From 8a4e98d9d758d0eb751916e906fae40bda151b11 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sun, 24 Feb 2008 01:43:03 -0500 Subject: [PATCH] restore export of do_kern_mount() vfs_kern_mount() requires having a reference to fs type, which makes it impossible for module to create procfs, etc. private mount. Open-coding is not an option, since e.g. put_filesystem() is _not_ exported, and for a good reason. Signed-off-by: Al Viro --- fs/super.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/super.c b/fs/super.c index 010446d..dc02af0 100644 --- a/fs/super.c +++ b/fs/super.c @@ -945,6 +945,7 @@ do_kern_mount(const char *fstype, int flags, const char *name, void *data) put_filesystem(type); return mnt; } +EXPORT_SYMBOL_GPL(do_kern_mount); struct vfsmount *kern_mount_data(struct file_system_type *type, void *data) { -- cgit v1.1 From 1dd0dd111f1b7591f2848fffdb06044053f66c40 Mon Sep 17 00:00:00 2001 From: Dave Hansen Date: Fri, 15 Feb 2008 18:37:00 -0500 Subject: hppfs pass vfsmount to dentry_open() Here's patch for hppfs that uses vfs_kern_mount to make sure it always has a procfs instance and passed the vfsmount on through the inode private data. Also fixes a procfs file_system_type leak for every attempted hppfs mount. [ jdike - gave this file a style workover, plus deleted hppfs_dentry_ops ] Acked-by: Al Viro Signed-off-by: Christoph Hellwig Signed-off-by: Jeff Dike Signed-off-by: Dave Hansen Signed-off-by: Andrew Morton Signed-off-by: Al Viro --- fs/hppfs/hppfs_kern.c | 364 ++++++++++++++++++++++++++------------------------ 1 file changed, 188 insertions(+), 176 deletions(-) diff --git a/fs/hppfs/hppfs_kern.c b/fs/hppfs/hppfs_kern.c index a1e1f0f..0c0f62f 100644 --- a/fs/hppfs/hppfs_kern.c +++ b/fs/hppfs/hppfs_kern.c @@ -1,23 +1,25 @@ /* - * Copyright (C) 2002 Jeff Dike (jdike@karaya.com) + * Copyright (C) 2002 - 2007 Jeff Dike (jdike@{addtoit,linux.intel}.com) * Licensed under the GPL */ -#include +#include +#include #include -#include +#include #include -#include -#include #include -#include -#include +#include +#include +#include +#include #include +#include #include -#include #include "os.h" -static int init_inode(struct inode *inode, struct dentry *dentry); +static int init_inode(struct inode *inode, struct dentry *dentry, + struct vfsmount *mnt); struct hppfs_data { struct list_head list; @@ -33,6 +35,7 @@ struct hppfs_private { struct hppfs_inode_info { struct dentry *proc_dentry; + struct vfsmount *proc_mnt; struct inode vfs_inode; }; @@ -51,14 +54,14 @@ static int is_pid(struct dentry *dentry) int i; sb = dentry->d_sb; - if((sb->s_op != &hppfs_sbops) || (dentry->d_parent != sb->s_root)) - return(0); + if ((sb->s_op != &hppfs_sbops) || (dentry->d_parent != sb->s_root)) + return 0; - for(i = 0; i < dentry->d_name.len; i++){ - if(!isdigit(dentry->d_name.name[i])) - return(0); + for (i = 0; i < dentry->d_name.len; i++) { + if (!isdigit(dentry->d_name.name[i])) + return 0; } - return(1); + return 1; } static char *dentry_name(struct dentry *dentry, int extra) @@ -70,8 +73,8 @@ static char *dentry_name(struct dentry *dentry, int extra) len = 0; parent = dentry; - while(parent->d_parent != parent){ - if(is_pid(parent)) + while (parent->d_parent != parent) { + if (is_pid(parent)) len += strlen("pid") + 1; else len += parent->d_name.len + 1; parent = parent->d_parent; @@ -80,12 +83,13 @@ static char *dentry_name(struct dentry *dentry, int extra) root = "proc"; len += strlen(root); name = kmalloc(len + extra + 1, GFP_KERNEL); - if(name == NULL) return(NULL); + if (name == NULL) + return NULL; name[len] = '\0'; parent = dentry; - while(parent->d_parent != parent){ - if(is_pid(parent)){ + while (parent->d_parent != parent) { + if (is_pid(parent)) { seg_name = "pid"; seg_len = strlen("pid"); } @@ -100,27 +104,25 @@ static char *dentry_name(struct dentry *dentry, int extra) parent = parent->d_parent; } strncpy(name, root, strlen(root)); - return(name); + return name; } -struct dentry_operations hppfs_dentry_ops = { -}; - static int file_removed(struct dentry *dentry, const char *file) { char *host_file; int extra, fd; extra = 0; - if(file != NULL) extra += strlen(file) + 1; + if (file != NULL) + extra += strlen(file) + 1; host_file = dentry_name(dentry, extra + strlen("/remove")); - if(host_file == NULL){ - printk("file_removed : allocation failed\n"); - return(-ENOMEM); + if (host_file == NULL) { + printk(KERN_ERR "file_removed : allocation failed\n"); + return -ENOMEM; } - if(file != NULL){ + if (file != NULL) { strcat(host_file, "/"); strcat(host_file, file); } @@ -128,18 +130,18 @@ static int file_removed(struct dentry *dentry, const char *file) fd = os_open_file(host_file, of_read(OPENFLAGS()), 0); kfree(host_file); - if(fd > 0){ + if (fd > 0) { os_close_file(fd); - return(1); + return 1; } - return(0); + return 0; } static void hppfs_read_inode(struct inode *ino) { struct inode *proc_ino; - if(HPPFS_I(ino)->proc_dentry == NULL) + if (HPPFS_I(ino)->proc_dentry == NULL) return; proc_ino = HPPFS_I(ino)->proc_dentry->d_inode; @@ -177,32 +179,32 @@ static struct dentry *hppfs_lookup(struct inode *ino, struct dentry *dentry, int err, deleted; deleted = file_removed(dentry, NULL); - if(deleted < 0) - return(ERR_PTR(deleted)); - else if(deleted) - return(ERR_PTR(-ENOENT)); + if (deleted < 0) + return ERR_PTR(deleted); + else if (deleted) + return ERR_PTR(-ENOENT); err = -ENOMEM; parent = HPPFS_I(ino)->proc_dentry; mutex_lock(&parent->d_inode->i_mutex); proc_dentry = d_lookup(parent, &dentry->d_name); - if(proc_dentry == NULL){ + if (proc_dentry == NULL) { proc_dentry = d_alloc(parent, &dentry->d_name); - if(proc_dentry == NULL){ + if (proc_dentry == NULL) { mutex_unlock(&parent->d_inode->i_mutex); goto out; } new = (*parent->d_inode->i_op->lookup)(parent->d_inode, proc_dentry, NULL); - if(new){ + if (new) { dput(proc_dentry); proc_dentry = new; } } mutex_unlock(&parent->d_inode->i_mutex); - if(IS_ERR(proc_dentry)) - return(proc_dentry); + if (IS_ERR(proc_dentry)) + return proc_dentry; inode = hppfs_iget(ino->i_sb); if (IS_ERR(inode)) { @@ -210,22 +212,21 @@ static struct dentry *hppfs_lookup(struct inode *ino, struct dentry *dentry, goto out_dput; } - err = init_inode(inode, proc_dentry); - if(err) + err = init_inode(inode, proc_dentry, HPPFS_I(ino)->proc_mnt); + if (err) goto out_put; hppfs_read_inode(inode); d_add(dentry, inode); - dentry->d_op = &hppfs_dentry_ops; - return(NULL); + return NULL; out_put: iput(inode); out_dput: dput(proc_dentry); out: - return(ERR_PTR(err)); + return ERR_PTR(err); } static const struct inode_operations hppfs_file_iops = { @@ -239,15 +240,16 @@ static ssize_t read_proc(struct file *file, char __user *buf, ssize_t count, read = file->f_path.dentry->d_inode->i_fop->read; - if(!is_user) + if (!is_user) set_fs(KERNEL_DS); n = (*read)(file, buf, count, &file->f_pos); - if(!is_user) + if (!is_user) set_fs(USER_DS); - if(ppos) *ppos = file->f_pos; + if (ppos) + *ppos = file->f_pos; return n; } @@ -259,24 +261,23 @@ static ssize_t hppfs_read_file(int fd, char __user *buf, ssize_t count) n = -ENOMEM; new_buf = kmalloc(PAGE_SIZE, GFP_KERNEL); - if(new_buf == NULL){ - printk("hppfs_read_file : kmalloc failed\n"); + if (new_buf == NULL) { + printk(KERN_ERR "hppfs_read_file : kmalloc failed\n"); goto out; } n = 0; - while(count > 0){ + while (count > 0) { cur = min_t(ssize_t, count, PAGE_SIZE); err = os_read_file(fd, new_buf, cur); - if(err < 0){ - printk("hppfs_read : read failed, errno = %d\n", - err); + if (err < 0) { + printk(KERN_ERR "hppfs_read : read failed, " + "errno = %d\n", err); n = err; goto out_free; - } - else if(err == 0) + } else if (err == 0) break; - if(copy_to_user(buf, new_buf, err)){ + if (copy_to_user(buf, new_buf, err)) { n = -EFAULT; goto out_free; } @@ -297,35 +298,36 @@ static ssize_t hppfs_read(struct file *file, char __user *buf, size_t count, loff_t off; int err; - if(hppfs->contents != NULL){ - if(*ppos >= hppfs->len) return(0); + if (hppfs->contents != NULL) { + if (*ppos >= hppfs->len) + return 0; data = hppfs->contents; off = *ppos; - while(off >= sizeof(data->contents)){ + while (off >= sizeof(data->contents)) { data = list_entry(data->list.next, struct hppfs_data, list); off -= sizeof(data->contents); } - if(off + count > hppfs->len) + if (off + count > hppfs->len) count = hppfs->len - off; copy_to_user(buf, &data->contents[off], count); *ppos += count; - } - else if(hppfs->host_fd != -1){ + } else if (hppfs->host_fd != -1) { err = os_seek_file(hppfs->host_fd, *ppos); - if(err){ - printk("hppfs_read : seek failed, errno = %d\n", err); - return(err); + if (err) { + printk(KERN_ERR "hppfs_read : seek failed, " + "errno = %d\n", err); + return err; } count = hppfs_read_file(hppfs->host_fd, buf, count); - if(count > 0) + if (count > 0) *ppos += count; } else count = read_proc(hppfs->proc_file, buf, count, ppos, 1); - return(count); + return count; } static ssize_t hppfs_write(struct file *file, const char __user *buf, size_t len, @@ -342,7 +344,7 @@ static ssize_t hppfs_write(struct file *file, const char __user *buf, size_t len err = (*write)(proc_file, buf, len, &proc_file->f_pos); file->f_pos = proc_file->f_pos; - return(err); + return err; } static int open_host_sock(char *host_file, int *filter_out) @@ -354,13 +356,13 @@ static int open_host_sock(char *host_file, int *filter_out) strcpy(end, "/rw"); *filter_out = 1; fd = os_connect_socket(host_file); - if(fd > 0) - return(fd); + if (fd > 0) + return fd; strcpy(end, "/r"); *filter_out = 0; fd = os_connect_socket(host_file); - return(fd); + return fd; } static void free_contents(struct hppfs_data *head) @@ -368,9 +370,10 @@ static void free_contents(struct hppfs_data *head) struct hppfs_data *data; struct list_head *ele, *next; - if(head == NULL) return; + if (head == NULL) + return; - list_for_each_safe(ele, next, &head->list){ + list_for_each_safe(ele, next, &head->list) { data = list_entry(ele, struct hppfs_data, list); kfree(data); } @@ -387,8 +390,8 @@ static struct hppfs_data *hppfs_get_data(int fd, int filter, err = -ENOMEM; data = kmalloc(sizeof(*data), GFP_KERNEL); - if(data == NULL){ - printk("hppfs_get_data : head allocation failed\n"); + if (data == NULL) { + printk(KERN_ERR "hppfs_get_data : head allocation failed\n"); goto failed; } @@ -397,36 +400,36 @@ static struct hppfs_data *hppfs_get_data(int fd, int filter, head = data; *size_out = 0; - if(filter){ - while((n = read_proc(proc_file, data->contents, + if (filter) { + while ((n = read_proc(proc_file, data->contents, sizeof(data->contents), NULL, 0)) > 0) os_write_file(fd, data->contents, n); err = os_shutdown_socket(fd, 0, 1); - if(err){ - printk("hppfs_get_data : failed to shut down " + if (err) { + printk(KERN_ERR "hppfs_get_data : failed to shut down " "socket\n"); goto failed_free; } } - while(1){ + while (1) { n = os_read_file(fd, data->contents, sizeof(data->contents)); - if(n < 0){ + if (n < 0) { err = n; - printk("hppfs_get_data : read failed, errno = %d\n", - err); + printk(KERN_ERR "hppfs_get_data : read failed, " + "errno = %d\n", err); goto failed_free; - } - else if(n == 0) + } else if (n == 0) break; *size_out += n; - if(n < sizeof(data->contents)) + if (n < sizeof(data->contents)) break; new = kmalloc(sizeof(*data), GFP_KERNEL); - if(new == 0){ - printk("hppfs_get_data : data allocation failed\n"); + if (new == 0) { + printk(KERN_ERR "hppfs_get_data : data allocation " + "failed\n"); err = -ENOMEM; goto failed_free; } @@ -435,12 +438,12 @@ static struct hppfs_data *hppfs_get_data(int fd, int filter, list_add(&new->list, &data->list); data = new; } - return(head); + return head; failed_free: free_contents(head); failed: - return(ERR_PTR(err)); + return ERR_PTR(err); } static struct hppfs_private *hppfs_data(void) @@ -448,77 +451,79 @@ static struct hppfs_private *hppfs_data(void) struct hppfs_private *data; data = kmalloc(sizeof(*data), GFP_KERNEL); - if(data == NULL) - return(data); + if (data == NULL) + return data; *data = ((struct hppfs_private ) { .host_fd = -1, .len = -1, .contents = NULL } ); - return(data); + return data; } static int file_mode(int fmode) { - if(fmode == (FMODE_READ | FMODE_WRITE)) - return(O_RDWR); - if(fmode == FMODE_READ) - return(O_RDONLY); - if(fmode == FMODE_WRITE) - return(O_WRONLY); - return(0); + if (fmode == (FMODE_READ | FMODE_WRITE)) + return O_RDWR; + if (fmode == FMODE_READ) + return O_RDONLY; + if (fmode == FMODE_WRITE) + return O_WRONLY; + return 0; } static int hppfs_open(struct inode *inode, struct file *file) { struct hppfs_private *data; struct dentry *proc_dentry; + struct vfsmount *proc_mnt; char *host_file; int err, fd, type, filter; err = -ENOMEM; data = hppfs_data(); - if(data == NULL) + if (data == NULL) goto out; host_file = dentry_name(file->f_path.dentry, strlen("/rw")); - if(host_file == NULL) + if (host_file == NULL) goto out_free2; proc_dentry = HPPFS_I(inode)->proc_dentry; + proc_mnt = HPPFS_I(inode)->proc_mnt; /* XXX This isn't closed anywhere */ - data->proc_file = dentry_open(dget(proc_dentry), NULL, + data->proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt), file_mode(file->f_mode)); err = PTR_ERR(data->proc_file); - if(IS_ERR(data->proc_file)) + if (IS_ERR(data->proc_file)) goto out_free1; type = os_file_type(host_file); - if(type == OS_TYPE_FILE){ + if (type == OS_TYPE_FILE) { fd = os_open_file(host_file, of_read(OPENFLAGS()), 0); - if(fd >= 0) + if (fd >= 0) data->host_fd = fd; - else printk("hppfs_open : failed to open '%s', errno = %d\n", - host_file, -fd); + else + printk(KERN_ERR "hppfs_open : failed to open '%s', " + "errno = %d\n", host_file, -fd); data->contents = NULL; - } - else if(type == OS_TYPE_DIR){ + } else if (type == OS_TYPE_DIR) { fd = open_host_sock(host_file, &filter); - if(fd > 0){ + if (fd > 0) { data->contents = hppfs_get_data(fd, filter, data->proc_file, file, &data->len); - if(!IS_ERR(data->contents)) + if (!IS_ERR(data->contents)) data->host_fd = fd; - } - else printk("hppfs_open : failed to open a socket in " - "'%s', errno = %d\n", host_file, -fd); + } else + printk(KERN_ERR "hppfs_open : failed to open a socket " + "in '%s', errno = %d\n", host_file, -fd); } kfree(host_file); file->private_data = data; - return(0); + return 0; out_free1: kfree(host_file); @@ -526,34 +531,36 @@ static int hppfs_open(struct inode *inode, struct file *file) free_contents(data->contents); kfree(data); out: - return(err); + return err; } static int hppfs_dir_open(struct inode *inode, struct file *file) { struct hppfs_private *data; struct dentry *proc_dentry; + struct vfsmount *proc_mnt; int err; err = -ENOMEM; data = hppfs_data(); - if(data == NULL) + if (data == NULL) goto out; proc_dentry = HPPFS_I(inode)->proc_dentry; - data->proc_file = dentry_open(dget(proc_dentry), NULL, + proc_mnt = HPPFS_I(inode)->proc_mnt; + data->proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt), file_mode(file->f_mode)); err = PTR_ERR(data->proc_file); - if(IS_ERR(data->proc_file)) + if (IS_ERR(data->proc_file)) goto out_free; file->private_data = data; - return(0); + return 0; out_free: kfree(data); out: - return(err); + return err; } static loff_t hppfs_llseek(struct file *file, loff_t off, int where) @@ -564,13 +571,13 @@ static loff_t hppfs_llseek(struct file *file, loff_t off, int where) loff_t ret; llseek = proc_file->f_path.dentry->d_inode->i_fop->llseek; - if(llseek != NULL){ + if (llseek != NULL) { ret = (*llseek)(proc_file, off, where); - if(ret < 0) - return(ret); + if (ret < 0) + return ret; } - return(default_llseek(file, off, where)); + return default_llseek(file, off, where); } static const struct file_operations hppfs_file_fops = { @@ -592,11 +599,11 @@ static int hppfs_filldir(void *d, const char *name, int size, { struct hppfs_dirent *dirent = d; - if(file_removed(dirent->dentry, name)) - return(0); + if (file_removed(dirent->dentry, name)) + return 0; - return((*dirent->filldir)(dirent->vfs_dirent, name, size, offset, - inode, type)); + return (*dirent->filldir)(dirent->vfs_dirent, name, size, offset, + inode, type); } static int hppfs_readdir(struct file *file, void *ent, filldir_t filldir) @@ -607,7 +614,8 @@ static int hppfs_readdir(struct file *file, void *ent, filldir_t filldir) struct hppfs_dirent dirent = ((struct hppfs_dirent) { .vfs_dirent = ent, .filldir = filldir, - .dentry = file->f_path.dentry } ); + .dentry = file->f_path.dentry + }); int err; readdir = proc_file->f_path.dentry->d_inode->i_fop->readdir; @@ -616,12 +624,12 @@ static int hppfs_readdir(struct file *file, void *ent, filldir_t filldir) err = (*readdir)(proc_file, &dirent, hppfs_filldir); file->f_pos = proc_file->f_pos; - return(err); + return err; } static int hppfs_fsync(struct file *file, struct dentry *dentry, int datasync) { - return(0); + return 0; } static const struct file_operations hppfs_dir_fops = { @@ -639,7 +647,7 @@ static int hppfs_statfs(struct dentry *dentry, struct kstatfs *sf) sf->f_files = 0; sf->f_ffree = 0; sf->f_type = HPPFS_SUPER_MAGIC; - return(0); + return 0; } static struct inode *hppfs_alloc_inode(struct super_block *sb) @@ -647,12 +655,13 @@ static struct inode *hppfs_alloc_inode(struct super_block *sb) struct hppfs_inode_info *hi; hi = kmalloc(sizeof(*hi), GFP_KERNEL); - if(hi == NULL) - return(NULL); + if (!hi) + return NULL; - *hi = ((struct hppfs_inode_info) { .proc_dentry = NULL }); + hi->proc_dentry = NULL; + hi->proc_mnt = NULL; inode_init_once(&hi->vfs_inode); - return(&hi->vfs_inode); + return &hi->vfs_inode; } void hppfs_delete_inode(struct inode *ino) @@ -665,21 +674,31 @@ static void hppfs_destroy_inode(struct inode *inode) kfree(HPPFS_I(inode)); } +static void hppfs_put_super(struct super_block *sb) +{ + mntput(HPPFS_I(sb->s_root->d_inode)->proc_mnt); +} + static const struct super_operations hppfs_sbops = { .alloc_inode = hppfs_alloc_inode, .destroy_inode = hppfs_destroy_inode, .delete_inode = hppfs_delete_inode, .statfs = hppfs_statfs, + .put_super = hppfs_put_super, }; -static int hppfs_readlink(struct dentry *dentry, char __user *buffer, int buflen) +static int hppfs_readlink(struct dentry *dentry, char __user *buffer, + int buflen) { struct file *proc_file; struct dentry *proc_dentry; + struct vfsmount *proc_mnt; int ret; proc_dentry = HPPFS_I(dentry->d_inode)->proc_dentry; - proc_file = dentry_open(dget(proc_dentry), NULL, O_RDONLY); + proc_mnt = HPPFS_I(dentry->d_inode)->proc_mnt; + + proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt), O_RDONLY); if (IS_ERR(proc_file)) return PTR_ERR(proc_file); @@ -694,10 +713,13 @@ static void* hppfs_follow_link(struct dentry *dentry, struct nameidata *nd) { struct file *proc_file; struct dentry *proc_dentry; + struct vfsmount *proc_mnt; void *ret; proc_dentry = HPPFS_I(dentry->d_inode)->proc_dentry; - proc_file = dentry_open(dget(proc_dentry), NULL, O_RDONLY); + proc_mnt = HPPFS_I(dentry->d_inode)->proc_mnt; + + proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt), O_RDONLY); if (IS_ERR(proc_file)) return proc_file; @@ -717,44 +739,43 @@ static const struct inode_operations hppfs_link_iops = { .follow_link = hppfs_follow_link, }; -static int init_inode(struct inode *inode, struct dentry *dentry) +static int init_inode(struct inode *inode, struct dentry *dentry, + struct vfsmount *mnt) { - if(S_ISDIR(dentry->d_inode->i_mode)){ + if (S_ISDIR(dentry->d_inode->i_mode)) { inode->i_op = &hppfs_dir_iops; inode->i_fop = &hppfs_dir_fops; - } - else if(S_ISLNK(dentry->d_inode->i_mode)){ + } else if (S_ISLNK(dentry->d_inode->i_mode)) { inode->i_op = &hppfs_link_iops; inode->i_fop = &hppfs_file_fops; - } - else { + } else { inode->i_op = &hppfs_file_iops; inode->i_fop = &hppfs_file_fops; } HPPFS_I(inode)->proc_dentry = dentry; + HPPFS_I(inode)->proc_mnt = mnt; - return(0); + return 0; } static int hppfs_fill_super(struct super_block *sb, void *d, int silent) { struct inode *root_inode; struct file_system_type *procfs; - struct super_block *proc_sb; + struct vfsmount *proc_mnt; int err; err = -ENOENT; procfs = get_fs_type("proc"); - if(procfs == NULL) + if (!procfs) goto out; - if(list_empty(&procfs->fs_supers)) + proc_mnt = vfs_kern_mount(procfs, 0, procfs->name, NULL); + put_filesystem(procfs); + if (IS_ERR(proc_mnt)) goto out; - proc_sb = list_entry(procfs->fs_supers.next, struct super_block, - s_instances); - sb->s_blocksize = 1024; sb->s_blocksize_bits = 10; sb->s_magic = HPPFS_SUPER_MAGIC; @@ -766,21 +787,23 @@ static int hppfs_fill_super(struct super_block *sb, void *d, int silent) goto out; } - err = init_inode(root_inode, proc_sb->s_root); - if(err) - goto out_put; + err = init_inode(root_inode, proc_mnt->mnt_sb->s_root, proc_mnt); + if (err) + goto out_iput; err = -ENOMEM; sb->s_root = d_alloc_root(root_inode); - if(sb->s_root == NULL) - goto out_put; + if (!sb->s_root) + goto out_iput; hppfs_read_inode(root_inode); - return(0); + return 0; - out_put: + out_iput: iput(root_inode); + out_mntput: + mntput(proc_mnt); out: return(err); } @@ -802,7 +825,7 @@ static struct file_system_type hppfs_type = { static int __init init_hppfs(void) { - return(register_filesystem(&hppfs_type)); + return register_filesystem(&hppfs_type); } static void __exit exit_hppfs(void) @@ -813,14 +836,3 @@ static void __exit exit_hppfs(void) module_init(init_hppfs) module_exit(exit_hppfs) MODULE_LICENSE("GPL"); - -/* - * Overrides for Emacs so that we follow Linus's tabbing style. - * Emacs will notice this stuff at the end of the file and automatically - * adjust the settings for this buffer only. This must remain at the end - * of the file. - * --------------------------------------------------------------------------- - * Local variables: - * c-file-style: "linux" - * End: - */ -- cgit v1.1 From f382d6e631fe424200ee0d8bb16539f5b7bef7be Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 23 Feb 2008 04:53:53 -0500 Subject: [PATCH] sanitize hppfs * hppfs_iget() and its users are racy; there's no need to pollute icache anyway, new_inode() works fine and is safe, unlike the current kludges (these relied on overwriting ->i_ino before another iget_locked() gets to that one - and did it after unlocking). * merge hppfs_iget()/init_inode()/hppfs_read_inode(), while we are at it. * to pass proper vfsmount to dentry_open() store the reference in hppfs superblock. Signed-off-by: Al Viro -- --- fs/hppfs/hppfs_kern.c | 113 +++++++++++++++----------------------------------- 1 file changed, 34 insertions(+), 79 deletions(-) diff --git a/fs/hppfs/hppfs_kern.c b/fs/hppfs/hppfs_kern.c index 0c0f62f..8601d8e 100644 --- a/fs/hppfs/hppfs_kern.c +++ b/fs/hppfs/hppfs_kern.c @@ -18,8 +18,7 @@ #include #include "os.h" -static int init_inode(struct inode *inode, struct dentry *dentry, - struct vfsmount *mnt); +static struct inode *get_inode(struct super_block *, struct dentry *); struct hppfs_data { struct list_head list; @@ -35,7 +34,6 @@ struct hppfs_private { struct hppfs_inode_info { struct dentry *proc_dentry; - struct vfsmount *proc_mnt; struct inode vfs_inode; }; @@ -137,40 +135,6 @@ static int file_removed(struct dentry *dentry, const char *file) return 0; } -static void hppfs_read_inode(struct inode *ino) -{ - struct inode *proc_ino; - - if (HPPFS_I(ino)->proc_dentry == NULL) - return; - - proc_ino = HPPFS_I(ino)->proc_dentry->d_inode; - ino->i_uid = proc_ino->i_uid; - ino->i_gid = proc_ino->i_gid; - ino->i_atime = proc_ino->i_atime; - ino->i_mtime = proc_ino->i_mtime; - ino->i_ctime = proc_ino->i_ctime; - ino->i_ino = proc_ino->i_ino; - ino->i_mode = proc_ino->i_mode; - ino->i_nlink = proc_ino->i_nlink; - ino->i_size = proc_ino->i_size; - ino->i_blocks = proc_ino->i_blocks; -} - -static struct inode *hppfs_iget(struct super_block *sb) -{ - struct inode *inode; - - inode = iget_locked(sb, 0); - if (!inode) - return ERR_PTR(-ENOMEM); - if (inode->i_state & I_NEW) { - hppfs_read_inode(inode); - unlock_new_inode(inode); - } - return inode; -} - static struct dentry *hppfs_lookup(struct inode *ino, struct dentry *dentry, struct nameidata *nd) { @@ -206,23 +170,14 @@ static struct dentry *hppfs_lookup(struct inode *ino, struct dentry *dentry, if (IS_ERR(proc_dentry)) return proc_dentry; - inode = hppfs_iget(ino->i_sb); - if (IS_ERR(inode)) { - err = PTR_ERR(inode); + err = -ENOMEM; + inode = get_inode(ino->i_sb, proc_dentry); + if (!inode) goto out_dput; - } - - err = init_inode(inode, proc_dentry, HPPFS_I(ino)->proc_mnt); - if (err) - goto out_put; - - hppfs_read_inode(inode); d_add(dentry, inode); return NULL; - out_put: - iput(inode); out_dput: dput(proc_dentry); out: @@ -489,7 +444,7 @@ static int hppfs_open(struct inode *inode, struct file *file) goto out_free2; proc_dentry = HPPFS_I(inode)->proc_dentry; - proc_mnt = HPPFS_I(inode)->proc_mnt; + proc_mnt = inode->i_sb->s_fs_info; /* XXX This isn't closed anywhere */ data->proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt), @@ -547,7 +502,7 @@ static int hppfs_dir_open(struct inode *inode, struct file *file) goto out; proc_dentry = HPPFS_I(inode)->proc_dentry; - proc_mnt = HPPFS_I(inode)->proc_mnt; + proc_mnt = inode->i_sb->s_fs_info; data->proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt), file_mode(file->f_mode)); err = PTR_ERR(data->proc_file); @@ -659,7 +614,6 @@ static struct inode *hppfs_alloc_inode(struct super_block *sb) return NULL; hi->proc_dentry = NULL; - hi->proc_mnt = NULL; inode_init_once(&hi->vfs_inode); return &hi->vfs_inode; } @@ -676,7 +630,7 @@ static void hppfs_destroy_inode(struct inode *inode) static void hppfs_put_super(struct super_block *sb) { - mntput(HPPFS_I(sb->s_root->d_inode)->proc_mnt); + mntput(sb->s_fs_info); } static const struct super_operations hppfs_sbops = { @@ -696,7 +650,7 @@ static int hppfs_readlink(struct dentry *dentry, char __user *buffer, int ret; proc_dentry = HPPFS_I(dentry->d_inode)->proc_dentry; - proc_mnt = HPPFS_I(dentry->d_inode)->proc_mnt; + proc_mnt = dentry->d_sb->s_fs_info; proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt), O_RDONLY); if (IS_ERR(proc_file)) @@ -717,7 +671,7 @@ static void* hppfs_follow_link(struct dentry *dentry, struct nameidata *nd) void *ret; proc_dentry = HPPFS_I(dentry->d_inode)->proc_dentry; - proc_mnt = HPPFS_I(dentry->d_inode)->proc_mnt; + proc_mnt = dentry->d_sb->s_fs_info; proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt), O_RDONLY); if (IS_ERR(proc_file)) @@ -739,9 +693,14 @@ static const struct inode_operations hppfs_link_iops = { .follow_link = hppfs_follow_link, }; -static int init_inode(struct inode *inode, struct dentry *dentry, - struct vfsmount *mnt) +static struct inode *get_inode(struct super_block *sb, struct dentry *dentry) { + struct inode *proc_ino = dentry->d_inode; + struct inode *inode = new_inode(sb); + + if (!inode) + return ERR_PTR(-ENOMEM); + if (S_ISDIR(dentry->d_inode->i_mode)) { inode->i_op = &hppfs_dir_iops; inode->i_fop = &hppfs_dir_fops; @@ -754,7 +713,17 @@ static int init_inode(struct inode *inode, struct dentry *dentry, } HPPFS_I(inode)->proc_dentry = dentry; - HPPFS_I(inode)->proc_mnt = mnt; + + inode->i_uid = proc_ino->i_uid; + inode->i_gid = proc_ino->i_gid; + inode->i_atime = proc_ino->i_atime; + inode->i_mtime = proc_ino->i_mtime; + inode->i_ctime = proc_ino->i_ctime; + inode->i_ino = proc_ino->i_ino; + inode->i_mode = proc_ino->i_mode; + inode->i_nlink = proc_ino->i_nlink; + inode->i_size = proc_ino->i_size; + inode->i_blocks = proc_ino->i_blocks; return 0; } @@ -762,17 +731,10 @@ static int init_inode(struct inode *inode, struct dentry *dentry, static int hppfs_fill_super(struct super_block *sb, void *d, int silent) { struct inode *root_inode; - struct file_system_type *procfs; struct vfsmount *proc_mnt; - int err; + int err = -ENOENT; - err = -ENOENT; - procfs = get_fs_type("proc"); - if (!procfs) - goto out; - - proc_mnt = vfs_kern_mount(procfs, 0, procfs->name, NULL); - put_filesystem(procfs); + proc_mnt = do_kern_mount("proc", 0, "proc", NULL); if (IS_ERR(proc_mnt)) goto out; @@ -780,24 +742,17 @@ static int hppfs_fill_super(struct super_block *sb, void *d, int silent) sb->s_blocksize_bits = 10; sb->s_magic = HPPFS_SUPER_MAGIC; sb->s_op = &hppfs_sbops; - - root_inode = hppfs_iget(sb); - if (IS_ERR(root_inode)) { - err = PTR_ERR(root_inode); - goto out; - } - - err = init_inode(root_inode, proc_mnt->mnt_sb->s_root, proc_mnt); - if (err) - goto out_iput; + sb->s_fs_info = proc_mnt; err = -ENOMEM; + root_inode = get_inode(sb, proc_mnt->mnt_sb->s_root); + if (!root_inode) + goto out_mntput; + sb->s_root = d_alloc_root(root_inode); if (!sb->s_root) goto out_iput; - hppfs_read_inode(root_inode); - return 0; out_iput: -- cgit v1.1 From 3227e14c3cab5ef7972c72eb13c13de444b5bfbc Mon Sep 17 00:00:00 2001 From: Jeff Mahoney Date: Fri, 15 Feb 2008 14:37:22 -0800 Subject: [PATCH] reiserfs: eliminate private use of struct file in xattr After several posts and bug reports regarding interaction with the NULL nameidata, here's a patch to clean up the mess with struct file in the reiserfs xattr code. As observed in several of the posts, there's really no need for struct file to exist in the xattr code. It was really only passed around due to the f_op->readdir() and a_ops->{prepare,commit}_write prototypes requiring it. reiserfs_prepare_write() and reiserfs_commit_write() don't actually use the struct file passed to it, and the xattr code uses a private version of reiserfs_readdir() to enumerate the xattr directories. Signed-off-by: Jeff Mahoney Acked-by: Al Viro Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Signed-off-by: Dave Hansen Signed-off-by: Al Viro --- fs/reiserfs/xattr.c | 110 ++++++++++++++-------------------------------------- 1 file changed, 30 insertions(+), 80 deletions(-) diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c index eba037b..344b9b9 100644 --- a/fs/reiserfs/xattr.c +++ b/fs/reiserfs/xattr.c @@ -191,28 +191,11 @@ static struct dentry *get_xa_file_dentry(const struct inode *inode, dput(xadir); if (err) xafile = ERR_PTR(err); - return xafile; -} - -/* Opens a file pointer to the attribute associated with inode */ -static struct file *open_xa_file(const struct inode *inode, const char *name, - int flags) -{ - struct dentry *xafile; - struct file *fp; - - xafile = get_xa_file_dentry(inode, name, flags); - if (IS_ERR(xafile)) - return ERR_PTR(PTR_ERR(xafile)); else if (!xafile->d_inode) { dput(xafile); - return ERR_PTR(-ENODATA); + xafile = ERR_PTR(-ENODATA); } - - fp = dentry_open(xafile, NULL, O_RDWR); - /* dentry_open dputs the dentry if it fails */ - - return fp; + return xafile; } /* @@ -228,9 +211,8 @@ static struct file *open_xa_file(const struct inode *inode, const char *name, * we're called with i_mutex held, so there are no worries about the directory * changing underneath us. */ -static int __xattr_readdir(struct file *filp, void *dirent, filldir_t filldir) +static int __xattr_readdir(struct inode *inode, void *dirent, filldir_t filldir) { - struct inode *inode = filp->f_path.dentry->d_inode; struct cpu_key pos_key; /* key of current position in the directory (key of directory entry) */ INITIALIZE_PATH(path_to_entry); struct buffer_head *bh; @@ -374,23 +356,16 @@ static int __xattr_readdir(struct file *filp, void *dirent, filldir_t filldir) * */ static -int xattr_readdir(struct file *file, filldir_t filler, void *buf) +int xattr_readdir(struct inode *inode, filldir_t filler, void *buf) { - struct inode *inode = file->f_path.dentry->d_inode; - int res = -ENOTDIR; - if (!file->f_op || !file->f_op->readdir) - goto out; + int res = -ENOENT; mutex_lock_nested(&inode->i_mutex, I_MUTEX_XATTR); -// down(&inode->i_zombie); - res = -ENOENT; if (!IS_DEADDIR(inode)) { lock_kernel(); - res = __xattr_readdir(file, buf, filler); + res = __xattr_readdir(inode, buf, filler); unlock_kernel(); } -// up(&inode->i_zombie); mutex_unlock(&inode->i_mutex); - out: return res; } @@ -442,7 +417,7 @@ reiserfs_xattr_set(struct inode *inode, const char *name, const void *buffer, size_t buffer_size, int flags) { int err = 0; - struct file *fp; + struct dentry *dentry; struct page *page; char *data; struct address_space *mapping; @@ -460,18 +435,18 @@ reiserfs_xattr_set(struct inode *inode, const char *name, const void *buffer, xahash = xattr_hash(buffer, buffer_size); open_file: - fp = open_xa_file(inode, name, flags); - if (IS_ERR(fp)) { - err = PTR_ERR(fp); + dentry = get_xa_file_dentry(inode, name, flags); + if (IS_ERR(dentry)) { + err = PTR_ERR(dentry); goto out; } - xinode = fp->f_path.dentry->d_inode; + xinode = dentry->d_inode; REISERFS_I(inode)->i_flags |= i_has_xattr_dir; /* we need to copy it off.. */ if (xinode->i_nlink > 1) { - fput(fp); + dput(dentry); err = reiserfs_xattr_del(inode, name); if (err < 0) goto out; @@ -485,7 +460,7 @@ reiserfs_xattr_set(struct inode *inode, const char *name, const void *buffer, newattrs.ia_size = buffer_size; newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME; mutex_lock_nested(&xinode->i_mutex, I_MUTEX_XATTR); - err = notify_change(fp->f_path.dentry, &newattrs); + err = notify_change(dentry, &newattrs); if (err) goto out_filp; @@ -518,15 +493,14 @@ reiserfs_xattr_set(struct inode *inode, const char *name, const void *buffer, rxh->h_hash = cpu_to_le32(xahash); } - err = reiserfs_prepare_write(fp, page, page_offset, + err = reiserfs_prepare_write(NULL, page, page_offset, page_offset + chunk + skip); if (!err) { if (buffer) memcpy(data + skip, buffer + buffer_pos, chunk); - err = - reiserfs_commit_write(fp, page, page_offset, - page_offset + chunk + - skip); + err = reiserfs_commit_write(NULL, page, page_offset, + page_offset + chunk + + skip); } unlock_page(page); reiserfs_put_page(page); @@ -548,7 +522,7 @@ reiserfs_xattr_set(struct inode *inode, const char *name, const void *buffer, out_filp: mutex_unlock(&xinode->i_mutex); - fput(fp); + dput(dentry); out: return err; @@ -562,7 +536,7 @@ reiserfs_xattr_get(const struct inode *inode, const char *name, void *buffer, size_t buffer_size) { ssize_t err = 0; - struct file *fp; + struct dentry *dentry; size_t isize; size_t file_pos = 0; size_t buffer_pos = 0; @@ -578,13 +552,13 @@ reiserfs_xattr_get(const struct inode *inode, const char *name, void *buffer, if (get_inode_sd_version(inode) == STAT_DATA_V1) return -EOPNOTSUPP; - fp = open_xa_file(inode, name, FL_READONLY); - if (IS_ERR(fp)) { - err = PTR_ERR(fp); + dentry = get_xa_file_dentry(inode, name, FL_READONLY); + if (IS_ERR(dentry)) { + err = PTR_ERR(dentry); goto out; } - xinode = fp->f_path.dentry->d_inode; + xinode = dentry->d_inode; isize = xinode->i_size; REISERFS_I(inode)->i_flags |= i_has_xattr_dir; @@ -652,7 +626,7 @@ reiserfs_xattr_get(const struct inode *inode, const char *name, void *buffer, } out_dput: - fput(fp); + dput(dentry); out: return err; @@ -742,7 +716,6 @@ reiserfs_delete_xattrs_filler(void *buf, const char *name, int namelen, /* This is called w/ inode->i_mutex downed */ int reiserfs_delete_xattrs(struct inode *inode) { - struct file *fp; struct dentry *dir, *root; int err = 0; @@ -763,15 +736,8 @@ int reiserfs_delete_xattrs(struct inode *inode) return 0; } - fp = dentry_open(dir, NULL, O_RDWR); - if (IS_ERR(fp)) { - err = PTR_ERR(fp); - /* dentry_open dputs the dentry if it fails */ - goto out; - } - lock_kernel(); - err = xattr_readdir(fp, reiserfs_delete_xattrs_filler, dir); + err = xattr_readdir(dir->d_inode, reiserfs_delete_xattrs_filler, dir); if (err) { unlock_kernel(); goto out_dir; @@ -791,7 +757,7 @@ int reiserfs_delete_xattrs(struct inode *inode) unlock_kernel(); out_dir: - fput(fp); + dput(dir); out: if (!err) @@ -833,7 +799,6 @@ reiserfs_chown_xattrs_filler(void *buf, const char *name, int namelen, int reiserfs_chown_xattrs(struct inode *inode, struct iattr *attrs) { - struct file *fp; struct dentry *dir; int err = 0; struct reiserfs_chown_buf buf; @@ -857,13 +822,6 @@ int reiserfs_chown_xattrs(struct inode *inode, struct iattr *attrs) goto out; } - fp = dentry_open(dir, NULL, O_RDWR); - if (IS_ERR(fp)) { - err = PTR_ERR(fp); - /* dentry_open dputs the dentry if it fails */ - goto out; - } - lock_kernel(); attrs->ia_valid &= (ATTR_UID | ATTR_GID | ATTR_CTIME); @@ -871,7 +829,7 @@ int reiserfs_chown_xattrs(struct inode *inode, struct iattr *attrs) buf.attrs = attrs; buf.inode = inode; - err = xattr_readdir(fp, reiserfs_chown_xattrs_filler, &buf); + err = xattr_readdir(dir->d_inode, reiserfs_chown_xattrs_filler, &buf); if (err) { unlock_kernel(); goto out_dir; @@ -881,7 +839,7 @@ int reiserfs_chown_xattrs(struct inode *inode, struct iattr *attrs) unlock_kernel(); out_dir: - fput(fp); + dput(dir); out: attrs->ia_valid = ia_valid; @@ -1029,7 +987,6 @@ reiserfs_listxattr_filler(void *buf, const char *name, int namelen, */ ssize_t reiserfs_listxattr(struct dentry * dentry, char *buffer, size_t size) { - struct file *fp; struct dentry *dir; int err = 0; struct reiserfs_listxattr_buf buf; @@ -1052,13 +1009,6 @@ ssize_t reiserfs_listxattr(struct dentry * dentry, char *buffer, size_t size) goto out; } - fp = dentry_open(dir, NULL, O_RDWR); - if (IS_ERR(fp)) { - err = PTR_ERR(fp); - /* dentry_open dputs the dentry if it fails */ - goto out; - } - buf.r_buf = buffer; buf.r_size = buffer ? size : 0; buf.r_pos = 0; @@ -1066,7 +1016,7 @@ ssize_t reiserfs_listxattr(struct dentry * dentry, char *buffer, size_t size) REISERFS_I(dentry->d_inode)->i_flags |= i_has_xattr_dir; - err = xattr_readdir(fp, reiserfs_listxattr_filler, &buf); + err = xattr_readdir(dir->d_inode, reiserfs_listxattr_filler, &buf); if (err) goto out_dir; @@ -1076,7 +1026,7 @@ ssize_t reiserfs_listxattr(struct dentry * dentry, char *buffer, size_t size) err = buf.r_pos; out_dir: - fput(fp); + dput(dir); out: reiserfs_read_unlock_xattr_i(dentry->d_inode); -- cgit v1.1 From 322ee5b36eac42e762526b0df7fa432beba6e7a0 Mon Sep 17 00:00:00 2001 From: Christoph Hellwig Date: Fri, 15 Feb 2008 14:37:24 -0800 Subject: [PATCH] check for null vfsmount in dentry_open() Make sure no-one calls dentry_open with a NULL vfsmount argument and crap out with a stacktrace otherwise. A NULL file->f_vfsmnt has always been problematic, but with the per-mount r/o tracking we can't accept anymore at all. [AV] the last place that passed NULL had been eliminated by the previous patch (reiserfs xattr stuff) Acked-by: Al Viro Signed-off-by: Christoph Hellwig Signed-off-by: Dave Hansen Signed-off-by: Al Viro --- fs/open.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/fs/open.c b/fs/open.c index 5419853..a4b1202 100644 --- a/fs/open.c +++ b/fs/open.c @@ -903,6 +903,18 @@ struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags) int error; struct file *f; + /* + * We must always pass in a valid mount pointer. Historically + * callers got away with not passing it, but we must enforce this at + * the earliest possible point now to avoid strange problems deep in the + * filesystem stack. + */ + if (!mnt) { + printk(KERN_WARNING "%s called with NULL vfsmount\n", __func__); + dump_stack(); + return ERR_PTR(-EINVAL); + } + error = -ENFILE; f = get_empty_filp(); if (f == NULL) { -- cgit v1.1 From 430e285e0817e3e18aadd814bc078d50d8af0cbf Mon Sep 17 00:00:00 2001 From: Dave Hansen Date: Fri, 15 Feb 2008 14:37:26 -0800 Subject: [PATCH] fix up new filp allocators Some new uses of get_empty_filp() have crept in; switched to alloc_file() to make sure that pieces of initialization won't be missing. We really need to kill get_empty_filp(). [AV] fixed dentry leak on failure exit in anon_inode_getfd() Cc: Erez Zadok Cc: Trond Myklebust Cc: "J Bruce Fields" Acked-by: Al Viro Signed-off-by: Christoph Hellwig Signed-off-by: Andrew Morton Signed-off-by: Dave Hansen Signed-off-by: Al Viro --- fs/anon_inodes.c | 18 ++++++++---------- fs/file_table.c | 6 ++++++ fs/pipe.c | 19 +++++++++---------- 3 files changed, 23 insertions(+), 20 deletions(-) diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c index 2332188..f42be06 100644 --- a/fs/anon_inodes.c +++ b/fs/anon_inodes.c @@ -81,13 +81,10 @@ int anon_inode_getfd(int *pfd, struct inode **pinode, struct file **pfile, if (IS_ERR(anon_inode_inode)) return -ENODEV; - file = get_empty_filp(); - if (!file) - return -ENFILE; error = get_unused_fd(); if (error < 0) - goto err_put_filp; + return error; fd = error; /* @@ -114,14 +111,15 @@ int anon_inode_getfd(int *pfd, struct inode **pinode, struct file **pfile, dentry->d_flags &= ~DCACHE_UNHASHED; d_instantiate(dentry, anon_inode_inode); - file->f_path.mnt = mntget(anon_inode_mnt); - file->f_path.dentry = dentry; + error = -ENFILE; + file = alloc_file(anon_inode_mnt, dentry, + FMODE_READ | FMODE_WRITE, fops); + if (!file) + goto err_dput; file->f_mapping = anon_inode_inode->i_mapping; file->f_pos = 0; file->f_flags = O_RDWR; - file->f_op = fops; - file->f_mode = FMODE_READ | FMODE_WRITE; file->f_version = 0; file->private_data = priv; @@ -132,10 +130,10 @@ int anon_inode_getfd(int *pfd, struct inode **pinode, struct file **pfile, *pfile = file; return 0; +err_dput: + dput(dentry); err_put_unused_fd: put_unused_fd(fd); -err_put_filp: - put_filp(file); return error; } EXPORT_SYMBOL_GPL(anon_inode_getfd); diff --git a/fs/file_table.c b/fs/file_table.c index 6d27bef..986ff4e 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -83,6 +83,12 @@ int proc_nr_files(ctl_table *table, int write, struct file *filp, /* Find an unused file structure and return a pointer to it. * Returns NULL, if there are no more free file structures or * we run out of memory. + * + * Be very careful using this. You are responsible for + * getting write access to any mount that you might assign + * to this filp, if it is opened for write. If this is not + * done, you will imbalance int the mount's writer count + * and a warning at __fput() time. */ struct file *get_empty_filp(void) { diff --git a/fs/pipe.c b/fs/pipe.c index 3c185b6..8be381b 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -957,13 +957,10 @@ struct file *create_write_pipe(void) struct dentry *dentry; struct qstr name = { .name = "" }; - f = get_empty_filp(); - if (!f) - return ERR_PTR(-ENFILE); err = -ENFILE; inode = get_pipe_inode(); if (!inode) - goto err_file; + goto err; err = -ENOMEM; dentry = d_alloc(pipe_mnt->mnt_sb->s_root, &name); @@ -978,22 +975,24 @@ struct file *create_write_pipe(void) */ dentry->d_flags &= ~DCACHE_UNHASHED; d_instantiate(dentry, inode); - f->f_path.mnt = mntget(pipe_mnt); - f->f_path.dentry = dentry; + + err = -ENFILE; + f = alloc_file(pipe_mnt, dentry, FMODE_WRITE, &write_pipe_fops); + if (!f) + goto err_dentry; f->f_mapping = inode->i_mapping; f->f_flags = O_WRONLY; - f->f_op = &write_pipe_fops; - f->f_mode = FMODE_WRITE; f->f_version = 0; return f; + err_dentry: + dput(dentry); err_inode: free_pipe_info(inode); iput(inode); - err_file: - put_filp(f); + err: return ERR_PTR(err); } -- cgit v1.1 From 8a03feab32dceb78b9b1edf220e833d36d416b00 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 23 Feb 2008 05:46:50 -0500 Subject: [PATCH] double dput() on failure exit in tiny-shmem Signed-off-by: Al Viro --- mm/tiny-shmem.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/tiny-shmem.c b/mm/tiny-shmem.c index 7020836..a63ee93 100644 --- a/mm/tiny-shmem.c +++ b/mm/tiny-shmem.c @@ -89,6 +89,8 @@ struct file *shmem_file_setup(char *name, loff_t size, unsigned long flags) close_file: put_filp(file); + return ERR_PTR(error); + put_dentry: dput(dentry); put_memory: -- cgit v1.1 From b4d232e65fa274a715dae39f77191071324e602a Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 23 Feb 2008 05:59:19 -0500 Subject: [PATCH] double iput() on failure exit in hugetlb once we'd done d_instantiate(), we should only do dput(). Signed-off-by: Al Viro --- fs/hugetlbfs/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index eee9487..6846785 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -954,7 +954,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size) FMODE_WRITE | FMODE_READ, &hugetlbfs_file_operations); if (!file) - goto out_inode; + goto out_dentry; /* inode is already attached */ return file; -- cgit v1.1 From a02f76c34d7d6d30b63ac64a8b34dea68593e8da Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 23 Feb 2008 15:14:28 +0000 Subject: [PATCH] get stack footprint of pathname resolution back to relative sanity Somebody had put struct nameidata in stack frame of link_path_walk(). Unfortunately, there are certain realities to deal with: * It's in the middle of recursion. Depth is equal to the nesting depth of symlinks, i.e. up to 8. * struct namiedata is, even if one discards the intent junk, at least 12 pointers + 5 ints. * moreover, adding a stack frame is not free in that situation. * there are fs methods called on top of that, and they also have stack footprint. * kernel stack is not infinite. The thing is, even if one chooses to deal with -ESTALE that way (and it's one hell of an overkill), the only thing that needs to be preserved is vfsmount + dentry, not the entire struct nameidata. Signed-off-by: Al Viro --- fs/namei.c | 63 +++++++++++++++++++++++++++++++------------------------------- 1 file changed, 32 insertions(+), 31 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 941c8e8..7346e99 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -106,7 +106,7 @@ * any extra contention... */ -static int link_path_walk(const char *name, struct nameidata *nd); +static int __link_path_walk(const char *name, struct nameidata *nd); /* In order to reduce some races, while at the same time doing additional * checking and hopefully speeding things up, we copy filenames to the @@ -563,6 +563,37 @@ walk_init_root(const char *name, struct nameidata *nd) return 1; } +/* + * Wrapper to retry pathname resolution whenever the underlying + * file system returns an ESTALE. + * + * Retry the whole path once, forcing real lookup requests + * instead of relying on the dcache. + */ +static __always_inline int link_path_walk(const char *name, struct nameidata *nd) +{ + struct path save = nd->path; + int result; + + /* make sure the stuff we saved doesn't go away */ + dget(save.dentry); + mntget(save.mnt); + + result = __link_path_walk(name, nd); + if (result == -ESTALE) { + /* nd->path had been dropped */ + nd->path = save; + dget(nd->path.dentry); + mntget(nd->path.mnt); + nd->flags |= LOOKUP_REVAL; + result = __link_path_walk(name, nd); + } + + path_put(&save); + + return result; +} + static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link) { int res = 0; @@ -1020,36 +1051,6 @@ return_err: return err; } -/* - * Wrapper to retry pathname resolution whenever the underlying - * file system returns an ESTALE. - * - * Retry the whole path once, forcing real lookup requests - * instead of relying on the dcache. - */ -static int link_path_walk(const char *name, struct nameidata *nd) -{ - struct nameidata save = *nd; - int result; - - /* make sure the stuff we saved doesn't go away */ - dget(save.path.dentry); - mntget(save.path.mnt); - - result = __link_path_walk(name, nd); - if (result == -ESTALE) { - *nd = save; - dget(nd->path.dentry); - mntget(nd->path.mnt); - nd->flags |= LOOKUP_REVAL; - result = __link_path_walk(name, nd); - } - - path_put(&save.path); - - return result; -} - static int path_walk(const char *name, struct nameidata *nd) { current->total_link_count = 0; -- cgit v1.1