    could easily get an ESTALE on the file in a directory where some
    other process issued 'rm -rf some_dir_containing_the_file' twice.
    Before the commit, any attempt at unlinking silly renamed files would
    fail inside may_delete() with -EBUSY because of the
    DCACHE_NFSFS_RENAMED flag.  The following testcase demonstrates
    the problem:
      tail -f /nfsmnt/dir/file &
      rm -rf /nfsmnt/dir
      rm -rf /nfsmnt/dir
      # second removal does not fail, 'tail' process receives ESTALE
    The problem with the above commit is that it unhashes the old and
    new dentries from the lookup path, even in the normal case when
    a signal is not encountered and it would have been safe to call
    d_move.  Unfortunately the old dentry has the special
    DCACHE_NFSFS_RENAMED flag set on it.  Unhashing has the
    side-effect that future lookups call d_alloc(), allocating a new
    dentry without the special flag for any silly-renamed files.  As a
    result, subsequent calls to unlink silly renamed files do not fail
    but allow the removal to go through.  This will result in ESTALE
    errors for any other process doing operations on the file.
    To fix this, go back to using d_move on success.
    For the signal case, it's unclear what we may safely do beyond d_drop.
    Reported-by: Dave Wysochanski <>
    Signed-off-by: Trond Myklebust <>
    Acked-by: Jeff Layton <>
    Signed-off-by: Sasha Levin <>
    (cherry picked from commit 5a7a613)
  7. NFSv4: Ensure that we check lock exclusive/shared type against open m…

    Trond Myklebust authored and plouj-oracle committed Apr 18, 2012
    Since we may be simulating flock() locks using NFS byte range locks,
    we can't rely on the VFS having checked the file open mode for us.
    Signed-off-by: Trond Myklebust <>
    Signed-off-by: Sasha Levin <>
    (cherry picked from commit 5572551)
  8. NLM: Ensure that we resend all pending blocking locks after a reclaim

    Trond Myklebust authored and plouj-oracle committed Feb 19, 2013
    Currently, nlmclnt_lock will break out of the for(;;) loop when
    the reclaimer wakes up the blocking lock thread by setting
    nlm_lck_denied_grace_period. This causes the lock request to fail
    with an ENOLCK error.
    The intention was always to ensure that we resend the lock request
    after the grace period has expired.
    Reported-by: Wangyuan Zhang <>
    Signed-off-by: Trond Myklebust <>
    (cherry picked from commit 666b3d8)
  9. fuse: use req->page_descs[] for argpages cases

    Maxim Patlasov authored and plouj-oracle committed Oct 26, 2012
    Previously, anyone who set flag 'argpages' only filled req->pages[] and set
    per-request page_offset. This patch re-works all cases where argpages=1 to
    fill req->page_descs[] properly.
    Having req->page_descs[] filled properly allows to re-work fuse_copy_pages()
    to copy page fragments described by req->page_descs[]. This will be useful
    for next patches optimizing direct_IO.
    Signed-off-by: Maxim Patlasov <>
    Signed-off-by: Miklos Szeredi <>
    Signed-off-by: Sasha Levin <>
    (based on commit 85f40ae)
  10. powerpc/pseries: Fix partition migration hang in stop_topology_update

    bjking1 authored and plouj-oracle committed Jan 11, 2012
    This fixes a hang that was observed during live partition migration.
    Since stop_topology_update must not be called from an interrupt
    context, call it earlier in the migration process. The hang observed
    can be seen below:
    WARNING: at kernel/timer.c:1011
    Modules linked in: ip6t_LOG xt_tcpudp xt_pkttype ipt_LOG xt_limit ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_raw xt_NOTRACK ipt_REJECT xt_state iptable_raw iptable_filter ip6table_mangle nf_conntrack_netbios_ns nf_conntrack_broadcast nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 ip_tables ip6table_filter ip6_tables x_tables ipv6 fuse loop ibmveth sg ext3 jbd mbcache raid456 async_raid6_recov async_pq raid6_pq async_xor xor async_memcpy async_tx raid10 raid1 raid0 scsi_dh_alua scsi_dh_rdac scsi_dh_hp_sw scsi_dh_emc dm_round_robin dm_multipath scsi_dh sd_mod crc_t10dif ibmvfc scsi_transport_fc scsi_tgt scsi_mod dm_snapshot dm_mod
    NIP: c0000000000c52d8 LR: c00000000004be28 CTR: 0000000000000000
    REGS: c00000005ffd77d0 TRAP: 0700   Not tainted  (3.2.0-git-00001-g07d106d)
    MSR: 8000000000021032 <ME,CE,IR,DR>  CR: 48000084  XER: 00000001
    CFAR: c00000000004be20
    TASK = c00000005ec78860[0] 'swapper/3' THREAD: c00000005ec98000 CPU: 3
    GPR00: 0000000000000001 c00000005ffd7a50 c000000000fbbc98 c000000000ec8340
    GPR04: 00000000282a0020 0000000000000000 0000000000004000 0000000000000101
    GPR08: 0000000000000012 c00000005ffd4000 0000000000000020 c000000000f3ba88
    GPR12: 0000000000000000 c000000007f40900 0000000000000001 0000000000000004
    GPR16: 0000000000000001 0000000000000000 0000000000000000 c000000001022310
    GPR20: 0000000000000001 0000000000000000 0000000000200200 c000000001029e14
    GPR24: 0000000000000000 0000000000000001 0000000000000040 c00000003f74bc80
    GPR28: c00000003f74bc84 c000000000f38038 c000000000f16b58 c000000000ec8340
    NIP [c0000000000c52d8] .del_timer_sync+0x28/0x60
    LR [c00000000004be28] .stop_topology_update+0x20/0x38
    Call Trace:
    [c00000005ffd7a50] [c00000005ec78860] 0xc00000005ec78860 (unreliable)
    [c00000005ffd7ad0] [c00000000004be28] .stop_topology_update+0x20/0x38
    [c00000005ffd7b40] [c000000000028378] .__rtas_suspend_last_cpu+0x58/0x260
    [c00000005ffd7bf0] [c0000000000fa230] .generic_smp_call_function_interrupt+0x160/0x358
    [c00000005ffd7cf0] [c000000000036ec8] .smp_ipi_demux+0x88/0x100
    [c00000005ffd7d80] [c00000000005c154] .icp_hv_ipi_action+0x5c/0x80
    [c00000005ffd7e00] [c00000000012a088] .handle_irq_event_percpu+0x100/0x318
    [c00000005ffd7f00] [c00000000012e774] .handle_percpu_irq+0x84/0xd0
    [c00000005ffd7f90] [c000000000022ba8] .call_handle_irq+0x1c/0x2c
    [c00000005ec9ba20] [c00000000001157c] .do_IRQ+0x22c/0x2a8
    [c00000005ec9bae0] [c0000000000054bc] hardware_interrupt_entry+0x18/0x1c
    Exception: 501 at .cpu_idle+0x194/0x2f8
        LR = .cpu_idle+0x194/0x2f8
    [c00000005ec9bdd0] [c000000000017e58] .cpu_idle+0x188/0x2f8 (unreliable)
    [c00000005ec9be90] [c00000000067ec18] .start_secondary+0x3e4/0x524
    [c00000005ec9bf90] [c0000000000093e8] .start_secondary_prolog+0x10/0x14
    Instruction dump:
    ebe1fff8 4e800020 fbe1fff8 7c0802a6 f8010010 7c7f1b78 f821ff81 78290464
    80090014 5400019e 7c0000d0 78000fe0 <0b000000> 4800000c 7c210b78 7c421378
    Signed-off-by: Brian King <>
    Signed-off-by: Benjamin Herrenschmidt <>
    Signed-off-by: Sasha Levin <>
    (cherry picked from commit 444080d)
  11. X86: Add a check to catch Xen emulation of Hyper-V

    kattisrinivasan authored and plouj-oracle committed Feb 4, 2013
    Xen emulates Hyper-V to host enlightened Windows. Looks like this
    emulation may be turned on by default even for Linux guests. Check and
    fail Hyper-V detection if we are on Xen.
    [ hpa: the problem here is that Xen doesn't emulate Hyper-V well
      enough, and if the Xen support isn't compiled in, we end up stubling
      over the Hyper-V emulation and try to activate it -- and it fails. ]
    Signed-off-by: K. Y. Srinivasan <>
    Signed-off-by: H. Peter Anvin <>
    Signed-off-by: Sasha Levin <>
    (based on commit db34bbb)
  12. KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functio…

    Andy Honig authored and plouj-oracle committed Feb 20, 2013
    …ns (CVE-2013-1797)
    There is a potential use after free issue with the handling of
    MSR_KVM_SYSTEM_TIME.  If the guest specifies a GPA in a movable or removable
    memory such as frame buffers then KVM might continue to write to that
    address even after it's removed via KVM_SET_USER_MEMORY_REGION.  KVM pins
    the page in memory so it's unlikely to cause an issue, but if the user
    space component re-purposes the memory previously used for the guest, then
    the guest will be able to corrupt that memory.
    Tested: Tested against kvmclock unit test
    Signed-off-by: Andrew Honig <>
    Signed-off-by: Marcelo Tosatti <>
    Signed-off-by: Sasha Levin <>
    (upstream: 0b79459)
  13. tty: Correct tty buffer flush.

    Ilya Zykov authored and plouj-oracle committed Jan 19, 2013
      The root of problem is carelessly zeroing pointer(in function __tty_buffer_flush()),
    when another thread can use it. It can be cause of "NULL pointer dereference".
      Main idea of the patch, this is never free last (struct tty_buffer) in the active buffer.
    Only flush the data for ldisc(buf->head->read = buf->head->commit).
    At that moment driver can collect(write) data in buffer without conflict.
    It is repeat behavior of flush_to_ldisc(), only without feeding data to ldisc.
    Also revert:
      commit c56a00a
      tty: hold lock across tty buffer finding and buffer filling
    In order to delete the unneeded locks any more.
    Signed-off-by: Ilya Zykov <>
    CC: Alan Cox <>
    Signed-off-by: Greg Kroah-Hartman <>
    Signed-off-by: Sasha Levin <>
    (upstream: 64325a3)
  14. tty: set_termios/set_termiox should not return -EINTR

    utrace authored and plouj-oracle committed Jan 29, 2013
    read command causes bash to abort with double free or corruption (out).
    A simple test-case from Roman:
    	// Compile the reproducer and send sigchld ti that process.
    	// EINTR occurs even if SA_RESTART flag is set.
    	void handler(int sig)
    	  struct sigaction act;
    	  act.sa_handler = handler;
    	  act.sa_flags = SA_RESTART;
    	  sigaction (SIGCHLD, &act, 0);
    	  struct termio ttp;
    	  ioctl(0, TCGETA, &ttp);
    	    if (ioctl(0, TCSETAW, ttp) < 0)
    		if (errno == EINTR)
    		  fprintf(stderr, "BUG!"); return(1);
    Change set_termios/set_termiox to return -ERESTARTSYS to fix this
    particular problem.
    I didn't dare to change other EINTR's in drivers/tty/, but they look
    equally wrong.
    Reported-by: Roman Rakus <>
    Reported-by: Lingzhu Xiang <>
    Signed-off-by: Oleg Nesterov <>
    Cc: Jiri Slaby <>
    Cc: stable <>
    Signed-off-by: Greg Kroah-Hartman <>
    Signed-off-by: Sasha Levin <>
    (upstream: 183d95c)
  15. drm/i915: bounds check execbuffer relocation count

    kees authored and plouj-oracle committed Mar 12, 2013
    It is possible to wrap the counter used to allocate the buffer for
    relocation copies. This could lead to heap writing overflows.
    v3: collapse test, improve comment
    v2: move check into validate_exec_list
    Signed-off-by: Kees Cook <>
    Reported-by: Pinkie Pie
    Reviewed-by: Chris Wilson <>
    Signed-off-by: Daniel Vetter <>
    Signed-off-by: Sasha Levin <>
    (upstream: 3118a4f)
  16. Drivers: hv: balloon: Make adjustments to the pressure report

    kattisrinivasan authored and plouj-oracle committed Jan 26, 2013
    The host expects that the pressure report includes the pressure due to the
    pages that have been ballooned. Make necessary adjustments to reflect that.
    Also, include the free memory information in the pressure report.
    Signed-off-by: K. Y. Srinivasan <>
    Signed-off-by: Greg Kroah-Hartman <>
    Signed-off-by: Sasha Levin <>
    (upstream: 0731572)
  17. IB/qib: Fix for broken sparse warning fix

    mmarcini authored and plouj-oracle committed Jan 24, 2013
    Commit 1fb9fed ("IB/qib: Fix QP RCU sparse warning") broke QP
    hash list deletion in qp_remove() badly.
    This patch restores the former for loop behavior, while still fixing
    the sparse warnings.
    Cc: <>
    Reviewed-by: Gary Leshner <>
    Signed-off-by: Mike Marciniszyn <>
    Signed-off-by: Roland Dreier <>
    Signed-off-by: Sasha Levin <>
    (upstream: d359f35)
  18. Revert ehea: do vlan cleanup

    sashalevin authored and plouj-oracle committed Apr 23, 2013
    Signed-off-by: Sasha Levin <>
  19. net/tun: fix ioctl() based info leaks

    minipli authored and plouj-oracle committed Jul 29, 2012
    The tun module leaks up to 36 bytes of memory by not fully initializing
    a structure located on the stack that gets copied to user memory by the
    Signed-off-by: Mathias Krause <>
    Signed-off-by: David S. Miller <>
    Signed-off-by: Sasha Levin <>
    (upstream: a117dac)
  20. USB: io_ti: Fix NULL dereference in chase_port()

    wfr authored and plouj-oracle committed Jan 17, 2013
    The tty is NULL when the port is hanging up.
    chase_port() needs to check for this.
    This patch is intended for stable series.
    The behavior was observed and tested in Linux 3.2 and 3.7.1.
    Johan Hovold submitted a more elaborate patch for the mainline kernel.
    [   56.277883] usb 1-1: edge_bulk_in_callback - nonzero read bulk status received: -84
    [   56.278811] usb 1-1: USB disconnect, device number 3
    [   56.278856] usb 1-1: edge_bulk_in_callback - stopping read!
    [   56.279562] BUG: unable to handle kernel NULL pointer dereference at 00000000000001c8
    [   56.280536] IP: [<ffffffff8144e62a>] _raw_spin_lock_irqsave+0x19/0x35
    [   56.281212] PGD 1dc1b067 PUD 1e0f7067 PMD 0
    [   56.282085] Oops: 0002 [#1] SMP
    [   56.282744] Modules linked in:
    [   56.283512] CPU 1
    [   56.283512] Pid: 25, comm: khubd Not tainted 3.7.1 #1 innotek GmbH VirtualBox/VirtualBox
    [   56.283512] RIP: 0010:[<ffffffff8144e62a>]  [<ffffffff8144e62a>] _raw_spin_lock_irqsave+0x19/0x35
    [   56.283512] RSP: 0018:ffff88001fa99ab0  EFLAGS: 00010046
    [   56.283512] RAX: 0000000000000046 RBX: 00000000000001c8 RCX: 0000000000640064
    [   56.283512] RDX: 0000000000010000 RSI: ffff88001fa99b20 RDI: 00000000000001c8
    [   56.283512] RBP: ffff88001fa99b20 R08: 0000000000000000 R09: 0000000000000000
    [   56.283512] R10: 0000000000000000 R11: ffffffff812fcb4c R12: ffff88001ddf53c0
    [   56.283512] R13: 0000000000000000 R14: 00000000000001c8 R15: ffff88001e19b9f4
    [   56.283512] FS:  0000000000000000(0000) GS:ffff88001fd00000(0000) knlGS:0000000000000000
    [   56.283512] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
    [   56.283512] CR2: 00000000000001c8 CR3: 000000001dc51000 CR4: 00000000000006e0
    [   56.283512] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    [   56.283512] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
    [   56.283512] Process khubd (pid: 25, threadinfo ffff88001fa98000, task ffff88001fa94f80)
    [   56.283512] Stack:
    [   56.283512]  0000000000000046 00000000000001c8 ffffffff810578ec ffffffff812fcb4c
    [   56.283512]  ffff88001e19b980 0000000000002710 ffffffff812ffe81 0000000000000001
    [   56.283512]  ffff88001fa94f80 0000000000000202 ffffffff00000001 0000000000000296
    [   56.283512] Call Trace:
    [   56.283512]  [<ffffffff810578ec>] ? add_wait_queue+0x12/0x3c
    [   56.283512]  [<ffffffff812fcb4c>] ? usb_serial_port_work+0x28/0x28
    [   56.283512]  [<ffffffff812ffe81>] ? chase_port+0x84/0x2d6
    [   56.283512]  [<ffffffff81063f27>] ? try_to_wake_up+0x199/0x199
    [   56.283512]  [<ffffffff81263a5c>] ? tty_ldisc_hangup+0x222/0x298
    [   56.283512]  [<ffffffff81300171>] ? edge_close+0x64/0x129
    [   56.283512]  [<ffffffff810612f7>] ? __wake_up+0x35/0x46
    [   56.283512]  [<ffffffff8106135b>] ? should_resched+0x5/0x23
    [   56.283512]  [<ffffffff81264916>] ? tty_port_shutdown+0x39/0x44
    [   56.283512]  [<ffffffff812fcb4c>] ? usb_serial_port_work+0x28/0x28
    [   56.283512]  [<ffffffff8125d38c>] ? __tty_hangup+0x307/0x351
    [   56.283512]  [<ffffffff812e6ddc>] ? usb_hcd_flush_endpoint+0xde/0xed
    [   56.283512]  [<ffffffff8144e625>] ? _raw_spin_lock_irqsave+0x14/0x35
    [   56.283512]  [<ffffffff812fd361>] ? usb_serial_disconnect+0x57/0xc2
    [   56.283512]  [<ffffffff812ea99b>] ? usb_unbind_interface+0x5c/0x131
    [   56.283512]  [<ffffffff8128d738>] ? __device_release_driver+0x7f/0xd5
    [   56.283512]  [<ffffffff8128d9cd>] ? device_release_driver+0x1a/0x25
    [   56.283512]  [<ffffffff8128d393>] ? bus_remove_device+0xd2/0xe7
    [   56.283512]  [<ffffffff8128b7a3>] ? device_del+0x119/0x167
    [   56.283512]  [<ffffffff812e8d9d>] ? usb_disable_device+0x6a/0x180
    [   56.283512]  [<ffffffff812e2ae0>] ? usb_disconnect+0x81/0xe6
    [   56.283512]  [<ffffffff812e4435>] ? hub_thread+0x577/0xe82
    [   56.283512]  [<ffffffff8144daa7>] ? __schedule+0x490/0x4be
    [   56.283512]  [<ffffffff8105798f>] ? abort_exclusive_wait+0x79/0x79
    [   56.283512]  [<ffffffff812e3ebe>] ? usb_remote_wakeup+0x2f/0x2f
    [   56.283512]  [<ffffffff812e3ebe>] ? usb_remote_wakeup+0x2f/0x2f
    [   56.283512]  [<ffffffff810570b4>] ? kthread+0x81/0x89
    [   56.283512]  [<ffffffff81057033>] ? __kthread_parkme+0x5c/0x5c
    [   56.283512]  [<ffffffff8145387c>] ? ret_from_fork+0x7c/0xb0
    [   56.283512]  [<ffffffff81057033>] ? __kthread_parkme+0x5c/0x5c
    [   56.283512] Code: 8b 7c 24 08 e8 17 0b c3 ff 48 8b 04 24 48 83 c4 10 c3 53 48 89 fb 41 50 e8 e0 0a c3 ff 48 89 04 24 e8 e7 0a c3 ff ba 00 00 01 00
    <f0> 0f c1 13 48 8b 04 24 89 d1 c1 ea 10 66 39 d1 74 07 f3 90 66
    [   56.283512] RIP  [<ffffffff8144e62a>] _raw_spin_lock_irqsave+0x19/0x35
    [   56.283512]  RSP <ffff88001fa99ab0>
    [   56.283512] CR2: 00000000000001c8
    [   56.283512] ---[ end trace 49714df27e1679ce ]---
    Signed-off-by: Wolfgang Frisch <>
    Cc: Johan Hovold <>
    Cc: stable <>
    Signed-off-by: Greg Kroah-Hartman <>
    Signed-off-by: Sasha Levin <>
    (upstream: 1ee0a22)
  21. RHEL specific: use key_invalidate backport

    sashalevin authored and plouj-oracle committed Apr 23, 2013
    Signed-off-by: Sasha Levin <>
  22. cifs: fix expand_dfs_referral

    jtlayton authored and plouj-oracle committed Jul 6, 2011
    Regression introduced in commit 724d9f1.
    Prior to that, expand_dfs_referral would regenerate the mount data string
    and then call cifs_parse_mount_options to re-parse it (klunky, but it
    worked). The above commit moved cifs_parse_mount_options out of cifs_mount,
    so the re-parsing of the new mount options no longer occurred. Fix it by
    making expand_dfs_referral re-parse the mount options.
    Signed-off-by: Jeff Layton <>
    Signed-off-by: Steve French <>
    Signed-off-by: Sasha Levin <>
    cifs: have cifs_cleanup_volume_info not take a double pointer that makes for a cumbersome interface. Make it take a regular
    smb_vol pointer and rely on the caller to zero it out if needed.
    Signed-off-by: Jeff Layton <>
    Reviewed-by: Pavel Shilovsky <>
    Signed-off-by: Steve French <>
    (upstream: b9bce2e)
  23. cifs: after upcalling for krb5 creds, invalidate key rather than revo…

    jtlayton authored and plouj-oracle committed Jul 23, 2012
    …king it
    Calling key_revoke here isn't ideal as further requests for the key will
    end up returning -EKEYREVOKED until it gets purged from the cache. What we
    really intend here is to force a new upcall on the next request_key.
    Cc: David Howells <>
    Signed-off-by: Jeff Layton <>
    Signed-off-by: Steve French <>
    Signed-off-by: Sasha Levin <>
    (upstream: 00401ff)
  24. fs: d_validate fixes

    Nick Piggin authored and plouj-oracle committed Jan 7, 2011
    d_validate has been broken for a long time.
    kmem_ptr_validate does not guarantee that a pointer can be dereferenced
    if it can go away at any time. Even rcu_read_lock doesn't help, because
    the pointer might be queued in RCU callbacks but not executed yet.
    So the parent cannot be checked, nor the name hashed. The dentry pointer
    can not be touched until it can be verified under lock. Hashing simply
    cannot be used.
    Instead, verify the parent/child relationship by traversing parent's
    d_child list. It's slow, but only ncpfs and the destaged smbfs care
    about it, at this point.
    Signed-off-by: Nick Piggin <>
    Signed-off-by: Sasha Levin <>
    (upstream: 786a5e1)
  25. fat: Fix stat->f_namelen

    kevin-dank authored and plouj-oracle committed Feb 10, 2010
    I found that the length of a file name when created cannot exceed 255
    characters, yet, pathconf(), via statfs(), returns the maximum as 260.
    Signed-off-by: Kevin Dankwardt <>
    Signed-off-by: OGAWA Hirofumi <>
    Signed-off-by: Sasha Levin <>
    (upstream: eeb5b4a)
  26. NLS: improve UTF8 -> UTF16 string conversion routine

    AlanStern authored and plouj-oracle committed Nov 17, 2011
    The utf8s_to_utf16s conversion routine needs to be improved.  Unlike
    its utf16s_to_utf8s sibling, it doesn't accept arguments specifying
    the maximum length of the output buffer or the endianness of its
    16-bit output.
    This patch (as1501) adds the two missing arguments, and adjusts the
    only two places in the kernel where the function is called.  A
    follow-on patch will add a third caller that does utilize the new
    The two conversion routines are still annoyingly inconsistent in the
    way they handle invalid byte combinations.  But that's a subject for a
    different patch.
    Signed-off-by: Alan Stern <>
    CC: Clemens Ladisch <>
    Signed-off-by: Greg Kroah-Hartman <>
    Signed-off-by: Sasha Levin <>
    (upstream: 0720a06)
You can’t perform that action at this time.