linux/fs
Suresh Jayaraman 6513a81e93 cifs: Fix a kernel BUG with remote OS/2 server (try #3)
While chasing a bug report involving a OS/2 server, I noticed the server sets
pSMBr->CountHigh to a incorrect value even in case of normal writes. This
results in 'nbytes' being computed wrongly and triggers a kernel BUG at
mm/filemap.c.

void iov_iter_advance(struct iov_iter *i, size_t bytes)
{
        BUG_ON(i->count < bytes);    <--- BUG here

Why the server is setting 'CountHigh' is not clear but only does so after
writing 64k bytes. Though this looks like the server bug, the client side
crash may not be acceptable.

The workaround is to mask off high 16 bits if the number of bytes written as
returned by the server is greater than the bytes requested by the client as
suggested by Jeff Layton.

CC: Stable <stable@kernel.org>
Reviewed-by: Jeff Layton <jlayton@samba.org>
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2010-04-03 17:24:20 +00:00
..
9p 9p: Skip check for mandatory locks when unlocking 2010-03-13 09:05:37 -06:00
adfs pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
affs Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
afs AFS: Potential null dereference 2010-03-22 09:57:19 -07:00
autofs
autofs4 Use kill_litter_super() in autofs4 ->kill_sb() 2010-03-03 14:07:54 -05:00
befs befs: fix leak 2010-02-07 03:06:21 -05:00
bfs pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
btrfs Merge git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable 2010-03-18 16:50:55 -07:00
cachefiles CacheFiles: Fix a race in cachefiles_delete_object() vs rename 2010-02-20 10:06:35 -05:00
ceph ceph: update for write_inode API change 2010-03-05 14:49:41 -08:00
cifs cifs: Fix a kernel BUG with remote OS/2 server (try #3) 2010-04-03 17:24:20 +00:00
coda
configfs Fix configfs leak 2010-01-14 09:05:42 -05:00
cramfs
debugfs Lose the new_name argument of fsnotify_move() 2010-02-08 14:38:36 -05:00
devpts
dlm Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-03-12 16:04:50 -08:00
ecryptfs ecryptfs: use after free 2010-01-19 22:36:06 -06:00
efs
exofs pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
exportfs
ext2 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-03-05 13:20:53 -08:00
ext3 Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
ext4 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-03-12 16:04:50 -08:00
fat Merge git://git.kernel.org/pub/scm/linux/kernel/git/hirofumi/fatfs-2.6 2010-03-12 16:35:21 -08:00
freevxfs
fscache FS-Cache: Remove the EXPERIMENTAL flag 2010-03-08 07:32:34 -08:00
fuse Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
gfs2 Merge git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-2.6-fixes 2010-03-13 14:38:53 -08:00
hfs pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
hfsplus pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
hostfs
hpfs Don't mess with generic_permission() under ->d_lock in hpfs 2010-03-03 14:07:58 -05:00
hppfs hppfs can use existing proc_mnt, no need for do_kern_mount() in there 2010-03-03 14:08:00 -05:00
hugetlbfs
isofs
jbd Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
jbd2 jbd2: clean up an assertion in jbd2_journal_commit_transaction() 2010-02-24 12:11:20 -05:00
jffs2 jffs2: fix up rb_root initializations to use RB_ROOT 2010-03-17 18:43:47 -07:00
jfs Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-03-05 13:20:53 -08:00
lockd lockd: don't clear sm_monitored on nsm_reboot_lookup 2010-02-08 16:20:35 -05:00
logfs Merge git://git.kernel.org/pub/scm/linux/kernel/git/joern/logfs 2010-03-06 13:18:03 -08:00
minix pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
ncpfs
nfs NFS: ensure bdi_unregister is called on mount failure. 2010-03-15 15:37:45 -04:00
nfs_common
nfsd Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
nilfs2 nilfs2: remove whitespaces before quoted newlines 2010-03-14 10:29:51 +09:00
nls
notify switch inotify_user to anon_inode 2010-02-19 03:35:12 -05:00
ntfs ntfs: use bitmap_weight 2010-03-17 18:43:47 -07:00
ocfs2 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-03-12 16:04:50 -08:00
omfs pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
openpromfs
partitions block: Stop using byte offsets 2010-01-11 14:30:09 +01:00
proc proc: warn on non-existing proc entries 2010-03-06 11:26:45 -08:00
qnx4 fs/qnx4: decrement sizeof size in strncmp 2010-02-04 11:55:46 +01:00
quota quota: stop using QUOTA_OK / NO_QUOTA 2010-03-05 00:20:31 +01:00
ramfs nommu: fix shared mmap after truncate shrinkage problems 2010-01-16 12:15:40 -08:00
reiserfs Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
romfs fix leak in romfs_fill_super() 2010-01-26 22:22:26 -05:00
smbfs
squashfs Squashfs: get rid of obsolete definition in header file 2010-03-05 15:35:35 +00:00
sysfs sysfs: Kill unused sysfs_sb variable. 2010-03-07 17:04:52 -08:00
sysv pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
ubifs Revert "lib: build list_sort() only if needed" 2010-03-07 09:54:44 -08:00
udf Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-udf-2.6 2010-03-12 16:22:50 -08:00
ufs ufs: make solaris fsck happy 2010-03-12 15:52:35 -08:00
xfs xfs: don't warn about page discards on shutdown 2010-03-16 15:40:53 -05:00
aio.c
anon_inodes.c anon_inodes: mark the anon inode private 2010-03-12 16:25:23 -08:00
attr.c fs: use rlimit helpers 2010-03-06 11:26:29 -08:00
bad_inode.c
binfmt_aout.c coredump: move dump_write() and dump_seek() into a header file 2010-03-06 11:26:45 -08:00
binfmt_elf_fdpic.c Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
binfmt_elf.c coredump: pass mm->flags as a coredump parameter for consistency 2010-03-06 11:26:46 -08:00
binfmt_em86.c
binfmt_flat.c fs: use rlimit helpers 2010-03-06 11:26:29 -08:00
binfmt_misc.c
binfmt_script.c
binfmt_som.c Split 'flush_old_exec' into two functions 2010-01-29 08:22:01 -08:00
bio-integrity.c block: fix bugs in bio-integrity mempool usage 2010-01-30 20:28:19 +01:00
bio.c Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
block_dev.c freeze_bdev: don't deactivate successfully frozen MS_RDONLY sb 2010-02-07 03:06:21 -05:00
buffer.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-03-12 16:04:50 -08:00
char_dev.c
compat_binfmt_elf.c elf coredump: replace ELF_CORE_EXTRA_* macros by functions 2010-03-06 11:26:45 -08:00
compat_ioctl.c fs/compat_ioctl.c: suppress two warnings 2010-03-06 11:26:35 -08:00
compat.c Add generic sys_old_select() 2010-03-12 15:52:32 -08:00
dcache.c fix race in d_splice_alias() 2010-03-03 14:13:08 -05:00
dcookies.c
direct-io.c
drop_caches.c
eventfd.c eventfd - allow atomic read and waitqueue remove 2010-01-25 12:26:38 -02:00
eventpoll.c anonfd: Allow making anon files read-only 2009-12-22 12:27:34 -05:00
exec.c coredump: suppress uid comparison test if core output files are pipes 2010-03-06 11:26:46 -08:00
fcntl.c fs: use rlimit helpers 2010-03-06 11:26:29 -08:00
fifo.c
file_table.c vfs: take f_lock on modifying f_mode after open time 2010-03-06 11:26:25 -08:00
file.c fs: use rlimit helpers 2010-03-06 11:26:29 -08:00
filesystems.c
fs_struct.c
fs-writeback.c pass writeback_control to ->write_inode 2010-03-05 13:25:52 -05:00
generic_acl.c
inode.c dquot: move dquot initialization responsibility into the filesystem 2010-03-05 00:20:30 +01:00
internal.h Take vfsmount_lock to fs/internal.h 2010-03-03 14:07:59 -05:00
ioctl.c
ioprio.c
Kconfig Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2010-03-19 09:43:06 -07:00
Kconfig.binfmt
libfs.c libfs: Unexport and kill simple_prepare_write 2010-03-03 13:00:17 -05:00
locks.c Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
Makefile Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2010-03-19 09:43:06 -07:00
mbcache.c
mpage.c Fix misspellings of "invocation" in comments. 2010-02-04 11:55:45 +01:00
namei.c Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
namespace.c vfs: add NOFOLLOW flag to umount(2) 2010-03-03 14:08:00 -05:00
nfsctl.c Switch may_open() and break_lease() to passing O_... 2010-03-03 13:00:21 -05:00
no-block.c
open.c Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-03-05 13:20:53 -08:00
pipe.c
pnode.c Kill CL_PROPAGATION, sanitize fs/pnode.c:get_source() 2010-03-03 13:00:22 -05:00
pnode.h VFS: Clean up shared mount flag propagation 2010-03-03 14:07:55 -05:00
posix_acl.c
read_write.c
read_write.h
readdir.c
select.c Add generic sys_old_select() 2010-03-12 15:52:32 -08:00
seq_file.c seq_file: fix new kernel-doc warnings 2010-03-07 15:48:26 -08:00
signalfd.c anonfd: Allow making anon files read-only 2009-12-22 12:27:34 -05:00
splice.c
stack.c
stat.c Add unlocked version of inode_add_bytes() function 2009-12-23 13:33:54 +01:00
super.c Mirror MS_KERNMOUNT in ->mnt_flags 2010-03-03 14:08:00 -05:00
sync.c quota: move code from sync_quota_sb into vfs_quota_sync 2010-03-05 00:20:24 +01:00
timerfd.c anonfd: Allow making anon files read-only 2009-12-22 12:27:34 -05:00
utimes.c
xattr_acl.c
xattr.c