From 7500c38ac3258815f86f41744a538850c3221b23 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 31 Mar 2016 00:23:05 -0400 Subject: [PATCH 1/2] fix the braino in "namei: massage lookup_slow() to be usable by lookup_one_len_unlocked()" We should try to trigger automount *before* bailing out on negative dentry. Reported-by: Jun'ichi Nomura Reported-by: Jun'ichi Nomura Reported-by: Arend van Spriel Tested-by: Arend van Spriel Tested-by: Jun'ichi Nomura Signed-off-by: Al Viro --- fs/namei.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 794f81dce766..1d9ca2d5dff6 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1740,15 +1740,17 @@ static int walk_component(struct nameidata *nd, int flags) nd->flags); if (IS_ERR(path.dentry)) return PTR_ERR(path.dentry); - if (unlikely(d_is_negative(path.dentry))) { - dput(path.dentry); - return -ENOENT; - } + path.mnt = nd->path.mnt; err = follow_managed(&path, nd); if (unlikely(err < 0)) return err; + if (unlikely(d_is_negative(path.dentry))) { + path_to_nameidata(&path, nd); + return -ENOENT; + } + seq = 0; /* we are already out of RCU mode */ inode = d_backing_inode(path.dentry); } From 03cc0789a690eb9ab07070376252961caeae7441 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Apr 2016 14:56:58 -0400 Subject: [PATCH 2/2] do_splice_to(): cap the size before passing to ->splice_read() pipe capacity won't exceed 2G anyway. Signed-off-by: Al Viro --- fs/splice.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/splice.c b/fs/splice.c index 9947b5c69664..a6b87b7e0745 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -1143,6 +1143,9 @@ static long do_splice_to(struct file *in, loff_t *ppos, if (unlikely(ret < 0)) return ret; + if (unlikely(len > MAX_RW_COUNT)) + len = MAX_RW_COUNT; + if (in->f_op->splice_read) splice_read = in->f_op->splice_read; else