diff options
| author | Dmitry Shmidt <dimitrysh@google.com> | 2017-10-19 10:06:07 -0700 |
|---|---|---|
| committer | Dmitry Shmidt <dimitrysh@google.com> | 2017-10-19 10:08:29 -0700 |
| commit | d6fbbe5e665eb04c698d5801ff05c4b6ca934d6b (patch) | |
| tree | f5efddae29f7f780fcec6b61f7619e5fe18bc459 /fs | |
| parent | 02049f8843cbca96b6bf0821c648071666af89a7 (diff) | |
| parent | e1fe3813117f465a2db200aebb13969056986c64 (diff) | |
Merge 4.4.93 into android-4.4
Changes in 4.4.93
brcmfmac: add length check in brcmf_cfg80211_escan_handler()
ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets
CIFS: Reconnect expired SMB sessions
nl80211: Define policy for packet pattern attributes
iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD
rcu: Allow for page faults in NMI handlers
USB: dummy-hcd: Fix deadlock caused by disconnect detection
MIPS: math-emu: Remove pr_err() calls from fpu_emu()
dmaengine: edma: Align the memcpy acnt array size with the transfer
HID: usbhid: fix out-of-bounds bug
crypto: shash - Fix zero-length shash ahash digest crash
KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit
usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet
iommu/amd: Finish TLB flush in amd_iommu_unmap()
ALSA: usb-audio: Kill stray URB at exiting
ALSA: seq: Fix use-after-free at creating a port
ALSA: seq: Fix copy_from_user() call inside lock
ALSA: caiaq: Fix stray URB at probe error path
ALSA: line6: Fix leftover URB at error-path during probe
usb: gadget: composite: Fix use-after-free in usb_composite_overwrite_options
direct-io: Prevent NULL pointer access in submit_page_section
fix unbalanced page refcounting in bio_map_user_iov
USB: serial: ftdi_sio: add id for Cypress WICED dev board
USB: serial: cp210x: add support for ELV TFD500
USB: serial: option: add support for TP-Link LTE module
USB: serial: qcserial: add Dell DW5818, DW5819
USB: serial: console: fix use-after-free after failed setup
x86/alternatives: Fix alt_max_short macro to really be a max()
Linux 4.4.93
Change-Id: I731bf1eef5aca9728dddd23bfbe407f0c6ff2d84
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/cifs/cifsglob.h | 2 | ||||
| -rw-r--r-- | fs/cifs/cifssmb.c | 7 | ||||
| -rw-r--r-- | fs/cifs/connect.c | 7 | ||||
| -rw-r--r-- | fs/cifs/smb2ops.c | 16 | ||||
| -rw-r--r-- | fs/direct-io.c | 3 | ||||
| -rw-r--r-- | fs/ext4/file.c | 4 |
6 files changed, 36 insertions, 3 deletions
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index e2f6a79e9b01..8225de3c9743 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -351,6 +351,8 @@ struct smb_version_operations { unsigned int (*calc_smb_size)(void *); /* check for STATUS_PENDING and process it in a positive case */ bool (*is_status_pending)(char *, struct TCP_Server_Info *, int); + /* check for STATUS_NETWORK_SESSION_EXPIRED */ + bool (*is_session_expired)(char *); /* send oplock break response */ int (*oplock_response)(struct cifs_tcon *, struct cifs_fid *, struct cifsInodeInfo *); diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index b60150e5b5ce..0c92af11f4f4 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c @@ -1460,6 +1460,13 @@ cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid) return length; server->total_read += length; + if (server->ops->is_session_expired && + server->ops->is_session_expired(buf)) { + cifs_reconnect(server); + wake_up(&server->response_q); + return -1; + } + if (server->ops->is_status_pending && server->ops->is_status_pending(buf, server, 0)) { discard_remaining_data(server); diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index b377aa8f266f..0a2bf9462637 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -850,6 +850,13 @@ standard_receive3(struct TCP_Server_Info *server, struct mid_q_entry *mid) cifs_dump_mem("Bad SMB: ", buf, min_t(unsigned int, server->total_read, 48)); + if (server->ops->is_session_expired && + server->ops->is_session_expired(buf)) { + cifs_reconnect(server); + wake_up(&server->response_q); + return -1; + } + if (server->ops->is_status_pending && server->ops->is_status_pending(buf, server, length)) return -1; diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 1d125d3d0d89..e6b1795fbf2a 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -963,6 +963,18 @@ smb2_is_status_pending(char *buf, struct TCP_Server_Info *server, int length) return true; } +static bool +smb2_is_session_expired(char *buf) +{ + struct smb2_hdr *hdr = (struct smb2_hdr *)buf; + + if (hdr->Status != STATUS_NETWORK_SESSION_EXPIRED) + return false; + + cifs_dbg(FYI, "Session expired\n"); + return true; +} + static int smb2_oplock_response(struct cifs_tcon *tcon, struct cifs_fid *fid, struct cifsInodeInfo *cinode) @@ -1552,6 +1564,7 @@ struct smb_version_operations smb20_operations = { .close_dir = smb2_close_dir, .calc_smb_size = smb2_calc_size, .is_status_pending = smb2_is_status_pending, + .is_session_expired = smb2_is_session_expired, .oplock_response = smb2_oplock_response, .queryfs = smb2_queryfs, .mand_lock = smb2_mand_lock, @@ -1633,6 +1646,7 @@ struct smb_version_operations smb21_operations = { .close_dir = smb2_close_dir, .calc_smb_size = smb2_calc_size, .is_status_pending = smb2_is_status_pending, + .is_session_expired = smb2_is_session_expired, .oplock_response = smb2_oplock_response, .queryfs = smb2_queryfs, .mand_lock = smb2_mand_lock, @@ -1715,6 +1729,7 @@ struct smb_version_operations smb30_operations = { .close_dir = smb2_close_dir, .calc_smb_size = smb2_calc_size, .is_status_pending = smb2_is_status_pending, + .is_session_expired = smb2_is_session_expired, .oplock_response = smb2_oplock_response, .queryfs = smb2_queryfs, .mand_lock = smb2_mand_lock, @@ -1803,6 +1818,7 @@ struct smb_version_operations smb311_operations = { .close_dir = smb2_close_dir, .calc_smb_size = smb2_calc_size, .is_status_pending = smb2_is_status_pending, + .is_session_expired = smb2_is_session_expired, .oplock_response = smb2_oplock_response, .queryfs = smb2_queryfs, .mand_lock = smb2_mand_lock, diff --git a/fs/direct-io.c b/fs/direct-io.c index c772fdf36cd9..44f49d86d714 100644 --- a/fs/direct-io.c +++ b/fs/direct-io.c @@ -823,7 +823,8 @@ out: */ if (sdio->boundary) { ret = dio_send_cur_page(dio, sdio, map_bh); - dio_bio_submit(dio, sdio); + if (sdio->bio) + dio_bio_submit(dio, sdio); page_cache_release(sdio->cur_page); sdio->cur_page = NULL; } diff --git a/fs/ext4/file.c b/fs/ext4/file.c index 45ef9975caec..a8b1749d79a8 100644 --- a/fs/ext4/file.c +++ b/fs/ext4/file.c @@ -559,7 +559,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize) mutex_lock(&inode->i_mutex); isize = i_size_read(inode); - if (offset >= isize) { + if (offset < 0 || offset >= isize) { mutex_unlock(&inode->i_mutex); return -ENXIO; } @@ -632,7 +632,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize) mutex_lock(&inode->i_mutex); isize = i_size_read(inode); - if (offset >= isize) { + if (offset < 0 || offset >= isize) { mutex_unlock(&inode->i_mutex); return -ENXIO; } |