linux/kernel/relay.c, branch v2.6.24

whitespace fixes: relayfs

2007-10-18T21:37:24Z

Signed-off-by: Daniel Walker Cc: Tom Zanussi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

Fix a use after free bug in kernel->userspace relay file support

2007-07-31T22:39:42Z

Coverity spotted what looks like a real possible case of using a variable after it has been freed. The problem is in kernel/relay.c::relay_open_buf() If the code hits "goto free_buf;" it ends up in this code : free_buf: relay_destroy_buf(buf); <--- calls kfree() on 'buf'. free_name: kfree(tmpname); end: return buf; <-- use after free of 'buf'. I read through the callers and they all handle a NULL return from this function as an error (and hitting the 'free_buf' label only happens on failure to chan->cb->create_buf_file(), so that looks like a clear error to me). The patch simply sets 'buf' to NULL after the call to relay_destroy_buf(buf); - as far as I can see that should take care of the problem. The patch also corrects a reference to a documentation file while I was at it. Note from Mathieu: the documentation reference change should have been done in a separate patch, but I guess no one will really care. Signed-off-by: Jesper Juhl Acked-by: "David J. Wilder" Tested-by: "David J. Wilder" Signed-off-by: Mathieu Desnoyers Cc: Tom Zanussi Cc: Karim Yaghmour Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

kernel/relay.c: make functions static

2007-07-19T17:04:47Z

Signed-off-by: Adrian Bunk Cc: Tom Zanussi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

relay: fixup kerneldoc comment

2007-07-13T12:14:28Z

Change comment from kerneldoc to normal. Signed-off-by: Tom Zanussi Signed-off-by: Jens Axboe

relay: fix bogus cast in subbuf_splice_actor()

2007-07-13T12:14:26Z

The current code that sets the read position in subbuf_splice_actor may give erroneous results if the buffer size isn't a power of 2. This patch fixes the problem. Signed-off-by: Tom Zanussi Signed-off-by: Jens Axboe

pipe: change the ->pin() operation to ->confirm()

2007-07-10T06:04:15Z

The name 'pin' was badly chosen, it doesn't pin a pipe buffer in the most commonly used sense in the kernel. So change the name to 'confirm', after debating this issue with Hugh Dickins a bit. A good return from ->confirm() means that the buffer is really there, and that the contents are good. Signed-off-by: Jens Axboe

relay: use splice_to_pipe() instead of open-coding the pipe loop

2007-07-10T06:04:15Z

It cleans up the relay splice implementation a lot, and gets rid of a lot of internal pipe knowledge that should not be in there. Plus fixes for padding and partial first page (and lots more) from Tom Zanussi. Signed-off-by: Jens Axboe

splice: divorce the splice structure/function definitions from the pipe header

2007-07-10T06:04:14Z

We need to move even more stuff into the header so that folks can use the splice_to_pipe() implementation instead of open-coding a lot of pipe knowledge (see relay implementation), so move to our own header file finally. Signed-off-by: Jens Axboe

splice: relay support

2007-07-10T06:04:14Z

Signed-off-by: Jens Axboe

relayfs: fix overwrites

2007-06-28T18:38:18Z

When I use relayfs with "overwrite" mode, read() still sets incorrect number of consumed bytes. Signed-off-by: Masami Hiramatsu Acked-by: Tom Zanussi Acked-by: David Wilder Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds