首頁 探索 說明
註冊 登入
phyus
/
linux-vybrid_public
8
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

Merge branch 'fixes' of git://git.linux-nfs.org/pub/linux/nfs-2.6

* 'fixes' of git://git.linux-nfs.org/pub/linux/nfs-2.6:
  NFS: Fix nfs_page use after free issues in fs/nfs/write.c
  NFSv4: Fix incorrect semaphore release in _nfs4_do_open()
  NFS: Fix Oopsable condition in nfs_readpage_sync()
Linus Torvalds 18 年之前
父節點
79e453d49b 5c2d97cb31
當前提交
4ed4b54752
共有 3 個文件被更改,包括 9 次插入7 次删除
分割檢視 顯示文件統計
  1. 3 3
      fs/nfs/nfs4proc.c
  2. 4 2
      fs/nfs/read.c
  3. 2 2
      fs/nfs/write.c

+ 3 - 3
fs/nfs/nfs4proc.c
查看文件 

@@ -970,7 +970,7 @@ static int _nfs4_do_open(struct inode *dir, struct dentry *dentry, int flags, st
 
 	status = -ENOMEM;
 
 	opendata = nfs4_opendata_alloc(dentry, sp, flags, sattr);
 
 	if (opendata == NULL)
 
-		goto err_put_state_owner;
 
+		goto err_release_rwsem;
 
 
 	status = _nfs4_proc_open(opendata);
 
 	if (status != 0)
 
@@ -989,11 +989,11 @@ static int _nfs4_do_open(struct inode *dir, struct dentry *dentry, int flags, st
 
 	return 0;
 
 err_opendata_free:
 
 	nfs4_opendata_free(opendata);
 
+err_release_rwsem:
 
+	up_read(&clp->cl_sem);
 
 err_put_state_owner:
 
 	nfs4_put_state_owner(sp);
 
 out_err:
 
-	/* Note: clp->cl_sem must be released before nfs4_put_open_state()! */
 
-	up_read(&clp->cl_sem);
 
 	*res = NULL;
 
 	return status;
 
 }

+ 4 - 2
fs/nfs/read.c
查看文件 

@@ -204,9 +204,11 @@ static int nfs_readpage_sync(struct nfs_open_context *ctx, struct inode *inode,
 
 	NFS_I(inode)->cache_validity |= NFS_INO_INVALID_ATIME;
 
 	spin_unlock(&inode->i_lock);
 
 
-	nfs_readpage_truncate_uninitialised_page(rdata);
 
-	if (rdata->res.eof || rdata->res.count == rdata->args.count)
 
+	if (rdata->res.eof || rdata->res.count == rdata->args.count) {
 
 		SetPageUptodate(page);
 
+		if (rdata->res.eof && count != 0)
 
+			memclear_highpage_flush(page, rdata->args.pgbase, count);
 
+	}
 
 	result = 0;
 
 
 io_error:

+ 2 - 2
fs/nfs/write.c
查看文件 

@@ -590,8 +590,8 @@ static void nfs_cancel_commit_list(struct list_head *head)
 
 		req = nfs_list_entry(head->next);
 
 		nfs_list_remove_request(req);
 
 		nfs_inode_remove_request(req);
 
-		nfs_clear_page_writeback(req);
 
 		dec_zone_page_state(req->wb_page, NR_UNSTABLE_NFS);
 
+		nfs_clear_page_writeback(req);
 
 	}
 
 }
 
 
@@ -1386,8 +1386,8 @@ nfs_commit_list(struct inode *inode, struct list_head *head, int how)
 
 		req = nfs_list_entry(head->next);
 
 		nfs_list_remove_request(req);
 
 		nfs_mark_request_commit(req);
 
-		nfs_clear_page_writeback(req);
 
 		dec_zone_page_state(req->wb_page, NR_UNSTABLE_NFS);
 
+		nfs_clear_page_writeback(req);
 
 	}
 
 	return -ENOMEM;
 
 }