From dc15ae14e97ee9d5ed740cbb0b94996076d8b37e Mon Sep 17 00:00:00 2001 From: "J. Bruce Fields" Date: Thu, 10 Nov 2005 19:08:00 -0500 Subject: [PATCH] VFS: Fix memory leak with file leases The patch http://linux.bkbits.net:8080/linux-2.6/diffs/fs/locks.c@1.70??nav=index.html introduced a pretty nasty memory leak in the lease code. When freeing the lease, the code in locks_delete_lock() will correctly clean up the fasync queue, but when we return to fcntl_setlease(), the freed fasync entry will be reinstated. This patch ensures that we skip the call to fasync_helper() when we're freeing up the lease. Signed-off-by: J. Bruce Fields Signed-off-by: Trond Myklebust --- fs/locks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'fs') diff --git a/fs/locks.c b/fs/locks.c index a1e8b224801..600d1fbe357 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -1430,7 +1430,7 @@ int fcntl_setlease(unsigned int fd, struct file *filp, long arg) lock_kernel(); error = __setlease(filp, arg, &flp); - if (error) + if (error || arg == F_UNLCK) goto out_unlock; error = fasync_helper(fd, filp, 1, &flp->fl_fasync); -- cgit v1.2.3 From f3a9388e4ebea57583272007311fffa26ebbb305 Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Fri, 11 Nov 2005 17:20:14 -0800 Subject: [PATCH] VFS: local denial-of-service with file leases Remove time_out_leases() printk that's easily triggered by users. Signed-off-by: Chris Wright Signed-off-by: Trond Myklebust --- fs/locks.c | 1 - 1 file changed, 1 deletion(-) (limited to 'fs') diff --git a/fs/locks.c b/fs/locks.c index 600d1fbe357..250ef53d25e 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -1105,7 +1105,6 @@ static void time_out_leases(struct inode *inode) before = &fl->fl_next; continue; } - printk(KERN_INFO "lease broken - owner pid = %d\n", fl->fl_pid); lease_modify(before, fl->fl_type & ~F_INPROGRESS); if (fl == *before) /* lease_modify may have freed fl */ before = &fl->fl_next; -- cgit v1.2.3 From 5b9d1f19a7d6f13a97ac3eea9a1caea011ebd0ae Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Sun, 13 Nov 2005 19:33:24 +0100 Subject: [JFFS2] Remove broken and useless debug code Signed-off-by: Thomas Gleixner --- fs/jffs2/scan.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'fs') diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c index 0e7456ec99f..3e51dd1da8a 100644 --- a/fs/jffs2/scan.c +++ b/fs/jffs2/scan.c @@ -284,9 +284,6 @@ int jffs2_fill_scan_buf (struct jffs2_sb_info *c, void *buf, D1(printk(KERN_WARNING "Read at 0x%x gave only 0x%zx bytes\n", ofs, retlen)); return -EIO; } - D2(printk(KERN_DEBUG "Read 0x%x bytes from 0x%08x into buf\n", len, ofs)); - D2(printk(KERN_DEBUG "000: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", - buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7], buf[8], buf[9], buf[10], buf[11], buf[12], buf[13], buf[14], buf[15])); return 0; } -- cgit v1.2.3 From ab4eb43ce759559d7b15c5dde4a1562f202539f6 Mon Sep 17 00:00:00 2001 From: Denis Lunev Date: Sun, 13 Nov 2005 16:07:17 -0800 Subject: [PATCH] ext3: journal handling on error path in ext3_journalled_writepage() This patch fixes lost referrence on ext3 current handle in ext3_journalled_writepage(). Signed-Off-By: Denis Lunev Cc: Kirill Korotaev Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/ext3/inode.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'fs') diff --git a/fs/ext3/inode.c b/fs/ext3/inode.c index 5d9b00e2883..8824e84f8a5 100644 --- a/fs/ext3/inode.c +++ b/fs/ext3/inode.c @@ -1384,8 +1384,10 @@ static int ext3_journalled_writepage(struct page *page, ClearPageChecked(page); ret = block_prepare_write(page, 0, PAGE_CACHE_SIZE, ext3_get_block); - if (ret != 0) + if (ret != 0) { + ext3_journal_stop(handle); goto out_unlock; + } ret = walk_page_buffers(handle, page_buffers(page), 0, PAGE_CACHE_SIZE, NULL, do_journal_get_write_access); -- cgit v1.2.3 From 0f5c79f2920cbc21c718daeb0b12d69acf4de163 Mon Sep 17 00:00:00 2001 From: Luiz Fernando Capitulino Date: Sun, 13 Nov 2005 16:07:20 -0800 Subject: [PATCH] Fix sparse warning in proc/task_mmu.c fs/proc/task_mmu.c:198:33: warning: Using plain integer as NULL pointer Signed-off-by: Luiz Capitulino Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/proc/task_mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'fs') diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index d2fa42006d8..9ab97cef0da 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -195,7 +195,7 @@ static int show_map_internal(struct seq_file *m, void *v, struct mem_size_stats static int show_map(struct seq_file *m, void *v) { - return show_map_internal(m, v, 0); + return show_map_internal(m, v, NULL); } static void smaps_pte_range(struct vm_area_struct *vma, pmd_t *pmd, -- cgit v1.2.3 From 20dcae32439384b6863c626bb3b2a09bed65b33e Mon Sep 17 00:00:00 2001 From: Zach Brown Date: Sun, 13 Nov 2005 16:07:33 -0800 Subject: [PATCH] aio: remove kioctx from mm_struct Sync iocbs have a life cycle that don't need a kioctx. Their retrying, if any, is done in the context of their owner who has allocated them on the stack. The sole user of a sync iocb's ctx reference was aio_complete() checking for an elevated iocb ref count that could never happen. No path which grabs an iocb ref has access to sync iocbs. If we were to implement sync iocb cancelation it would be done by the owner of the iocb using its on-stack reference. Removing this chunk from aio_complete allows us to remove the entire kioctx instance from mm_struct, reducing its size by a third. On a i386 testing box the slab size went from 768 to 504 bytes and from 5 to 8 per page. Signed-off-by: Zach Brown Acked-by: Benjamin LaHaise Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/aio.c | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) (limited to 'fs') diff --git a/fs/aio.c b/fs/aio.c index 20bb919eb19..e7cd40b626b 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -937,28 +937,19 @@ int fastcall aio_complete(struct kiocb *iocb, long res, long res2) unsigned long tail; int ret; - /* Special case handling for sync iocbs: events go directly - * into the iocb for fast handling. Note that this will not - * work if we allow sync kiocbs to be cancelled. in which - * case the usage count checks will have to move under ctx_lock - * for all cases. + /* + * Special case handling for sync iocbs: + * - events go directly into the iocb for fast handling + * - the sync task with the iocb in its stack holds the single iocb + * ref, no other paths have a way to get another ref + * - the sync task helpfully left a reference to itself in the iocb */ if (is_sync_kiocb(iocb)) { - int ret; - + BUG_ON(iocb->ki_users != 1); iocb->ki_user_data = res; - if (iocb->ki_users == 1) { - iocb->ki_users = 0; - ret = 1; - } else { - spin_lock_irq(&ctx->ctx_lock); - iocb->ki_users--; - ret = (0 == iocb->ki_users); - spin_unlock_irq(&ctx->ctx_lock); - } - /* sync iocbs put the task here for us */ + iocb->ki_users = 0; wake_up_process(iocb->ki_obj.tsk); - return ret; + return 1; } info = &ctx->ring_info; -- cgit v1.2.3 From d00689af6b3b6ba9e1fdefec3bd62edc860c385d Mon Sep 17 00:00:00 2001 From: Zach Brown Date: Sun, 13 Nov 2005 16:07:34 -0800 Subject: [PATCH] aio: replace locking comments with assert_spin_locked() aio: replace locking comments with assert_spin_locked() Signed-off-by: Zach Brown Acked-by: Benjamin LaHaise Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/aio.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'fs') diff --git a/fs/aio.c b/fs/aio.c index e7cd40b626b..5a28b69ad22 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -457,6 +457,8 @@ static inline struct kiocb *aio_get_req(struct kioctx *ctx) static inline void really_put_req(struct kioctx *ctx, struct kiocb *req) { + assert_spin_locked(&ctx->ctx_lock); + if (req->ki_dtor) req->ki_dtor(req); kmem_cache_free(kiocb_cachep, req); @@ -498,6 +500,8 @@ static int __aio_put_req(struct kioctx *ctx, struct kiocb *req) dprintk(KERN_DEBUG "aio_put(%p): f_count=%d\n", req, atomic_read(&req->ki_filp->f_count)); + assert_spin_locked(&ctx->ctx_lock); + req->ki_users --; if (unlikely(req->ki_users < 0)) BUG(); @@ -619,14 +623,13 @@ static void unuse_mm(struct mm_struct *mm) * the kiocb (to tell the caller to activate the work * queue to process it), or 0, if it found that it was * already queued. - * - * Should be called with the spin lock iocb->ki_ctx->ctx_lock - * held */ static inline int __queue_kicked_iocb(struct kiocb *iocb) { struct kioctx *ctx = iocb->ki_ctx; + assert_spin_locked(&ctx->ctx_lock); + if (list_empty(&iocb->ki_run_list)) { list_add_tail(&iocb->ki_run_list, &ctx->run_list); @@ -771,13 +774,15 @@ out: * Process all pending retries queued on the ioctx * run list. * Assumes it is operating within the aio issuer's mm - * context. Expects to be called with ctx->ctx_lock held + * context. */ static int __aio_run_iocbs(struct kioctx *ctx) { struct kiocb *iocb; LIST_HEAD(run_list); + assert_spin_locked(&ctx->ctx_lock); + list_splice_init(&ctx->run_list, &run_list); while (!list_empty(&run_list)) { iocb = list_entry(run_list.next, struct kiocb, @@ -1604,12 +1609,14 @@ asmlinkage long sys_io_submit(aio_context_t ctx_id, long nr, /* lookup_kiocb * Finds a given iocb for cancellation. - * MUST be called with ctx->ctx_lock held. */ static struct kiocb *lookup_kiocb(struct kioctx *ctx, struct iocb __user *iocb, u32 key) { struct list_head *pos; + + assert_spin_locked(&ctx->ctx_lock); + /* TODO: use a hash or array, this sucks. */ list_for_each(pos, &ctx->active_reqs) { struct kiocb *kiocb = list_kiocb(pos); -- cgit v1.2.3 From ec63f22dc31de19b273b7aca66e73ae85cc2418e Mon Sep 17 00:00:00 2001 From: Johann Lombardi Date: Sun, 13 Nov 2005 16:07:36 -0800 Subject: [PATCH] ext2: remove duplicate newlines in ext2_fill_super ext2_warning() already adds a newline. Signed-off-by: Johann Lombardi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/ext2/super.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'fs') diff --git a/fs/ext2/super.c b/fs/ext2/super.c index e4ed4b31a43..522fa70dd8e 100644 --- a/fs/ext2/super.c +++ b/fs/ext2/super.c @@ -881,7 +881,7 @@ static int ext2_fill_super(struct super_block *sb, void *data, int silent) } if (EXT2_HAS_COMPAT_FEATURE(sb, EXT3_FEATURE_COMPAT_HAS_JOURNAL)) ext2_warning(sb, __FUNCTION__, - "mounting ext3 filesystem as ext2\n"); + "mounting ext3 filesystem as ext2"); ext2_setup_super (sb, es, sb->s_flags & MS_RDONLY); percpu_counter_mod(&sbi->s_freeblocks_counter, ext2_count_free_blocks(sb)); -- cgit v1.2.3