aboutsummaryrefslogtreecommitdiffstats
path: root/kernel (unfollow)
AgeCommit message (Collapse)AuthorFilesLines
2013-10-24adfs: delayed freeing of sbiAl Viro2-5/+7
makes ->d_hash() and ->d_compare() safety in RCU mode independent from vfsmount_lock. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24hpfs: make freeing sbi and codetables rcu-delayedAl Viro2-14/+15
makes ->d_hash() and ->d_compare() safety in RCU mode independent from vfsmount_lock Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24make freeing super_block rcu-delayedAl Viro2-1/+2
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24vfs: introduce d_instantiate_no_diralias()Miklos Szeredi5-40/+33
...which just returns -EBUSY if a directory alias would be created. This is to be used by fuse mkdir to make sure that a buggy or malicious userspace filesystem doesn't do anything nasty. Previously fuse used a private mutex for this purpose, which can now go away. Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
2013-10-24move taking vfsmount_lock down into prepend_path()Al Viro1-9/+2
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24split __lookup_mnt() in two functionsAl Viro4-25/+30
Instead of passing the direction as argument (and checking it on every step through the hash chain), just have separate __lookup_mnt() and __lookup_mnt_last(). And use the standard iterators... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24uninline destroy_super(), consolidate alloc_super()Al Viro1-120/+86
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24isofs: don't pass dentry to isofs_hash{i,}_common()Al Viro1-6/+6
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24new helpers: lock_mount_hash/unlock_mount_hashAl Viro5-54/+64
aka br_write_{lock,unlock} of vfsmount_lock. Inlines in fs/mount.h, vfsmount_lock extern moved over there as well. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24don't bother with vfsmount_lock in mounts_poll()Al Viro1-4/+4
wake_up_interruptible/poll_wait provide sufficient barriers; just use ACCESS_ONCE() to fetch ns->event and that's it. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24namespace.c: get rid of mnt_ghostsAl Viro3-18/+9
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24fold dup_mnt_ns() into its only surviving callerAl Viro1-30/+18
should've been done 6 years ago... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24mnt_set_expiry() doesn't need vfsmount_lockAl Viro1-2/+0
->mnt_expire is protected by namespace_sem Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24finish_automount() doesn't need vfsmount_lock for removal from expiry listAl Viro1-2/+0
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24fs/namespace.c: bury long-dead defineAl Viro1-2/+0
MNT_WRITER_UNDERFLOW_LIMIT has been missed 4 years ago when it became unused. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24fold mntfree() into mntput_no_expire()Al Viro1-23/+16
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24do_remount(): pull touch_mnt_namespace() upAl Viro1-5/+1
... and don't bother with dropping and regaining vfsmount_lock Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24dup_mnt_ns(): get rid of pointless grabbing of vfsmount_lockAl Viro1-2/+0
mnt_list is protected by namespace_sem, not vfsmount_lock Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24fs_is_visible only needs namespace_sem held sharedAl Viro1-2/+2
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24initialize namespace_sem staticallyAl Viro1-3/+1
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24file->f_op is never NULL...Al Viro29-97/+74
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24rtl8188eu: remove dead codeAl Viro2-213/+0
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24dmxdev: get rid of pointless clearing ->f_opAl Viro1-4/+0
nobody else will see that struct file after return from ->release() anyway; just leave ->f_op as is and let __fput() do that fops_put(). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24consolidate the reassignments of ->f_op in ->open() instancesAl Viro8-77/+43
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24put_mnt_ns(): use drop_collected_mounts()Al Viro1-5/+1
... rather than open-coding it Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24ncpfs: switch to %p[dD]Al Viro2-43/+24
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24ubifs: switch to %pdAl Viro3-34/+29
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24sunrpc: switch to %pdAl Viro1-6/+6
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24nfsd: switch to %p[dD]Al Viro5-37/+31
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24nfs: use %p[dD] instead of open-coded (and often racy) equivalentsAl Viro11-186/+119
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24befs: split symlink iops in two - for short and long symlinks resp.Al Viro1-30/+31
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24new helper: kfree_put_link()Al Viro8-38/+15
duplicated to hell and back... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24libfs: get exports to definitions of objects being exported...Al Viro1-35/+34
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24ecryptfs: ->lower_path.dentry is never NULLAl Viro1-2/+1
... on anything found via ->d_fsdata Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24ecryptfs: get rid of ecryptfs_set_dentry_lower{,_mnt}Al Viro3-18/+3
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24ecryptfs: don't leave RCU pathwalk immediatelyAl Viro2-15/+20
If the underlying dentry doesn't have ->d_revalidate(), there's no need to force dropping out of RCU mode. All we need for that is to make freeing ecryptfs_dentry_info RCU-delayed. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-24ecryptfs: check DCACHE_OP_REVALIDATE instead of ->d_opAl Viro1-1/+1
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-249p: make v9fs_cache_inode_{get,put,set}_cookie empty inlines for !9P_CACHEFSAl Viro4-12/+12
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-10-06Linux 3.12-rc4Linus Torvalds1-1/+1
2013-10-06net: Update the sysctl permissions handler to test effective uid/gidEric W. Biederman1-2/+2
Modify the code to use current_euid(), and in_egroup_p, as in done in fs/proc/proc_sysctl.c:test_perm() Cc: stable@vger.kernel.org Reviewed-by: Eric Sandeen <sandeen@redhat.com> Reported-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-10-05btrfs: Fix crash due to not allocating integrity data for a biosetDarrick J. Wong1-0/+8
When btrfs creates a bioset, we must also allocate the integrity data pool. Otherwise btrfs will crash when it tries to submit a bio to a checksumming disk: BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 IP: [<ffffffff8111e28a>] mempool_alloc+0x4a/0x150 PGD 2305e4067 PUD 23063d067 PMD 0 Oops: 0000 [#1] PREEMPT SMP Modules linked in: btrfs scsi_debug xfs ext4 jbd2 ext3 jbd mbcache sch_fq_codel eeprom lpc_ich mfd_core nfsd exportfs auth_rpcgss af_packet raid6_pq xor zlib_deflate libcrc32c [last unloaded: scsi_debug] CPU: 1 PID: 4486 Comm: mount Not tainted 3.12.0-rc1-mcsum #2 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 task: ffff8802451c9720 ti: ffff880230698000 task.ti: ffff880230698000 RIP: 0010:[<ffffffff8111e28a>] [<ffffffff8111e28a>] mempool_alloc+0x4a/0x150 RSP: 0018:ffff880230699688 EFLAGS: 00010286 RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000005f8445 RDX: 0000000000000001 RSI: 0000000000000010 RDI: 0000000000000000 RBP: ffff8802306996f8 R08: 0000000000011200 R09: 0000000000000008 R10: 0000000000000020 R11: ffff88009d6e8000 R12: 0000000000011210 R13: 0000000000000030 R14: ffff8802306996b8 R15: ffff8802451c9720 FS: 00007f25b8a16800(0000) GS:ffff88024fc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000018 CR3: 0000000230576000 CR4: 00000000000007e0 Stack: ffff8802451c9720 0000000000000002 ffffffff81a97100 0000000000281250 ffffffff81a96480 ffff88024fc99150 ffff880228d18200 0000000000000000 0000000000000000 0000000000000040 ffff880230e8c2e8 ffff8802459dc900 Call Trace: [<ffffffff811b2208>] bio_integrity_alloc+0x48/0x1b0 [<ffffffff811b26fc>] bio_integrity_prep+0xac/0x360 [<ffffffff8111e298>] ? mempool_alloc+0x58/0x150 [<ffffffffa03e8041>] ? alloc_extent_state+0x31/0x110 [btrfs] [<ffffffff81241579>] blk_queue_bio+0x1c9/0x460 [<ffffffff8123e58a>] generic_make_request+0xca/0x100 [<ffffffff8123e639>] submit_bio+0x79/0x160 [<ffffffffa03f865e>] btrfs_map_bio+0x48e/0x5b0 [btrfs] [<ffffffffa03c821a>] btree_submit_bio_hook+0xda/0x110 [btrfs] [<ffffffffa03e7eba>] submit_one_bio+0x6a/0xa0 [btrfs] [<ffffffffa03ef450>] read_extent_buffer_pages+0x250/0x310 [btrfs] [<ffffffff8125eef6>] ? __radix_tree_preload+0x66/0xf0 [<ffffffff8125f1c5>] ? radix_tree_insert+0x95/0x260 [<ffffffffa03c66f6>] btree_read_extent_buffer_pages.constprop.128+0xb6/0x120 [btrfs] [<ffffffffa03c8c1a>] read_tree_block+0x3a/0x60 [btrfs] [<ffffffffa03caefd>] open_ctree+0x139d/0x2030 [btrfs] [<ffffffffa03a282a>] btrfs_mount+0x53a/0x7d0 [btrfs] [<ffffffff8113ab0b>] ? pcpu_alloc+0x8eb/0x9f0 [<ffffffff81167305>] ? __kmalloc_track_caller+0x35/0x1e0 [<ffffffff81176ba0>] mount_fs+0x20/0xd0 [<ffffffff81191096>] vfs_kern_mount+0x76/0x120 [<ffffffff81193320>] do_mount+0x200/0xa40 [<ffffffff81135cdb>] ? strndup_user+0x5b/0x80 [<ffffffff81193bf0>] SyS_mount+0x90/0xe0 [<ffffffff8156d31d>] system_call_fastpath+0x1a/0x1f Code: 4c 8d 75 a8 4c 89 6d e8 45 89 e0 4c 8d 6f 30 48 89 5d d8 41 83 e0 af 48 89 fb 49 83 c6 18 4c 89 7d f8 65 4c 8b 3c 25 c0 b8 00 00 <48> 8b 73 18 44 89 c7 44 89 45 98 ff 53 20 48 85 c0 48 89 c2 74 RIP [<ffffffff8111e28a>] mempool_alloc+0x4a/0x150 RSP <ffff880230699688> CR2: 0000000000000018 ---[ end trace 7a96042017ed21e2 ]--- Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Josef Bacik <jbacik@fusionio.com> Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2013-10-04Revert "x86/PCI: MMCONFIG: Check earlier for MMCONFIG region at address zero"Bjorn Helgaas1-1/+6
This reverts commit 07f9b61c3915e8eb156cb4461b3946736356ad02. 07f9b61c was intended to be a cleanup that didn't change anything, but in fact, for systems without _CBA (which is almost everything), it broke extended config space for domain 0 and all config space for other domains. Reference: http://lkml.kernel.org/r/20131004011806.GE20450@dangermouse.emea.sgi.com Reported-by: Hedi Berriche <hedi@sgi.com> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
2013-10-04selinux: remove 'flags' parameter from avc_audit()Linus Torvalds3-4/+4
Now avc_audit() has no more users with that parameter. Remove it. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-10-04selinux: avc_has_perm_flags has no more usersLinus Torvalds2-17/+6
.. so get rid of it. The only indirect users were all the avc_has_perm() callers which just expanded to have a zero flags argument. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-10-04Btrfs: fix a use-after-free bug in btrfs_dev_replace_finishingIlya Dryomov2-5/+7
free_device rcu callback, scheduled from btrfs_rm_dev_replace_srcdev, can be processed before btrfs_scratch_superblock is called, which would result in a use-after-free on btrfs_device contents. Fix this by zeroing the superblock before the rcu callback is registered. Cc: Stefan Behrens <sbehrens@giantdisaster.de> Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Signed-off-by: Josef Bacik <jbacik@fusionio.com>
2013-10-04Btrfs: eliminate races in worker stopping codeIlya Dryomov2-6/+21
The current implementation of worker threads in Btrfs has races in worker stopping code, which cause all kinds of panics and lockups when running btrfs/011 xfstest in a loop. The problem is that btrfs_stop_workers is unsynchronized with respect to check_idle_worker, check_busy_worker and __btrfs_start_workers. E.g., check_idle_worker race flow: btrfs_stop_workers(): check_idle_worker(aworker): - grabs the lock - splices the idle list into the working list - removes the first worker from the working list - releases the lock to wait for its kthread's completion - grabs the lock - if aworker is on the working list, moves aworker from the working list to the idle list - releases the lock - grabs the lock - puts the worker - removes the second worker from the working list ...... btrfs_stop_workers returns, aworker is on the idle list FS is umounted, memory is freed ...... aworker is waken up, fireworks ensue With this applied, I wasn't able to trigger the problem in 48 hours, whereas previously I could reliably reproduce at least one of these races within an hour. Reported-by: David Sterba <dsterba@suse.cz> Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Signed-off-by: Josef Bacik <jbacik@fusionio.com>
2013-10-04Btrfs: fix crash of compressed writesLiu Bo1-1/+1
The crash[1] is found by xfstests/generic/208 with "-o compress", it's not reproduced everytime, but it does panic. The bug is quite interesting, it's actually introduced by a recent commit (573aecafca1cf7a974231b759197a1aebcf39c2a, Btrfs: actually limit the size of delalloc range). Btrfs implements delay allocation, so during writeback, we (1) get a page A and lock it (2) search the state tree for delalloc bytes and lock all pages within the range (3) process the delalloc range, including find disk space and create ordered extent and so on. (4) submit the page A. It runs well in normal cases, but if we're in a racy case, eg. buffered compressed writes and aio-dio writes, sometimes we may fail to lock all pages in the 'delalloc' range, in which case, we need to fall back to search the state tree again with a smaller range limit(max_bytes = PAGE_CACHE_SIZE - offset). The mentioned commit has a side effect, that is, in the fallback case, we can find delalloc bytes before the index of the page we already have locked, so we're in the case of (delalloc_end <= *start) and return with (found > 0). This ends with not locking delalloc pages but making ->writepage still process them, and the crash happens. This fixes it by just thinking that we find nothing and returning to caller as the caller knows how to deal with it properly. [1]: ------------[ cut here ]------------ kernel BUG at mm/page-writeback.c:2170! [...] CPU: 2 PID: 11755 Comm: btrfs-delalloc- Tainted: G O 3.11.0+ #8 [...] RIP: 0010:[<ffffffff810f5093>] [<ffffffff810f5093>] clear_page_dirty_for_io+0x1e/0x83 [...] [ 4934.248731] Stack: [ 4934.248731] ffff8801477e5dc8 ffffea00049b9f00 ffff8801869f9ce8 ffffffffa02b841a [ 4934.248731] 0000000000000000 0000000000000000 0000000000000fff 0000000000000620 [ 4934.248731] ffff88018db59c78 ffffea0005da8d40 ffffffffa02ff860 00000001810016c0 [ 4934.248731] Call Trace: [ 4934.248731] [<ffffffffa02b841a>] extent_range_clear_dirty_for_io+0xcf/0xf5 [btrfs] [ 4934.248731] [<ffffffffa02a8889>] compress_file_range+0x1dc/0x4cb [btrfs] [ 4934.248731] [<ffffffff8104f7af>] ? detach_if_pending+0x22/0x4b [ 4934.248731] [<ffffffffa02a8bad>] async_cow_start+0x35/0x53 [btrfs] [ 4934.248731] [<ffffffffa02c694b>] worker_loop+0x14b/0x48c [btrfs] [ 4934.248731] [<ffffffffa02c6800>] ? btrfs_queue_worker+0x25c/0x25c [btrfs] [ 4934.248731] [<ffffffff810608f5>] kthread+0x8d/0x95 [ 4934.248731] [<ffffffff81060868>] ? kthread_freezable_should_stop+0x43/0x43 [ 4934.248731] [<ffffffff814fe09c>] ret_from_fork+0x7c/0xb0 [ 4934.248731] [<ffffffff81060868>] ? kthread_freezable_should_stop+0x43/0x43 [ 4934.248731] Code: ff 85 c0 0f 94 c0 0f b6 c0 59 5b 5d c3 0f 1f 44 00 00 55 48 89 e5 41 54 53 48 89 fb e8 2c de 00 00 49 89 c4 48 8b 03 a8 01 75 02 <0f> 0b 4d 85 e4 74 52 49 8b 84 24 80 00 00 00 f6 40 20 01 75 44 [ 4934.248731] RIP [<ffffffff810f5093>] clear_page_dirty_for_io+0x1e/0x83 [ 4934.248731] RSP <ffff8801869f9c48> [ 4934.280307] ---[ end trace 36f06d3f8750236a ]--- Signed-off-by: Liu Bo <bo.li.liu@oracle.com> Signed-off-by: Josef Bacik <jbacik@fusionio.com>
2013-10-04Btrfs: fix transid verify errors when recovering log treeJosef Bacik1-5/+2
If we crash with a log, remount and recover that log, and then crash before we can commit another transaction we will get transid verify errors on the next mount. This is because we were not zero'ing out the log when we committed the transaction after recovery. This is ok as long as we commit another transaction at some point in the future, but if you abort or something else goes wrong you can end up in this weird state because the recovery stuff says that the tree log should have a generation+1 of the super generation, which won't be the case of the transaction that was started for recovery. Fix this by removing the check and _always_ zero out the log portion of the super when we commit a transaction. This fixes the transid verify issues I was seeing with my force errors tests. Thanks, Signed-off-by: Josef Bacik <jbacik@fusionio.com>
2013-10-04selinux: remove 'flags' parameter from inode_has_permLinus Torvalds1-7/+6
Every single user passes in '0'. I think we had non-zero users back in some stone age when selinux_inode_permission() was implemented in terms of inode_has_perm(), but that complicated case got split up into a totally separate code-path so that we could optimize the much simpler special cases. See commit 2e33405785d3 ("SELinux: delay initialization of audit data in selinux_inode_permission") for example. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-10-04xfs: Use kmem_free() instead of free()Thierry Reding1-1/+1
This fixes a build failure caused by calling the free() function which does not exist in the Linux kernel. Signed-off-by: Thierry Reding <treding@nvidia.com> Reviewed-by: Mark Tinguely <tinguely@sgi.com> Signed-off-by: Ben Myers <bpm@sgi.com> (cherry picked from commit aaaae98022efa4f3c31042f1fdf9e7a0c5f04663)
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.