From daeba89d43af0fa469d38a4ccdc32fff8ca17c2e Mon Sep 17 00:00:00 2001 From: Trond Myklebust Date: Mon, 31 Mar 2008 17:02:02 -0400 Subject: SUNRPC: don't call flush_dcache_page() with an invalid pointer Fix a problem in _copy_to_pages(), whereby it may call flush_dcache_page() with an invalid pointer due to the fact that 'pgto' gets incremented beyond the end of the page array. Fix is to exit the loop without this unnecessary increment of pgto. Signed-off-by: Trond Myklebust --- net/sunrpc/xdr.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c index 995c3fdc16c..79a55d56cc9 100644 --- a/net/sunrpc/xdr.c +++ b/net/sunrpc/xdr.c @@ -244,7 +244,7 @@ _copy_to_pages(struct page **pages, size_t pgbase, const char *p, size_t len) pgto = pages + (pgbase >> PAGE_CACHE_SHIFT); pgbase &= ~PAGE_CACHE_MASK; - do { + for (;;) { copy = PAGE_CACHE_SIZE - pgbase; if (copy > len) copy = len; @@ -253,6 +253,10 @@ _copy_to_pages(struct page **pages, size_t pgbase, const char *p, size_t len) memcpy(vto + pgbase, p, copy); kunmap_atomic(vto, KM_USER0); + len -= copy; + if (len == 0) + break; + pgbase += copy; if (pgbase == PAGE_CACHE_SIZE) { flush_dcache_page(*pgto); @@ -260,8 +264,7 @@ _copy_to_pages(struct page **pages, size_t pgbase, const char *p, size_t len) pgto++; } p += copy; - - } while ((len -= copy) != 0); + } flush_dcache_page(*pgto); } -- cgit v1.2.3 From 66d3aac04175c35564cc5982934b68bc4f89a76d Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Mon, 31 Mar 2008 15:01:58 -0400 Subject: NFS: initialize flags field in nfs_open_context The nfs_open_context struct had a "flags" field added recently, but the allocator isn't initializing it. It also looks like the allocator isn't initializing the mode or list either, but they seem to be overwritten by the caller, so that's less of an issue. Signed-off-by: Jeff Layton Signed-off-by: Trond Myklebust --- fs/nfs/inode.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c index a4c7cf2bff3..6f88d7c77ac 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -506,6 +506,7 @@ static struct nfs_open_context *alloc_nfs_open_context(struct vfsmount *mnt, str ctx->cred = get_rpccred(cred); ctx->state = NULL; ctx->lockowner = current->files; + ctx->flags = 0; ctx->error = 0; ctx->dir_cookie = 0; atomic_set(&ctx->count, 1); -- cgit v1.2.3 From 240ee831187e000704cba3208ef6b0a8ad49bd64 Mon Sep 17 00:00:00 2001 From: Bryan Wu Date: Tue, 1 Apr 2008 20:23:39 -0700 Subject: fix bug - executing FDPIC ELF on NFS mount triggers BUG() at mm/nommu.c:862:/do_mmap_private() NFS needs a NOMMU version mmap function to support uClinux on NOMMU machine http://blackfin.uclinux.org/gf/project/uclinux-dist/tracker/?action=TrackerItemEdit&tracker_id=141&tracker_item_id=3992 Signed-off-by: Bryan Wu Cc: Mike Frysinger Signed-off-by: Trond Myklebust --- fs/nfs/file.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/nfs/file.c b/fs/nfs/file.c index ef57a5ae590..5d2e9d9a4e2 100644 --- a/fs/nfs/file.c +++ b/fs/nfs/file.c @@ -64,7 +64,11 @@ const struct file_operations nfs_file_operations = { .write = do_sync_write, .aio_read = nfs_file_read, .aio_write = nfs_file_write, +#ifdef CONFIG_MMU .mmap = nfs_file_mmap, +#else + .mmap = generic_file_mmap, +#endif .open = nfs_file_open, .flush = nfs_file_flush, .release = nfs_file_release, -- cgit v1.2.3 From ed13c27e546667fb0967ae30f5070cd7f6455f90 Mon Sep 17 00:00:00 2001 From: Chuck Lever Date: Mon, 7 Apr 2008 16:52:44 -0400 Subject: SUNRPC: Fix a memory leak in rpc_create() Commit 510deb0d was supposed to move the xprt_create_transport() call in rpc_create(), but neglected to remove the old call site. This resulted in a transport leak after every rpc_create() call. This leak is present in 2.6.24 and 2.6.25. Signed-off-by: Chuck Lever Signed-off-by: Trond Myklebust --- net/sunrpc/clnt.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c index 8c6a7f1a25e..8834d68972c 100644 --- a/net/sunrpc/clnt.c +++ b/net/sunrpc/clnt.c @@ -261,10 +261,6 @@ struct rpc_clnt *rpc_create(struct rpc_create_args *args) }; char servername[48]; - xprt = xprt_create_transport(&xprtargs); - if (IS_ERR(xprt)) - return (struct rpc_clnt *)xprt; - /* * If the caller chooses not to specify a hostname, whip * up a string representation of the passed-in address. -- cgit v1.2.3