summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@g5.osdl.org>2006-09-19 09:46:53 -0700
committerLinus Torvalds <torvalds@g5.osdl.org>2006-09-19 09:46:53 -0700
commit4ed4b5475211fab6a0ad00eed2f9297395e7598e (patch)
tree9849dc8e2bc0ad68ed03a48d686f8c0ed65995a7
parent79e453d49bd49ba1b576f89310cc565c9e4ca379 (diff)
parent5c2d97cb31fb77981797fec46230ca005b865799 (diff)
downloadlwn-4ed4b5475211fab6a0ad00eed2f9297395e7598e.tar.gz
lwn-4ed4b5475211fab6a0ad00eed2f9297395e7598e.zip
Merge branch 'fixes' of git://git.linux-nfs.org/pub/linux/nfs-2.6
* 'fixes' of git://git.linux-nfs.org/pub/linux/nfs-2.6: NFS: Fix nfs_page use after free issues in fs/nfs/write.c NFSv4: Fix incorrect semaphore release in _nfs4_do_open() NFS: Fix Oopsable condition in nfs_readpage_sync()
-rw-r--r--fs/nfs/nfs4proc.c6
-rw-r--r--fs/nfs/read.c6
-rw-r--r--fs/nfs/write.c4
3 files changed, 9 insertions, 7 deletions
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 153898e1331f..b14145b7b87f 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -970,7 +970,7 @@ static int _nfs4_do_open(struct inode *dir, struct dentry *dentry, int flags, st
status = -ENOMEM;
opendata = nfs4_opendata_alloc(dentry, sp, flags, sattr);
if (opendata == NULL)
- goto err_put_state_owner;
+ goto err_release_rwsem;
status = _nfs4_proc_open(opendata);
if (status != 0)
@@ -989,11 +989,11 @@ static int _nfs4_do_open(struct inode *dir, struct dentry *dentry, int flags, st
return 0;
err_opendata_free:
nfs4_opendata_free(opendata);
+err_release_rwsem:
+ up_read(&clp->cl_sem);
err_put_state_owner:
nfs4_put_state_owner(sp);
out_err:
- /* Note: clp->cl_sem must be released before nfs4_put_open_state()! */
- up_read(&clp->cl_sem);
*res = NULL;
return status;
}
diff --git a/fs/nfs/read.c b/fs/nfs/read.c
index 7a9ee00e0c61..f0aff824a291 100644
--- a/fs/nfs/read.c
+++ b/fs/nfs/read.c
@@ -204,9 +204,11 @@ static int nfs_readpage_sync(struct nfs_open_context *ctx, struct inode *inode,
NFS_I(inode)->cache_validity |= NFS_INO_INVALID_ATIME;
spin_unlock(&inode->i_lock);
- nfs_readpage_truncate_uninitialised_page(rdata);
- if (rdata->res.eof || rdata->res.count == rdata->args.count)
+ if (rdata->res.eof || rdata->res.count == rdata->args.count) {
SetPageUptodate(page);
+ if (rdata->res.eof && count != 0)
+ memclear_highpage_flush(page, rdata->args.pgbase, count);
+ }
result = 0;
io_error:
diff --git a/fs/nfs/write.c b/fs/nfs/write.c
index 8ab3cf10d792..7084ac9a6455 100644
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -590,8 +590,8 @@ static void nfs_cancel_commit_list(struct list_head *head)
req = nfs_list_entry(head->next);
nfs_list_remove_request(req);
nfs_inode_remove_request(req);
- nfs_clear_page_writeback(req);
dec_zone_page_state(req->wb_page, NR_UNSTABLE_NFS);
+ nfs_clear_page_writeback(req);
}
}
@@ -1386,8 +1386,8 @@ nfs_commit_list(struct inode *inode, struct list_head *head, int how)
req = nfs_list_entry(head->next);
nfs_list_remove_request(req);
nfs_mark_request_commit(req);
- nfs_clear_page_writeback(req);
dec_zone_page_state(req->wb_page, NR_UNSTABLE_NFS);
+ nfs_clear_page_writeback(req);
}
return -ENOMEM;
}