From 8766ce41018a0cb80fbe0ce7dbf747f357c752da Mon Sep 17 00:00:00 2001 From: Kostik Belousov Date: Sun, 23 Oct 2005 12:57:13 -0700 Subject: [PATCH] aio syscalls are not checked by lsm Another case of missing call to security_file_permission: aio functions (namely, io_submit) does not check credentials with security modules. Below is the simple patch to the problem. It seems that it is enough to check for rights at the request submission time. Signed-off-by: Kostik Belousov Signed-off-by: Chris Wright Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/aio.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'fs') diff --git a/fs/aio.c b/fs/aio.c index 9fe7216457d8..edfca5b75535 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1397,6 +1397,9 @@ static ssize_t aio_setup_iocb(struct kiocb *kiocb) if (unlikely(!access_ok(VERIFY_WRITE, kiocb->ki_buf, kiocb->ki_left))) break; + ret = security_file_permission(file, MAY_READ); + if (unlikely(ret)) + break; ret = -EINVAL; if (file->f_op->aio_read) kiocb->ki_retry = aio_pread; @@ -1409,6 +1412,9 @@ static ssize_t aio_setup_iocb(struct kiocb *kiocb) if (unlikely(!access_ok(VERIFY_READ, kiocb->ki_buf, kiocb->ki_left))) break; + ret = security_file_permission(file, MAY_WRITE); + if (unlikely(ret)) + break; ret = -EINVAL; if (file->f_op->aio_write) kiocb->ki_retry = aio_pwrite; -- cgit v1.2.3 From 8d3b35914aa54232b27e6a2b57d84092aadc5e86 Mon Sep 17 00:00:00 2001 From: Andrew Morton Date: Sun, 23 Oct 2005 12:57:18 -0700 Subject: [PATCH] inotify/idr leak fix Fix a bug which was reported and diagnosed by Stefan Jones IDR trees include a cache of idr_layer objects. There's no way to destroy this cache, so when we discard an overall idr tree we end up leaking some memory. Add and use idr_destroy() for this. v9fs and infiniband also need to use idr_destroy() to avoid leaks. Or, we make the cache global, like radix_tree_preload(). Which is probably better. Later. Cc: Eric Van Hensbergen Cc: Roland Dreier Cc: Robert Love Cc: John McCutchan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/inotify.c | 1 + 1 file changed, 1 insertion(+) (limited to 'fs') diff --git a/fs/inotify.c b/fs/inotify.c index a37e9fb1da58..9fbaebfdf40b 100644 --- a/fs/inotify.c +++ b/fs/inotify.c @@ -176,6 +176,7 @@ static inline void put_inotify_dev(struct inotify_device *dev) if (atomic_dec_and_test(&dev->count)) { atomic_dec(&dev->user->inotify_devs); free_uid(dev->user); + idr_destroy(&dev->idr); kfree(dev); } } -- cgit v1.2.3 From 94c1d3184523efa7109472eb393cee6e954c5d75 Mon Sep 17 00:00:00 2001 From: Peter Wainwright Date: Wed, 26 Oct 2005 01:59:02 -0700 Subject: [PATCH] Fix HFS+ to free up the space when a file is deleted. fsck_hfs reveals lots of temporary files accumulating in the hidden directory "\000\000\000HFS+ Private Data". According to the HFS+ documentation these are files which are unlinked while in use. However, there may be a bug in the Linux hfsplus implementation which causes this to happen even when the files are not in use. It looks like the "opencnt" field is never initialized as (I think) it should be in hfsplus_read_inode. This means that a file can appear to be still in use when in fact it has been closed. This patch seems to fix it for me. Signed-off-by: Anton Altaparmakov Cc: Roman Zippel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/hfsplus/super.c | 1 + 1 file changed, 1 insertion(+) (limited to 'fs') diff --git a/fs/hfsplus/super.c b/fs/hfsplus/super.c index fd0f0f050e1d..452fc1fdbd32 100644 --- a/fs/hfsplus/super.c +++ b/fs/hfsplus/super.c @@ -50,6 +50,7 @@ static void hfsplus_read_inode(struct inode *inode) init_MUTEX(&HFSPLUS_I(inode).extents_lock); HFSPLUS_I(inode).flags = 0; HFSPLUS_I(inode).rsrc_inode = NULL; + atomic_set(&HFSPLUS_I(inode).opencnt, 0); if (inode->i_ino >= HFSPLUS_FIRSTUSER_CNID) { read_inode: -- cgit v1.2.3