From: Jeff Mahoney <jeffm@suse.com>
To: Christoph Hellwig <hch@infradead.org>,
Laurent Riffard <laurent.riffard@free.fr>,
Andrew Morton <akpm@linux-foundation.org>,
Dave Hansen <haveblue@us.ibm.com>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
reiserfs-devel@vger.kernel.org
Subject: Re: 2.6.23-mm1: BUG in reiserfs_delete_xattrs
Date: Mon, 15 Oct 2007 14:31:03 -0400 [thread overview]
Message-ID: <4713B1E7.2010504@suse.com> (raw)
In-Reply-To: <20071015084052.GA21870@infradead.org>
Christoph Hellwig wrote:
> On Mon, Oct 15, 2007 at 12:34:58AM +0200, Laurent Riffard wrote:
>> reiserfs_delete_xattrs
>> reiserfs_delete_inode
>> generic_delete_inode
>> generic_drop_inode
>> iput
>> do_unlinkat
>> sys_unlink
>> sys_enter_past_esp
>>
>> I reported a similar BUG in 2.6.22-rc8-mm2 (see
>> http://lkml.org/lkml/2007/9/27/235). Dave Hansen sent a patch for it, I
>> tested it and it was OK for 2.6.22-rc8-mm2.
>>
>> I tried this patch on 2.6.23-mm1, and it fixed the BUGs here too.
>
> The delete path is a similar case as the one Dave fixed, also cause by
> a NULL vfsmount passed to dentry_open, but through a different code-path.
>
> Untested fix for this problem below:
Here's a patch I worked up the other night that kills off struct file
completely from the xattr code. I've tested it locally.
After several posts and bug reports regarding interaction with the NULL
nameidata, here's a patch to clean up the mess with struct file in the
reiserfs xattr code.
As observed in several of the posts, there's really no need for struct file
to exist in the xattr code. It was really only passed around due to the
f_op->readdir() and a_ops->{prepare,commit}_write prototypes requiring it.
reiserfs_prepare_write() and reiserfs_commit_write() don't actually use
the struct file passed to it, and the xattr code uses a private version of
reiserfs_readdir() to enumerate the xattr directories.
I do have patches in my queue to convert the xattrs to use reiserfs_readdir(),
but I guess I'll just have to rework those.
This is pretty close to the patch by Dave Hansen for -mm, but I didn't
notice it until after I wrote this up.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
fs/reiserfs/xattr.c | 111 ++++++++++++++--------------------------------------
1 file changed, 31 insertions(+), 80 deletions(-)
--- a/fs/reiserfs/xattr.c 2007-08-27 14:03:39.000000000 -0400
+++ b/fs/reiserfs/xattr.c 2007-10-14 22:11:05.000000000 -0400
@@ -191,28 +191,11 @@ static struct dentry *get_xa_file_dentry
dput(xadir);
if (err)
xafile = ERR_PTR(err);
- return xafile;
-}
-
-/* Opens a file pointer to the attribute associated with inode */
-static struct file *open_xa_file(const struct inode *inode, const char *name,
- int flags)
-{
- struct dentry *xafile;
- struct file *fp;
-
- xafile = get_xa_file_dentry(inode, name, flags);
- if (IS_ERR(xafile))
- return ERR_PTR(PTR_ERR(xafile));
else if (!xafile->d_inode) {
dput(xafile);
- return ERR_PTR(-ENODATA);
+ xafile = ERR_PTR(-ENODATA);
}
-
- fp = dentry_open(xafile, NULL, O_RDWR);
- /* dentry_open dputs the dentry if it fails */
-
- return fp;
+ return xafile;
}
/*
@@ -228,9 +211,8 @@ static struct file *open_xa_file(const s
* we're called with i_mutex held, so there are no worries about the directory
* changing underneath us.
*/
-static int __xattr_readdir(struct file *filp, void *dirent, filldir_t filldir)
+static int __xattr_readdir(struct inode *inode, void *dirent, filldir_t filldir)
{
- struct inode *inode = filp->f_path.dentry->d_inode;
struct cpu_key pos_key; /* key of current position in the directory (key of directory entry) */
INITIALIZE_PATH(path_to_entry);
struct buffer_head *bh;
@@ -374,23 +356,16 @@ static int __xattr_readdir(struct file *
*
*/
static
-int xattr_readdir(struct file *file, filldir_t filler, void *buf)
+int xattr_readdir(struct inode *inode, filldir_t filler, void *buf)
{
- struct inode *inode = file->f_path.dentry->d_inode;
- int res = -ENOTDIR;
- if (!file->f_op || !file->f_op->readdir)
- goto out;
+ int res = -ENOENT;
mutex_lock_nested(&inode->i_mutex, I_MUTEX_XATTR);
-// down(&inode->i_zombie);
- res = -ENOENT;
if (!IS_DEADDIR(inode)) {
lock_kernel();
- res = __xattr_readdir(file, buf, filler);
+ res = __xattr_readdir(inode, buf, filler);
unlock_kernel();
}
-// up(&inode->i_zombie);
mutex_unlock(&inode->i_mutex);
- out:
return res;
}
@@ -436,7 +411,7 @@ reiserfs_xattr_set(struct inode *inode,
size_t buffer_size, int flags)
{
int err = 0;
- struct file *fp;
+ struct dentry *dentry;
struct page *page;
char *data;
struct address_space *mapping;
@@ -454,18 +429,18 @@ reiserfs_xattr_set(struct inode *inode,
xahash = xattr_hash(buffer, buffer_size);
open_file:
- fp = open_xa_file(inode, name, flags);
- if (IS_ERR(fp)) {
- err = PTR_ERR(fp);
+ dentry = get_xa_file_dentry(inode, name, flags);
+ if (IS_ERR(dentry)) {
+ err = PTR_ERR(dentry);
goto out;
}
- xinode = fp->f_path.dentry->d_inode;
+ xinode = dentry->d_inode;
REISERFS_I(inode)->i_flags |= i_has_xattr_dir;
/* we need to copy it off.. */
if (xinode->i_nlink > 1) {
- fput(fp);
+ dput(dentry);
err = reiserfs_xattr_del(inode, name);
if (err < 0)
goto out;
@@ -479,7 +454,7 @@ reiserfs_xattr_set(struct inode *inode,
newattrs.ia_size = buffer_size;
newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
mutex_lock(&xinode->i_mutex);
- err = notify_change(fp->f_path.dentry, &newattrs);
+ err = notify_change(dentry, &newattrs);
if (err)
goto out_filp;
@@ -512,15 +487,15 @@ reiserfs_xattr_set(struct inode *inode,
rxh->h_hash = cpu_to_le32(xahash);
}
- err = mapping->a_ops->prepare_write(fp, page, page_offset,
+ err = mapping->a_ops->prepare_write(NULL, page, page_offset,
page_offset + chunk + skip);
if (!err) {
if (buffer)
memcpy(data + skip, buffer + buffer_pos, chunk);
- err =
- mapping->a_ops->commit_write(fp, page, page_offset,
- page_offset + chunk +
- skip);
+ err = mapping->a_ops->commit_write(NULL, page,
+ page_offset,
+ page_offset + chunk +
+ skip);
}
unlock_page(page);
reiserfs_put_page(page);
@@ -542,7 +517,7 @@ reiserfs_xattr_set(struct inode *inode,
out_filp:
mutex_unlock(&xinode->i_mutex);
- fput(fp);
+ dput(dentry);
out:
return err;
@@ -556,7 +531,7 @@ reiserfs_xattr_get(const struct inode *i
size_t buffer_size)
{
ssize_t err = 0;
- struct file *fp;
+ struct dentry *dentry;
size_t isize;
size_t file_pos = 0;
size_t buffer_pos = 0;
@@ -572,13 +547,13 @@ reiserfs_xattr_get(const struct inode *i
if (get_inode_sd_version(inode) == STAT_DATA_V1)
return -EOPNOTSUPP;
- fp = open_xa_file(inode, name, FL_READONLY);
- if (IS_ERR(fp)) {
- err = PTR_ERR(fp);
+ dentry = get_xa_file_dentry(inode, name, FL_READONLY);
+ if (IS_ERR(dentry)) {
+ err = PTR_ERR(dentry);
goto out;
}
- xinode = fp->f_path.dentry->d_inode;
+ xinode = dentry->d_inode;
isize = xinode->i_size;
REISERFS_I(inode)->i_flags |= i_has_xattr_dir;
@@ -646,7 +621,7 @@ reiserfs_xattr_get(const struct inode *i
}
out_dput:
- fput(fp);
+ dput(dentry);
out:
return err;
@@ -736,7 +711,6 @@ reiserfs_delete_xattrs_filler(void *buf,
/* This is called w/ inode->i_mutex downed */
int reiserfs_delete_xattrs(struct inode *inode)
{
- struct file *fp;
struct dentry *dir, *root;
int err = 0;
@@ -757,15 +731,8 @@ int reiserfs_delete_xattrs(struct inode
return 0;
}
- fp = dentry_open(dir, NULL, O_RDWR);
- if (IS_ERR(fp)) {
- err = PTR_ERR(fp);
- /* dentry_open dputs the dentry if it fails */
- goto out;
- }
-
lock_kernel();
- err = xattr_readdir(fp, reiserfs_delete_xattrs_filler, dir);
+ err = xattr_readdir(dir->d_inode, reiserfs_delete_xattrs_filler, dir);
if (err) {
unlock_kernel();
goto out_dir;
@@ -785,7 +752,7 @@ int reiserfs_delete_xattrs(struct inode
unlock_kernel();
out_dir:
- fput(fp);
+ dput(dir);
out:
if (!err)
@@ -827,7 +794,6 @@ reiserfs_chown_xattrs_filler(void *buf,
int reiserfs_chown_xattrs(struct inode *inode, struct iattr *attrs)
{
- struct file *fp;
struct dentry *dir;
int err = 0;
struct reiserfs_chown_buf buf;
@@ -851,13 +817,6 @@ int reiserfs_chown_xattrs(struct inode *
goto out;
}
- fp = dentry_open(dir, NULL, O_RDWR);
- if (IS_ERR(fp)) {
- err = PTR_ERR(fp);
- /* dentry_open dputs the dentry if it fails */
- goto out;
- }
-
lock_kernel();
attrs->ia_valid &= (ATTR_UID | ATTR_GID | ATTR_CTIME);
@@ -865,7 +824,7 @@ int reiserfs_chown_xattrs(struct inode *
buf.attrs = attrs;
buf.inode = inode;
- err = xattr_readdir(fp, reiserfs_chown_xattrs_filler, &buf);
+ err = xattr_readdir(dir->d_inode, reiserfs_chown_xattrs_filler, &buf);
if (err) {
unlock_kernel();
goto out_dir;
@@ -875,7 +834,7 @@ int reiserfs_chown_xattrs(struct inode *
unlock_kernel();
out_dir:
- fput(fp);
+ dput(dir);
out:
attrs->ia_valid = ia_valid;
@@ -1023,7 +982,6 @@ reiserfs_listxattr_filler(void *buf, con
*/
ssize_t reiserfs_listxattr(struct dentry * dentry, char *buffer, size_t size)
{
- struct file *fp;
struct dentry *dir;
int err = 0;
struct reiserfs_listxattr_buf buf;
@@ -1046,13 +1004,6 @@ ssize_t reiserfs_listxattr(struct dentry
goto out;
}
- fp = dentry_open(dir, NULL, O_RDWR);
- if (IS_ERR(fp)) {
- err = PTR_ERR(fp);
- /* dentry_open dputs the dentry if it fails */
- goto out;
- }
-
buf.r_buf = buffer;
buf.r_size = buffer ? size : 0;
buf.r_pos = 0;
@@ -1060,7 +1011,7 @@ ssize_t reiserfs_listxattr(struct dentry
REISERFS_I(dentry->d_inode)->i_flags |= i_has_xattr_dir;
- err = xattr_readdir(fp, reiserfs_listxattr_filler, &buf);
+ err = xattr_readdir(dir->d_inode, reiserfs_listxattr_filler, &buf);
if (err)
goto out_dir;
@@ -1070,7 +1021,7 @@ ssize_t reiserfs_listxattr(struct dentry
err = buf.r_pos;
out_dir:
- fput(fp);
+ dput(dir);
out:
reiserfs_read_unlock_xattr_i(dentry->d_inode);
--
Jeff Mahoney
SUSE Labs
next prev parent reply other threads:[~2007-10-15 18:29 UTC|newest]
Thread overview: 139+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-12 4:31 2.6.23-mm1 Andrew Morton
2007-10-12 5:03 ` 2.6.23-mm1 KAMEZAWA Hiroyuki
2007-10-12 6:42 ` 2.6.23-mm1 Andrew Morton
2007-10-12 6:46 ` 2.6.23-mm1 Al Viro
2007-10-12 7:13 ` 2.6.23-mm1 Andrew Morton
2007-10-12 18:06 ` [PATCH net-2.6] uml: hard_header fix Stephen Hemminger
2007-10-12 19:04 ` 2.6.23-mm1 Al Viro
2007-10-12 19:47 ` 2.6.23-mm1 thread exit_group issue Mathieu Desnoyers
2007-10-12 20:01 ` Andrew Morton
2007-10-13 1:03 ` Andrew Morton
2007-10-13 11:48 ` Oleg Nesterov
2007-10-13 12:02 ` Oleg Nesterov
2007-10-13 17:49 ` Andrew Morton
2007-10-14 4:04 ` Mathieu Desnoyers
2007-10-12 7:25 ` 2.6.23-mm1 KAMEZAWA Hiroyuki
2007-10-12 8:36 ` 2.6.23-mm1 Sam Ravnborg
2007-10-12 8:31 ` 2.6.23-mm1 Torsten Kaiser
2007-10-12 8:37 ` 2.6.23-mm1 Andrew Morton
2007-10-12 12:46 ` 2.6.23-mm1 Torsten Kaiser
2007-10-13 8:01 ` 2.6.23-mm1 Torsten Kaiser
2007-10-13 10:55 ` 2.6.23-mm1 Jeff Garzik
2007-10-13 12:03 ` 2.6.23-mm1 Torsten Kaiser
2007-10-13 12:19 ` 2.6.23-mm1 Jeff Garzik
2007-10-13 14:32 ` 2.6.23-mm1 Torsten Kaiser
2007-10-13 14:40 ` 2.6.23-mm1 Torsten Kaiser
2007-10-13 15:13 ` 2.6.23-mm1 Torsten Kaiser
2007-10-13 17:48 ` 2.6.23-mm1 Jeff Garzik
2007-10-13 18:05 ` 2.6.23-mm1 Torsten Kaiser
2007-10-13 18:18 ` 2.6.23-mm1 Andrew Morton
2007-10-13 18:35 ` 2.6.23-mm1 Torsten Kaiser
2007-10-14 11:54 ` 2.6.23-mm1 Torsten Kaiser
2007-10-14 18:39 ` 2.6.23-mm1 Andrew Morton
2007-10-14 19:12 ` 2.6.23-mm1 Torsten Kaiser
2007-10-14 19:26 ` 2.6.23-mm1 Andrew Morton
2007-10-14 19:40 ` 2.6.23-mm1 Torsten Kaiser
2007-10-14 22:03 ` 2.6.23-mm1 Milan Broz
2007-10-15 6:50 ` 2.6.23-mm1 Jens Axboe
2007-10-15 7:31 ` 2.6.23-mm1 Neil Brown
2007-10-15 7:45 ` 2.6.23-mm1 Jens Axboe
2007-10-13 18:41 ` 2.6.23-mm1 Jeff Garzik
2007-10-12 6:48 ` 2.6.23-mm1 Cedric Le Goater
2007-10-12 6:51 ` [PATCH] add missing parenthesis in cfe_writeblk() macro Mariusz Kozlowski
2007-10-12 7:44 ` 2.6.23-mm1 - build failure on axonram Kamalesh Babulal
2007-10-12 9:42 ` Build Failure (Was Re: 2.6.23-mm1) Dhaval Giani
2007-10-12 20:38 ` 2.6.23-mm1 Laurent Riffard
2007-10-12 21:00 ` 2.6.23-mm1 Andrew Morton
2007-10-13 9:29 ` [PATCH] Reiser4: Drop 'size' argument from bio_endio and bi_end_io Laurent Riffard
2007-10-13 10:10 ` Jens Axboe
2007-10-14 13:09 ` Edward Shishkin
2007-10-15 16:13 ` 2.6.23-mm1 Zan Lynx
2007-10-12 21:32 ` 2.6.23-mm1 Rafael J. Wysocki
2007-10-15 16:09 ` 2.6.23-mm1 Mark Gross
2007-10-15 20:40 ` 2.6.23-mm1 Rafael J. Wysocki
2007-10-16 19:58 ` 2.6.23-mm1 Mark Gross
2007-10-16 20:28 ` 2.6.23-mm1 Rafael J. Wysocki
2007-10-16 23:31 ` 2.6.23-mm1 Mark Gross
2007-10-17 21:15 ` [PATCH] static initialization with blocking notifiers. was :wqRe: 2.6.23-mm1 Mark Gross
2007-10-17 17:21 ` [PATCH] static initialization and blocking notification for pm_qos... was 2.6.23-mm1 Mark Gross
2007-10-13 4:35 ` 2.6.23-mm1 - Build failure on rgmii Kamalesh Babulal
2007-10-13 4:44 ` 2.6.23-mm1 - build failure with advansys Kamalesh Babulal
2007-10-13 6:52 ` Andrew Morton
2007-10-18 0:07 ` Paul Mackerras
2007-10-18 1:48 ` Matthew Wilcox
2007-10-13 15:50 ` 2.6.23-mm1 pm_prepare() and _finish() w/ args vs. without Joseph Fannin
2007-10-13 17:22 ` Rafael J. Wysocki
2007-10-13 18:40 ` Joseph Fannin
2007-10-13 19:13 ` Rafael J. Wysocki
2007-10-14 19:47 ` Joseph Fannin
2007-10-14 20:20 ` Rafael J. Wysocki
2007-10-15 20:55 ` Rafael J. Wysocki
2007-10-16 17:29 ` Joseph Fannin
2007-10-13 17:12 ` 2.6.23-mm1 Gabriel C
2007-10-13 18:01 ` 2.6.23-mm1 Andrew Morton
2007-10-13 18:08 ` 2.6.23-mm1 Gabriel C
2007-10-15 16:28 ` 2.6.23-mm1 Dave Hansen
2007-10-13 17:58 ` Suspend Broken (Re: 2.6.23-mm1) Dhaval Giani
2007-10-13 18:33 ` Rafael J. Wysocki
2007-10-14 4:26 ` Dhaval Giani
2007-10-14 14:19 ` Rafael J. Wysocki
2007-10-13 22:11 ` [2.6.23-mm1] CONFIG_LOCALVERSION handling broken Tilman Schmidt
2007-10-17 20:27 ` Sam Ravnborg
2007-10-17 23:06 ` Tilman Schmidt
2007-10-27 15:19 ` Tilman Schmidt
2007-10-27 15:28 ` Sam Ravnborg
2007-10-14 22:34 ` 2.6.23-mm1: BUG in reiserfs_delete_xattrs Laurent Riffard
2007-10-15 8:40 ` Christoph Hellwig
2007-10-15 18:31 ` Jeff Mahoney [this message]
2007-10-15 20:06 ` Laurent Riffard
2007-10-15 20:23 ` Jeff Mahoney
2007-10-17 8:59 ` Christoph Hellwig
2007-10-17 8:58 ` Christoph Hellwig
2007-10-17 14:55 ` Jeff Mahoney
2007-10-15 19:51 ` Laurent Riffard
2007-10-15 6:18 ` [PATCH] Add irq protection in the percpu-counters cpu-hotplug-callback path Gautham R Shenoy
2007-10-15 12:28 ` nfs mmap adventure (was: 2.6.23-mm1) Peter Zijlstra
2007-10-15 14:06 ` David Howells
2007-10-15 15:51 ` Trond Myklebust
2007-10-15 16:38 ` Peter Zijlstra
2007-10-16 1:46 ` Nick Piggin
2007-10-15 23:27 ` David Howells
2007-10-15 15:43 ` Trond Myklebust
2007-10-16 7:18 ` 2.6.23-mm1 - regression- PowerPC link failure at arch/powerpc/kernel/head_64.o Kamalesh Babulal
2007-10-16 7:28 ` Andrew Morton
2007-10-16 7:44 ` Kamalesh Babulal
2007-10-21 6:42 ` Kamalesh Babulal
2007-10-27 5:05 ` Stephen Rothwell
2007-10-17 7:01 ` 2.6.23-mm1 KAMEZAWA Hiroyuki
2007-10-17 9:02 ` 2.6.23-mm1 Andrew Morton
2007-10-17 9:10 ` 2.6.23-mm1 Jiri Kosina
2007-10-17 9:36 ` 2.6.23-mm1 KAMEZAWA Hiroyuki
2007-10-17 11:42 ` 2.6.23-mm1 Jiri Kosina
2007-10-17 12:33 ` 2.6.23-mm1 KAMEZAWA Hiroyuki
2007-10-19 9:07 ` PIE randomization (was Re: 2.6.23-mm1) Jiri Kosina
2007-10-19 21:54 ` 2.6.23-mm1 Jiri Kosina
2007-10-17 15:54 ` 2.6.23-mm1 - list_add corruption in cgroup Cedric Le Goater
2007-10-18 15:56 ` Paul Menage
2007-10-19 22:11 ` Paul Menage
2007-10-18 12:06 ` 2.6.23-mm1 - powerpc - Build fails at arch/powerpc/boot/inflate.o Kamalesh Babulal
2007-10-18 12:23 ` Paul Mackerras
2007-10-18 13:20 ` Kamalesh Babulal
2007-10-20 4:57 ` oops in lbmIODone, fails to boot [Re: 2.6.23-mm1] Mattia Dongili
2007-10-20 5:34 ` Andrew Morton
2007-10-20 12:18 ` Dave Kleikamp
2007-10-21 5:44 ` Mattia Dongili
2007-10-20 5:13 ` 2.6.23-mm1 - autofs broken Rik van Riel
2007-10-20 5:39 ` Andrew Morton
2007-10-20 5:54 ` Rik van Riel
2007-10-20 5:54 ` Rik van Riel
2007-10-20 14:56 ` Rik van Riel
2007-10-22 22:03 ` Dave Hansen
2007-10-22 3:45 ` Ian Kent
2007-10-22 16:46 ` Rik van Riel
2007-10-21 5:58 ` mysqld prevents s2ram [Re: 2.6.23-mm1] Mattia Dongili
2007-10-21 6:28 ` Mattia Dongili
2007-10-21 9:58 ` Pavel Machek
2007-10-21 11:53 ` Rafael J. Wysocki
2007-10-22 18:40 ` kernel panic when running tcpdump Mariusz Kozlowski
2007-10-22 19:03 ` Andrew Morton
2007-10-22 21:16 ` Mariusz Kozlowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4713B1E7.2010504@suse.com \
--to=jeffm@suse.com \
--cc=akpm@linux-foundation.org \
--cc=haveblue@us.ibm.com \
--cc=hch@infradead.org \
--cc=laurent.riffard@free.fr \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=reiserfs-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox