From bcd73aae00d3ed4071f3f60c379fc2027e3db9d2 Mon Sep 17 00:00:00 2001 From: David Weinehall Date: Fri, 23 Nov 2007 15:12:22 -0500 Subject: [PATCH] Linux 2.0.39 o Fix memory-leak in af_unix (Jon Nelson, Alan Cox, David Weinehall) o Added headerfiles for devfs (Richard Gooch) to simplify backports of drivers o Fix a bug involving syncronous (Jari Ruusu) writes and -ENOSPC that could cause file-corruption o Added new versions of PCI-2000 (Mark Ebersole) o Added new versions of PCI-2220i (Mark Ebersole) o Fixed a few typos in PCI-2000, (David Weinehall) PCI-2220i, PSI-240i and related files o Removed unused variable in xd.c (David Weinehall) o Renamed the initfunctions in (David Weinehall) pi2.c and pt.c, as their names clashed with paride-names (obviously, noone uses paride together with hamradio) o Changed most references to (David Weinehall) vger.rutgers.edu to vger.kernel.org o Fix the few vger.rutgers.edu (Daniel Roesen) references that I missed o Fix a bug in af_unix that wrote to (Michael Deutschmann) a socket after freeing it (aka the Win9x-related oops) o Fixed typo in Documentation (Martin Douda) o IDE-patches (Andre Hedrick) o Fixes for the IDE-patches (Andries Brouwier, o Move memory-offset for dynamic (Michael Deutschsmann) executables o Fixes to the Cyclades-driver (Ivan Passos) o Fix for a bug in ext2 (Stephen C. Tweedie) o Added marketing-names for 3Com (Yann Dirson, David Weinehall) NICs in drivers/net/Config.in o Fix for a buf in smbfs (Rick Bressier) o Large-disk fixes (Andries Brouwer) o Wavelan-driver cleanup & bugfixes (Jean Tourrilhes) o Security-fixes (Solar Designer) o Quota-fixes (Jan Kara) o Fixed GPF using IPsec Masquerade (Rudolf Lippan) o Fixed Config.in bugs in (Marc Martinez) drivers/net and drivers/isdn o Added IPX-routing of NetBIOS packages (Jan Rafaj) o Fix for a bug in paride (Wolfram Gloger) o Fix an erroneous printk in ip_fw.c (Todd Sabin) o Fix for IP multicast on WAN-adapters (Matthew Grant) o Big updates to MAINTAINERS (David Weinehall) o Big updates to CREDITS (David Weinehall, others) o Various updates in Documentation/* (David Weinehall) o Styled up all Configuration-files (David Weinehall) in a similar manner to newer v2.3 kernels, and various other cleanups o Updated CodingStyle to the one used (David Weinehall) in recent v2.3 kernels o Backported nls_8859-14 (David Weinehall) o Added support for sparse superblocks (Theodore T'so) o Fix for the ping -s 65468 exploit (Andrea Arcangeli, others) --- CREDITS | 20 ++- Documentation/networking/arcnet.txt | 2 +- Documentation/networking/ax25.txt | 2 +- MAINTAINERS | 6 + drivers/char/scc.c | 4 +- drivers/scsi/README.tmscsim | 2 +- fs/binfmt_elf.c | 4 +- fs/binfmt_em86.c | 4 +- fs/binfmt_java.c | 8 +- fs/binfmt_script.c | 8 +- fs/block_dev.c | 23 ++- include/linux/devfs_fs.h | 42 +++++ include/linux/devfs_fs_kernel.h | 250 ++++++++++++++++++++++++++++ net/unix/af_unix.c | 23 ++- scripts/Menuconfig | 2 +- 15 files changed, 357 insertions(+), 43 deletions(-) create mode 100644 include/linux/devfs_fs.h create mode 100644 include/linux/devfs_fs_kernel.h diff --git a/CREDITS b/CREDITS index 14aba8fda9d2..ef8004a4d7b7 100644 --- a/CREDITS +++ b/CREDITS @@ -495,6 +495,14 @@ N: Philip Gladstone E: philip@raptor.com D: Kernel / timekeeping stuff +N: Richard E. Gooch +E: rgooch@atnf.csiro.au +D: Device FileSystem (devfs) +S: CSIRO Australia Telescope National Facility +S: P.O. Box 76, Epping +S: New South Wales, 2121 +S: Australia + N: Dmitry S. Gorodchanin E: pgmdsg@ibi.com D: RISCom/8 driver, misc kernel fixes. @@ -1462,17 +1470,13 @@ S: Rockville, Maryland 20853 S: USA N: Stephen Tweedie -E: sct@dcs.ed.ac.uk -P: 1024/E7A417AD E2 FE A4 20 34 EC ED FC 7D 7E 67 8D E0 31 D1 69 +E: sct@redhat.com +P: 1024D/43BE7544 D2A4 8556 08E6 90E7 076C BA3F 243F 20A4 43BE 7544 D: Second extended file system developer D: General filesystem hacker D: kswap vm management code -S: Dept. of Computer Science -S: University of Edinburgh -S: JCMB, The King's Buildings -S: Mayfield Road -S: Edinburgh -S: EH9 3JZ +S: 44 Campbell Park Crescent +S: Edinburgh EH13 0HT S: United Kingdom N: Thomas Uhl diff --git a/Documentation/networking/arcnet.txt b/Documentation/networking/arcnet.txt index ae6f9989c0cb..bceeaf4d2f5b 100644 --- a/Documentation/networking/arcnet.txt +++ b/Documentation/networking/arcnet.txt @@ -63,7 +63,7 @@ submit messages to the list, mail to linux-arcnet@tichy.ch.uj.edu.pl. There are archives of the mailing list at: http://tichy.ch.uj.edu.pl/lists/linux-arcnet -The people on linux-net@vger.rutgers.edu have also been known to be very +The people on linux-net@vger.kernel.org have also been known to be very helpful, especially when we're talking about ALPHA Linux kernels that may or may not work right in the first place. diff --git a/Documentation/networking/ax25.txt b/Documentation/networking/ax25.txt index 937b9efe6839..1f865a59fa26 100644 --- a/Documentation/networking/ax25.txt +++ b/Documentation/networking/ax25.txt @@ -8,7 +8,7 @@ who is also the AX.25 Utilities maintainer. There is an active mailing list for discussing Linux amateur radio matters called linux-hams. To subscribe to it, send a message to -Majordomo@vger.rutgers.edu with the words "subscribe linux-hams" in the body +majordomo@vger.kernel.org with the words "subscribe linux-hams" in the body of the message, the subject field is ignored. Jonathan G4KLX diff --git a/MAINTAINERS b/MAINTAINERS index 4bc0dae85d1a..97c1b748dcb5 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -170,6 +170,12 @@ M: hpa@zytor.com L: linux-kernel@vger.kernel.org S: Maintained +DEVICE FILESYSTEM +P: Richard Gooch +M: rgooch@atnf.csiro.au +L: linux-kernel@vger.kernel.org +S: Maintained + DIGIBOARD DRIVER P: Christoph Lameter M: clameter@fuller.edu diff --git a/drivers/char/scc.c b/drivers/char/scc.c index 315797911473..06b152bad7c9 100644 --- a/drivers/char/scc.c +++ b/drivers/char/scc.c @@ -136,8 +136,8 @@ please (!) contact me first. New versions of the driver will be announced on the linux-hams - mailing list on vger.rutgers.edu. To subscribe send an e-mail - to majordomo@vger.rutgers.edu with the following line in + mailing list on vger.kernel.org. To subscribe send an e-mail + to majordomo@vger.kernel.org with the following line in the body of the mail: subscribe linux-hams diff --git a/drivers/scsi/README.tmscsim b/drivers/scsi/README.tmscsim index 99ae1e5a71ff..207420eb37d4 100644 --- a/drivers/scsi/README.tmscsim +++ b/drivers/scsi/README.tmscsim @@ -382,7 +382,7 @@ Please append the output of /proc/scsi/scsi, /proc/scsi/tmscsim/? and maybe the DC390 log messages to the report. Bug reports should be send to me (Kurt Garloff ) as well -as to the linux-scsi list (), as sometimes bugs +as to the linux-scsi list (), as sometimes bugs are caused by the SCSI mid-level code. I will ask you for some more details and probably I will also ask you to diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 79e5baeb3557..236d2f6e7239 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -550,14 +550,14 @@ static inline int do_load_elf_binary(struct linux_binprm *bprm, struct pt_regs * bprm->argc++; } } - if (!bprm->p) { + if ((long)bprm->p < 0) { if (elf_interpreter) { kfree(elf_interpreter); } iput(interpreter_inode); kfree(elf_phdata); sys_close(elf_exec_fileno); - return -E2BIG; + return (long)bprm->p; } } if (flush_old_exec(bprm)) { diff --git a/fs/binfmt_em86.c b/fs/binfmt_em86.c index ca992261096f..a6af4d986e04 100644 --- a/fs/binfmt_em86.c +++ b/fs/binfmt_em86.c @@ -72,8 +72,8 @@ static int do_load_em86(struct linux_binprm *bprm,struct pt_regs *regs) } bprm->p = copy_strings(1, &i_name, bprm->page, bprm->p, 2); bprm->argc++; - if (!bprm->p) - return -E2BIG; + if ((long)bprm->p < 0) + return (long)bprm->p; /* * OK, now restart the process with the interpreter's inode. * Note that we use open_namei() as the name is now in kernel diff --git a/fs/binfmt_java.c b/fs/binfmt_java.c index 035fc4a2836c..00cd1713516c 100644 --- a/fs/binfmt_java.c +++ b/fs/binfmt_java.c @@ -62,8 +62,8 @@ static int do_load_script(struct linux_binprm *bprm,struct pt_regs *regs) i_name = bprm->buf; bprm->p = copy_strings(1, &i_name, bprm->page, bprm->p, 2); bprm->argc++; - if (!bprm->p) - return -E2BIG; + if ((long)bprm->p < 0) + return (long)bprm->p; /* * OK, now restart the process with the interpreter's inode. * Note that we use open_namei() as the name is now in kernel @@ -117,8 +117,8 @@ static int do_load_applet(struct linux_binprm *bprm,struct pt_regs *regs) i_name = bprm->buf; bprm->p = copy_strings(1, &i_name, bprm->page, bprm->p, 2); bprm->argc++; - if (!bprm->p) - return -E2BIG; + if ((long)bprm->p < 0) + return (long)bprm->p; /* * OK, now restart the process with the interpreter's inode. * Note that we use open_namei() as the name is now in kernel diff --git a/fs/binfmt_script.c b/fs/binfmt_script.c index 4e347c49f014..6cbbe478fbc8 100644 --- a/fs/binfmt_script.c +++ b/fs/binfmt_script.c @@ -15,7 +15,7 @@ static int do_load_script(struct linux_binprm *bprm,struct pt_regs *regs) { char *cp, *interp, *i_name, *i_arg; int retval; - if ((bprm->buf[0] != '#') || (bprm->buf[1] != '!') || (bprm->sh_bang)) + if ((bprm->buf[0] != '#') || (bprm->buf[1] != '!') || (bprm->sh_bang)) return -ENOEXEC; /* * This section does the #! interpretation. @@ -43,7 +43,7 @@ static int do_load_script(struct linux_binprm *bprm,struct pt_regs *regs) interp = i_name = cp; i_arg = 0; for ( ; *cp && (*cp != ' ') && (*cp != '\t'); cp++) { - if (*cp == '/') + if (*cp == '/') i_name = cp+1; } while ((*cp == ' ') || (*cp == '\t')) @@ -69,8 +69,8 @@ static int do_load_script(struct linux_binprm *bprm,struct pt_regs *regs) } bprm->p = copy_strings(1, &i_name, bprm->page, bprm->p, 2); bprm->argc++; - if (!bprm->p) - return -E2BIG; + if ((long)bprm->p < 0) + return (long)bprm->p; /* * OK, now restart the process with the interpreter's inode. * Note that we use open_namei() as the name is now in kernel diff --git a/fs/block_dev.c b/fs/block_dev.c index 1072f4be09a5..2a58b7d45473 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c @@ -27,7 +27,7 @@ int block_write(struct inode * inode, struct file * filp, int block, blocks; loff_t offset; int chars; - int written = 0; + int written = 0, retval = 0; struct buffer_head * bhlist[NBUF]; unsigned int size; kdev_t dev; @@ -57,8 +57,10 @@ int block_write(struct inode * inode, struct file * filp, else size = INT_MAX; while (count>0) { - if (block >= size) - return written ? written : -ENOSPC; + if (block >= size) { + retval = -ENOSPC; + goto cleanup; + } chars = blocksize - offset; if (chars > count) chars=count; @@ -90,7 +92,8 @@ int block_write(struct inode * inode, struct file * filp, bhlist[i] = getblk (dev, block+i, blocksize); if(!bhlist[i]){ while(i >= 0) brelse(bhlist[i--]); - return written ? written : -EIO; + retval= -EIO; + goto cleanup; }; }; ll_rw_block(READ, blocks, bhlist); @@ -101,8 +104,10 @@ int block_write(struct inode * inode, struct file * filp, }; #endif block++; - if (!bh) - return written ? written : -EIO; + if (!bh) { + retval = -EIO; + goto cleanup; + } p = offset + bh->b_data; offset = 0; filp->f_pos += chars; @@ -130,6 +135,7 @@ int block_write(struct inode * inode, struct file * filp, if(write_error) break; } + cleanup: if ( buffercount ){ ll_rw_block(WRITE, buffercount, bufferlist); for(i=0; if_reada = 1; + if(!retval) + filp->f_reada = 1; if(write_error) return -EIO; - return written; + return written ? written : retval; } int block_read(struct inode * inode, struct file * filp, diff --git a/include/linux/devfs_fs.h b/include/linux/devfs_fs.h new file mode 100644 index 000000000000..9c4cf54c2342 --- /dev/null +++ b/include/linux/devfs_fs.h @@ -0,0 +1,42 @@ +#ifndef _LINUX_DEVFS_FS_H +#define _LINUX_DEVFS_FS_H + +#include + +#define DEVFSD_PROTOCOL_REVISION_KERNEL 5 + +#define DEVFSD_IOCTL_BASE 'd' + +/* These are the various ioctls */ +#define DEVFSDIOC_GET_PROTO_REV _IOR(DEVFSD_IOCTL_BASE, 0, int) +#define DEVFSDIOC_SET_EVENT_MASK _IOW(DEVFSD_IOCTL_BASE, 2, int) +#define DEVFSDIOC_RELEASE_EVENT_QUEUE _IOW(DEVFSD_IOCTL_BASE, 3, int) +#define DEVFSDIOC_SET_DEBUG_MASK _IOW(DEVFSD_IOCTL_BASE, 4, int) + +#define DEVFSD_NOTIFY_REGISTERED 0 +#define DEVFSD_NOTIFY_UNREGISTERED 1 +#define DEVFSD_NOTIFY_ASYNC_OPEN 2 +#define DEVFSD_NOTIFY_CLOSE 3 +#define DEVFSD_NOTIFY_LOOKUP 4 +#define DEVFSD_NOTIFY_CHANGE 5 +#define DEVFSD_NOTIFY_CREATE 6 + +#define DEVFS_PATHLEN 1024 /* Never change this otherwise the + binary interface will change */ + +struct devfsd_notify_struct +{ + unsigned int type; /* DEVFSD_NOTIFY_* value */ + unsigned int mode; /* Mode of the inode or device entry */ + unsigned int major; /* Major number of device entry */ + unsigned int minor; /* Minor number of device entry */ + unsigned int uid; /* Uid of process, inode or device entry */ + unsigned int gid; /* Gid of process, inode or device entry */ + unsigned int overrun_count; /* Number of lost events */ + unsigned int namelen; /* Number of characters not including '\0' */ + /* The device name MUST come last */ + char devname[DEVFS_PATHLEN]; /* This will be '\0' terminated */ +}; + + +#endif /* _LINUX_DEVFS_FS_H */ diff --git a/include/linux/devfs_fs_kernel.h b/include/linux/devfs_fs_kernel.h new file mode 100644 index 000000000000..4db152030375 --- /dev/null +++ b/include/linux/devfs_fs_kernel.h @@ -0,0 +1,250 @@ +#ifndef _LINUX_DEVFS_FS_KERNEL_H +#define _LINUX_DEVFS_FS_KERNEL_H + +#include +#include + +#define DEVFS_SUPER_MAGIC 0x1373 + +#define IS_DEVFS_INODE(inode) (DEVFS_SUPER_MAGIC == (inode)->i_sb->s_magic) + +#define DEVFS_MINOR(inode) \ + ({unsigned int m; /* evil GCC trickery */ \ + ((inode)->i_sb && \ + ((inode)->i_sb->s_magic==DEVFS_SUPER_MAGIC) && \ + (devfs_get_maj_min(devfs_get_handle_from_inode((inode)),NULL,&m)==0) \ + ) ? m : MINOR((inode)->r_dev); }) + + +#define DEVFS_FL_NONE 0x000 /* This helps to make code more readable + */ +#define DEVFS_FL_AUTO_OWNER 0x001 /* When a closed inode is opened the + ownerships are set to the opening + process and the protection is set to + that given in <>. When the inode + is closed, ownership reverts back to + <> and <> and the protection + is set to read-write for all */ +#define DEVFS_FL_SHOW_UNREG 0x002 /* Show unregistered entries in + directory listings */ +#define DEVFS_FL_HIDE 0x004 /* Do not show entry in directory list */ +#define DEVFS_FL_AUTO_DEVNUM 0x008 /* Automatically generate device number + */ +#define DEVFS_FL_AOPEN_NOTIFY 0x010 /* Asynchronously notify devfsd on open + */ +#define DEVFS_FL_REMOVABLE 0x020 /* This is a removable media device */ +#define DEVFS_FL_WAIT 0x040 /* Wait for devfsd to finish */ +#define DEVFS_FL_NO_PERSISTENCE 0x080 /* Forget changes after unregister */ +#define DEVFS_FL_CURRENT_OWNER 0x100 /* Set initial ownership to current */ +#define DEVFS_FL_DEFAULT DEVFS_FL_NONE + + +#define DEVFS_SPECIAL_CHR 0 +#define DEVFS_SPECIAL_BLK 1 + +typedef struct devfs_entry * devfs_handle_t; + + +#ifdef CONFIG_BLK_DEV_INITRD +# define ROOT_DEVICE_NAME ((real_root_dev ==ROOT_DEV) ? root_device_name:NULL) +#else +# define ROOT_DEVICE_NAME root_device_name +#endif + + +#ifdef CONFIG_DEVFS_FS +extern devfs_handle_t devfs_register (devfs_handle_t dir, const char *name, + unsigned int flags, + unsigned int major, unsigned int minor, + umode_t mode, void *ops, void *info); +extern void devfs_unregister (devfs_handle_t de); +extern int devfs_mk_symlink (devfs_handle_t dir, const char *name, + unsigned int flags, const char *link, + devfs_handle_t *handle, void *info); +extern devfs_handle_t devfs_mk_dir (devfs_handle_t dir, const char *name, + void *info); +extern devfs_handle_t devfs_find_handle (devfs_handle_t dir, const char *name, + unsigned int major,unsigned int minor, + char type, int traverse_symlinks); +extern int devfs_get_flags (devfs_handle_t de, unsigned int *flags); +extern int devfs_set_flags (devfs_handle_t de, unsigned int flags); +extern int devfs_get_maj_min (devfs_handle_t de, + unsigned int *major, unsigned int *minor); +extern devfs_handle_t devfs_get_handle_from_inode (struct inode *inode); +extern int devfs_generate_path (devfs_handle_t de, char *path, int buflen); +extern void *devfs_get_ops (devfs_handle_t de); +extern int devfs_set_file_size (devfs_handle_t de, unsigned long size); +extern void *devfs_get_info (devfs_handle_t de); +extern int devfs_set_info (devfs_handle_t de, void *info); +extern devfs_handle_t devfs_get_parent (devfs_handle_t de); +extern devfs_handle_t devfs_get_first_child (devfs_handle_t de); +extern devfs_handle_t devfs_get_next_sibling (devfs_handle_t de); +extern void devfs_auto_unregister (devfs_handle_t master,devfs_handle_t slave); +extern devfs_handle_t devfs_get_unregister_slave (devfs_handle_t master); +extern const char *devfs_get_name (devfs_handle_t de, unsigned int *namelen); +extern int devfs_register_chrdev (unsigned int major, const char *name, + struct file_operations *fops); +extern int devfs_register_blkdev (unsigned int major, const char *name, + struct block_device_operations *bdops); +extern int devfs_unregister_chrdev (unsigned int major, const char *name); +extern int devfs_unregister_blkdev (unsigned int major, const char *name); + +extern void devfs_register_tape (devfs_handle_t de); +extern void devfs_register_series (devfs_handle_t dir, const char *format, + unsigned int num_entries, + unsigned int flags, unsigned int major, + unsigned int minor_start, + umode_t mode, void *ops, void *info); + +extern int init_devfs_fs (void); +extern void mount_devfs_fs (void); +extern void devfs_make_root (const char *name); +#else /* CONFIG_DEVFS_FS */ +static inline devfs_handle_t devfs_register (devfs_handle_t dir, + const char *name, + unsigned int flags, + unsigned int major, + unsigned int minor, + umode_t mode, + void *ops, void *info) +{ + return NULL; +} +static inline void devfs_unregister (devfs_handle_t de) +{ + return; +} +static inline int devfs_mk_symlink (devfs_handle_t dir, const char *name, + unsigned int flags, const char *link, + devfs_handle_t *handle, void *info) +{ + return 0; +} +static inline devfs_handle_t devfs_mk_dir (devfs_handle_t dir, + const char *name, void *info) +{ + return NULL; +} +static inline devfs_handle_t devfs_find_handle (devfs_handle_t dir, + const char *name, + unsigned int major, + unsigned int minor, + char type, + int traverse_symlinks) +{ + return NULL; +} +static inline int devfs_get_flags (devfs_handle_t de, unsigned int *flags) +{ + return 0; +} +static inline int devfs_set_flags (devfs_handle_t de, unsigned int flags) +{ + return 0; +} +static inline int devfs_get_maj_min (devfs_handle_t de, + unsigned int *major, unsigned int *minor) +{ + return 0; +} +static inline devfs_handle_t devfs_get_handle_from_inode (struct inode *inode) +{ + return NULL; +} +static inline int devfs_generate_path (devfs_handle_t de, char *path, + int buflen) +{ + return -ENOSYS; +} +static inline void *devfs_get_ops (devfs_handle_t de) +{ + return NULL; +} +static inline int devfs_set_file_size (devfs_handle_t de, unsigned long size) +{ + return -ENOSYS; +} +static inline void *devfs_get_info (devfs_handle_t de, unsigned long size) +{ + return NULL; +} +static inline int devfs_set_info (devfs_handle_t de, void *info) +{ + return 0; +} +static inline devfs_handle_t devfs_get_parent (devfs_handle_t de) +{ + return NULL; +} +static inline devfs_handle_t devfs_get_first_child (devfs_handle_t de) +{ + return NULL; +} +static inline devfs_handle_t devfs_get_next_sibling (devfs_handle_t de) +{ + return NULL; +} +static inline void devfs_auto_unregister (devfs_handle_t master, + devfs_handle_t slave) +{ + return; +} +static inline devfs_handle_t devfs_get_unregister_slave (devfs_handle_t master) +{ + return NULL; +} +static inline const char *devfs_get_name (devfs_handle_t de, + unsigned int *namelen) +{ + return NULL; +} +static inline int devfs_register_chrdev (unsigned int major, const char *name, + struct file_operations *fops) +{ + return register_chrdev (major, name, fops); +} +static inline int devfs_register_blkdev (unsigned int major, const char *name, + struct block_device_operations *bdops) +{ + return register_blkdev (major, name, bdops); +} +static inline int devfs_unregister_chrdev (unsigned int major,const char *name) +{ + return unregister_chrdev (major, name); +} +static inline int devfs_unregister_blkdev (unsigned int major,const char *name) +{ + return unregister_blkdev (major, name); +} + +static inline void devfs_register_tape (devfs_handle_t de) +{ + return; +} + +static inline void devfs_register_series (devfs_handle_t dir, + const char *format, + unsigned int num_entries, + unsigned int flags, + unsigned int major, + unsigned int minor_start, + umode_t mode, void *ops, void *info) +{ + return; +} + +static inline int init_devfs_fs (void) +{ + return 0; +} +static inline void mount_devfs_fs (void) +{ + return; +} +static inline void devfs_make_root (const char *name) +{ + return; +} +#endif /* CONFIG_DEVFS_FS */ + +#endif /* _LINUX_DEVFS_FS_KERNEL_H */ diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 296e4d02bca7..9d92ce160899 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -30,7 +30,7 @@ * Heiko EiBfeldt : Missing verify_area check * Alan Cox : Shutdown() bug * Michael Deutschmann : release was writing to the socket - * structure after freeing it. + * structure after freeing it. * * Known differences from reference BSD that was tested: * @@ -157,8 +157,7 @@ static void unix_destroy_timer(unsigned long data) unix_socket *sk=(unix_socket *)data; if(sk->protinfo.af_unix.locks==0 && sk->wmem_alloc==0) { - if(sk->protinfo.af_unix.name) - kfree(sk->protinfo.af_unix.name); + kfree(sk->protinfo.af_unix.name); sk_free(sk); return; } @@ -213,8 +212,7 @@ static void unix_destroy_socket(unix_socket *sk) if(--sk->protinfo.af_unix.locks==0 && sk->wmem_alloc==0) { - if(sk->protinfo.af_unix.name) - kfree(sk->protinfo.af_unix.name); + kfree(sk->protinfo.af_unix.name); sk_free(sk); } else @@ -698,6 +696,8 @@ static struct cmsghdr *unix_copyrights(void *userp, int len) /* AT&T ? */ if(len>256|| len <=0) return NULL; cm=kmalloc(len, GFP_KERNEL); + if(cm==NULL) + return NULL; memcpy_fromfs(cm, userp, len); return cm; } @@ -831,16 +831,19 @@ static void unix_destruct_fds(struct sk_buff *skb) /* * Attach the file descriptor array to an sk_buff */ -static void unix_attach_fds(int fpnum,struct file **fp,struct sk_buff *skb) +static int unix_attach_fds(int fpnum,struct file **fp,struct sk_buff *skb) { - skb->h.filp = kmalloc(sizeof(long)+fpnum*sizeof(struct file *), + skb->h.filp = kmalloc(sizeof(long)+fpnum*sizeof(struct file *), GFP_KERNEL); + if(skb->h.filp==NULL) + return -ENOMEM; /* number of descriptors starts block */ *(int *)skb->h.filp = fpnum; /* actual descriptors */ memcpy(skb->h.filp+sizeof(long),fp,fpnum*sizeof(struct file *)); skb->destructor = unix_destruct_fds; + return 0; } /* @@ -969,7 +972,9 @@ static int unix_sendmsg(struct socket *sock, struct msghdr *msg, int len, int no if(fpnum) { - unix_attach_fds(fpnum,fp,skb); + int err=unix_attach_fds(fpnum,fp,skb); + if(err) + return err; fpnum=0; } else @@ -1075,7 +1080,7 @@ static int unix_recvmsg(struct socket *sock, struct msghdr *msg, int size, int n { cm=unix_copyrights(msg->msg_control, msg->msg_controllen); - if(msg->msg_controllenmsg_controllen. You may also -send a problem report to linux-kernel@vger.rutgers.edu or post a +send a problem report to linux-kernel@vger.kernel.org or post a message to the linux.dev.kernel news group. Please indicate the kernel version you are trying to configure and -- 2.39.5