+36 -76

fs/dcache.c

··· 2372 2372 } 2373 2373 EXPORT_SYMBOL(dentry_update_name_case); 2374 2374 2375 2375 - static void switch_names(struct dentry *dentry, struct dentry *target) 2375 2375 + static void switch_names(struct dentry *dentry, struct dentry *target, 2376 2376 + bool exchange) 2376 2377 { 2377 2378 if (dname_external(target)) { 2378 2379 if (dname_external(dentry)) { ··· 2407 2406 */ 2408 2407 unsigned int i; 2409 2408 BUILD_BUG_ON(!IS_ALIGNED(DNAME_INLINE_LEN, sizeof(long))); 2409 2409 + if (!exchange) { 2410 2410 + memcpy(dentry->d_iname, target->d_name.name, 2411 2411 + target->d_name.len + 1); 2412 2412 + dentry->d_name.hash_len = target->d_name.hash_len; 2413 2413 + return; 2414 2414 + } 2410 2415 for (i = 0; i < DNAME_INLINE_LEN / sizeof(long); i++) { 2411 2416 swap(((long *) &dentry->d_iname)[i], 2412 2417 ((long *) &target->d_iname)[i]); 2413 2418 } 2414 2419 } 2415 2420 } 2416 2416 - swap(dentry->d_name.len, target->d_name.len); 2421 2421 + swap(dentry->d_name.hash_len, target->d_name.hash_len); 2417 2422 } 2418 2423 2419 2424 static void dentry_lock_for_move(struct dentry *dentry, struct dentry *target) ··· 2449 2442 } 2450 2443 } 2451 2444 2452 2452 - static void dentry_unlock_parents_for_move(struct dentry *dentry, 2453 2453 - struct dentry *target) 2445 2445 + static void dentry_unlock_for_move(struct dentry *dentry, struct dentry *target) 2454 2446 { 2455 2447 if (target->d_parent != dentry->d_parent) 2456 2448 spin_unlock(&dentry->d_parent->d_lock); 2457 2449 if (target->d_parent != target) 2458 2450 spin_unlock(&target->d_parent->d_lock); 2451 2451 + spin_unlock(&target->d_lock); 2452 2452 + spin_unlock(&dentry->d_lock); 2459 2453 } 2460 2454 2461 2455 /* 2462 2456 * When switching names, the actual string doesn't strictly have to 2463 2457 * be preserved in the target - because we're dropping the target 2464 2458 * anyway. As such, we can just do a simple memcpy() to copy over 2465 2465 - * the new name before we switch. 2466 2466 - * 2467 2467 - * Note that we have to be a lot more careful about getting the hash 2468 2468 - * switched - we have to switch the hash value properly even if it 2469 2469 - * then no longer matches the actual (corrupted) string of the target. 2470 2470 - * The hash value has to match the hash queue that the dentry is on.. 2459 2459 + * the new name before we switch, unless we are going to rehash 2460 2460 + * it. Note that if we *do* unhash the target, we are not allowed 2461 2461 + * to rehash it without giving it a new name/hash key - whether 2462 2462 + * we swap or overwrite the names here, resulting name won't match 2463 2463 + * the reality in filesystem; it's only there for d_path() purposes. 2464 2464 + * Note that all of this is happening under rename_lock, so the 2465 2465 + * any hash lookup seeing it in the middle of manipulations will 2466 2466 + * be discarded anyway. So we do not care what happens to the hash 2467 2467 + * key in that case. 2471 2468 */ 2472 2469 /* 2473 2470 * __d_move - move a dentry ··· 2517 2506 d_hash(dentry->d_parent, dentry->d_name.hash)); 2518 2507 } 2519 2508 2520 2520 - list_del(&dentry->d_u.d_child); 2521 2521 - list_del(&target->d_u.d_child); 2522 2522 - 2523 2509 /* Switch the names.. */ 2524 2524 - switch_names(dentry, target); 2525 2525 - swap(dentry->d_name.hash, target->d_name.hash); 2510 2510 + switch_names(dentry, target, exchange); 2526 2511 2527 2527 - /* ... and switch the parents */ 2512 2512 + /* ... and switch them in the tree */ 2528 2513 if (IS_ROOT(dentry)) { 2514 2514 + /* splicing a tree */ 2529 2515 dentry->d_parent = target->d_parent; 2530 2516 target->d_parent = target; 2531 2531 - INIT_LIST_HEAD(&target->d_u.d_child); 2517 2517 + list_del_init(&target->d_u.d_child); 2518 2518 + list_move(&dentry->d_u.d_child, &dentry->d_parent->d_subdirs); 2532 2519 } else { 2520 2520 + /* swapping two dentries */ 2533 2521 swap(dentry->d_parent, target->d_parent); 2534 2534 - 2535 2535 - /* And add them back to the (new) parent lists */ 2536 2536 - list_add(&target->d_u.d_child, &target->d_parent->d_subdirs); 2522 2522 + list_move(&target->d_u.d_child, &target->d_parent->d_subdirs); 2523 2523 + list_move(&dentry->d_u.d_child, &dentry->d_parent->d_subdirs); 2524 2524 + if (exchange) 2525 2525 + fsnotify_d_move(target); 2526 2526 + fsnotify_d_move(dentry); 2537 2527 } 2538 2538 - 2539 2539 - list_add(&dentry->d_u.d_child, &dentry->d_parent->d_subdirs); 2540 2528 2541 2529 write_seqcount_end(&target->d_seq); 2542 2530 write_seqcount_end(&dentry->d_seq); 2543 2531 2544 2544 - dentry_unlock_parents_for_move(dentry, target); 2545 2545 - if (exchange) 2546 2546 - fsnotify_d_move(target); 2547 2547 - spin_unlock(&target->d_lock); 2548 2548 - fsnotify_d_move(dentry); 2549 2549 - spin_unlock(&dentry->d_lock); 2532 2532 + dentry_unlock_for_move(dentry, target); 2550 2533 } 2551 2534 2552 2535 /* ··· 2638 2633 return ret; 2639 2634 } 2640 2635 2641 2641 - /* 2642 2642 - * Prepare an anonymous dentry for life in the superblock's dentry tree as a 2643 2643 - * named dentry in place of the dentry to be replaced. 2644 2644 - * returns with anon->d_lock held! 2645 2645 - */ 2646 2646 - static void __d_materialise_dentry(struct dentry *dentry, struct dentry *anon) 2647 2647 - { 2648 2648 - struct dentry *dparent; 2649 2649 - 2650 2650 - dentry_lock_for_move(anon, dentry); 2651 2651 - 2652 2652 - write_seqcount_begin(&dentry->d_seq); 2653 2653 - write_seqcount_begin_nested(&anon->d_seq, DENTRY_D_LOCK_NESTED); 2654 2654 - 2655 2655 - dparent = dentry->d_parent; 2656 2656 - 2657 2657 - switch_names(dentry, anon); 2658 2658 - swap(dentry->d_name.hash, anon->d_name.hash); 2659 2659 - 2660 2660 - dentry->d_parent = dentry; 2661 2661 - list_del_init(&dentry->d_u.d_child); 2662 2662 - anon->d_parent = dparent; 2663 2663 - if (likely(!d_unhashed(anon))) { 2664 2664 - hlist_bl_lock(&anon->d_sb->s_anon); 2665 2665 - __hlist_bl_del(&anon->d_hash); 2666 2666 - anon->d_hash.pprev = NULL; 2667 2667 - hlist_bl_unlock(&anon->d_sb->s_anon); 2668 2668 - } 2669 2669 - list_move(&anon->d_u.d_child, &dparent->d_subdirs); 2670 2670 - 2671 2671 - write_seqcount_end(&dentry->d_seq); 2672 2672 - write_seqcount_end(&anon->d_seq); 2673 2673 - 2674 2674 - dentry_unlock_parents_for_move(anon, dentry); 2675 2675 - spin_unlock(&dentry->d_lock); 2676 2676 - 2677 2677 - /* anon->d_lock still locked, returns locked */ 2678 2678 - } 2679 2679 - 2680 2636 /** 2681 2637 * d_splice_alias - splice a disconnected dentry into the tree if one exists 2682 2638 * @inode: the inode which may have a disconnected dentry ··· 2683 2717 return ERR_PTR(-EIO); 2684 2718 } 2685 2719 write_seqlock(&rename_lock); 2686 2686 - __d_materialise_dentry(dentry, new); 2720 2720 + __d_move(new, dentry, false); 2687 2721 write_sequnlock(&rename_lock); 2688 2688 - _d_rehash(new); 2689 2689 - spin_unlock(&new->d_lock); 2690 2722 spin_unlock(&inode->i_lock); 2691 2723 security_d_instantiate(new, inode); 2692 2724 iput(inode); ··· 2744 2780 } else if (IS_ROOT(alias)) { 2745 2781 /* Is this an anonymous mountpoint that we 2746 2782 * could splice into our tree? */ 2747 2747 - __d_materialise_dentry(dentry, alias); 2783 2783 + __d_move(alias, dentry, false); 2748 2784 write_sequnlock(&rename_lock); 2749 2785 goto found; 2750 2786 } else { ··· 2771 2807 actual = __d_instantiate_unique(dentry, inode); 2772 2808 if (!actual) 2773 2809 actual = dentry; 2774 2774 - else 2775 2775 - BUG_ON(!d_unhashed(actual)); 2776 2810 2777 2777 - spin_lock(&actual->d_lock); 2811 2811 + d_rehash(actual); 2778 2812 found: 2779 2779 - _d_rehash(actual); 2780 2780 - spin_unlock(&actual->d_lock); 2781 2813 spin_unlock(&inode->i_lock); 2782 2814 out_nolock: 2783 2815 if (actual == dentry) {

+1 -1

fs/direct-io.c

··· 158 158 { 159 159 ssize_t ret; 160 160 161 161 - ret = iov_iter_get_pages(sdio->iter, dio->pages, DIO_PAGES, 161 161 + ret = iov_iter_get_pages(sdio->iter, dio->pages, LONG_MAX, DIO_PAGES, 162 162 &sdio->from); 163 163 164 164 if (ret < 0 && sdio->blocks_available && (dio->rw & WRITE)) {

+1

fs/fuse/file.c

··· 1305 1305 size_t start; 1306 1306 ssize_t ret = iov_iter_get_pages(ii, 1307 1307 &req->pages[req->num_pages], 1308 1308 + *nbytesp - nbytes, 1308 1309 req->max_pages - req->num_pages, 1309 1310 &start); 1310 1311 if (ret < 0)

+5 -1

fs/ufs/ialloc.c

··· 298 298 ufsi->i_oeftflag = 0; 299 299 ufsi->i_dir_start_lookup = 0; 300 300 memset(&ufsi->i_u1, 0, sizeof(ufsi->i_u1)); 301 301 - insert_inode_hash(inode); 301 301 + if (insert_inode_locked(inode) < 0) { 302 302 + err = -EIO; 303 303 + goto failed; 304 304 + } 302 305 mark_inode_dirty(inode); 303 306 304 307 if (uspi->fs_magic == UFS2_MAGIC) { ··· 340 337 fail_remove_inode: 341 338 unlock_ufs(sb); 342 339 clear_nlink(inode); 340 340 + unlock_new_inode(inode); 343 341 iput(inode); 344 342 UFSD("EXIT (FAILED): err %d\n", err); 345 343 return ERR_PTR(err);

+4

fs/ufs/namei.c

··· 38 38 { 39 39 int err = ufs_add_link(dentry, inode); 40 40 if (!err) { 41 41 + unlock_new_inode(inode); 41 42 d_instantiate(dentry, inode); 42 43 return 0; 43 44 } 44 45 inode_dec_link_count(inode); 46 46 + unlock_new_inode(inode); 45 47 iput(inode); 46 48 return err; 47 49 } ··· 157 155 158 156 out_fail: 159 157 inode_dec_link_count(inode); 158 158 + unlock_new_inode(inode); 160 159 iput(inode); 161 160 goto out; 162 161 } ··· 213 210 out_fail: 214 211 inode_dec_link_count(inode); 215 212 inode_dec_link_count(inode); 213 213 + unlock_new_inode(inode); 216 214 iput (inode); 217 215 inode_dec_link_count(dir); 218 216 unlock_ufs(dir->i_sb);

+1 -1

include/linux/uio.h

··· 84 84 void iov_iter_init(struct iov_iter *i, int direction, const struct iovec *iov, 85 85 unsigned long nr_segs, size_t count); 86 86 ssize_t iov_iter_get_pages(struct iov_iter *i, struct page **pages, 87 87 - unsigned maxpages, size_t *start); 87 87 + size_t maxsize, unsigned maxpages, size_t *start); 88 88 ssize_t iov_iter_get_pages_alloc(struct iov_iter *i, struct page ***pages, 89 89 size_t maxsize, size_t *start); 90 90 int iov_iter_npages(const struct iov_iter *i, int maxpages);

+9 -5

mm/iov_iter.c

··· 310 310 EXPORT_SYMBOL(iov_iter_init); 311 311 312 312 static ssize_t get_pages_iovec(struct iov_iter *i, 313 313 - struct page **pages, unsigned maxpages, 313 313 + struct page **pages, size_t maxsize, unsigned maxpages, 314 314 size_t *start) 315 315 { 316 316 size_t offset = i->iov_offset; ··· 323 323 len = iov->iov_len - offset; 324 324 if (len > i->count) 325 325 len = i->count; 326 326 + if (len > maxsize) 327 327 + len = maxsize; 326 328 addr = (unsigned long)iov->iov_base + offset; 327 329 len += *start = addr & (PAGE_SIZE - 1); 328 330 if (len > maxpages * PAGE_SIZE) ··· 590 588 } 591 589 592 590 static ssize_t get_pages_bvec(struct iov_iter *i, 593 593 - struct page **pages, unsigned maxpages, 591 591 + struct page **pages, size_t maxsize, unsigned maxpages, 594 592 size_t *start) 595 593 { 596 594 const struct bio_vec *bvec = i->bvec; 597 595 size_t len = bvec->bv_len - i->iov_offset; 598 596 if (len > i->count) 599 597 len = i->count; 598 598 + if (len > maxsize) 599 599 + len = maxsize; 600 600 /* can't be more than PAGE_SIZE */ 601 601 *start = bvec->bv_offset + i->iov_offset; 602 602 ··· 715 711 EXPORT_SYMBOL(iov_iter_alignment); 716 712 717 713 ssize_t iov_iter_get_pages(struct iov_iter *i, 718 718 - struct page **pages, unsigned maxpages, 714 714 + struct page **pages, size_t maxsize, unsigned maxpages, 719 715 size_t *start) 720 716 { 721 717 if (i->type & ITER_BVEC) 722 722 - return get_pages_bvec(i, pages, maxpages, start); 718 718 + return get_pages_bvec(i, pages, maxsize, maxpages, start); 723 719 else 724 724 - return get_pages_iovec(i, pages, maxpages, start); 720 720 + return get_pages_iovec(i, pages, maxsize, maxpages, start); 725 721 } 726 722 EXPORT_SYMBOL(iov_iter_get_pages); 727 723

+3 -1

mm/shmem.c

··· 2367 2367 2368 2368 if (new_dentry->d_inode) { 2369 2369 (void) shmem_unlink(new_dir, new_dentry); 2370 2370 - if (they_are_dirs) 2370 2370 + if (they_are_dirs) { 2371 2371 + drop_nlink(new_dentry->d_inode); 2371 2372 drop_nlink(old_dir); 2373 2373 + } 2372 2374 } else if (they_are_dirs) { 2373 2375 drop_nlink(old_dir); 2374 2376 inc_nlink(new_dir);