tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull vfs updates from Al Viro:
"The big thing in this pile is Eric's unmount-on-rmdir series; we
finally have everything we need for that. The final piece of prereqs
is delayed mntput() - now filesystem shutdown always happens on
shallow stack.

Other than that, we have several new primitives for iov_iter (Matt
Wilcox, culled from his XIP-related series) pushing the conversion to
->read_iter()/ ->write_iter() a bit more, a bunch of fs/dcache.c
cleanups and fixes (including the external name refcounting, which
gives consistent behaviour of d_move() wrt procfs symlinks for long
and short names alike) and assorted cleanups and fixes all over the
place.

This is just the first pile; there's a lot of stuff from various
people that ought to go in this window. Starting with
unionmount/overlayfs mess... ;-/"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (60 commits)
fs/file_table.c: Update alloc_file() comment
vfs: Deduplicate code shared by xattr system calls operating on paths
reiserfs: remove pointless forward declaration of struct nameidata
don't need that forward declaration of struct nameidata in dcache.h anymore
take dname_external() into fs/dcache.c
let path_init() failures treated the same way as subsequent link_path_walk()
fix misuses of f_count() in ppp and netlink
ncpfs: use list_for_each_entry() for d_subdirs walk
vfs: move getname() from callers to do_mount()
gfs2_atomic_open(): skip lookups on hashed dentry
[infiniband] remove pointless assignments
gadgetfs: saner API for gadgetfs_create_file()
f_fs: saner API for ffs_sb_create_file()
jfs: don't hash direct inode
[s390] remove pointless assignment of ->f_op in vmlogrdr ->open()
ecryptfs: ->f_op is never NULL
android: ->f_op is never NULL
nouveau: __iomem misannotations
missing annotation in fs/file.c
fs: namespace: suppress 'may be used uninitialized' warnings
...

Linus Torvalds 77c688ac 5e40d331

+898 -969
+1 -1
Documentation/filesystems/vfs.txt
··· 237 237 only called from a process context (i.e. not from an interrupt handler 238 238 or bottom half). 239 239 240 - alloc_inode: this method is called by inode_alloc() to allocate memory 240 + alloc_inode: this method is called by alloc_inode() to allocate memory 241 241 for struct inode and initialize it. If this function is not 242 242 defined, a simple 'struct inode' is allocated. Normally 243 243 alloc_inode will be used to allocate a larger structure which
+10 -13
arch/alpha/kernel/osf_sys.c
··· 446 446 * unhappy with OSF UFS. [CHECKME] 447 447 */ 448 448 static int 449 - osf_ufs_mount(const char *dirname, struct ufs_args __user *args, int flags) 449 + osf_ufs_mount(const char __user *dirname, 450 + struct ufs_args __user *args, int flags) 450 451 { 451 452 int retval; 452 453 struct cdfs_args tmp; ··· 467 466 } 468 467 469 468 static int 470 - osf_cdfs_mount(const char *dirname, struct cdfs_args __user *args, int flags) 469 + osf_cdfs_mount(const char __user *dirname, 470 + struct cdfs_args __user *args, int flags) 471 471 { 472 472 int retval; 473 473 struct cdfs_args tmp; ··· 488 486 } 489 487 490 488 static int 491 - osf_procfs_mount(const char *dirname, struct procfs_args __user *args, int flags) 489 + osf_procfs_mount(const char __user *dirname, 490 + struct procfs_args __user *args, int flags) 492 491 { 493 492 struct procfs_args tmp; 494 493 ··· 503 500 int, flag, void __user *, data) 504 501 { 505 502 int retval; 506 - struct filename *name; 507 503 508 - name = getname(path); 509 - retval = PTR_ERR(name); 510 - if (IS_ERR(name)) 511 - goto out; 512 504 switch (typenr) { 513 505 case 1: 514 - retval = osf_ufs_mount(name->name, data, flag); 506 + retval = osf_ufs_mount(path, data, flag); 515 507 break; 516 508 case 6: 517 - retval = osf_cdfs_mount(name->name, data, flag); 509 + retval = osf_cdfs_mount(path, data, flag); 518 510 break; 519 511 case 9: 520 - retval = osf_procfs_mount(name->name, data, flag); 512 + retval = osf_procfs_mount(path, data, flag); 521 513 break; 522 514 default: 523 515 retval = -EINVAL; 524 516 printk("osf_mount(%ld, %x)\n", typenr, flag); 525 517 } 526 - putname(name); 527 - out: 518 + 528 519 return retval; 529 520 } 530 521
+5 -16
arch/x86/ia32/ia32_aout.c
··· 308 308 (current->mm->start_brk = N_BSSADDR(ex)); 309 309 310 310 retval = setup_arg_pages(bprm, IA32_STACK_TOP, EXSTACK_DEFAULT); 311 - if (retval < 0) { 312 - /* Someone check-me: is this error path enough? */ 313 - send_sig(SIGKILL, current, 0); 311 + if (retval < 0) 314 312 return retval; 315 - } 316 313 317 314 install_exec_creds(bprm); 318 315 ··· 321 324 322 325 error = vm_brk(text_addr & PAGE_MASK, map_size); 323 326 324 - if (error != (text_addr & PAGE_MASK)) { 325 - send_sig(SIGKILL, current, 0); 327 + if (error != (text_addr & PAGE_MASK)) 326 328 return error; 327 - } 328 329 329 330 error = read_code(bprm->file, text_addr, 32, 330 331 ex.a_text + ex.a_data); 331 - if ((signed long)error < 0) { 332 - send_sig(SIGKILL, current, 0); 332 + if ((signed long)error < 0) 333 333 return error; 334 - } 335 334 } else { 336 335 #ifdef WARN_OLD 337 336 static unsigned long error_time, error_time2; ··· 361 368 MAP_EXECUTABLE | MAP_32BIT, 362 369 fd_offset); 363 370 364 - if (error != N_TXTADDR(ex)) { 365 - send_sig(SIGKILL, current, 0); 371 + if (error != N_TXTADDR(ex)) 366 372 return error; 367 - } 368 373 369 374 error = vm_mmap(bprm->file, N_DATADDR(ex), ex.a_data, 370 375 PROT_READ | PROT_WRITE | PROT_EXEC, 371 376 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | 372 377 MAP_EXECUTABLE | MAP_32BIT, 373 378 fd_offset + ex.a_text); 374 - if (error != N_DATADDR(ex)) { 375 - send_sig(SIGKILL, current, 0); 379 + if (error != N_DATADDR(ex)) 376 380 return error; 377 - } 378 381 } 379 382 beyond_if: 380 383 set_binfmt(&aout_format);
+18 -67
drivers/block/rsxx/core.c
··· 62 62 63 63 /* --------------------Debugfs Setup ------------------- */ 64 64 65 - struct rsxx_cram { 66 - u32 f_pos; 67 - u32 offset; 68 - void *i_private; 69 - }; 70 - 71 65 static int rsxx_attr_pci_regs_show(struct seq_file *m, void *p) 72 66 { 73 67 struct rsxx_cardinfo *card = m->private; ··· 178 184 static ssize_t rsxx_cram_read(struct file *fp, char __user *ubuf, 179 185 size_t cnt, loff_t *ppos) 180 186 { 181 - struct rsxx_cram *info = fp->private_data; 182 - struct rsxx_cardinfo *card = info->i_private; 187 + struct rsxx_cardinfo *card = file_inode(fp)->i_private; 183 188 char *buf; 184 - int st; 189 + ssize_t st; 185 190 186 - buf = kzalloc(sizeof(*buf) * cnt, GFP_KERNEL); 191 + buf = kzalloc(cnt, GFP_KERNEL); 187 192 if (!buf) 188 193 return -ENOMEM; 189 194 190 - info->f_pos = (u32)*ppos + info->offset; 191 - 192 - st = rsxx_creg_read(card, CREG_ADD_CRAM + info->f_pos, cnt, buf, 1); 193 - if (st) 194 - return st; 195 - 196 - st = copy_to_user(ubuf, buf, cnt); 197 - if (st) 198 - return st; 199 - 200 - info->offset += cnt; 201 - 195 + st = rsxx_creg_read(card, CREG_ADD_CRAM + (u32)*ppos, cnt, buf, 1); 196 + if (!st) 197 + st = copy_to_user(ubuf, buf, cnt); 202 198 kfree(buf); 203 - 199 + if (st) 200 + return st; 201 + *ppos += cnt; 204 202 return cnt; 205 203 } 206 204 207 205 static ssize_t rsxx_cram_write(struct file *fp, const char __user *ubuf, 208 206 size_t cnt, loff_t *ppos) 209 207 { 210 - struct rsxx_cram *info = fp->private_data; 211 - struct rsxx_cardinfo *card = info->i_private; 208 + struct rsxx_cardinfo *card = file_inode(fp)->i_private; 212 209 char *buf; 213 - int st; 210 + ssize_t st; 214 211 215 - buf = kzalloc(sizeof(*buf) * cnt, GFP_KERNEL); 212 + buf = kzalloc(cnt, GFP_KERNEL); 216 213 if (!buf) 217 214 return -ENOMEM; 218 215 219 216 st = copy_from_user(buf, ubuf, cnt); 220 - if (st) 221 - return st; 222 - 223 - info->f_pos = (u32)*ppos + info->offset; 224 - 225 - st = rsxx_creg_write(card, CREG_ADD_CRAM + info->f_pos, cnt, buf, 1); 226 - if (st) 227 - return st; 228 - 229 - info->offset += cnt; 230 - 217 + if (!st) 218 + st = rsxx_creg_write(card, CREG_ADD_CRAM + (u32)*ppos, cnt, 219 + buf, 1); 231 220 kfree(buf); 232 - 221 + if (st) 222 + return st; 223 + *ppos += cnt; 233 224 return cnt; 234 - } 235 - 236 - static int rsxx_cram_open(struct inode *inode, struct file *file) 237 - { 238 - struct rsxx_cram *info = kzalloc(sizeof(*info), GFP_KERNEL); 239 - if (!info) 240 - return -ENOMEM; 241 - 242 - info->i_private = inode->i_private; 243 - info->f_pos = file->f_pos; 244 - file->private_data = info; 245 - 246 - return 0; 247 - } 248 - 249 - static int rsxx_cram_release(struct inode *inode, struct file *file) 250 - { 251 - struct rsxx_cram *info = file->private_data; 252 - 253 - if (!info) 254 - return 0; 255 - 256 - kfree(info); 257 - file->private_data = NULL; 258 - 259 - return 0; 260 225 } 261 226 262 227 static const struct file_operations debugfs_cram_fops = { 263 228 .owner = THIS_MODULE, 264 - .open = rsxx_cram_open, 265 229 .read = rsxx_cram_read, 266 230 .write = rsxx_cram_write, 267 - .release = rsxx_cram_release, 268 231 }; 269 232 270 233 static const struct file_operations debugfs_stats_fops = {
+8 -14
drivers/bluetooth/hci_vhci.c
··· 160 160 } 161 161 162 162 static inline ssize_t vhci_get_user(struct vhci_data *data, 163 - const struct iovec *iov, 164 - unsigned long count) 163 + struct iov_iter *from) 165 164 { 166 - size_t len = iov_length(iov, count); 165 + size_t len = iov_iter_count(from); 167 166 struct sk_buff *skb; 168 167 __u8 pkt_type, opcode; 169 - unsigned long i; 170 168 int ret; 171 169 172 170 if (len < 2 || len > HCI_MAX_FRAME_SIZE) ··· 174 176 if (!skb) 175 177 return -ENOMEM; 176 178 177 - for (i = 0; i < count; i++) { 178 - if (copy_from_user(skb_put(skb, iov[i].iov_len), 179 - iov[i].iov_base, iov[i].iov_len)) { 180 - kfree_skb(skb); 181 - return -EFAULT; 182 - } 179 + if (copy_from_iter(skb_put(skb, len), len, from) != len) { 180 + kfree_skb(skb); 181 + return -EFAULT; 183 182 } 184 183 185 184 pkt_type = *((__u8 *) skb->data); ··· 289 294 return ret; 290 295 } 291 296 292 - static ssize_t vhci_write(struct kiocb *iocb, const struct iovec *iov, 293 - unsigned long count, loff_t pos) 297 + static ssize_t vhci_write(struct kiocb *iocb, struct iov_iter *from) 294 298 { 295 299 struct file *file = iocb->ki_filp; 296 300 struct vhci_data *data = file->private_data; 297 301 298 - return vhci_get_user(data, iov, count); 302 + return vhci_get_user(data, from); 299 303 } 300 304 301 305 static unsigned int vhci_poll(struct file *file, poll_table *wait) ··· 359 365 static const struct file_operations vhci_fops = { 360 366 .owner = THIS_MODULE, 361 367 .read = vhci_read, 362 - .aio_write = vhci_write, 368 + .write_iter = vhci_write, 363 369 .poll = vhci_poll, 364 370 .open = vhci_open, 365 371 .release = vhci_release,
+17 -47
drivers/char/mem.c
··· 622 622 return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_null); 623 623 } 624 624 625 - static ssize_t read_zero(struct file *file, char __user *buf, 626 - size_t count, loff_t *ppos) 627 - { 628 - size_t written; 629 - 630 - if (!count) 631 - return 0; 632 - 633 - if (!access_ok(VERIFY_WRITE, buf, count)) 634 - return -EFAULT; 635 - 636 - written = 0; 637 - while (count) { 638 - unsigned long unwritten; 639 - size_t chunk = count; 640 - 641 - if (chunk > PAGE_SIZE) 642 - chunk = PAGE_SIZE; /* Just for latency reasons */ 643 - unwritten = __clear_user(buf, chunk); 644 - written += chunk - unwritten; 645 - if (unwritten) 646 - break; 647 - if (signal_pending(current)) 648 - return written ? written : -ERESTARTSYS; 649 - buf += chunk; 650 - count -= chunk; 651 - cond_resched(); 652 - } 653 - return written ? written : -EFAULT; 654 - } 655 - 656 - static ssize_t aio_read_zero(struct kiocb *iocb, const struct iovec *iov, 657 - unsigned long nr_segs, loff_t pos) 625 + static ssize_t read_iter_zero(struct kiocb *iocb, struct iov_iter *iter) 658 626 { 659 627 size_t written = 0; 660 - unsigned long i; 661 - ssize_t ret; 662 628 663 - for (i = 0; i < nr_segs; i++) { 664 - ret = read_zero(iocb->ki_filp, iov[i].iov_base, iov[i].iov_len, 665 - &pos); 666 - if (ret < 0) 667 - break; 668 - written += ret; 629 + while (iov_iter_count(iter)) { 630 + size_t chunk = iov_iter_count(iter), n; 631 + if (chunk > PAGE_SIZE) 632 + chunk = PAGE_SIZE; /* Just for latency reasons */ 633 + n = iov_iter_zero(chunk, iter); 634 + if (!n && iov_iter_count(iter)) 635 + return written ? written : -EFAULT; 636 + written += n; 637 + if (signal_pending(current)) 638 + return written ? written : -ERESTARTSYS; 639 + cond_resched(); 669 640 } 670 - 671 - return written ? written : -EFAULT; 641 + return written; 672 642 } 673 643 674 644 static int mmap_zero(struct file *file, struct vm_area_struct *vma) ··· 708 738 #define zero_lseek null_lseek 709 739 #define full_lseek null_lseek 710 740 #define write_zero write_null 711 - #define read_full read_zero 712 741 #define aio_write_zero aio_write_null 713 742 #define open_mem open_port 714 743 #define open_kmem open_mem ··· 752 783 753 784 static const struct file_operations zero_fops = { 754 785 .llseek = zero_lseek, 755 - .read = read_zero, 786 + .read = new_sync_read, 756 787 .write = write_zero, 757 - .aio_read = aio_read_zero, 788 + .read_iter = read_iter_zero, 758 789 .aio_write = aio_write_zero, 759 790 .mmap = mmap_zero, 760 791 }; ··· 771 802 772 803 static const struct file_operations full_fops = { 773 804 .llseek = full_lseek, 774 - .read = read_full, 805 + .read = new_sync_read, 806 + .read_iter = read_iter_zero, 775 807 .write = write_full, 776 808 }; 777 809
+1 -1
drivers/dma-buf/dma-buf.c
··· 799 799 seq_printf(s, "%08zu\t%08x\t%08x\t%08ld\t%s\n", 800 800 buf_obj->size, 801 801 buf_obj->file->f_flags, buf_obj->file->f_mode, 802 - (long)(buf_obj->file->f_count.counter), 802 + file_count(buf_obj->file), 803 803 buf_obj->exp_name); 804 804 805 805 seq_puts(s, "\tAttached Devices:\n");
+2 -2
drivers/gpu/drm/nouveau/nouveau_nvif.c
··· 40 40 #include "nouveau_usif.h" 41 41 42 42 static void 43 - nvkm_client_unmap(void *priv, void *ptr, u32 size) 43 + nvkm_client_unmap(void *priv, void __iomem *ptr, u32 size) 44 44 { 45 45 iounmap(ptr); 46 46 } 47 47 48 - static void * 48 + static void __iomem * 49 49 nvkm_client_map(void *priv, u64 handle, u32 size) 50 50 { 51 51 return ioremap(handle, size);
+2 -2
drivers/gpu/drm/nouveau/nvif/driver.h
··· 9 9 int (*suspend)(void *priv); 10 10 int (*resume)(void *priv); 11 11 int (*ioctl)(void *priv, bool super, void *data, u32 size, void **hack); 12 - void *(*map)(void *priv, u64 handle, u32 size); 13 - void (*unmap)(void *priv, void *ptr, u32 size); 12 + void __iomem *(*map)(void *priv, u64 handle, u32 size); 13 + void (*unmap)(void *priv, void __iomem *ptr, u32 size); 14 14 bool keep; 15 15 }; 16 16
+3 -3
drivers/gpu/drm/nouveau/nvif/object.h
··· 14 14 void *priv; /*XXX: hack */ 15 15 void (*dtor)(struct nvif_object *); 16 16 struct { 17 - void *ptr; 17 + void __iomem *ptr; 18 18 u32 size; 19 19 } map; 20 20 }; ··· 42 42 struct nvif_object *_object = nvif_object(a); \ 43 43 u32 _data; \ 44 44 if (likely(_object->map.ptr)) \ 45 - _data = ioread##b##_native((u8 *)_object->map.ptr + (c)); \ 45 + _data = ioread##b##_native((u8 __iomem *)_object->map.ptr + (c)); \ 46 46 else \ 47 47 _data = nvif_object_rd(_object, (b) / 8, (c)); \ 48 48 _data; \ ··· 50 50 #define nvif_wr(a,b,c,d) ({ \ 51 51 struct nvif_object *_object = nvif_object(a); \ 52 52 if (likely(_object->map.ptr)) \ 53 - iowrite##b##_native((d), (u8 *)_object->map.ptr + (c)); \ 53 + iowrite##b##_native((d), (u8 __iomem *)_object->map.ptr + (c)); \ 54 54 else \ 55 55 nvif_object_wr(_object, (b) / 8, (c), (d)); \ 56 56 })
-1
drivers/infiniband/hw/ipath/ipath_fs.c
··· 82 82 { 83 83 int error; 84 84 85 - *dentry = NULL; 86 85 mutex_lock(&parent->d_inode->i_mutex); 87 86 *dentry = lookup_one_len(name, parent, strlen(name)); 88 87 if (!IS_ERR(*dentry))
-1
drivers/infiniband/hw/qib/qib_fs.c
··· 89 89 { 90 90 int error; 91 91 92 - *dentry = NULL; 93 92 mutex_lock(&parent->d_inode->i_mutex); 94 93 *dentry = lookup_one_len(name, parent, strlen(name)); 95 94 if (!IS_ERR(*dentry))
+3 -27
drivers/misc/carma/carma-fpga-program.c
··· 749 749 loff_t *f_pos) 750 750 { 751 751 struct fpga_dev *priv = filp->private_data; 752 - 753 - count = min_t(size_t, priv->bytes - *f_pos, count); 754 - if (copy_to_user(buf, priv->vb.vaddr + *f_pos, count)) 755 - return -EFAULT; 756 - 757 - *f_pos += count; 758 - return count; 752 + return simple_read_from_buffer(buf, count, ppos, 753 + priv->vb.vaddr, priv->bytes); 759 754 } 760 755 761 756 static loff_t fpga_llseek(struct file *filp, loff_t offset, int origin) ··· 762 767 if ((filp->f_flags & O_ACCMODE) != O_RDONLY) 763 768 return -EINVAL; 764 769 765 - switch (origin) { 766 - case SEEK_SET: /* seek relative to the beginning of the file */ 767 - newpos = offset; 768 - break; 769 - case SEEK_CUR: /* seek relative to current position in the file */ 770 - newpos = filp->f_pos + offset; 771 - break; 772 - case SEEK_END: /* seek relative to the end of the file */ 773 - newpos = priv->fw_size - offset; 774 - break; 775 - default: 776 - return -EINVAL; 777 - } 778 - 779 - /* check for sanity */ 780 - if (newpos > priv->fw_size) 781 - return -EINVAL; 782 - 783 - filp->f_pos = newpos; 784 - return newpos; 770 + return fixed_size_llseek(file, offset, origin, priv->fw_size); 785 771 } 786 772 787 773 static const struct file_operations fpga_fops = {
+1 -1
drivers/net/ppp/ppp_generic.c
··· 594 594 if (file == ppp->owner) 595 595 ppp_shutdown_interface(ppp); 596 596 } 597 - if (atomic_long_read(&file->f_count) <= 2) { 597 + if (atomic_long_read(&file->f_count) < 2) { 598 598 ppp_release(NULL, file); 599 599 err = 0; 600 600 } else
-1
drivers/s390/char/vmlogrdr.c
··· 338 338 339 339 /* set the file options */ 340 340 filp->private_data = logptr; 341 - filp->f_op = &vmlogrdr_fops; 342 341 343 342 /* start recording for this service*/ 344 343 if (logptr->autorecording) {
+1 -1
drivers/staging/android/ashmem.c
··· 339 339 goto out; 340 340 } 341 341 342 - ret = asma->file->f_op->llseek(asma->file, offset, origin); 342 + ret = vfs_llseek(asma->file, offset, origin); 343 343 if (ret < 0) 344 344 goto out; 345 345
+1 -1
drivers/staging/android/ion/compat_ion.c
··· 125 125 { 126 126 long ret; 127 127 128 - if (!filp->f_op || !filp->f_op->unlocked_ioctl) 128 + if (!filp->f_op->unlocked_ioctl) 129 129 return -ENOTTY; 130 130 131 131 switch (cmd) {
+27 -78
drivers/staging/android/logger.c
··· 411 411 } 412 412 413 413 /* 414 - * do_write_log - writes 'len' bytes from 'buf' to 'log' 415 - * 416 - * The caller needs to hold log->mutex. 417 - */ 418 - static void do_write_log(struct logger_log *log, const void *buf, size_t count) 419 - { 420 - size_t len; 421 - 422 - len = min(count, log->size - log->w_off); 423 - memcpy(log->buffer + log->w_off, buf, len); 424 - 425 - if (count != len) 426 - memcpy(log->buffer, buf + len, count - len); 427 - 428 - log->w_off = logger_offset(log, log->w_off + count); 429 - 430 - } 431 - 432 - /* 433 - * do_write_log_user - writes 'len' bytes from the user-space buffer 'buf' to 434 - * the log 'log' 435 - * 436 - * The caller needs to hold log->mutex. 437 - * 438 - * Returns 'count' on success, negative error code on failure. 439 - */ 440 - static ssize_t do_write_log_from_user(struct logger_log *log, 441 - const void __user *buf, size_t count) 442 - { 443 - size_t len; 444 - 445 - len = min(count, log->size - log->w_off); 446 - if (len && copy_from_user(log->buffer + log->w_off, buf, len)) 447 - return -EFAULT; 448 - 449 - if (count != len) 450 - if (copy_from_user(log->buffer, buf + len, count - len)) 451 - /* 452 - * Note that by not updating w_off, this abandons the 453 - * portion of the new entry that *was* successfully 454 - * copied, just above. This is intentional to avoid 455 - * message corruption from missing fragments. 456 - */ 457 - return -EFAULT; 458 - 459 - log->w_off = logger_offset(log, log->w_off + count); 460 - 461 - return count; 462 - } 463 - 464 - /* 465 - * logger_aio_write - our write method, implementing support for write(), 414 + * logger_write_iter - our write method, implementing support for write(), 466 415 * writev(), and aio_write(). Writes are our fast path, and we try to optimize 467 416 * them above all else. 468 417 */ 469 - static ssize_t logger_aio_write(struct kiocb *iocb, const struct iovec *iov, 470 - unsigned long nr_segs, loff_t ppos) 418 + static ssize_t logger_write_iter(struct kiocb *iocb, struct iov_iter *from) 471 419 { 472 420 struct logger_log *log = file_get_log(iocb->ki_filp); 473 - size_t orig; 474 421 struct logger_entry header; 475 422 struct timespec now; 476 - ssize_t ret = 0; 423 + size_t len, count; 424 + 425 + count = min_t(size_t, iocb->ki_nbytes, LOGGER_ENTRY_MAX_PAYLOAD); 477 426 478 427 now = current_kernel_time(); 479 428 ··· 431 482 header.sec = now.tv_sec; 432 483 header.nsec = now.tv_nsec; 433 484 header.euid = current_euid(); 434 - header.len = min_t(size_t, iocb->ki_nbytes, LOGGER_ENTRY_MAX_PAYLOAD); 485 + header.len = count; 435 486 header.hdr_size = sizeof(struct logger_entry); 436 487 437 488 /* null writes succeed, return zero */ ··· 439 490 return 0; 440 491 441 492 mutex_lock(&log->mutex); 442 - 443 - orig = log->w_off; 444 493 445 494 /* 446 495 * Fix up any readers, pulling them forward to the first readable ··· 448 501 */ 449 502 fix_up_readers(log, sizeof(struct logger_entry) + header.len); 450 503 451 - do_write_log(log, &header, sizeof(struct logger_entry)); 504 + len = min(sizeof(header), log->size - log->w_off); 505 + memcpy(log->buffer + log->w_off, &header, len); 506 + memcpy(log->buffer, (char *)&header + len, sizeof(header) - len); 452 507 453 - while (nr_segs-- > 0) { 454 - size_t len; 455 - ssize_t nr; 508 + len = min(count, log->size - log->w_off); 456 509 457 - /* figure out how much of this vector we can keep */ 458 - len = min_t(size_t, iov->iov_len, header.len - ret); 459 - 460 - /* write out this segment's payload */ 461 - nr = do_write_log_from_user(log, iov->iov_base, len); 462 - if (unlikely(nr < 0)) { 463 - log->w_off = orig; 464 - mutex_unlock(&log->mutex); 465 - return nr; 466 - } 467 - 468 - iov++; 469 - ret += nr; 510 + if (copy_from_iter(log->buffer + log->w_off, len, from) != len) { 511 + /* 512 + * Note that by not updating w_off, this abandons the 513 + * portion of the new entry that *was* successfully 514 + * copied, just above. This is intentional to avoid 515 + * message corruption from missing fragments. 516 + */ 517 + mutex_unlock(&log->mutex); 518 + return -EFAULT; 470 519 } 471 520 521 + if (copy_from_iter(log->buffer, count - len, from) != count - len) { 522 + mutex_unlock(&log->mutex); 523 + return -EFAULT; 524 + } 525 + 526 + log->w_off = logger_offset(log, log->w_off + count); 472 527 mutex_unlock(&log->mutex); 473 528 474 529 /* wake up any blocked readers */ 475 530 wake_up_interruptible(&log->wq); 476 531 477 - return ret; 532 + return len; 478 533 } 479 534 480 535 static struct logger_log *get_log_from_minor(int minor) ··· 685 736 static const struct file_operations logger_fops = { 686 737 .owner = THIS_MODULE, 687 738 .read = logger_read, 688 - .aio_write = logger_aio_write, 739 + .write_iter = logger_write_iter, 689 740 .poll = logger_poll, 690 741 .unlocked_ioctl = logger_ioctl, 691 742 .compat_ioctl = logger_ioctl,
+3 -25
drivers/staging/vme/devices/vme_user.c
··· 410 410 411 411 static loff_t vme_user_llseek(struct file *file, loff_t off, int whence) 412 412 { 413 - loff_t absolute = -1; 414 413 unsigned int minor = MINOR(file_inode(file)->i_rdev); 415 414 size_t image_size; 415 + loff_t res; 416 416 417 417 if (minor == CONTROL_MINOR) 418 418 return -EINVAL; 419 419 420 420 mutex_lock(&image[minor].mutex); 421 421 image_size = vme_get_size(image[minor].resource); 422 - 423 - switch (whence) { 424 - case SEEK_SET: 425 - absolute = off; 426 - break; 427 - case SEEK_CUR: 428 - absolute = file->f_pos + off; 429 - break; 430 - case SEEK_END: 431 - absolute = image_size + off; 432 - break; 433 - default: 434 - mutex_unlock(&image[minor].mutex); 435 - return -EINVAL; 436 - } 437 - 438 - if ((absolute < 0) || (absolute >= image_size)) { 439 - mutex_unlock(&image[minor].mutex); 440 - return -EINVAL; 441 - } 442 - 443 - file->f_pos = absolute; 444 - 422 + res = fixed_size_llseek(file, off, whence, image_size); 445 423 mutex_unlock(&image[minor].mutex); 446 424 447 - return absolute; 425 + return res; 448 426 } 449 427 450 428 /*
+10 -14
drivers/usb/gadget/function/f_fs.c
··· 164 164 static int __must_check ffs_epfiles_create(struct ffs_data *ffs); 165 165 static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count); 166 166 167 - static struct inode *__must_check 167 + static struct dentry * 168 168 ffs_sb_create_file(struct super_block *sb, const char *name, void *data, 169 - const struct file_operations *fops, 170 - struct dentry **dentry_p); 169 + const struct file_operations *fops); 171 170 172 171 /* Devices management *******************************************************/ 173 172 ··· 1118 1119 } 1119 1120 1120 1121 /* Create "regular" file */ 1121 - static struct inode *ffs_sb_create_file(struct super_block *sb, 1122 + static struct dentry *ffs_sb_create_file(struct super_block *sb, 1122 1123 const char *name, void *data, 1123 - const struct file_operations *fops, 1124 - struct dentry **dentry_p) 1124 + const struct file_operations *fops) 1125 1125 { 1126 1126 struct ffs_data *ffs = sb->s_fs_info; 1127 1127 struct dentry *dentry; ··· 1139 1141 } 1140 1142 1141 1143 d_add(dentry, inode); 1142 - if (dentry_p) 1143 - *dentry_p = dentry; 1144 - 1145 - return inode; 1144 + return dentry; 1146 1145 } 1147 1146 1148 1147 /* Super block */ ··· 1184 1189 1185 1190 /* EP0 file */ 1186 1191 if (unlikely(!ffs_sb_create_file(sb, "ep0", ffs, 1187 - &ffs_ep0_operations, NULL))) 1192 + &ffs_ep0_operations))) 1188 1193 return -ENOMEM; 1189 1194 1190 1195 return 0; ··· 1556 1561 sprintf(epfiles->name, "ep%02x", ffs->eps_addrmap[i]); 1557 1562 else 1558 1563 sprintf(epfiles->name, "ep%u", i); 1559 - if (!unlikely(ffs_sb_create_file(ffs->sb, epfiles->name, epfile, 1560 - &ffs_epfile_operations, 1561 - &epfile->dentry))) { 1564 + epfile->dentry = ffs_sb_create_file(ffs->sb, epfiles->name, 1565 + epfile, 1566 + &ffs_epfile_operations); 1567 + if (unlikely(!epfile->dentry)) { 1562 1568 ffs_epfiles_destroy(epfiles, i - 1); 1563 1569 return -ENOMEM; 1564 1570 }
+10 -16
drivers/usb/gadget/legacy/inode.c
··· 198 198 struct list_head epfiles; 199 199 wait_queue_head_t wait; 200 200 struct dentry *dentry; 201 - struct inode *inode; 202 201 }; 203 202 204 203 static inline void get_ep (struct ep_data *data) ··· 1617 1618 } 1618 1619 1619 1620 1620 - static struct inode * 1621 + static struct dentry * 1621 1622 gadgetfs_create_file (struct super_block *sb, char const *name, 1622 - void *data, const struct file_operations *fops, 1623 - struct dentry **dentry_p); 1623 + void *data, const struct file_operations *fops); 1624 1624 1625 1625 static int activate_ep_files (struct dev_data *dev) 1626 1626 { ··· 1647 1649 if (!data->req) 1648 1650 goto enomem1; 1649 1651 1650 - data->inode = gadgetfs_create_file (dev->sb, data->name, 1651 - data, &ep_config_operations, 1652 - &data->dentry); 1653 - if (!data->inode) 1652 + data->dentry = gadgetfs_create_file (dev->sb, data->name, 1653 + data, &ep_config_operations); 1654 + if (!data->dentry) 1654 1655 goto enomem2; 1655 1656 list_add_tail (&data->epfiles, &dev->epfiles); 1656 1657 } ··· 2009 2012 /* creates in fs root directory, so non-renamable and non-linkable. 2010 2013 * so inode and dentry are paired, until device reconfig. 2011 2014 */ 2012 - static struct inode * 2015 + static struct dentry * 2013 2016 gadgetfs_create_file (struct super_block *sb, char const *name, 2014 - void *data, const struct file_operations *fops, 2015 - struct dentry **dentry_p) 2017 + void *data, const struct file_operations *fops) 2016 2018 { 2017 2019 struct dentry *dentry; 2018 2020 struct inode *inode; ··· 2027 2031 return NULL; 2028 2032 } 2029 2033 d_add (dentry, inode); 2030 - *dentry_p = dentry; 2031 - return inode; 2034 + return dentry; 2032 2035 } 2033 2036 2034 2037 static const struct super_operations gadget_fs_operations = { ··· 2075 2080 goto Enomem; 2076 2081 2077 2082 dev->sb = sb; 2078 - if (!gadgetfs_create_file (sb, CHIP, 2079 - dev, &dev_init_operations, 2080 - &dev->dentry)) { 2083 + dev->dentry = gadgetfs_create_file(sb, CHIP, dev, &dev_init_operations); 2084 + if (!dev->dentry) { 2081 2085 put_dev(dev); 2082 2086 goto Enomem; 2083 2087 }
+2 -2
fs/9p/fid.c
··· 65 65 { 66 66 struct p9_fid *fid, *ret; 67 67 68 - p9_debug(P9_DEBUG_VFS, " dentry: %s (%p) uid %d any %d\n", 69 - dentry->d_name.name, dentry, from_kuid(&init_user_ns, uid), 68 + p9_debug(P9_DEBUG_VFS, " dentry: %pd (%p) uid %d any %d\n", 69 + dentry, dentry, from_kuid(&init_user_ns, uid), 70 70 any); 71 71 ret = NULL; 72 72 /* we'll recheck under lock if there's anything to look in */
+2 -2
fs/9p/vfs_addr.c
··· 266 266 * Now that we do caching with cache mode enabled, We need 267 267 * to support direct IO 268 268 */ 269 - p9_debug(P9_DEBUG_VFS, "v9fs_direct_IO: v9fs_direct_IO (%s) off/no(%lld/%lu) EINVAL\n", 270 - iocb->ki_filp->f_path.dentry->d_name.name, 269 + p9_debug(P9_DEBUG_VFS, "v9fs_direct_IO: v9fs_direct_IO (%pD) off/no(%lld/%lu) EINVAL\n", 270 + iocb->ki_filp, 271 271 (long long)pos, iter->nr_segs); 272 272 273 273 return -EINVAL;
+4 -4
fs/9p/vfs_dentry.c
··· 49 49 */ 50 50 static int v9fs_cached_dentry_delete(const struct dentry *dentry) 51 51 { 52 - p9_debug(P9_DEBUG_VFS, " dentry: %s (%p)\n", 53 - dentry->d_name.name, dentry); 52 + p9_debug(P9_DEBUG_VFS, " dentry: %pd (%p)\n", 53 + dentry, dentry); 54 54 55 55 /* Don't cache negative dentries */ 56 56 if (!dentry->d_inode) ··· 67 67 static void v9fs_dentry_release(struct dentry *dentry) 68 68 { 69 69 struct hlist_node *p, *n; 70 - p9_debug(P9_DEBUG_VFS, " dentry: %s (%p)\n", 71 - dentry->d_name.name, dentry); 70 + p9_debug(P9_DEBUG_VFS, " dentry: %pd (%p)\n", 71 + dentry, dentry); 72 72 hlist_for_each_safe(p, n, (struct hlist_head *)&dentry->d_fsdata) 73 73 p9_client_clunk(hlist_entry(p, struct p9_fid, dlist)); 74 74 dentry->d_fsdata = NULL;
+2 -2
fs/9p/vfs_dir.c
··· 116 116 int reclen = 0; 117 117 struct p9_rdir *rdir; 118 118 119 - p9_debug(P9_DEBUG_VFS, "name %s\n", file->f_path.dentry->d_name.name); 119 + p9_debug(P9_DEBUG_VFS, "name %pD\n", file); 120 120 fid = file->private_data; 121 121 122 122 buflen = fid->clnt->msize - P9_IOHDRSZ; ··· 172 172 struct p9_rdir *rdir; 173 173 struct p9_dirent curdirent; 174 174 175 - p9_debug(P9_DEBUG_VFS, "name %s\n", file->f_path.dentry->d_name.name); 175 + p9_debug(P9_DEBUG_VFS, "name %pD\n", file); 176 176 fid = file->private_data; 177 177 178 178 buflen = fid->clnt->msize - P9_READDIRHDRSZ;
+4 -4
fs/9p/vfs_file.c
··· 301 301 struct inode *inode = file_inode(filp); 302 302 int ret = -ENOLCK; 303 303 304 - p9_debug(P9_DEBUG_VFS, "filp: %p cmd:%d lock: %p name: %s\n", 305 - filp, cmd, fl, filp->f_path.dentry->d_name.name); 304 + p9_debug(P9_DEBUG_VFS, "filp: %p cmd:%d lock: %p name: %pD\n", 305 + filp, cmd, fl, filp); 306 306 307 307 /* No mandatory locks */ 308 308 if (__mandatory_lock(inode) && fl->fl_type != F_UNLCK) ··· 337 337 struct inode *inode = file_inode(filp); 338 338 int ret = -ENOLCK; 339 339 340 - p9_debug(P9_DEBUG_VFS, "filp: %p cmd:%d lock: %p name: %s\n", 341 - filp, cmd, fl, filp->f_path.dentry->d_name.name); 340 + p9_debug(P9_DEBUG_VFS, "filp: %p cmd:%d lock: %p name: %pD\n", 341 + filp, cmd, fl, filp); 342 342 343 343 /* No mandatory locks */ 344 344 if (__mandatory_lock(inode) && fl->fl_type != F_UNLCK)
+16 -16
fs/9p/vfs_inode.c
··· 648 648 struct p9_fid *dfid, *ofid, *fid; 649 649 struct inode *inode; 650 650 651 - p9_debug(P9_DEBUG_VFS, "name %s\n", dentry->d_name.name); 651 + p9_debug(P9_DEBUG_VFS, "name %pd\n", dentry); 652 652 653 653 err = 0; 654 654 ofid = NULL; ··· 755 755 struct p9_fid *fid; 756 756 struct v9fs_session_info *v9ses; 757 757 758 - p9_debug(P9_DEBUG_VFS, "name %s\n", dentry->d_name.name); 758 + p9_debug(P9_DEBUG_VFS, "name %pd\n", dentry); 759 759 err = 0; 760 760 v9ses = v9fs_inode2v9ses(dir); 761 761 perm = unixmode2p9mode(v9ses, mode | S_IFDIR); ··· 791 791 struct inode *inode; 792 792 char *name; 793 793 794 - p9_debug(P9_DEBUG_VFS, "dir: %p dentry: (%s) %p flags: %x\n", 795 - dir, dentry->d_name.name, dentry, flags); 794 + p9_debug(P9_DEBUG_VFS, "dir: %p dentry: (%pd) %p flags: %x\n", 795 + dir, dentry, dentry, flags); 796 796 797 797 if (dentry->d_name.len > NAME_MAX) 798 798 return ERR_PTR(-ENAMETOOLONG); ··· 1239 1239 struct p9_fid *fid; 1240 1240 struct p9_wstat *st; 1241 1241 1242 - p9_debug(P9_DEBUG_VFS, " %s\n", dentry->d_name.name); 1242 + p9_debug(P9_DEBUG_VFS, " %pd\n", dentry); 1243 1243 retval = -EPERM; 1244 1244 v9ses = v9fs_dentry2v9ses(dentry); 1245 1245 fid = v9fs_fid_lookup(dentry); ··· 1262 1262 retval = min(strlen(st->extension)+1, (size_t)buflen); 1263 1263 memcpy(buffer, st->extension, retval); 1264 1264 1265 - p9_debug(P9_DEBUG_VFS, "%s -> %s (%.*s)\n", 1266 - dentry->d_name.name, st->extension, buflen, buffer); 1265 + p9_debug(P9_DEBUG_VFS, "%pd -> %s (%.*s)\n", 1266 + dentry, st->extension, buflen, buffer); 1267 1267 1268 1268 done: 1269 1269 p9stat_free(st); ··· 1283 1283 int len = 0; 1284 1284 char *link = __getname(); 1285 1285 1286 - p9_debug(P9_DEBUG_VFS, "%s\n", dentry->d_name.name); 1286 + p9_debug(P9_DEBUG_VFS, "%pd\n", dentry); 1287 1287 1288 1288 if (!link) 1289 1289 link = ERR_PTR(-ENOMEM); ··· 1314 1314 { 1315 1315 char *s = nd_get_link(nd); 1316 1316 1317 - p9_debug(P9_DEBUG_VFS, " %s %s\n", 1318 - dentry->d_name.name, IS_ERR(s) ? "<error>" : s); 1317 + p9_debug(P9_DEBUG_VFS, " %pd %s\n", 1318 + dentry, IS_ERR(s) ? "<error>" : s); 1319 1319 if (!IS_ERR(s)) 1320 1320 __putname(s); 1321 1321 } ··· 1364 1364 static int 1365 1365 v9fs_vfs_symlink(struct inode *dir, struct dentry *dentry, const char *symname) 1366 1366 { 1367 - p9_debug(P9_DEBUG_VFS, " %lu,%s,%s\n", 1368 - dir->i_ino, dentry->d_name.name, symname); 1367 + p9_debug(P9_DEBUG_VFS, " %lu,%pd,%s\n", 1368 + dir->i_ino, dentry, symname); 1369 1369 1370 1370 return v9fs_vfs_mkspecial(dir, dentry, P9_DMSYMLINK, symname); 1371 1371 } ··· 1386 1386 char *name; 1387 1387 struct p9_fid *oldfid; 1388 1388 1389 - p9_debug(P9_DEBUG_VFS, " %lu,%s,%s\n", 1390 - dir->i_ino, dentry->d_name.name, old_dentry->d_name.name); 1389 + p9_debug(P9_DEBUG_VFS, " %lu,%pd,%pd\n", 1390 + dir->i_ino, dentry, old_dentry); 1391 1391 1392 1392 oldfid = v9fs_fid_clone(old_dentry); 1393 1393 if (IS_ERR(oldfid)) ··· 1428 1428 char *name; 1429 1429 u32 perm; 1430 1430 1431 - p9_debug(P9_DEBUG_VFS, " %lu,%s mode: %hx MAJOR: %u MINOR: %u\n", 1432 - dir->i_ino, dentry->d_name.name, mode, 1431 + p9_debug(P9_DEBUG_VFS, " %lu,%pd mode: %hx MAJOR: %u MINOR: %u\n", 1432 + dir->i_ino, dentry, mode, 1433 1433 MAJOR(rdev), MINOR(rdev)); 1434 1434 1435 1435 if (!new_valid_dev(rdev))
+4 -4
fs/9p/vfs_inode_dotl.c
··· 393 393 struct dentry *dir_dentry; 394 394 struct posix_acl *dacl = NULL, *pacl = NULL; 395 395 396 - p9_debug(P9_DEBUG_VFS, "name %s\n", dentry->d_name.name); 396 + p9_debug(P9_DEBUG_VFS, "name %pd\n", dentry); 397 397 err = 0; 398 398 v9ses = v9fs_inode2v9ses(dir); 399 399 ··· 767 767 struct p9_fid *dfid, *oldfid; 768 768 struct v9fs_session_info *v9ses; 769 769 770 - p9_debug(P9_DEBUG_VFS, "dir ino: %lu, old_name: %s, new_name: %s\n", 771 - dir->i_ino, old_dentry->d_name.name, dentry->d_name.name); 770 + p9_debug(P9_DEBUG_VFS, "dir ino: %lu, old_name: %pd, new_name: %pd\n", 771 + dir->i_ino, old_dentry, dentry); 772 772 773 773 v9ses = v9fs_inode2v9ses(dir); 774 774 dir_dentry = dentry->d_parent; ··· 917 917 char *link = __getname(); 918 918 char *target; 919 919 920 - p9_debug(P9_DEBUG_VFS, "%s\n", dentry->d_name.name); 920 + p9_debug(P9_DEBUG_VFS, "%pd\n", dentry); 921 921 922 922 if (!link) { 923 923 link = ERR_PTR(-ENOMEM);
-5
fs/afs/dir.c
··· 669 669 670 670 out_valid: 671 671 dentry->d_fsdata = dir_version; 672 - out_skip: 673 672 dput(parent); 674 673 key_put(key); 675 674 _leave(" = 1 [valid]"); ··· 681 682 spin_unlock(&dentry->d_lock); 682 683 683 684 out_bad: 684 - /* don't unhash if we have submounts */ 685 - if (check_submounts_and_drop(dentry) != 0) 686 - goto out_skip; 687 - 688 685 _debug("dropping dentry %s/%s", 689 686 parent->d_name.name, dentry->d_name.name); 690 687 dput(parent);
-6
fs/autofs4/expire.c
··· 255 255 struct autofs_info *ino = autofs4_dentry_ino(p); 256 256 unsigned int ino_count = atomic_read(&ino->count); 257 257 258 - /* 259 - * Clean stale dentries below that have not been 260 - * invalidated after a mount fail during lookup 261 - */ 262 - d_invalidate(p); 263 - 264 258 /* allow for dget above and top is already dgot */ 265 259 if (p == top) 266 260 ino_count += 2;
+6 -19
fs/binfmt_aout.c
··· 256 256 (current->mm->start_brk = N_BSSADDR(ex)); 257 257 258 258 retval = setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); 259 - if (retval < 0) { 260 - /* Someone check-me: is this error path enough? */ 261 - send_sig(SIGKILL, current, 0); 259 + if (retval < 0) 262 260 return retval; 263 - } 264 261 265 262 install_exec_creds(bprm); 266 263 ··· 275 278 map_size = ex.a_text+ex.a_data; 276 279 #endif 277 280 error = vm_brk(text_addr & PAGE_MASK, map_size); 278 - if (error != (text_addr & PAGE_MASK)) { 279 - send_sig(SIGKILL, current, 0); 281 + if (error != (text_addr & PAGE_MASK)) 280 282 return error; 281 - } 282 283 283 284 error = read_code(bprm->file, text_addr, pos, 284 285 ex.a_text+ex.a_data); 285 - if ((signed long)error < 0) { 286 - send_sig(SIGKILL, current, 0); 286 + if ((signed long)error < 0) 287 287 return error; 288 - } 289 288 } else { 290 289 if ((ex.a_text & 0xfff || ex.a_data & 0xfff) && 291 290 (N_MAGIC(ex) != NMAGIC) && printk_ratelimit()) ··· 308 315 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, 309 316 fd_offset); 310 317 311 - if (error != N_TXTADDR(ex)) { 312 - send_sig(SIGKILL, current, 0); 318 + if (error != N_TXTADDR(ex)) 313 319 return error; 314 - } 315 320 316 321 error = vm_mmap(bprm->file, N_DATADDR(ex), ex.a_data, 317 322 PROT_READ | PROT_WRITE | PROT_EXEC, 318 323 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, 319 324 fd_offset + ex.a_text); 320 - if (error != N_DATADDR(ex)) { 321 - send_sig(SIGKILL, current, 0); 325 + if (error != N_DATADDR(ex)) 322 326 return error; 323 - } 324 327 } 325 328 beyond_if: 326 329 set_binfmt(&aout_format); 327 330 328 331 retval = set_brk(current->mm->start_brk, current->mm->brk); 329 - if (retval < 0) { 330 - send_sig(SIGKILL, current, 0); 332 + if (retval < 0) 331 333 return retval; 332 - } 333 334 334 335 current->mm->start_stack = 335 336 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
+5 -20
fs/binfmt_elf.c
··· 738 738 change some of these later */ 739 739 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP), 740 740 executable_stack); 741 - if (retval < 0) { 742 - send_sig(SIGKILL, current, 0); 741 + if (retval < 0) 743 742 goto out_free_dentry; 744 - } 745 743 746 744 current->mm->start_stack = bprm->p; 747 745 ··· 761 763 and clear the area. */ 762 764 retval = set_brk(elf_bss + load_bias, 763 765 elf_brk + load_bias); 764 - if (retval) { 765 - send_sig(SIGKILL, current, 0); 766 + if (retval) 766 767 goto out_free_dentry; 767 - } 768 768 nbyte = ELF_PAGEOFFSET(elf_bss); 769 769 if (nbyte) { 770 770 nbyte = ELF_MIN_ALIGN - nbyte; ··· 816 820 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, 817 821 elf_prot, elf_flags, 0); 818 822 if (BAD_ADDR(error)) { 819 - send_sig(SIGKILL, current, 0); 820 823 retval = IS_ERR((void *)error) ? 821 824 PTR_ERR((void*)error) : -EINVAL; 822 825 goto out_free_dentry; ··· 846 851 elf_ppnt->p_memsz > TASK_SIZE || 847 852 TASK_SIZE - elf_ppnt->p_memsz < k) { 848 853 /* set_brk can never work. Avoid overflows. */ 849 - send_sig(SIGKILL, current, 0); 850 854 retval = -EINVAL; 851 855 goto out_free_dentry; 852 856 } ··· 877 883 * up getting placed where the bss needs to go. 878 884 */ 879 885 retval = set_brk(elf_bss, elf_brk); 880 - if (retval) { 881 - send_sig(SIGKILL, current, 0); 886 + if (retval) 882 887 goto out_free_dentry; 883 - } 884 888 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { 885 - send_sig(SIGSEGV, current, 0); 886 889 retval = -EFAULT; /* Nobody gets to see this, but.. */ 887 890 goto out_free_dentry; 888 891 } ··· 900 909 elf_entry += loc->interp_elf_ex.e_entry; 901 910 } 902 911 if (BAD_ADDR(elf_entry)) { 903 - force_sig(SIGSEGV, current); 904 912 retval = IS_ERR((void *)elf_entry) ? 905 913 (int)elf_entry : -EINVAL; 906 914 goto out_free_dentry; ··· 912 922 } else { 913 923 elf_entry = loc->elf_ex.e_entry; 914 924 if (BAD_ADDR(elf_entry)) { 915 - force_sig(SIGSEGV, current); 916 925 retval = -EINVAL; 917 926 goto out_free_dentry; 918 927 } ··· 923 934 924 935 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES 925 936 retval = arch_setup_additional_pages(bprm, !!elf_interpreter); 926 - if (retval < 0) { 927 - send_sig(SIGKILL, current, 0); 937 + if (retval < 0) 928 938 goto out; 929 - } 930 939 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */ 931 940 932 941 install_exec_creds(bprm); 933 942 retval = create_elf_tables(bprm, &loc->elf_ex, 934 943 load_addr, interp_load_addr); 935 - if (retval < 0) { 936 - send_sig(SIGKILL, current, 0); 944 + if (retval < 0) 937 945 goto out; 938 - } 939 946 /* N.B. passed_fileno might not be initialized? */ 940 947 current->mm->end_code = end_code; 941 948 current->mm->start_code = start_code;
+8 -16
fs/binfmt_elf_fdpic.c
··· 317 317 goto error; 318 318 319 319 /* there's now no turning back... the old userspace image is dead, 320 - * defunct, deceased, etc. after this point we have to exit via 321 - * error_kill */ 320 + * defunct, deceased, etc. 321 + */ 322 322 set_personality(PER_LINUX_FDPIC); 323 323 if (elf_read_implies_exec(&exec_params.hdr, executable_stack)) 324 324 current->personality |= READ_IMPLIES_EXEC; ··· 343 343 344 344 retval = setup_arg_pages(bprm, current->mm->start_stack, 345 345 executable_stack); 346 - if (retval < 0) { 347 - send_sig(SIGKILL, current, 0); 348 - goto error_kill; 349 - } 346 + if (retval < 0) 347 + goto error; 350 348 #endif 351 349 352 350 /* load the executable and interpreter into memory */ 353 351 retval = elf_fdpic_map_file(&exec_params, bprm->file, current->mm, 354 352 "executable"); 355 353 if (retval < 0) 356 - goto error_kill; 354 + goto error; 357 355 358 356 if (interpreter_name) { 359 357 retval = elf_fdpic_map_file(&interp_params, interpreter, 360 358 current->mm, "interpreter"); 361 359 if (retval < 0) { 362 360 printk(KERN_ERR "Unable to load interpreter\n"); 363 - goto error_kill; 361 + goto error; 364 362 } 365 363 366 364 allow_write_access(interpreter); ··· 395 397 if (IS_ERR_VALUE(current->mm->start_brk)) { 396 398 retval = current->mm->start_brk; 397 399 current->mm->start_brk = 0; 398 - goto error_kill; 400 + goto error; 399 401 } 400 402 401 403 current->mm->brk = current->mm->start_brk; ··· 408 410 install_exec_creds(bprm); 409 411 if (create_elf_fdpic_tables(bprm, current->mm, 410 412 &exec_params, &interp_params) < 0) 411 - goto error_kill; 413 + goto error; 412 414 413 415 kdebug("- start_code %lx", current->mm->start_code); 414 416 kdebug("- end_code %lx", current->mm->end_code); ··· 447 449 kfree(interp_params.phdrs); 448 450 kfree(interp_params.loadmap); 449 451 return retval; 450 - 451 - /* unrecoverable error - kill the process */ 452 - error_kill: 453 - send_sig(SIGSEGV, current, 0); 454 - goto error; 455 - 456 452 } 457 453 458 454 /*****************************************************************************/
+1 -4
fs/btrfs/ioctl.c
··· 2419 2419 goto out_dput; 2420 2420 } 2421 2421 2422 - err = d_invalidate(dentry); 2423 - if (err) 2424 - goto out_unlock; 2422 + d_invalidate(dentry); 2425 2423 2426 2424 down_write(&root->fs_info->subvol_sem); 2427 2425 ··· 2504 2506 btrfs_subvolume_release_metadata(root, &block_rsv, qgroup_reserved); 2505 2507 out_up_write: 2506 2508 up_write(&root->fs_info->subvol_sem); 2507 - out_unlock: 2508 2509 if (err) { 2509 2510 spin_lock(&dest->root_item_lock); 2510 2511 root_flags = btrfs_root_flags(&dest->root_item);
+5
fs/buffer.c
··· 2318 2318 err = 0; 2319 2319 2320 2320 balance_dirty_pages_ratelimited(mapping); 2321 + 2322 + if (unlikely(fatal_signal_pending(current))) { 2323 + err = -EINTR; 2324 + goto out; 2325 + } 2321 2326 } 2322 2327 2323 2328 /* page covers the boundary, find the boundary offset */
+18 -28
fs/cachefiles/rdwr.c
··· 880 880 { 881 881 struct cachefiles_object *object; 882 882 struct cachefiles_cache *cache; 883 - mm_segment_t old_fs; 884 883 struct file *file; 885 884 struct path path; 886 885 loff_t pos, eof; ··· 913 914 if (IS_ERR(file)) { 914 915 ret = PTR_ERR(file); 915 916 } else { 916 - ret = -EIO; 917 - if (file->f_op->write) { 918 - pos = (loff_t) page->index << PAGE_SHIFT; 917 + pos = (loff_t) page->index << PAGE_SHIFT; 919 918 920 - /* we mustn't write more data than we have, so we have 921 - * to beware of a partial page at EOF */ 922 - eof = object->fscache.store_limit_l; 923 - len = PAGE_SIZE; 924 - if (eof & ~PAGE_MASK) { 925 - ASSERTCMP(pos, <, eof); 926 - if (eof - pos < PAGE_SIZE) { 927 - _debug("cut short %llx to %llx", 928 - pos, eof); 929 - len = eof - pos; 930 - ASSERTCMP(pos + len, ==, eof); 931 - } 919 + /* we mustn't write more data than we have, so we have 920 + * to beware of a partial page at EOF */ 921 + eof = object->fscache.store_limit_l; 922 + len = PAGE_SIZE; 923 + if (eof & ~PAGE_MASK) { 924 + ASSERTCMP(pos, <, eof); 925 + if (eof - pos < PAGE_SIZE) { 926 + _debug("cut short %llx to %llx", 927 + pos, eof); 928 + len = eof - pos; 929 + ASSERTCMP(pos + len, ==, eof); 932 930 } 933 - 934 - data = kmap(page); 935 - file_start_write(file); 936 - old_fs = get_fs(); 937 - set_fs(KERNEL_DS); 938 - ret = file->f_op->write( 939 - file, (const void __user *) data, len, &pos); 940 - set_fs(old_fs); 941 - kunmap(page); 942 - file_end_write(file); 943 - if (ret != len) 944 - ret = -EIO; 945 931 } 932 + 933 + data = kmap(page); 934 + ret = __kernel_write(file, data, len, &pos); 935 + kunmap(page); 936 + if (ret != len) 937 + ret = -EIO; 946 938 fput(file); 947 939 } 948 940
-1
fs/ceph/dir.c
··· 1069 1069 ceph_dentry_lru_touch(dentry); 1070 1070 } else { 1071 1071 ceph_dir_clear_complete(dir); 1072 - d_drop(dentry); 1073 1072 } 1074 1073 iput(dir); 1075 1074 return valid;
+7 -7
fs/cifs/dir.c
··· 461 461 462 462 xid = get_xid(); 463 463 464 - cifs_dbg(FYI, "parent inode = 0x%p name is: %s and dentry = 0x%p\n", 465 - inode, direntry->d_name.name, direntry); 464 + cifs_dbg(FYI, "parent inode = 0x%p name is: %pd and dentry = 0x%p\n", 465 + inode, direntry, direntry); 466 466 467 467 tlink = cifs_sb_tlink(CIFS_SB(inode->i_sb)); 468 468 if (IS_ERR(tlink)) { ··· 540 540 struct cifs_fid fid; 541 541 __u32 oplock; 542 542 543 - cifs_dbg(FYI, "cifs_create parent inode = 0x%p name is: %s and dentry = 0x%p\n", 544 - inode, direntry->d_name.name, direntry); 543 + cifs_dbg(FYI, "cifs_create parent inode = 0x%p name is: %pd and dentry = 0x%p\n", 544 + inode, direntry, direntry); 545 545 546 546 tlink = cifs_sb_tlink(CIFS_SB(inode->i_sb)); 547 547 rc = PTR_ERR(tlink); ··· 713 713 714 714 xid = get_xid(); 715 715 716 - cifs_dbg(FYI, "parent inode = 0x%p name is: %s and dentry = 0x%p\n", 717 - parent_dir_inode, direntry->d_name.name, direntry); 716 + cifs_dbg(FYI, "parent inode = 0x%p name is: %pd and dentry = 0x%p\n", 717 + parent_dir_inode, direntry, direntry); 718 718 719 719 /* check whether path exists */ 720 720 ··· 833 833 { 834 834 int rc = 0; 835 835 836 - cifs_dbg(FYI, "In cifs d_delete, name = %s\n", direntry->d_name.name); 836 + cifs_dbg(FYI, "In cifs d_delete, name = %pd\n", direntry); 837 837 838 838 return rc; 839 839 } */
+6 -6
fs/cifs/file.c
··· 1650 1650 1651 1651 cifs_sb = CIFS_SB(dentry->d_sb); 1652 1652 1653 - cifs_dbg(FYI, "write %zd bytes to offset %lld of %s\n", 1654 - write_size, *offset, dentry->d_name.name); 1653 + cifs_dbg(FYI, "write %zd bytes to offset %lld of %pd\n", 1654 + write_size, *offset, dentry); 1655 1655 1656 1656 tcon = tlink_tcon(open_file->tlink); 1657 1657 server = tcon->ses->server; ··· 2273 2273 2274 2274 xid = get_xid(); 2275 2275 2276 - cifs_dbg(FYI, "Sync file - name: %s datasync: 0x%x\n", 2277 - file->f_path.dentry->d_name.name, datasync); 2276 + cifs_dbg(FYI, "Sync file - name: %pD datasync: 0x%x\n", 2277 + file, datasync); 2278 2278 2279 2279 if (!CIFS_CACHE_READ(CIFS_I(inode))) { 2280 2280 rc = cifs_zap_mapping(inode); ··· 2315 2315 2316 2316 xid = get_xid(); 2317 2317 2318 - cifs_dbg(FYI, "Sync file - name: %s datasync: 0x%x\n", 2319 - file->f_path.dentry->d_name.name, datasync); 2318 + cifs_dbg(FYI, "Sync file - name: %pD datasync: 0x%x\n", 2319 + file, datasync); 2320 2320 2321 2321 tcon = tlink_tcon(smbfile->tlink); 2322 2322 if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOSSYNC)) {
+6 -6
fs/cifs/inode.c
··· 1419 1419 d_instantiate(dentry, newinode); 1420 1420 1421 1421 #ifdef CONFIG_CIFS_DEBUG2 1422 - cifs_dbg(FYI, "instantiated dentry %p %s to inode %p\n", 1423 - dentry, dentry->d_name.name, newinode); 1422 + cifs_dbg(FYI, "instantiated dentry %p %pd to inode %p\n", 1423 + dentry, dentry, newinode); 1424 1424 1425 1425 if (newinode->i_nlink != 2) 1426 1426 cifs_dbg(FYI, "unexpected number of links %d\n", ··· 2111 2111 struct cifs_unix_set_info_args *args = NULL; 2112 2112 struct cifsFileInfo *open_file; 2113 2113 2114 - cifs_dbg(FYI, "setattr_unix on file %s attrs->ia_valid=0x%x\n", 2115 - direntry->d_name.name, attrs->ia_valid); 2114 + cifs_dbg(FYI, "setattr_unix on file %pd attrs->ia_valid=0x%x\n", 2115 + direntry, attrs->ia_valid); 2116 2116 2117 2117 xid = get_xid(); 2118 2118 ··· 2254 2254 2255 2255 xid = get_xid(); 2256 2256 2257 - cifs_dbg(FYI, "setattr on file %s attrs->iavalid 0x%x\n", 2258 - direntry->d_name.name, attrs->ia_valid); 2257 + cifs_dbg(FYI, "setattr on file %pd attrs->iavalid 0x%x\n", 2258 + direntry, attrs->ia_valid); 2259 2259 2260 2260 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_PERM) 2261 2261 attrs->ia_valid |= ATTR_FORCE;
+1 -5
fs/cifs/readdir.c
··· 87 87 return; 88 88 89 89 if (dentry) { 90 - int err; 91 - 92 90 inode = dentry->d_inode; 93 91 if (inode) { 94 92 /* ··· 103 105 goto out; 104 106 } 105 107 } 106 - err = d_invalidate(dentry); 108 + d_invalidate(dentry); 107 109 dput(dentry); 108 - if (err) 109 - return; 110 110 } 111 111 112 112 /*
+11 -17
fs/compat.c
··· 794 794 char *kernel_type; 795 795 unsigned long data_page; 796 796 char *kernel_dev; 797 - struct filename *dir; 798 797 int retval; 799 798 800 - retval = copy_mount_string(type, &kernel_type); 801 - if (retval < 0) 799 + kernel_type = copy_mount_string(type); 800 + retval = PTR_ERR(kernel_type); 801 + if (IS_ERR(kernel_type)) 802 802 goto out; 803 803 804 - dir = getname(dir_name); 805 - retval = PTR_ERR(dir); 806 - if (IS_ERR(dir)) 804 + kernel_dev = copy_mount_string(dev_name); 805 + retval = PTR_ERR(kernel_dev); 806 + if (IS_ERR(kernel_dev)) 807 807 goto out1; 808 - 809 - retval = copy_mount_string(dev_name, &kernel_dev); 810 - if (retval < 0) 811 - goto out2; 812 808 813 809 retval = copy_mount_options(data, &data_page); 814 810 if (retval < 0) 815 - goto out3; 811 + goto out2; 816 812 817 813 retval = -EINVAL; 818 814 ··· 817 821 do_ncp_super_data_conv((void *)data_page); 818 822 } else if (!strcmp(kernel_type, NFS4_NAME)) { 819 823 if (do_nfs4_super_data_conv((void *) data_page)) 820 - goto out4; 824 + goto out3; 821 825 } 822 826 } 823 827 824 - retval = do_mount(kernel_dev, dir->name, kernel_type, 828 + retval = do_mount(kernel_dev, dir_name, kernel_type, 825 829 flags, (void*)data_page); 826 830 827 - out4: 828 - free_page(data_page); 829 831 out3: 830 - kfree(kernel_dev); 832 + free_page(data_page); 831 833 out2: 832 - putname(dir); 834 + kfree(kernel_dev); 833 835 out1: 834 836 kfree(kernel_type); 835 837 out:
+131 -128
fs/dcache.c
··· 235 235 return dentry_string_cmp(cs, ct, tcount); 236 236 } 237 237 238 + struct external_name { 239 + union { 240 + atomic_t count; 241 + struct rcu_head head; 242 + } u; 243 + unsigned char name[]; 244 + }; 245 + 246 + static inline struct external_name *external_name(struct dentry *dentry) 247 + { 248 + return container_of(dentry->d_name.name, struct external_name, name[0]); 249 + } 250 + 238 251 static void __d_free(struct rcu_head *head) 239 252 { 240 253 struct dentry *dentry = container_of(head, struct dentry, d_u.d_rcu); 241 254 242 255 WARN_ON(!hlist_unhashed(&dentry->d_alias)); 243 - if (dname_external(dentry)) 244 - kfree(dentry->d_name.name); 245 256 kmem_cache_free(dentry_cache, dentry); 257 + } 258 + 259 + static void __d_free_external(struct rcu_head *head) 260 + { 261 + struct dentry *dentry = container_of(head, struct dentry, d_u.d_rcu); 262 + WARN_ON(!hlist_unhashed(&dentry->d_alias)); 263 + kfree(external_name(dentry)); 264 + kmem_cache_free(dentry_cache, dentry); 265 + } 266 + 267 + static inline int dname_external(const struct dentry *dentry) 268 + { 269 + return dentry->d_name.name != dentry->d_iname; 246 270 } 247 271 248 272 static void dentry_free(struct dentry *dentry) 249 273 { 274 + if (unlikely(dname_external(dentry))) { 275 + struct external_name *p = external_name(dentry); 276 + if (likely(atomic_dec_and_test(&p->u.count))) { 277 + call_rcu(&dentry->d_u.d_rcu, __d_free_external); 278 + return; 279 + } 280 + } 250 281 /* if dentry was never visible to RCU, immediate free is OK */ 251 282 if (!(dentry->d_flags & DCACHE_RCUACCESS)) 252 283 __d_free(&dentry->d_u.d_rcu); ··· 487 456 * inform the fs via d_prune that this dentry is about to be 488 457 * unhashed and destroyed. 489 458 */ 490 - if ((dentry->d_flags & DCACHE_OP_PRUNE) && !d_unhashed(dentry)) 459 + if (dentry->d_flags & DCACHE_OP_PRUNE) 491 460 dentry->d_op->d_prune(dentry); 492 461 493 462 if (dentry->d_flags & DCACHE_LRU_LIST) { ··· 650 619 } 651 620 EXPORT_SYMBOL(dput); 652 621 653 - /** 654 - * d_invalidate - invalidate a dentry 655 - * @dentry: dentry to invalidate 656 - * 657 - * Try to invalidate the dentry if it turns out to be 658 - * possible. If there are other dentries that can be 659 - * reached through this one we can't delete it and we 660 - * return -EBUSY. On success we return 0. 661 - * 662 - * no dcache lock. 663 - */ 664 - 665 - int d_invalidate(struct dentry * dentry) 666 - { 667 - /* 668 - * If it's already been dropped, return OK. 669 - */ 670 - spin_lock(&dentry->d_lock); 671 - if (d_unhashed(dentry)) { 672 - spin_unlock(&dentry->d_lock); 673 - return 0; 674 - } 675 - /* 676 - * Check whether to do a partial shrink_dcache 677 - * to get rid of unused child entries. 678 - */ 679 - if (!list_empty(&dentry->d_subdirs)) { 680 - spin_unlock(&dentry->d_lock); 681 - shrink_dcache_parent(dentry); 682 - spin_lock(&dentry->d_lock); 683 - } 684 - 685 - /* 686 - * Somebody else still using it? 687 - * 688 - * If it's a directory, we can't drop it 689 - * for fear of somebody re-populating it 690 - * with children (even though dropping it 691 - * would make it unreachable from the root, 692 - * we might still populate it if it was a 693 - * working directory or similar). 694 - * We also need to leave mountpoints alone, 695 - * directory or not. 696 - */ 697 - if (dentry->d_lockref.count > 1 && dentry->d_inode) { 698 - if (S_ISDIR(dentry->d_inode->i_mode) || d_mountpoint(dentry)) { 699 - spin_unlock(&dentry->d_lock); 700 - return -EBUSY; 701 - } 702 - } 703 - 704 - __d_drop(dentry); 705 - spin_unlock(&dentry->d_lock); 706 - return 0; 707 - } 708 - EXPORT_SYMBOL(d_invalidate); 709 622 710 623 /* This must be called with d_lock held */ 711 624 static inline void __dget_dlock(struct dentry *dentry) ··· 710 735 * acquire the reference to alias and return it. Otherwise return NULL. 711 736 * Notice that if inode is a directory there can be only one alias and 712 737 * it can be unhashed only if it has no children, or if it is the root 713 - * of a filesystem. 738 + * of a filesystem, or if the directory was renamed and d_revalidate 739 + * was the first vfs operation to notice. 714 740 * 715 741 * If the inode has an IS_ROOT, DCACHE_DISCONNECTED alias, then prefer 716 742 * any other hashed alias over that one. ··· 775 799 hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) { 776 800 spin_lock(&dentry->d_lock); 777 801 if (!dentry->d_lockref.count) { 778 - /* 779 - * inform the fs via d_prune that this dentry 780 - * is about to be unhashed and destroyed. 781 - */ 782 - if ((dentry->d_flags & DCACHE_OP_PRUNE) && 783 - !d_unhashed(dentry)) 784 - dentry->d_op->d_prune(dentry); 785 - 786 - __dget_dlock(dentry); 787 - __d_drop(dentry); 788 - spin_unlock(&dentry->d_lock); 789 - spin_unlock(&inode->i_lock); 790 - dput(dentry); 791 - goto restart; 802 + struct dentry *parent = lock_parent(dentry); 803 + if (likely(!dentry->d_lockref.count)) { 804 + __dentry_kill(dentry); 805 + goto restart; 806 + } 807 + if (parent) 808 + spin_unlock(&parent->d_lock); 792 809 } 793 810 spin_unlock(&dentry->d_lock); 794 811 } ··· 1162 1193 * reachable (e.g. NFS can unhash a directory dentry and then the complete 1163 1194 * subtree can become unreachable). 1164 1195 * 1165 - * Only one of check_submounts_and_drop() and d_set_mounted() must succeed. For 1196 + * Only one of d_invalidate() and d_set_mounted() must succeed. For 1166 1197 * this reason take rename_lock and d_lock on dentry and ancestors. 1167 1198 */ 1168 1199 int d_set_mounted(struct dentry *dentry) ··· 1171 1202 int ret = -ENOENT; 1172 1203 write_seqlock(&rename_lock); 1173 1204 for (p = dentry->d_parent; !IS_ROOT(p); p = p->d_parent) { 1174 - /* Need exclusion wrt. check_submounts_and_drop() */ 1205 + /* Need exclusion wrt. d_invalidate() */ 1175 1206 spin_lock(&p->d_lock); 1176 1207 if (unlikely(d_unhashed(p))) { 1177 1208 spin_unlock(&p->d_lock); ··· 1315 1346 } 1316 1347 } 1317 1348 1318 - static enum d_walk_ret check_and_collect(void *_data, struct dentry *dentry) 1349 + struct detach_data { 1350 + struct select_data select; 1351 + struct dentry *mountpoint; 1352 + }; 1353 + static enum d_walk_ret detach_and_collect(void *_data, struct dentry *dentry) 1319 1354 { 1320 - struct select_data *data = _data; 1355 + struct detach_data *data = _data; 1321 1356 1322 1357 if (d_mountpoint(dentry)) { 1323 - data->found = -EBUSY; 1358 + __dget_dlock(dentry); 1359 + data->mountpoint = dentry; 1324 1360 return D_WALK_QUIT; 1325 1361 } 1326 1362 1327 - return select_collect(_data, dentry); 1363 + return select_collect(&data->select, dentry); 1328 1364 } 1329 1365 1330 1366 static void check_and_drop(void *_data) 1331 1367 { 1332 - struct select_data *data = _data; 1368 + struct detach_data *data = _data; 1333 1369 1334 - if (d_mountpoint(data->start)) 1335 - data->found = -EBUSY; 1336 - if (!data->found) 1337 - __d_drop(data->start); 1370 + if (!data->mountpoint && !data->select.found) 1371 + __d_drop(data->select.start); 1338 1372 } 1339 1373 1340 1374 /** 1341 - * check_submounts_and_drop - prune dcache, check for submounts and drop 1375 + * d_invalidate - detach submounts, prune dcache, and drop 1376 + * @dentry: dentry to invalidate (aka detach, prune and drop) 1342 1377 * 1343 - * All done as a single atomic operation relative to has_unlinked_ancestor(). 1344 - * Returns 0 if successfully unhashed @parent. If there were submounts then 1345 - * return -EBUSY. 1378 + * no dcache lock. 1346 1379 * 1347 - * @dentry: dentry to prune and drop 1380 + * The final d_drop is done as an atomic operation relative to 1381 + * rename_lock ensuring there are no races with d_set_mounted. This 1382 + * ensures there are no unhashed dentries on the path to a mountpoint. 1348 1383 */ 1349 - int check_submounts_and_drop(struct dentry *dentry) 1384 + void d_invalidate(struct dentry *dentry) 1350 1385 { 1351 - int ret = 0; 1386 + /* 1387 + * If it's already been dropped, return OK. 1388 + */ 1389 + spin_lock(&dentry->d_lock); 1390 + if (d_unhashed(dentry)) { 1391 + spin_unlock(&dentry->d_lock); 1392 + return; 1393 + } 1394 + spin_unlock(&dentry->d_lock); 1352 1395 1353 1396 /* Negative dentries can be dropped without further checks */ 1354 1397 if (!dentry->d_inode) { 1355 1398 d_drop(dentry); 1356 - goto out; 1399 + return; 1357 1400 } 1358 1401 1359 1402 for (;;) { 1360 - struct select_data data; 1403 + struct detach_data data; 1361 1404 1362 - INIT_LIST_HEAD(&data.dispose); 1363 - data.start = dentry; 1364 - data.found = 0; 1405 + data.mountpoint = NULL; 1406 + INIT_LIST_HEAD(&data.select.dispose); 1407 + data.select.start = dentry; 1408 + data.select.found = 0; 1365 1409 1366 - d_walk(dentry, &data, check_and_collect, check_and_drop); 1367 - ret = data.found; 1410 + d_walk(dentry, &data, detach_and_collect, check_and_drop); 1368 1411 1369 - if (!list_empty(&data.dispose)) 1370 - shrink_dentry_list(&data.dispose); 1412 + if (data.select.found) 1413 + shrink_dentry_list(&data.select.dispose); 1371 1414 1372 - if (ret <= 0) 1415 + if (data.mountpoint) { 1416 + detach_mounts(data.mountpoint); 1417 + dput(data.mountpoint); 1418 + } 1419 + 1420 + if (!data.mountpoint && !data.select.found) 1373 1421 break; 1374 1422 1375 1423 cond_resched(); 1376 1424 } 1377 - 1378 - out: 1379 - return ret; 1380 1425 } 1381 - EXPORT_SYMBOL(check_submounts_and_drop); 1426 + EXPORT_SYMBOL(d_invalidate); 1382 1427 1383 1428 /** 1384 1429 * __d_alloc - allocate a dcache entry ··· 1421 1438 */ 1422 1439 dentry->d_iname[DNAME_INLINE_LEN-1] = 0; 1423 1440 if (name->len > DNAME_INLINE_LEN-1) { 1424 - dname = kmalloc(name->len + 1, GFP_KERNEL); 1425 - if (!dname) { 1441 + size_t size = offsetof(struct external_name, name[1]); 1442 + struct external_name *p = kmalloc(size + name->len, GFP_KERNEL); 1443 + if (!p) { 1426 1444 kmem_cache_free(dentry_cache, dentry); 1427 1445 return NULL; 1428 1446 } 1447 + atomic_set(&p->u.count, 1); 1448 + dname = p->name; 1429 1449 } else { 1430 1450 dname = dentry->d_iname; 1431 1451 } ··· 2098 2112 struct dentry *dentry; 2099 2113 unsigned seq; 2100 2114 2101 - do { 2102 - seq = read_seqbegin(&rename_lock); 2103 - dentry = __d_lookup(parent, name); 2104 - if (dentry) 2115 + do { 2116 + seq = read_seqbegin(&rename_lock); 2117 + dentry = __d_lookup(parent, name); 2118 + if (dentry) 2105 2119 break; 2106 2120 } while (read_seqretry(&rename_lock, seq)); 2107 2121 return dentry; ··· 2358 2372 } 2359 2373 EXPORT_SYMBOL(dentry_update_name_case); 2360 2374 2361 - static void switch_names(struct dentry *dentry, struct dentry *target, 2362 - bool exchange) 2375 + static void swap_names(struct dentry *dentry, struct dentry *target) 2363 2376 { 2364 - if (dname_external(target)) { 2365 - if (dname_external(dentry)) { 2377 + if (unlikely(dname_external(target))) { 2378 + if (unlikely(dname_external(dentry))) { 2366 2379 /* 2367 2380 * Both external: swap the pointers 2368 2381 */ ··· 2377 2392 target->d_name.name = target->d_iname; 2378 2393 } 2379 2394 } else { 2380 - if (dname_external(dentry)) { 2395 + if (unlikely(dname_external(dentry))) { 2381 2396 /* 2382 2397 * dentry:external, target:internal. Give dentry's 2383 2398 * storage to target and make dentry internal ··· 2392 2407 */ 2393 2408 unsigned int i; 2394 2409 BUILD_BUG_ON(!IS_ALIGNED(DNAME_INLINE_LEN, sizeof(long))); 2395 - if (!exchange) { 2396 - memcpy(dentry->d_iname, target->d_name.name, 2397 - target->d_name.len + 1); 2398 - dentry->d_name.hash_len = target->d_name.hash_len; 2399 - return; 2400 - } 2401 2410 for (i = 0; i < DNAME_INLINE_LEN / sizeof(long); i++) { 2402 2411 swap(((long *) &dentry->d_iname)[i], 2403 2412 ((long *) &target->d_iname)[i]); ··· 2399 2420 } 2400 2421 } 2401 2422 swap(dentry->d_name.hash_len, target->d_name.hash_len); 2423 + } 2424 + 2425 + static void copy_name(struct dentry *dentry, struct dentry *target) 2426 + { 2427 + struct external_name *old_name = NULL; 2428 + if (unlikely(dname_external(dentry))) 2429 + old_name = external_name(dentry); 2430 + if (unlikely(dname_external(target))) { 2431 + atomic_inc(&external_name(target)->u.count); 2432 + dentry->d_name = target->d_name; 2433 + } else { 2434 + memcpy(dentry->d_iname, target->d_name.name, 2435 + target->d_name.len + 1); 2436 + dentry->d_name.name = dentry->d_iname; 2437 + dentry->d_name.hash_len = target->d_name.hash_len; 2438 + } 2439 + if (old_name && likely(atomic_dec_and_test(&old_name->u.count))) 2440 + kfree_rcu(old_name, u.head); 2402 2441 } 2403 2442 2404 2443 static void dentry_lock_for_move(struct dentry *dentry, struct dentry *target) ··· 2515 2518 } 2516 2519 2517 2520 /* Switch the names.. */ 2518 - switch_names(dentry, target, exchange); 2521 + if (exchange) 2522 + swap_names(dentry, target); 2523 + else 2524 + copy_name(dentry, target); 2519 2525 2520 2526 /* ... and switch them in the tree */ 2521 2527 if (IS_ROOT(dentry)) { ··· 2625 2625 goto out_err; 2626 2626 m2 = &alias->d_parent->d_inode->i_mutex; 2627 2627 out_unalias: 2628 - if (likely(!d_mountpoint(alias))) { 2629 - __d_move(alias, dentry, false); 2630 - ret = alias; 2631 - } 2628 + __d_move(alias, dentry, false); 2629 + ret = alias; 2632 2630 out_err: 2633 2631 spin_unlock(&inode->i_lock); 2634 2632 if (m2) ··· 2808 2810 * the beginning of the name. The sequence number check at the caller will 2809 2811 * retry it again when a d_move() does happen. So any garbage in the buffer 2810 2812 * due to mismatched pointer and length will be discarded. 2813 + * 2814 + * Data dependency barrier is needed to make sure that we see that terminating 2815 + * NUL. Alpha strikes again, film at 11... 2811 2816 */ 2812 2817 static int prepend_name(char **buffer, int *buflen, struct qstr *name) 2813 2818 { 2814 2819 const char *dname = ACCESS_ONCE(name->name); 2815 2820 u32 dlen = ACCESS_ONCE(name->len); 2816 2821 char *p; 2822 + 2823 + smp_read_barrier_depends(); 2817 2824 2818 2825 *buflen -= dlen + 1; 2819 2826 if (*buflen < 0)
+1 -1
fs/ecryptfs/file.c
··· 327 327 struct file *lower_file = ecryptfs_file_to_lower(file); 328 328 long rc = -ENOIOCTLCMD; 329 329 330 - if (lower_file->f_op && lower_file->f_op->compat_ioctl) 330 + if (lower_file->f_op->compat_ioctl) 331 331 rc = lower_file->f_op->compat_ioctl(lower_file, cmd, arg); 332 332 return rc; 333 333 }
+12 -7
fs/exec.c
··· 1372 1372 read_unlock(&binfmt_lock); 1373 1373 bprm->recursion_depth++; 1374 1374 retval = fmt->load_binary(bprm); 1375 - bprm->recursion_depth--; 1376 - if (retval >= 0 || retval != -ENOEXEC || 1377 - bprm->mm == NULL || bprm->file == NULL) { 1378 - put_binfmt(fmt); 1379 - return retval; 1380 - } 1381 1375 read_lock(&binfmt_lock); 1382 1376 put_binfmt(fmt); 1377 + bprm->recursion_depth--; 1378 + if (retval < 0 && !bprm->mm) { 1379 + /* we got to flush_old_exec() and failed after it */ 1380 + read_unlock(&binfmt_lock); 1381 + force_sigsegv(SIGSEGV, current); 1382 + return retval; 1383 + } 1384 + if (retval != -ENOEXEC || !bprm->file) { 1385 + read_unlock(&binfmt_lock); 1386 + return retval; 1387 + } 1383 1388 } 1384 1389 read_unlock(&binfmt_lock); 1385 1390 1386 - if (need_retry && retval == -ENOEXEC) { 1391 + if (need_retry) { 1387 1392 if (printable(bprm->buf[0]) && printable(bprm->buf[1]) && 1388 1393 printable(bprm->buf[2]) && printable(bprm->buf[3])) 1389 1394 return retval;
+1
fs/file.c
··· 750 750 751 751 static int do_dup2(struct files_struct *files, 752 752 struct file *file, unsigned fd, unsigned flags) 753 + __releases(&files->file_lock) 753 754 { 754 755 struct file *tofree; 755 756 struct fdtable *fdt;
+2 -10
fs/file_table.c
··· 150 150 151 151 /** 152 152 * alloc_file - allocate and initialize a 'struct file' 153 - * @mnt: the vfsmount on which the file will reside 154 - * @dentry: the dentry representing the new file 153 + * 154 + * @path: the (dentry, vfsmount) pair for the new file 155 155 * @mode: the mode with which the new file will be opened 156 156 * @fop: the 'struct file_operations' for the new file 157 - * 158 - * Use this instead of get_empty_filp() to get a new 159 - * 'struct file'. Do so because of the same initialization 160 - * pitfalls reasons listed for init_file(). This is a 161 - * preferred interface to using init_file(). 162 - * 163 - * If all the callers of init_file() are eliminated, its 164 - * code should be moved into this function. 165 157 */ 166 158 struct file *alloc_file(struct path *path, fmode_t mode, 167 159 const struct file_operations *fop)
+1 -6
fs/fuse/dir.c
··· 274 274 275 275 invalid: 276 276 ret = 0; 277 - 278 - if (!(flags & LOOKUP_RCU) && check_submounts_and_drop(entry) != 0) 279 - ret = 1; 280 277 goto out; 281 278 } 282 279 ··· 1286 1289 d_drop(dentry); 1287 1290 } else if (get_node_id(inode) != o->nodeid || 1288 1291 ((o->attr.mode ^ inode->i_mode) & S_IFMT)) { 1289 - err = d_invalidate(dentry); 1290 - if (err) 1291 - goto out; 1292 + d_invalidate(dentry); 1292 1293 } else if (is_bad_inode(inode)) { 1293 1294 err = -EIO; 1294 1295 goto out;
-3
fs/gfs2/dentry.c
··· 93 93 if (!had_lock) 94 94 gfs2_glock_dq_uninit(&d_gh); 95 95 invalid: 96 - if (check_submounts_and_drop(dentry) != 0) 97 - goto valid; 98 - 99 96 dput(parent); 100 97 return 0; 101 98
+5
fs/gfs2/inode.c
··· 1245 1245 struct dentry *d; 1246 1246 bool excl = !!(flags & O_EXCL); 1247 1247 1248 + if (!d_unhashed(dentry)) 1249 + goto skip_lookup; 1250 + 1248 1251 d = __gfs2_lookup(dir, dentry, file, opened); 1249 1252 if (IS_ERR(d)) 1250 1253 return PTR_ERR(d); ··· 1264 1261 } 1265 1262 1266 1263 BUG_ON(d != NULL); 1264 + 1265 + skip_lookup: 1267 1266 if (!(flags & O_CREAT)) 1268 1267 return -ENOENT; 1269 1268
+1 -1
fs/internal.h
··· 56 56 * namespace.c 57 57 */ 58 58 extern int copy_mount_options(const void __user *, unsigned long *); 59 - extern int copy_mount_string(const void __user *, char **); 59 + extern char *copy_mount_string(const void __user *); 60 60 61 61 extern struct vfsmount *lookup_mnt(struct path *); 62 62 extern int finish_automount(struct vfsmount *, struct path *);
-2
fs/jffs2/jffs2_fs_sb.h
··· 134 134 struct rw_semaphore wbuf_sem; /* Protects the write buffer */ 135 135 136 136 struct delayed_work wbuf_dwork; /* write-buffer write-out work */ 137 - int wbuf_queued; /* non-zero delayed work is queued */ 138 - spinlock_t wbuf_dwork_lock; /* protects wbuf_dwork and and wbuf_queued */ 139 137 140 138 unsigned char *oobbuf; 141 139 int oobavail; /* How many bytes are available for JFFS2 in OOB */
+2 -15
fs/jffs2/wbuf.c
··· 1162 1162 struct jffs2_sb_info *c = work_to_sb(work); 1163 1163 struct super_block *sb = OFNI_BS_2SFFJ(c); 1164 1164 1165 - spin_lock(&c->wbuf_dwork_lock); 1166 - c->wbuf_queued = 0; 1167 - spin_unlock(&c->wbuf_dwork_lock); 1168 - 1169 1165 if (!(sb->s_flags & MS_RDONLY)) { 1170 1166 jffs2_dbg(1, "%s()\n", __func__); 1171 1167 jffs2_flush_wbuf_gc(c, 0); ··· 1176 1180 if (sb->s_flags & MS_RDONLY) 1177 1181 return; 1178 1182 1179 - spin_lock(&c->wbuf_dwork_lock); 1180 - if (!c->wbuf_queued) { 1183 + delay = msecs_to_jiffies(dirty_writeback_interval * 10); 1184 + if (queue_delayed_work(system_long_wq, &c->wbuf_dwork, delay)) 1181 1185 jffs2_dbg(1, "%s()\n", __func__); 1182 - delay = msecs_to_jiffies(dirty_writeback_interval * 10); 1183 - queue_delayed_work(system_long_wq, &c->wbuf_dwork, delay); 1184 - c->wbuf_queued = 1; 1185 - } 1186 - spin_unlock(&c->wbuf_dwork_lock); 1187 1186 } 1188 1187 1189 1188 int jffs2_nand_flash_setup(struct jffs2_sb_info *c) ··· 1202 1211 1203 1212 /* Initialise write buffer */ 1204 1213 init_rwsem(&c->wbuf_sem); 1205 - spin_lock_init(&c->wbuf_dwork_lock); 1206 1214 INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync); 1207 1215 c->wbuf_pagesize = c->mtd->writesize; 1208 1216 c->wbuf_ofs = 0xFFFFFFFF; ··· 1241 1251 1242 1252 /* Initialize write buffer */ 1243 1253 init_rwsem(&c->wbuf_sem); 1244 - spin_lock_init(&c->wbuf_dwork_lock); 1245 1254 INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync); 1246 1255 c->wbuf_pagesize = c->mtd->erasesize; 1247 1256 ··· 1300 1311 1301 1312 /* Initialize write buffer */ 1302 1313 init_rwsem(&c->wbuf_sem); 1303 - spin_lock_init(&c->wbuf_dwork_lock); 1304 1314 INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync); 1305 1315 1306 1316 c->wbuf_pagesize = c->mtd->writesize; ··· 1334 1346 return 0; 1335 1347 1336 1348 init_rwsem(&c->wbuf_sem); 1337 - spin_lock_init(&c->wbuf_dwork_lock); 1338 1349 INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync); 1339 1350 1340 1351 c->wbuf_pagesize = c->mtd->writesize;
+1 -1
fs/jfs/super.c
··· 550 550 inode->i_ino = 0; 551 551 inode->i_size = sb->s_bdev->bd_inode->i_size; 552 552 inode->i_mapping->a_ops = &jfs_metapage_aops; 553 - insert_inode_hash(inode); 553 + hlist_add_fake(&inode->i_hash); 554 554 mapping_set_gfp_mask(inode->i_mapping, GFP_NOFS); 555 555 556 556 sbi->direct_inode = inode;
-11
fs/kernfs/dir.c
··· 463 463 goto out_bad; 464 464 465 465 mutex_unlock(&kernfs_mutex); 466 - out_valid: 467 466 return 1; 468 467 out_bad: 469 468 mutex_unlock(&kernfs_mutex); 470 469 out_bad_unlocked: 471 - /* 472 - * @dentry doesn't match the underlying kernfs node, drop the 473 - * dentry and force lookup. If we have submounts we must allow the 474 - * vfs caches to lie about the state of the filesystem to prevent 475 - * leaks and other nasty things, so use check_submounts_and_drop() 476 - * instead of d_drop(). 477 - */ 478 - if (check_submounts_and_drop(dentry) != 0) 479 - goto out_valid; 480 - 481 470 return 0; 482 471 } 483 472
+24 -1
fs/mount.h
··· 21 21 struct mountpoint { 22 22 struct hlist_node m_hash; 23 23 struct dentry *m_dentry; 24 + struct hlist_head m_list; 24 25 int m_count; 25 26 }; 26 27 ··· 30 29 struct mount *mnt_parent; 31 30 struct dentry *mnt_mountpoint; 32 31 struct vfsmount mnt; 33 - struct rcu_head mnt_rcu; 32 + union { 33 + struct rcu_head mnt_rcu; 34 + struct llist_node mnt_llist; 35 + }; 34 36 #ifdef CONFIG_SMP 35 37 struct mnt_pcp __percpu *mnt_pcp; 36 38 #else ··· 52 48 struct mount *mnt_master; /* slave is on master->mnt_slave_list */ 53 49 struct mnt_namespace *mnt_ns; /* containing namespace */ 54 50 struct mountpoint *mnt_mp; /* where is it mounted */ 51 + struct hlist_node mnt_mp_list; /* list mounts with the same mountpoint */ 55 52 #ifdef CONFIG_FSNOTIFY 56 53 struct hlist_head mnt_fsnotify_marks; 57 54 __u32 mnt_fsnotify_mask; ··· 87 82 88 83 extern bool legitimize_mnt(struct vfsmount *, unsigned); 89 84 85 + extern void __detach_mounts(struct dentry *dentry); 86 + 87 + static inline void detach_mounts(struct dentry *dentry) 88 + { 89 + if (!d_mountpoint(dentry)) 90 + return; 91 + __detach_mounts(dentry); 92 + } 93 + 90 94 static inline void get_mnt_ns(struct mnt_namespace *ns) 91 95 { 92 96 atomic_inc(&ns->count); ··· 126 112 #define proc_mounts(p) (container_of((p), struct proc_mounts, m)) 127 113 128 114 extern const struct seq_operations mounts_op; 115 + 116 + extern bool __is_local_mountpoint(struct dentry *dentry); 117 + static inline bool is_local_mountpoint(struct dentry *dentry) 118 + { 119 + if (!d_mountpoint(dentry)) 120 + return false; 121 + 122 + return __is_local_mountpoint(dentry); 123 + }
+16 -11
fs/namei.c
··· 1306 1306 if (error < 0) { 1307 1307 dput(dentry); 1308 1308 return ERR_PTR(error); 1309 - } else if (!d_invalidate(dentry)) { 1309 + } else { 1310 + d_invalidate(dentry); 1310 1311 dput(dentry); 1311 1312 dentry = NULL; 1312 1313 } ··· 1436 1435 dput(dentry); 1437 1436 return status; 1438 1437 } 1439 - if (!d_invalidate(dentry)) { 1440 - dput(dentry); 1441 - goto need_lookup; 1442 - } 1438 + d_invalidate(dentry); 1439 + dput(dentry); 1440 + goto need_lookup; 1443 1441 } 1444 1442 1445 1443 path->mnt = mnt; ··· 1950 1950 err = path_init(dfd, name, flags | LOOKUP_PARENT, nd, &base); 1951 1951 1952 1952 if (unlikely(err)) 1953 - return err; 1953 + goto out; 1954 1954 1955 1955 current->total_link_count = 0; 1956 1956 err = link_path_walk(name, nd); ··· 1982 1982 } 1983 1983 } 1984 1984 1985 + out: 1985 1986 if (base) 1986 1987 fput(base); 1987 1988 ··· 2302 2301 2303 2302 err = path_init(dfd, name, flags | LOOKUP_PARENT, &nd, &base); 2304 2303 if (unlikely(err)) 2305 - return err; 2304 + goto out; 2306 2305 2307 2306 current->total_link_count = 0; 2308 2307 err = link_path_walk(name, &nd); ··· 3566 3565 mutex_lock(&dentry->d_inode->i_mutex); 3567 3566 3568 3567 error = -EBUSY; 3569 - if (d_mountpoint(dentry)) 3568 + if (is_local_mountpoint(dentry)) 3570 3569 goto out; 3571 3570 3572 3571 error = security_inode_rmdir(dir, dentry); ··· 3580 3579 3581 3580 dentry->d_inode->i_flags |= S_DEAD; 3582 3581 dont_mount(dentry); 3582 + detach_mounts(dentry); 3583 3583 3584 3584 out: 3585 3585 mutex_unlock(&dentry->d_inode->i_mutex); ··· 3683 3681 return -EPERM; 3684 3682 3685 3683 mutex_lock(&target->i_mutex); 3686 - if (d_mountpoint(dentry)) 3684 + if (is_local_mountpoint(dentry)) 3687 3685 error = -EBUSY; 3688 3686 else { 3689 3687 error = security_inode_unlink(dir, dentry); ··· 3692 3690 if (error) 3693 3691 goto out; 3694 3692 error = dir->i_op->unlink(dir, dentry); 3695 - if (!error) 3693 + if (!error) { 3696 3694 dont_mount(dentry); 3695 + detach_mounts(dentry); 3696 + } 3697 3697 } 3698 3698 } 3699 3699 out: ··· 4130 4126 mutex_lock(&target->i_mutex); 4131 4127 4132 4128 error = -EBUSY; 4133 - if (d_mountpoint(old_dentry) || d_mountpoint(new_dentry)) 4129 + if (is_local_mountpoint(old_dentry) || is_local_mountpoint(new_dentry)) 4134 4130 goto out; 4135 4131 4136 4132 if (max_links && new_dir != old_dir) { ··· 4168 4164 if (is_dir) 4169 4165 target->i_flags |= S_DEAD; 4170 4166 dont_mount(new_dentry); 4167 + detach_mounts(new_dentry); 4171 4168 } 4172 4169 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE)) { 4173 4170 if (!(flags & RENAME_EXCHANGE))
+148 -55
fs/namespace.c
··· 23 23 #include <linux/proc_ns.h> 24 24 #include <linux/magic.h> 25 25 #include <linux/bootmem.h> 26 + #include <linux/task_work.h> 26 27 #include "pnode.h" 27 28 #include "internal.h" 28 29 ··· 225 224 INIT_LIST_HEAD(&mnt->mnt_share); 226 225 INIT_LIST_HEAD(&mnt->mnt_slave_list); 227 226 INIT_LIST_HEAD(&mnt->mnt_slave); 227 + INIT_HLIST_NODE(&mnt->mnt_mp_list); 228 228 #ifdef CONFIG_FSNOTIFY 229 229 INIT_HLIST_HEAD(&mnt->mnt_fsnotify_marks); 230 230 #endif ··· 668 666 return m; 669 667 } 670 668 671 - static struct mountpoint *new_mountpoint(struct dentry *dentry) 669 + /* 670 + * __is_local_mountpoint - Test to see if dentry is a mountpoint in the 671 + * current mount namespace. 672 + * 673 + * The common case is dentries are not mountpoints at all and that 674 + * test is handled inline. For the slow case when we are actually 675 + * dealing with a mountpoint of some kind, walk through all of the 676 + * mounts in the current mount namespace and test to see if the dentry 677 + * is a mountpoint. 678 + * 679 + * The mount_hashtable is not usable in the context because we 680 + * need to identify all mounts that may be in the current mount 681 + * namespace not just a mount that happens to have some specified 682 + * parent mount. 683 + */ 684 + bool __is_local_mountpoint(struct dentry *dentry) 685 + { 686 + struct mnt_namespace *ns = current->nsproxy->mnt_ns; 687 + struct mount *mnt; 688 + bool is_covered = false; 689 + 690 + if (!d_mountpoint(dentry)) 691 + goto out; 692 + 693 + down_read(&namespace_sem); 694 + list_for_each_entry(mnt, &ns->list, mnt_list) { 695 + is_covered = (mnt->mnt_mountpoint == dentry); 696 + if (is_covered) 697 + break; 698 + } 699 + up_read(&namespace_sem); 700 + out: 701 + return is_covered; 702 + } 703 + 704 + static struct mountpoint *lookup_mountpoint(struct dentry *dentry) 672 705 { 673 706 struct hlist_head *chain = mp_hash(dentry); 674 707 struct mountpoint *mp; 675 - int ret; 676 708 677 709 hlist_for_each_entry(mp, chain, m_hash) { 678 710 if (mp->m_dentry == dentry) { ··· 717 681 return mp; 718 682 } 719 683 } 684 + return NULL; 685 + } 686 + 687 + static struct mountpoint *new_mountpoint(struct dentry *dentry) 688 + { 689 + struct hlist_head *chain = mp_hash(dentry); 690 + struct mountpoint *mp; 691 + int ret; 720 692 721 693 mp = kmalloc(sizeof(struct mountpoint), GFP_KERNEL); 722 694 if (!mp) ··· 739 695 mp->m_dentry = dentry; 740 696 mp->m_count = 1; 741 697 hlist_add_head(&mp->m_hash, chain); 698 + INIT_HLIST_HEAD(&mp->m_list); 742 699 return mp; 743 700 } 744 701 ··· 747 702 { 748 703 if (!--mp->m_count) { 749 704 struct dentry *dentry = mp->m_dentry; 705 + BUG_ON(!hlist_empty(&mp->m_list)); 750 706 spin_lock(&dentry->d_lock); 751 707 dentry->d_flags &= ~DCACHE_MOUNTED; 752 708 spin_unlock(&dentry->d_lock); ··· 794 748 mnt->mnt_mountpoint = mnt->mnt.mnt_root; 795 749 list_del_init(&mnt->mnt_child); 796 750 hlist_del_init_rcu(&mnt->mnt_hash); 751 + hlist_del_init(&mnt->mnt_mp_list); 797 752 put_mountpoint(mnt->mnt_mp); 798 753 mnt->mnt_mp = NULL; 799 754 } ··· 811 764 child_mnt->mnt_mountpoint = dget(mp->m_dentry); 812 765 child_mnt->mnt_parent = mnt; 813 766 child_mnt->mnt_mp = mp; 767 + hlist_add_head(&child_mnt->mnt_mp_list, &mp->m_list); 814 768 } 815 769 816 770 /* ··· 1005 957 return ERR_PTR(err); 1006 958 } 1007 959 960 + static void cleanup_mnt(struct mount *mnt) 961 + { 962 + /* 963 + * This probably indicates that somebody messed 964 + * up a mnt_want/drop_write() pair. If this 965 + * happens, the filesystem was probably unable 966 + * to make r/w->r/o transitions. 967 + */ 968 + /* 969 + * The locking used to deal with mnt_count decrement provides barriers, 970 + * so mnt_get_writers() below is safe. 971 + */ 972 + WARN_ON(mnt_get_writers(mnt)); 973 + if (unlikely(mnt->mnt_pins.first)) 974 + mnt_pin_kill(mnt); 975 + fsnotify_vfsmount_delete(&mnt->mnt); 976 + dput(mnt->mnt.mnt_root); 977 + deactivate_super(mnt->mnt.mnt_sb); 978 + mnt_free_id(mnt); 979 + call_rcu(&mnt->mnt_rcu, delayed_free_vfsmnt); 980 + } 981 + 982 + static void __cleanup_mnt(struct rcu_head *head) 983 + { 984 + cleanup_mnt(container_of(head, struct mount, mnt_rcu)); 985 + } 986 + 987 + static LLIST_HEAD(delayed_mntput_list); 988 + static void delayed_mntput(struct work_struct *unused) 989 + { 990 + struct llist_node *node = llist_del_all(&delayed_mntput_list); 991 + struct llist_node *next; 992 + 993 + for (; node; node = next) { 994 + next = llist_next(node); 995 + cleanup_mnt(llist_entry(node, struct mount, mnt_llist)); 996 + } 997 + } 998 + static DECLARE_DELAYED_WORK(delayed_mntput_work, delayed_mntput); 999 + 1008 1000 static void mntput_no_expire(struct mount *mnt) 1009 1001 { 1010 1002 rcu_read_lock(); ··· 1070 982 list_del(&mnt->mnt_instance); 1071 983 unlock_mount_hash(); 1072 984 1073 - /* 1074 - * This probably indicates that somebody messed 1075 - * up a mnt_want/drop_write() pair. If this 1076 - * happens, the filesystem was probably unable 1077 - * to make r/w->r/o transitions. 1078 - */ 1079 - /* 1080 - * The locking used to deal with mnt_count decrement provides barriers, 1081 - * so mnt_get_writers() below is safe. 1082 - */ 1083 - WARN_ON(mnt_get_writers(mnt)); 1084 - if (unlikely(mnt->mnt_pins.first)) 1085 - mnt_pin_kill(mnt); 1086 - fsnotify_vfsmount_delete(&mnt->mnt); 1087 - dput(mnt->mnt.mnt_root); 1088 - deactivate_super(mnt->mnt.mnt_sb); 1089 - mnt_free_id(mnt); 1090 - call_rcu(&mnt->mnt_rcu, delayed_free_vfsmnt); 985 + if (likely(!(mnt->mnt.mnt_flags & MNT_INTERNAL))) { 986 + struct task_struct *task = current; 987 + if (likely(!(task->flags & PF_KTHREAD))) { 988 + init_task_work(&mnt->mnt_rcu, __cleanup_mnt); 989 + if (!task_work_add(task, &mnt->mnt_rcu, true)) 990 + return; 991 + } 992 + if (llist_add(&mnt->mnt_llist, &delayed_mntput_list)) 993 + schedule_delayed_work(&delayed_mntput_work, 1); 994 + return; 995 + } 996 + cleanup_mnt(mnt); 1091 997 } 1092 998 1093 999 void mntput(struct vfsmount *mnt) ··· 1354 1272 if (how < 2) 1355 1273 p->mnt.mnt_flags |= MNT_SYNC_UMOUNT; 1356 1274 if (mnt_has_parent(p)) { 1275 + hlist_del_init(&p->mnt_mp_list); 1357 1276 put_mountpoint(p->mnt_mp); 1358 1277 mnt_add_count(p->mnt_parent, -1); 1359 1278 /* move the reference to mountpoint into ->mnt_ex_mountpoint */ ··· 1466 1383 unlock_mount_hash(); 1467 1384 namespace_unlock(); 1468 1385 return retval; 1386 + } 1387 + 1388 + /* 1389 + * __detach_mounts - lazily unmount all mounts on the specified dentry 1390 + * 1391 + * During unlink, rmdir, and d_drop it is possible to loose the path 1392 + * to an existing mountpoint, and wind up leaking the mount. 1393 + * detach_mounts allows lazily unmounting those mounts instead of 1394 + * leaking them. 1395 + * 1396 + * The caller may hold dentry->d_inode->i_mutex. 1397 + */ 1398 + void __detach_mounts(struct dentry *dentry) 1399 + { 1400 + struct mountpoint *mp; 1401 + struct mount *mnt; 1402 + 1403 + namespace_lock(); 1404 + mp = lookup_mountpoint(dentry); 1405 + if (!mp) 1406 + goto out_unlock; 1407 + 1408 + lock_mount_hash(); 1409 + while (!hlist_empty(&mp->m_list)) { 1410 + mnt = hlist_entry(mp->m_list.first, struct mount, mnt_mp_list); 1411 + umount_tree(mnt, 2); 1412 + } 1413 + unlock_mount_hash(); 1414 + put_mountpoint(mp); 1415 + out_unlock: 1416 + namespace_unlock(); 1469 1417 } 1470 1418 1471 1419 /* ··· 1856 1742 namespace_lock(); 1857 1743 mnt = lookup_mnt(path); 1858 1744 if (likely(!mnt)) { 1859 - struct mountpoint *mp = new_mountpoint(dentry); 1745 + struct mountpoint *mp = lookup_mountpoint(dentry); 1746 + if (!mp) 1747 + mp = new_mountpoint(dentry); 1860 1748 if (IS_ERR(mp)) { 1861 1749 namespace_unlock(); 1862 1750 mutex_unlock(&dentry->d_inode->i_mutex); ··· 2514 2398 return 0; 2515 2399 } 2516 2400 2517 - int copy_mount_string(const void __user *data, char **where) 2401 + char *copy_mount_string(const void __user *data) 2518 2402 { 2519 - char *tmp; 2520 - 2521 - if (!data) { 2522 - *where = NULL; 2523 - return 0; 2524 - } 2525 - 2526 - tmp = strndup_user(data, PAGE_SIZE); 2527 - if (IS_ERR(tmp)) 2528 - return PTR_ERR(tmp); 2529 - 2530 - *where = tmp; 2531 - return 0; 2403 + return data ? strndup_user(data, PAGE_SIZE) : NULL; 2532 2404 } 2533 2405 2534 2406 /* ··· 2533 2429 * Therefore, if this magic number is present, it carries no information 2534 2430 * and must be discarded. 2535 2431 */ 2536 - long do_mount(const char *dev_name, const char *dir_name, 2432 + long do_mount(const char *dev_name, const char __user *dir_name, 2537 2433 const char *type_page, unsigned long flags, void *data_page) 2538 2434 { 2539 2435 struct path path; ··· 2545 2441 flags &= ~MS_MGC_MSK; 2546 2442 2547 2443 /* Basic sanity checks */ 2548 - 2549 - if (!dir_name || !*dir_name || !memchr(dir_name, 0, PAGE_SIZE)) 2550 - return -EINVAL; 2551 - 2552 2444 if (data_page) 2553 2445 ((char *)data_page)[PAGE_SIZE - 1] = 0; 2554 2446 2555 2447 /* ... and get the mountpoint */ 2556 - retval = kern_path(dir_name, LOOKUP_FOLLOW, &path); 2448 + retval = user_path(dir_name, &path); 2557 2449 if (retval) 2558 2450 return retval; 2559 2451 ··· 2774 2674 { 2775 2675 int ret; 2776 2676 char *kernel_type; 2777 - struct filename *kernel_dir; 2778 2677 char *kernel_dev; 2779 2678 unsigned long data_page; 2780 2679 2781 - ret = copy_mount_string(type, &kernel_type); 2782 - if (ret < 0) 2680 + kernel_type = copy_mount_string(type); 2681 + ret = PTR_ERR(kernel_type); 2682 + if (IS_ERR(kernel_type)) 2783 2683 goto out_type; 2784 2684 2785 - kernel_dir = getname(dir_name); 2786 - if (IS_ERR(kernel_dir)) { 2787 - ret = PTR_ERR(kernel_dir); 2788 - goto out_dir; 2789 - } 2790 - 2791 - ret = copy_mount_string(dev_name, &kernel_dev); 2792 - if (ret < 0) 2685 + kernel_dev = copy_mount_string(dev_name); 2686 + ret = PTR_ERR(kernel_dev); 2687 + if (IS_ERR(kernel_dev)) 2793 2688 goto out_dev; 2794 2689 2795 2690 ret = copy_mount_options(data, &data_page); 2796 2691 if (ret < 0) 2797 2692 goto out_data; 2798 2693 2799 - ret = do_mount(kernel_dev, kernel_dir->name, kernel_type, flags, 2694 + ret = do_mount(kernel_dev, dir_name, kernel_type, flags, 2800 2695 (void *) data_page); 2801 2696 2802 2697 free_page(data_page); 2803 2698 out_data: 2804 2699 kfree(kernel_dev); 2805 2700 out_dev: 2806 - putname(kernel_dir); 2807 - out_dir: 2808 2701 kfree(kernel_type); 2809 2702 out_type: 2810 2703 return ret;
+1 -5
fs/ncpfs/dir.c
··· 388 388 ncp_dget_fpos(struct dentry *dentry, struct dentry *parent, unsigned long fpos) 389 389 { 390 390 struct dentry *dent = dentry; 391 - struct list_head *next; 392 391 393 392 if (d_validate(dent, parent)) { 394 393 if (dent->d_name.len <= NCP_MAXPATHLEN && ··· 403 404 404 405 /* If a pointer is invalid, we search the dentry. */ 405 406 spin_lock(&parent->d_lock); 406 - next = parent->d_subdirs.next; 407 - while (next != &parent->d_subdirs) { 408 - dent = list_entry(next, struct dentry, d_u.d_child); 407 + list_for_each_entry(dent, &parent->d_subdirs, d_u.d_child) { 409 408 if ((unsigned long)dent->d_fsdata == fpos) { 410 409 if (dent->d_inode) 411 410 dget(dent); ··· 412 415 spin_unlock(&parent->d_lock); 413 416 goto out; 414 417 } 415 - next = next->next; 416 418 } 417 419 spin_unlock(&parent->d_lock); 418 420 return NULL;
+2 -12
fs/ncpfs/ncplib_kernel.h
··· 188 188 ncp_renew_dentries(struct dentry *parent) 189 189 { 190 190 struct ncp_server *server = NCP_SERVER(parent->d_inode); 191 - struct list_head *next; 192 191 struct dentry *dentry; 193 192 194 193 spin_lock(&parent->d_lock); 195 - next = parent->d_subdirs.next; 196 - while (next != &parent->d_subdirs) { 197 - dentry = list_entry(next, struct dentry, d_u.d_child); 198 - 194 + list_for_each_entry(dentry, &parent->d_subdirs, d_u.d_child) { 199 195 if (dentry->d_fsdata == NULL) 200 196 ncp_age_dentry(server, dentry); 201 197 else 202 198 ncp_new_dentry(dentry); 203 - 204 - next = next->next; 205 199 } 206 200 spin_unlock(&parent->d_lock); 207 201 } ··· 204 210 ncp_invalidate_dircache_entries(struct dentry *parent) 205 211 { 206 212 struct ncp_server *server = NCP_SERVER(parent->d_inode); 207 - struct list_head *next; 208 213 struct dentry *dentry; 209 214 210 215 spin_lock(&parent->d_lock); 211 - next = parent->d_subdirs.next; 212 - while (next != &parent->d_subdirs) { 213 - dentry = list_entry(next, struct dentry, d_u.d_child); 216 + list_for_each_entry(dentry, &parent->d_subdirs, d_u.d_child) { 214 217 dentry->d_fsdata = NULL; 215 218 ncp_age_dentry(server, dentry); 216 - next = next->next; 217 219 } 218 220 spin_unlock(&parent->d_lock); 219 221 }
+1 -6
fs/nfs/dir.c
··· 486 486 nfs_setsecurity(dentry->d_inode, entry->fattr, entry->label); 487 487 goto out; 488 488 } else { 489 - if (d_invalidate(dentry) != 0) 490 - goto out; 489 + d_invalidate(dentry); 491 490 dput(dentry); 492 491 } 493 492 } ··· 1210 1211 if (IS_ROOT(dentry)) 1211 1212 goto out_valid; 1212 1213 } 1213 - /* If we have submounts, don't unhash ! */ 1214 - if (check_submounts_and_drop(dentry) != 0) 1215 - goto out_valid; 1216 - 1217 1214 dput(parent); 1218 1215 dfprintk(LOOKUPCACHE, "NFS: %s(%pd2) is invalid\n", 1219 1216 __func__, dentry);
+2 -8
fs/proc/base.c
··· 1565 1565 put_task_struct(task); 1566 1566 return 1; 1567 1567 } 1568 - d_drop(dentry); 1569 1568 return 0; 1570 1569 } 1571 1570 ··· 1701 1702 put_task_struct(task); 1702 1703 1703 1704 out_notask: 1704 - if (status <= 0) 1705 - d_drop(dentry); 1706 - 1707 1705 return status; 1708 1706 } 1709 1707 ··· 2614 2618 /* no ->d_hash() rejects on procfs */ 2615 2619 dentry = d_hash_and_lookup(mnt->mnt_root, &name); 2616 2620 if (dentry) { 2617 - shrink_dcache_parent(dentry); 2618 - d_drop(dentry); 2621 + d_invalidate(dentry); 2619 2622 dput(dentry); 2620 2623 } 2621 2624 ··· 2634 2639 name.len = snprintf(buf, sizeof(buf), "%d", pid); 2635 2640 dentry = d_hash_and_lookup(dir, &name); 2636 2641 if (dentry) { 2637 - shrink_dcache_parent(dentry); 2638 - d_drop(dentry); 2642 + d_invalidate(dentry); 2639 2643 dput(dentry); 2640 2644 } 2641 2645
-2
fs/proc/fd.c
··· 129 129 } 130 130 put_task_struct(task); 131 131 } 132 - 133 - d_drop(dentry); 134 132 return 0; 135 133 } 136 134
+2
fs/read_write.c
··· 513 513 return ret; 514 514 } 515 515 516 + EXPORT_SYMBOL(__kernel_write); 517 + 516 518 ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_t *pos) 517 519 { 518 520 ssize_t ret;
-1
fs/reiserfs/xattr.h
··· 7 7 struct dentry; 8 8 struct iattr; 9 9 struct super_block; 10 - struct nameidata; 11 10 12 11 int reiserfs_xattr_register_handlers(void) __init; 13 12 void reiserfs_xattr_unregister_handlers(void);
+2
fs/super.c
··· 80 80 inodes = list_lru_count_node(&sb->s_inode_lru, sc->nid); 81 81 dentries = list_lru_count_node(&sb->s_dentry_lru, sc->nid); 82 82 total_objects = dentries + inodes + fs_objects + 1; 83 + if (!total_objects) 84 + total_objects = 1; 83 85 84 86 /* proportion the scan between the caches */ 85 87 dentries = mult_frac(sc->nr_to_scan, dentries, total_objects);
+39 -77
fs/xattr.c
··· 364 364 return error; 365 365 } 366 366 367 - SYSCALL_DEFINE5(setxattr, const char __user *, pathname, 368 - const char __user *, name, const void __user *, value, 369 - size_t, size, int, flags) 367 + static int path_setxattr(const char __user *pathname, 368 + const char __user *name, const void __user *value, 369 + size_t size, int flags, unsigned int lookup_flags) 370 370 { 371 371 struct path path; 372 372 int error; 373 - unsigned int lookup_flags = LOOKUP_FOLLOW; 374 373 retry: 375 374 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 376 375 if (error) ··· 387 388 return error; 388 389 } 389 390 391 + SYSCALL_DEFINE5(setxattr, const char __user *, pathname, 392 + const char __user *, name, const void __user *, value, 393 + size_t, size, int, flags) 394 + { 395 + return path_setxattr(pathname, name, value, size, flags, LOOKUP_FOLLOW); 396 + } 397 + 390 398 SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, 391 399 const char __user *, name, const void __user *, value, 392 400 size_t, size, int, flags) 393 401 { 394 - struct path path; 395 - int error; 396 - unsigned int lookup_flags = 0; 397 - retry: 398 - error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 399 - if (error) 400 - return error; 401 - error = mnt_want_write(path.mnt); 402 - if (!error) { 403 - error = setxattr(path.dentry, name, value, size, flags); 404 - mnt_drop_write(path.mnt); 405 - } 406 - path_put(&path); 407 - if (retry_estale(error, lookup_flags)) { 408 - lookup_flags |= LOOKUP_REVAL; 409 - goto retry; 410 - } 411 - return error; 402 + return path_setxattr(pathname, name, value, size, flags, 0); 412 403 } 413 404 414 405 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, ··· 470 481 return error; 471 482 } 472 483 473 - SYSCALL_DEFINE4(getxattr, const char __user *, pathname, 474 - const char __user *, name, void __user *, value, size_t, size) 484 + static ssize_t path_getxattr(const char __user *pathname, 485 + const char __user *name, void __user *value, 486 + size_t size, unsigned int lookup_flags) 475 487 { 476 488 struct path path; 477 489 ssize_t error; 478 - unsigned int lookup_flags = LOOKUP_FOLLOW; 479 490 retry: 480 491 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 481 492 if (error) ··· 489 500 return error; 490 501 } 491 502 503 + SYSCALL_DEFINE4(getxattr, const char __user *, pathname, 504 + const char __user *, name, void __user *, value, size_t, size) 505 + { 506 + return path_getxattr(pathname, name, value, size, LOOKUP_FOLLOW); 507 + } 508 + 492 509 SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname, 493 510 const char __user *, name, void __user *, value, size_t, size) 494 511 { 495 - struct path path; 496 - ssize_t error; 497 - unsigned int lookup_flags = 0; 498 - retry: 499 - error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 500 - if (error) 501 - return error; 502 - error = getxattr(path.dentry, name, value, size); 503 - path_put(&path); 504 - if (retry_estale(error, lookup_flags)) { 505 - lookup_flags |= LOOKUP_REVAL; 506 - goto retry; 507 - } 508 - return error; 512 + return path_getxattr(pathname, name, value, size, 0); 509 513 } 510 514 511 515 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, ··· 553 571 return error; 554 572 } 555 573 556 - SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list, 557 - size_t, size) 574 + static ssize_t path_listxattr(const char __user *pathname, char __user *list, 575 + size_t size, unsigned int lookup_flags) 558 576 { 559 577 struct path path; 560 578 ssize_t error; 561 - unsigned int lookup_flags = LOOKUP_FOLLOW; 562 579 retry: 563 580 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 564 581 if (error) ··· 571 590 return error; 572 591 } 573 592 593 + SYSCALL_DEFINE3(listxattr, const char __user *, pathname, char __user *, list, 594 + size_t, size) 595 + { 596 + return path_listxattr(pathname, list, size, LOOKUP_FOLLOW); 597 + } 598 + 574 599 SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list, 575 600 size_t, size) 576 601 { 577 - struct path path; 578 - ssize_t error; 579 - unsigned int lookup_flags = 0; 580 - retry: 581 - error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 582 - if (error) 583 - return error; 584 - error = listxattr(path.dentry, list, size); 585 - path_put(&path); 586 - if (retry_estale(error, lookup_flags)) { 587 - lookup_flags |= LOOKUP_REVAL; 588 - goto retry; 589 - } 590 - return error; 602 + return path_listxattr(pathname, list, size, 0); 591 603 } 592 604 593 605 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) ··· 614 640 return vfs_removexattr(d, kname); 615 641 } 616 642 617 - SYSCALL_DEFINE2(removexattr, const char __user *, pathname, 618 - const char __user *, name) 643 + static int path_removexattr(const char __user *pathname, 644 + const char __user *name, unsigned int lookup_flags) 619 645 { 620 646 struct path path; 621 647 int error; 622 - unsigned int lookup_flags = LOOKUP_FOLLOW; 623 648 retry: 624 649 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 625 650 if (error) ··· 636 663 return error; 637 664 } 638 665 666 + SYSCALL_DEFINE2(removexattr, const char __user *, pathname, 667 + const char __user *, name) 668 + { 669 + return path_removexattr(pathname, name, LOOKUP_FOLLOW); 670 + } 671 + 639 672 SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname, 640 673 const char __user *, name) 641 674 { 642 - struct path path; 643 - int error; 644 - unsigned int lookup_flags = 0; 645 - retry: 646 - error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 647 - if (error) 648 - return error; 649 - error = mnt_want_write(path.mnt); 650 - if (!error) { 651 - error = removexattr(path.dentry, name); 652 - mnt_drop_write(path.mnt); 653 - } 654 - path_put(&path); 655 - if (retry_estale(error, lookup_flags)) { 656 - lookup_flags |= LOOKUP_REVAL; 657 - goto retry; 658 - } 659 - return error; 675 + return path_removexattr(pathname, name, 0); 660 676 } 661 677 662 678 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
+1 -8
include/linux/dcache.h
··· 11 11 #include <linux/rcupdate.h> 12 12 #include <linux/lockref.h> 13 13 14 - struct nameidata; 15 14 struct path; 16 15 struct vfsmount; 17 16 ··· 225 226 226 227 extern seqlock_t rename_lock; 227 228 228 - static inline int dname_external(const struct dentry *dentry) 229 - { 230 - return dentry->d_name.name != dentry->d_iname; 231 - } 232 - 233 229 /* 234 230 * These are the low-level FS interfaces to the dcache.. 235 231 */ ··· 248 254 extern void shrink_dcache_sb(struct super_block *); 249 255 extern void shrink_dcache_parent(struct dentry *); 250 256 extern void shrink_dcache_for_umount(struct super_block *); 251 - extern int d_invalidate(struct dentry *); 257 + extern void d_invalidate(struct dentry *); 252 258 253 259 /* only used at mount-time */ 254 260 extern struct dentry * d_make_root(struct inode *); ··· 263 269 264 270 /* test whether we have any submounts in a subdir tree */ 265 271 extern int have_submounts(struct dentry *); 266 - extern int check_submounts_and_drop(struct dentry *); 267 272 268 273 /* 269 274 * This adds the entry to the hash queues.
+3 -2
include/linux/fs.h
··· 1839 1839 extern void kern_unmount(struct vfsmount *mnt); 1840 1840 extern int may_umount_tree(struct vfsmount *); 1841 1841 extern int may_umount(struct vfsmount *); 1842 - extern long do_mount(const char *, const char *, const char *, unsigned long, void *); 1842 + extern long do_mount(const char *, const char __user *, 1843 + const char *, unsigned long, void *); 1843 1844 extern struct vfsmount *collect_mounts(struct path *); 1844 1845 extern void drop_collected_mounts(struct vfsmount *); 1845 1846 extern int iterate_mounts(int (*)(struct vfsmount *, void *), void *, ··· 1859 1858 extern void ihold(struct inode * inode); 1860 1859 extern void iput(struct inode *); 1861 1860 1862 - static inline struct inode *file_inode(struct file *f) 1861 + static inline struct inode *file_inode(const struct file *f) 1863 1862 { 1864 1863 return f->f_inode; 1865 1864 }
+3
include/linux/uio.h
··· 80 80 struct iov_iter *i); 81 81 size_t copy_page_from_iter(struct page *page, size_t offset, size_t bytes, 82 82 struct iov_iter *i); 83 + size_t copy_to_iter(void *addr, size_t bytes, struct iov_iter *i); 84 + size_t copy_from_iter(void *addr, size_t bytes, struct iov_iter *i); 85 + size_t iov_iter_zero(size_t bytes, struct iov_iter *); 83 86 unsigned long iov_iter_alignment(const struct iov_iter *i); 84 87 void iov_iter_init(struct iov_iter *i, int direction, const struct iovec *iov, 85 88 unsigned long nr_segs, size_t count);
+7 -13
kernel/printk/printk.c
··· 519 519 char buf[8192]; 520 520 }; 521 521 522 - static ssize_t devkmsg_writev(struct kiocb *iocb, const struct iovec *iv, 523 - unsigned long count, loff_t pos) 522 + static ssize_t devkmsg_write(struct kiocb *iocb, struct iov_iter *from) 524 523 { 525 524 char *buf, *line; 526 525 int i; 527 526 int level = default_message_loglevel; 528 527 int facility = 1; /* LOG_USER */ 529 - size_t len = iov_length(iv, count); 528 + size_t len = iocb->ki_nbytes; 530 529 ssize_t ret = len; 531 530 532 531 if (len > LOG_LINE_MAX) ··· 534 535 if (buf == NULL) 535 536 return -ENOMEM; 536 537 537 - line = buf; 538 - for (i = 0; i < count; i++) { 539 - if (copy_from_user(line, iv[i].iov_base, iv[i].iov_len)) { 540 - ret = -EFAULT; 541 - goto out; 542 - } 543 - line += iv[i].iov_len; 538 + buf[len] = '\0'; 539 + if (copy_from_iter(buf, len, from) != len) { 540 + kfree(buf); 541 + return -EFAULT; 544 542 } 545 543 546 544 /* ··· 563 567 line = endp; 564 568 } 565 569 } 566 - line[len] = '\0'; 567 570 568 571 printk_emit(facility, level, NULL, 0, "%s", line); 569 - out: 570 572 kfree(buf); 571 573 return ret; 572 574 } ··· 796 802 const struct file_operations kmsg_fops = { 797 803 .open = devkmsg_open, 798 804 .read = devkmsg_read, 799 - .aio_write = devkmsg_writev, 805 + .write_iter = devkmsg_write, 800 806 .llseek = devkmsg_llseek, 801 807 .poll = devkmsg_poll, 802 808 .release = devkmsg_release,
+226 -14
mm/iov_iter.c
··· 4 4 #include <linux/slab.h> 5 5 #include <linux/vmalloc.h> 6 6 7 + static size_t copy_to_iter_iovec(void *from, size_t bytes, struct iov_iter *i) 8 + { 9 + size_t skip, copy, left, wanted; 10 + const struct iovec *iov; 11 + char __user *buf; 12 + 13 + if (unlikely(bytes > i->count)) 14 + bytes = i->count; 15 + 16 + if (unlikely(!bytes)) 17 + return 0; 18 + 19 + wanted = bytes; 20 + iov = i->iov; 21 + skip = i->iov_offset; 22 + buf = iov->iov_base + skip; 23 + copy = min(bytes, iov->iov_len - skip); 24 + 25 + left = __copy_to_user(buf, from, copy); 26 + copy -= left; 27 + skip += copy; 28 + from += copy; 29 + bytes -= copy; 30 + while (unlikely(!left && bytes)) { 31 + iov++; 32 + buf = iov->iov_base; 33 + copy = min(bytes, iov->iov_len); 34 + left = __copy_to_user(buf, from, copy); 35 + copy -= left; 36 + skip = copy; 37 + from += copy; 38 + bytes -= copy; 39 + } 40 + 41 + if (skip == iov->iov_len) { 42 + iov++; 43 + skip = 0; 44 + } 45 + i->count -= wanted - bytes; 46 + i->nr_segs -= iov - i->iov; 47 + i->iov = iov; 48 + i->iov_offset = skip; 49 + return wanted - bytes; 50 + } 51 + 52 + static size_t copy_from_iter_iovec(void *to, size_t bytes, struct iov_iter *i) 53 + { 54 + size_t skip, copy, left, wanted; 55 + const struct iovec *iov; 56 + char __user *buf; 57 + 58 + if (unlikely(bytes > i->count)) 59 + bytes = i->count; 60 + 61 + if (unlikely(!bytes)) 62 + return 0; 63 + 64 + wanted = bytes; 65 + iov = i->iov; 66 + skip = i->iov_offset; 67 + buf = iov->iov_base + skip; 68 + copy = min(bytes, iov->iov_len - skip); 69 + 70 + left = __copy_from_user(to, buf, copy); 71 + copy -= left; 72 + skip += copy; 73 + to += copy; 74 + bytes -= copy; 75 + while (unlikely(!left && bytes)) { 76 + iov++; 77 + buf = iov->iov_base; 78 + copy = min(bytes, iov->iov_len); 79 + left = __copy_from_user(to, buf, copy); 80 + copy -= left; 81 + skip = copy; 82 + to += copy; 83 + bytes -= copy; 84 + } 85 + 86 + if (skip == iov->iov_len) { 87 + iov++; 88 + skip = 0; 89 + } 90 + i->count -= wanted - bytes; 91 + i->nr_segs -= iov - i->iov; 92 + i->iov = iov; 93 + i->iov_offset = skip; 94 + return wanted - bytes; 95 + } 96 + 7 97 static size_t copy_page_to_iter_iovec(struct page *page, size_t offset, size_t bytes, 8 98 struct iov_iter *i) 9 99 { ··· 245 155 } 246 156 kunmap(page); 247 157 done: 158 + if (skip == iov->iov_len) { 159 + iov++; 160 + skip = 0; 161 + } 162 + i->count -= wanted - bytes; 163 + i->nr_segs -= iov - i->iov; 164 + i->iov = iov; 165 + i->iov_offset = skip; 166 + return wanted - bytes; 167 + } 168 + 169 + static size_t zero_iovec(size_t bytes, struct iov_iter *i) 170 + { 171 + size_t skip, copy, left, wanted; 172 + const struct iovec *iov; 173 + char __user *buf; 174 + 175 + if (unlikely(bytes > i->count)) 176 + bytes = i->count; 177 + 178 + if (unlikely(!bytes)) 179 + return 0; 180 + 181 + wanted = bytes; 182 + iov = i->iov; 183 + skip = i->iov_offset; 184 + buf = iov->iov_base + skip; 185 + copy = min(bytes, iov->iov_len - skip); 186 + 187 + left = __clear_user(buf, copy); 188 + copy -= left; 189 + skip += copy; 190 + bytes -= copy; 191 + 192 + while (unlikely(!left && bytes)) { 193 + iov++; 194 + buf = iov->iov_base; 195 + copy = min(bytes, iov->iov_len); 196 + left = __clear_user(buf, copy); 197 + copy -= left; 198 + skip = copy; 199 + bytes -= copy; 200 + } 201 + 248 202 if (skip == iov->iov_len) { 249 203 iov++; 250 204 skip = 0; ··· 548 414 kunmap_atomic(to); 549 415 } 550 416 551 - static size_t copy_page_to_iter_bvec(struct page *page, size_t offset, size_t bytes, 552 - struct iov_iter *i) 417 + static void memzero_page(struct page *page, size_t offset, size_t len) 418 + { 419 + char *addr = kmap_atomic(page); 420 + memset(addr + offset, 0, len); 421 + kunmap_atomic(addr); 422 + } 423 + 424 + static size_t copy_to_iter_bvec(void *from, size_t bytes, struct iov_iter *i) 553 425 { 554 426 size_t skip, copy, wanted; 555 427 const struct bio_vec *bvec; 556 - void *kaddr, *from; 557 428 558 429 if (unlikely(bytes > i->count)) 559 430 bytes = i->count; ··· 571 432 skip = i->iov_offset; 572 433 copy = min_t(size_t, bytes, bvec->bv_len - skip); 573 434 574 - kaddr = kmap_atomic(page); 575 - from = kaddr + offset; 576 435 memcpy_to_page(bvec->bv_page, skip + bvec->bv_offset, from, copy); 577 436 skip += copy; 578 437 from += copy; ··· 583 446 from += copy; 584 447 bytes -= copy; 585 448 } 586 - kunmap_atomic(kaddr); 587 449 if (skip == bvec->bv_len) { 588 450 bvec++; 589 451 skip = 0; ··· 594 458 return wanted - bytes; 595 459 } 596 460 597 - static size_t copy_page_from_iter_bvec(struct page *page, size_t offset, size_t bytes, 598 - struct iov_iter *i) 461 + static size_t copy_from_iter_bvec(void *to, size_t bytes, struct iov_iter *i) 599 462 { 600 463 size_t skip, copy, wanted; 601 464 const struct bio_vec *bvec; 602 - void *kaddr, *to; 603 465 604 466 if (unlikely(bytes > i->count)) 605 467 bytes = i->count; ··· 608 474 wanted = bytes; 609 475 bvec = i->bvec; 610 476 skip = i->iov_offset; 611 - 612 - kaddr = kmap_atomic(page); 613 - 614 - to = kaddr + offset; 615 477 616 478 copy = min(bytes, bvec->bv_len - skip); 617 479 ··· 625 495 to += copy; 626 496 bytes -= copy; 627 497 } 628 - kunmap_atomic(kaddr); 629 498 if (skip == bvec->bv_len) { 630 499 bvec++; 631 500 skip = 0; ··· 634 505 i->bvec = bvec; 635 506 i->iov_offset = skip; 636 507 return wanted; 508 + } 509 + 510 + static size_t copy_page_to_iter_bvec(struct page *page, size_t offset, 511 + size_t bytes, struct iov_iter *i) 512 + { 513 + void *kaddr = kmap_atomic(page); 514 + size_t wanted = copy_to_iter_bvec(kaddr + offset, bytes, i); 515 + kunmap_atomic(kaddr); 516 + return wanted; 517 + } 518 + 519 + static size_t copy_page_from_iter_bvec(struct page *page, size_t offset, 520 + size_t bytes, struct iov_iter *i) 521 + { 522 + void *kaddr = kmap_atomic(page); 523 + size_t wanted = copy_from_iter_bvec(kaddr + offset, bytes, i); 524 + kunmap_atomic(kaddr); 525 + return wanted; 526 + } 527 + 528 + static size_t zero_bvec(size_t bytes, struct iov_iter *i) 529 + { 530 + size_t skip, copy, wanted; 531 + const struct bio_vec *bvec; 532 + 533 + if (unlikely(bytes > i->count)) 534 + bytes = i->count; 535 + 536 + if (unlikely(!bytes)) 537 + return 0; 538 + 539 + wanted = bytes; 540 + bvec = i->bvec; 541 + skip = i->iov_offset; 542 + copy = min_t(size_t, bytes, bvec->bv_len - skip); 543 + 544 + memzero_page(bvec->bv_page, skip + bvec->bv_offset, copy); 545 + skip += copy; 546 + bytes -= copy; 547 + while (bytes) { 548 + bvec++; 549 + copy = min(bytes, (size_t)bvec->bv_len); 550 + memzero_page(bvec->bv_page, bvec->bv_offset, copy); 551 + skip = copy; 552 + bytes -= copy; 553 + } 554 + if (skip == bvec->bv_len) { 555 + bvec++; 556 + skip = 0; 557 + } 558 + i->count -= wanted - bytes; 559 + i->nr_segs -= bvec - i->bvec; 560 + i->bvec = bvec; 561 + i->iov_offset = skip; 562 + return wanted - bytes; 637 563 } 638 564 639 565 static size_t copy_from_user_bvec(struct page *page, ··· 855 671 return copy_page_from_iter_iovec(page, offset, bytes, i); 856 672 } 857 673 EXPORT_SYMBOL(copy_page_from_iter); 674 + 675 + size_t copy_to_iter(void *addr, size_t bytes, struct iov_iter *i) 676 + { 677 + if (i->type & ITER_BVEC) 678 + return copy_to_iter_bvec(addr, bytes, i); 679 + else 680 + return copy_to_iter_iovec(addr, bytes, i); 681 + } 682 + EXPORT_SYMBOL(copy_to_iter); 683 + 684 + size_t copy_from_iter(void *addr, size_t bytes, struct iov_iter *i) 685 + { 686 + if (i->type & ITER_BVEC) 687 + return copy_from_iter_bvec(addr, bytes, i); 688 + else 689 + return copy_from_iter_iovec(addr, bytes, i); 690 + } 691 + EXPORT_SYMBOL(copy_from_iter); 692 + 693 + size_t iov_iter_zero(size_t bytes, struct iov_iter *i) 694 + { 695 + if (i->type & ITER_BVEC) { 696 + return zero_bvec(bytes, i); 697 + } else { 698 + return zero_iovec(bytes, i); 699 + } 700 + } 701 + EXPORT_SYMBOL(iov_iter_zero); 858 702 859 703 size_t iov_iter_copy_from_user_atomic(struct page *page, 860 704 struct iov_iter *i, unsigned long offset, size_t bytes)
+1 -1
net/netlink/af_netlink.c
··· 715 715 * after validation, the socket and the ring may only be used by a 716 716 * single process, otherwise we fall back to copying. 717 717 */ 718 - if (atomic_long_read(&sk->sk_socket->file->f_count) > 2 || 718 + if (atomic_long_read(&sk->sk_socket->file->f_count) > 1 || 719 719 atomic_read(&nlk->mapped) > 1) 720 720 excl = false; 721 721
+32 -62
tools/perf/util/string.c
··· 9 9 */ 10 10 s64 perf_atoll(const char *str) 11 11 { 12 - unsigned int i; 13 - s64 length = -1, unit = 1; 12 + s64 length; 13 + char *p; 14 + char c; 14 15 15 16 if (!isdigit(str[0])) 16 17 goto out_err; 17 18 18 - for (i = 1; i < strlen(str); i++) { 19 - switch (str[i]) { 20 - case 'B': 21 - case 'b': 22 - break; 23 - case 'K': 24 - if (str[i + 1] != 'B') 19 + length = strtoll(str, &p, 10); 20 + switch (c = *p++) { 21 + case 'b': case 'B': 22 + if (*p) 25 23 goto out_err; 26 - else 27 - goto kilo; 28 - case 'k': 29 - if (str[i + 1] != 'b') 30 - goto out_err; 31 - kilo: 32 - unit = K; 33 - break; 34 - case 'M': 35 - if (str[i + 1] != 'B') 36 - goto out_err; 37 - else 38 - goto mega; 39 - case 'm': 40 - if (str[i + 1] != 'b') 41 - goto out_err; 42 - mega: 43 - unit = K * K; 44 - break; 45 - case 'G': 46 - if (str[i + 1] != 'B') 47 - goto out_err; 48 - else 49 - goto giga; 50 - case 'g': 51 - if (str[i + 1] != 'b') 52 - goto out_err; 53 - giga: 54 - unit = K * K * K; 55 - break; 56 - case 'T': 57 - if (str[i + 1] != 'B') 58 - goto out_err; 59 - else 60 - goto tera; 61 - case 't': 62 - if (str[i + 1] != 'b') 63 - goto out_err; 64 - tera: 65 - unit = K * K * K * K; 66 - break; 67 - case '\0': /* only specified figures */ 68 - unit = 1; 69 - break; 24 + case '\0': 25 + return length; 70 26 default: 71 - if (!isdigit(str[i])) 72 - goto out_err; 27 + goto out_err; 28 + /* two-letter suffices */ 29 + case 'k': case 'K': 30 + length <<= 10; 73 31 break; 74 - } 32 + case 'm': case 'M': 33 + length <<= 20; 34 + break; 35 + case 'g': case 'G': 36 + length <<= 30; 37 + break; 38 + case 't': case 'T': 39 + length <<= 40; 40 + break; 75 41 } 76 - 77 - length = atoll(str) * unit; 78 - goto out; 42 + /* we want the cases to match */ 43 + if (islower(c)) { 44 + if (strcmp(p, "b") != 0) 45 + goto out_err; 46 + } else { 47 + if (strcmp(p, "B") != 0) 48 + goto out_err; 49 + } 50 + return length; 79 51 80 52 out_err: 81 - length = -1; 82 - out: 83 - return length; 53 + return -1; 84 54 } 85 55 86 56 /*