tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'for-linus-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs
Pull JFFS2, UBI and UBIFS updates from Richard Weinberger:
"JFFS2:
- Fixes for various memory issues
UBI:
- Fix for a race condition in cdev ioctl handler
UBIFS:
- Fixes for O_TMPFILE and whiteout handling
- Fixes for various memory issues"
* tag 'for-linus-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs:
ubifs: rename_whiteout: correct old_dir size computing
jffs2: fix memory leak in jffs2_scan_medium
jffs2: fix memory leak in jffs2_do_mount_fs
jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
fs/jffs2: fix comments mentioning i_mutex
ubi: fastmap: Return error code if memory allocation fails in add_aeb()
ubifs: Fix to add refcount once page is set private
ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
ubifs: Rectify space amount budget for mkdir/tmpfile operations
ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work
ubifs: Rename whiteout atomically
ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
ubifs: Fix wrong number of inodes locked by ui_mutex in ubifs_inode comment
ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
ubifs: rename_whiteout: Fix double free for whiteout_ui->data
ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
+259
-144
+1
-8
drivers/mtd/ubi/build.c
+1
-8
drivers/mtd/ubi/build.c
···
351
351
* we still can use 'ubi->ubi_num'.
352
352
*/
353
353
ubi = container_of(dev, struct ubi_device, dev);
354
-
ubi = ubi_get_device(ubi->ubi_num);
355
-
if (!ubi)
356
-
return -ENODEV;
357
354
358
355
if (attr == &dev_eraseblock_size)
359
356
ret = sprintf(buf, "%d\n", ubi->leb_size);
···
379
382
else
380
383
ret = -EINVAL;
381
384
382
-
ubi_put_device(ubi);
383
385
return ret;
384
386
}
385
387
···
975
979
goto out_detach;
976
980
}
977
981
978
-
/* Make device "available" before it becomes accessible via sysfs */
979
-
ubi_devices[ubi_num] = ubi;
980
-
981
982
err = uif_init(ubi);
982
983
if (err)
983
984
goto out_detach;
···
1019
1026
wake_up_process(ubi->bgt_thread);
1020
1027
spin_unlock(&ubi->wl_lock);
1021
1028
1029
+
ubi_devices[ubi_num] = ubi;
1022
1030
ubi_notify_all(ubi, UBI_VOLUME_ADDED, NULL);
1023
1031
return ubi_num;
1024
1032
···
1028
1034
out_uif:
1029
1035
uif_close(ubi);
1030
1036
out_detach:
1031
-
ubi_devices[ubi_num] = NULL;
1032
1037
ubi_wl_close(ubi);
1033
1038
ubi_free_all_volumes(ubi);
1034
1039
vfree(ubi->vtbl);
+19
-9
drivers/mtd/ubi/fastmap.c
+19
-9
drivers/mtd/ubi/fastmap.c
···
468
468
if (err == UBI_IO_FF_BITFLIPS)
469
469
scrub = 1;
470
470
471
-
add_aeb(ai, free, pnum, ec, scrub);
471
+
ret = add_aeb(ai, free, pnum, ec, scrub);
472
+
if (ret)
473
+
goto out;
472
474
continue;
473
475
} else if (err == 0 || err == UBI_IO_BITFLIPS) {
474
476
dbg_bld("Found non empty PEB:%i in pool", pnum);
···
640
638
if (fm_pos >= fm_size)
641
639
goto fail_bad;
642
640
643
-
add_aeb(ai, &ai->free, be32_to_cpu(fmec->pnum),
644
-
be32_to_cpu(fmec->ec), 0);
641
+
ret = add_aeb(ai, &ai->free, be32_to_cpu(fmec->pnum),
642
+
be32_to_cpu(fmec->ec), 0);
643
+
if (ret)
644
+
goto fail;
645
645
}
646
646
647
647
/* read EC values from used list */
···
653
649
if (fm_pos >= fm_size)
654
650
goto fail_bad;
655
651
656
-
add_aeb(ai, &used, be32_to_cpu(fmec->pnum),
657
-
be32_to_cpu(fmec->ec), 0);
652
+
ret = add_aeb(ai, &used, be32_to_cpu(fmec->pnum),
653
+
be32_to_cpu(fmec->ec), 0);
654
+
if (ret)
655
+
goto fail;
658
656
}
659
657
660
658
/* read EC values from scrub list */
···
666
660
if (fm_pos >= fm_size)
667
661
goto fail_bad;
668
662
669
-
add_aeb(ai, &used, be32_to_cpu(fmec->pnum),
670
-
be32_to_cpu(fmec->ec), 1);
663
+
ret = add_aeb(ai, &used, be32_to_cpu(fmec->pnum),
664
+
be32_to_cpu(fmec->ec), 1);
665
+
if (ret)
666
+
goto fail;
671
667
}
672
668
673
669
/* read EC values from erase list */
···
679
671
if (fm_pos >= fm_size)
680
672
goto fail_bad;
681
673
682
-
add_aeb(ai, &ai->erase, be32_to_cpu(fmec->pnum),
683
-
be32_to_cpu(fmec->ec), 1);
674
+
ret = add_aeb(ai, &ai->erase, be32_to_cpu(fmec->pnum),
675
+
be32_to_cpu(fmec->ec), 1);
676
+
if (ret)
677
+
goto fail;
684
678
}
685
679
686
680
ai->mean_ec = div_u64(ai->ec_sum, ai->ec_count);
+1
-7
drivers/mtd/ubi/vmt.c
+1
-7
drivers/mtd/ubi/vmt.c
···
56
56
{
57
57
int ret;
58
58
struct ubi_volume *vol = container_of(dev, struct ubi_volume, dev);
59
-
struct ubi_device *ubi;
60
-
61
-
ubi = ubi_get_device(vol->ubi->ubi_num);
62
-
if (!ubi)
63
-
return -ENODEV;
59
+
struct ubi_device *ubi = vol->ubi;
64
60
65
61
spin_lock(&ubi->volumes_lock);
66
62
if (!ubi->volumes[vol->vol_id]) {
67
63
spin_unlock(&ubi->volumes_lock);
68
-
ubi_put_device(ubi);
69
64
return -ENODEV;
70
65
}
71
66
/* Take a reference to prevent volume removal */
···
98
103
vol->ref_count -= 1;
99
104
ubi_assert(vol->ref_count >= 0);
100
105
spin_unlock(&ubi->volumes_lock);
101
-
ubi_put_device(ubi);
102
106
return ret;
103
107
}
104
108
+3
-1
fs/jffs2/build.c
+3
-1
fs/jffs2/build.c
···
415
415
jffs2_free_ino_caches(c);
416
416
jffs2_free_raw_node_refs(c);
417
417
ret = -EIO;
418
-
goto out_free;
418
+
goto out_sum_exit;
419
419
}
420
420
421
421
jffs2_calc_trigger_levels(c);
422
422
423
423
return 0;
424
424
425
+
out_sum_exit:
426
+
jffs2_sum_exit(c);
425
427
out_free:
426
428
kvfree(c->blocks);
427
429
+1
-1
fs/jffs2/fs.c
+1
-1
fs/jffs2/fs.c
+2
-2
fs/jffs2/jffs2_fs_i.h
+2
-2
fs/jffs2/jffs2_fs_i.h
···
18
18
#include <linux/mutex.h>
19
19
20
20
struct jffs2_inode_info {
21
-
/* We need an internal mutex similar to inode->i_mutex.
21
+
/* We need an internal mutex similar to inode->i_rwsem.
22
22
Unfortunately, we can't used the existing one, because
23
23
either the GC would deadlock, or we'd have to release it
24
24
before letting GC proceed. Or we'd have to put ugliness
25
-
into the GC code so it didn't attempt to obtain the i_mutex
25
+
into the GC code so it didn't attempt to obtain the i_rwsem
26
26
for the inode(s) which are already locked */
27
27
struct mutex sem;
28
28
+4
-2
fs/jffs2/scan.c
+4
-2
fs/jffs2/scan.c
···
136
136
if (!s) {
137
137
JFFS2_WARNING("Can't allocate memory for summary\n");
138
138
ret = -ENOMEM;
139
-
goto out;
139
+
goto out_buf;
140
140
}
141
141
}
142
142
···
275
275
}
276
276
ret = 0;
277
277
out:
278
+
jffs2_sum_reset_collected(s);
279
+
kfree(s);
280
+
out_buf:
278
281
if (buf_size)
279
282
kfree(flashbuf);
280
283
#ifndef __ECOS
281
284
else
282
285
mtd_unpoint(c->mtd, 0, c->mtd->size);
283
286
#endif
284
-
kfree(s);
285
287
return ret;
286
288
}
287
289
+145
-93
fs/ubifs/dir.c
+145
-93
fs/ubifs/dir.c
···
349
349
return err;
350
350
}
351
351
352
-
static int do_tmpfile(struct inode *dir, struct dentry *dentry,
353
-
umode_t mode, struct inode **whiteout)
352
+
static struct inode *create_whiteout(struct inode *dir, struct dentry *dentry)
353
+
{
354
+
int err;
355
+
umode_t mode = S_IFCHR | WHITEOUT_MODE;
356
+
struct inode *inode;
357
+
struct ubifs_info *c = dir->i_sb->s_fs_info;
358
+
struct fscrypt_name nm;
359
+
360
+
/*
361
+
* Create an inode('nlink = 1') for whiteout without updating journal,
362
+
* let ubifs_jnl_rename() store it on flash to complete rename whiteout
363
+
* atomically.
364
+
*/
365
+
366
+
dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
367
+
dentry, mode, dir->i_ino);
368
+
369
+
err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
370
+
if (err)
371
+
return ERR_PTR(err);
372
+
373
+
inode = ubifs_new_inode(c, dir, mode);
374
+
if (IS_ERR(inode)) {
375
+
err = PTR_ERR(inode);
376
+
goto out_free;
377
+
}
378
+
379
+
init_special_inode(inode, inode->i_mode, WHITEOUT_DEV);
380
+
ubifs_assert(c, inode->i_op == &ubifs_file_inode_operations);
381
+
382
+
err = ubifs_init_security(dir, inode, &dentry->d_name);
383
+
if (err)
384
+
goto out_inode;
385
+
386
+
/* The dir size is updated by do_rename. */
387
+
insert_inode_hash(inode);
388
+
389
+
return inode;
390
+
391
+
out_inode:
392
+
make_bad_inode(inode);
393
+
iput(inode);
394
+
out_free:
395
+
fscrypt_free_filename(&nm);
396
+
ubifs_err(c, "cannot create whiteout file, error %d", err);
397
+
return ERR_PTR(err);
398
+
}
399
+
400
+
/**
401
+
* lock_2_inodes - a wrapper for locking two UBIFS inodes.
402
+
* @inode1: first inode
403
+
* @inode2: second inode
404
+
*
405
+
* We do not implement any tricks to guarantee strict lock ordering, because
406
+
* VFS has already done it for us on the @i_mutex. So this is just a simple
407
+
* wrapper function.
408
+
*/
409
+
static void lock_2_inodes(struct inode *inode1, struct inode *inode2)
410
+
{
411
+
mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
412
+
mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
413
+
}
414
+
415
+
/**
416
+
* unlock_2_inodes - a wrapper for unlocking two UBIFS inodes.
417
+
* @inode1: first inode
418
+
* @inode2: second inode
419
+
*/
420
+
static void unlock_2_inodes(struct inode *inode1, struct inode *inode2)
421
+
{
422
+
mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
423
+
mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
424
+
}
425
+
426
+
static int ubifs_tmpfile(struct user_namespace *mnt_userns, struct inode *dir,
427
+
struct dentry *dentry, umode_t mode)
354
428
{
355
429
struct inode *inode;
356
430
struct ubifs_info *c = dir->i_sb->s_fs_info;
357
-
struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1};
431
+
struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
432
+
.dirtied_ino = 1};
358
433
struct ubifs_budget_req ino_req = { .dirtied_ino = 1 };
359
-
struct ubifs_inode *ui, *dir_ui = ubifs_inode(dir);
434
+
struct ubifs_inode *ui;
360
435
int err, instantiated = 0;
361
436
struct fscrypt_name nm;
362
437
363
438
/*
364
-
* Budget request settings: new dirty inode, new direntry,
365
-
* budget for dirtied inode will be released via writeback.
439
+
* Budget request settings: new inode, new direntry, changing the
440
+
* parent directory inode.
441
+
* Allocate budget separately for new dirtied inode, the budget will
442
+
* be released via writeback.
366
443
*/
367
444
368
445
dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
···
469
392
}
470
393
ui = ubifs_inode(inode);
471
394
472
-
if (whiteout) {
473
-
init_special_inode(inode, inode->i_mode, WHITEOUT_DEV);
474
-
ubifs_assert(c, inode->i_op == &ubifs_file_inode_operations);
475
-
}
476
-
477
395
err = ubifs_init_security(dir, inode, &dentry->d_name);
478
396
if (err)
479
397
goto out_inode;
480
398
481
399
mutex_lock(&ui->ui_mutex);
482
400
insert_inode_hash(inode);
483
-
484
-
if (whiteout) {
485
-
mark_inode_dirty(inode);
486
-
drop_nlink(inode);
487
-
*whiteout = inode;
488
-
} else {
489
-
d_tmpfile(dentry, inode);
490
-
}
401
+
d_tmpfile(dentry, inode);
491
402
ubifs_assert(c, ui->dirty);
492
403
493
404
instantiated = 1;
494
405
mutex_unlock(&ui->ui_mutex);
495
406
496
-
mutex_lock(&dir_ui->ui_mutex);
407
+
lock_2_inodes(dir, inode);
497
408
err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
498
409
if (err)
499
410
goto out_cancel;
500
-
mutex_unlock(&dir_ui->ui_mutex);
411
+
unlock_2_inodes(dir, inode);
501
412
502
413
ubifs_release_budget(c, &req);
503
414
504
415
return 0;
505
416
506
417
out_cancel:
507
-
mutex_unlock(&dir_ui->ui_mutex);
418
+
unlock_2_inodes(dir, inode);
508
419
out_inode:
509
420
make_bad_inode(inode);
510
421
if (!instantiated)
···
504
439
fscrypt_free_filename(&nm);
505
440
ubifs_err(c, "cannot create temporary file, error %d", err);
506
441
return err;
507
-
}
508
-
509
-
static int ubifs_tmpfile(struct user_namespace *mnt_userns, struct inode *dir,
510
-
struct dentry *dentry, umode_t mode)
511
-
{
512
-
return do_tmpfile(dir, dentry, mode, NULL);
513
442
}
514
443
515
444
/**
···
717
658
kfree(file->private_data);
718
659
file->private_data = NULL;
719
660
return 0;
720
-
}
721
-
722
-
/**
723
-
* lock_2_inodes - a wrapper for locking two UBIFS inodes.
724
-
* @inode1: first inode
725
-
* @inode2: second inode
726
-
*
727
-
* We do not implement any tricks to guarantee strict lock ordering, because
728
-
* VFS has already done it for us on the @i_mutex. So this is just a simple
729
-
* wrapper function.
730
-
*/
731
-
static void lock_2_inodes(struct inode *inode1, struct inode *inode2)
732
-
{
733
-
mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
734
-
mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
735
-
}
736
-
737
-
/**
738
-
* unlock_2_inodes - a wrapper for unlocking two UBIFS inodes.
739
-
* @inode1: first inode
740
-
* @inode2: second inode
741
-
*/
742
-
static void unlock_2_inodes(struct inode *inode1, struct inode *inode2)
743
-
{
744
-
mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
745
-
mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
746
661
}
747
662
748
663
static int ubifs_link(struct dentry *old_dentry, struct inode *dir,
···
982
949
struct ubifs_inode *dir_ui = ubifs_inode(dir);
983
950
struct ubifs_info *c = dir->i_sb->s_fs_info;
984
951
int err, sz_change;
985
-
struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1 };
952
+
struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
953
+
.dirtied_ino = 1};
986
954
struct fscrypt_name nm;
987
955
988
956
/*
···
1298
1264
.dirtied_ino = 3 };
1299
1265
struct ubifs_budget_req ino_req = { .dirtied_ino = 1,
1300
1266
.dirtied_ino_d = ALIGN(old_inode_ui->data_len, 8) };
1267
+
struct ubifs_budget_req wht_req;
1301
1268
struct timespec64 time;
1302
1269
unsigned int saved_nlink;
1303
1270
struct fscrypt_name old_nm, new_nm;
1304
1271
1305
1272
/*
1306
-
* Budget request settings: deletion direntry, new direntry, removing
1307
-
* the old inode, and changing old and new parent directory inodes.
1273
+
* Budget request settings:
1274
+
* req: deletion direntry, new direntry, removing the old inode,
1275
+
* and changing old and new parent directory inodes.
1308
1276
*
1309
-
* However, this operation also marks the target inode as dirty and
1310
-
* does not write it, so we allocate budget for the target inode
1311
-
* separately.
1277
+
* wht_req: new whiteout inode for RENAME_WHITEOUT.
1278
+
*
1279
+
* ino_req: marks the target inode as dirty and does not write it.
1312
1280
*/
1313
1281
1314
1282
dbg_gen("dent '%pd' ino %lu in dir ino %lu to dent '%pd' in dir ino %lu flags 0x%x",
···
1367
1331
goto out_release;
1368
1332
}
1369
1333
1370
-
err = do_tmpfile(old_dir, old_dentry, S_IFCHR | WHITEOUT_MODE, &whiteout);
1371
-
if (err) {
1334
+
/*
1335
+
* The whiteout inode without dentry is pinned in memory,
1336
+
* umount won't happen during rename process because we
1337
+
* got parent dentry.
1338
+
*/
1339
+
whiteout = create_whiteout(old_dir, old_dentry);
1340
+
if (IS_ERR(whiteout)) {
1341
+
err = PTR_ERR(whiteout);
1372
1342
kfree(dev);
1373
1343
goto out_release;
1374
1344
}
1375
-
1376
-
spin_lock(&whiteout->i_lock);
1377
-
whiteout->i_state |= I_LINKABLE;
1378
-
spin_unlock(&whiteout->i_lock);
1379
1345
1380
1346
whiteout_ui = ubifs_inode(whiteout);
1381
1347
whiteout_ui->data = dev;
1382
1348
whiteout_ui->data_len = ubifs_encode_dev(dev, MKDEV(0, 0));
1383
1349
ubifs_assert(c, !whiteout_ui->dirty);
1350
+
1351
+
memset(&wht_req, 0, sizeof(struct ubifs_budget_req));
1352
+
wht_req.new_ino = 1;
1353
+
wht_req.new_ino_d = ALIGN(whiteout_ui->data_len, 8);
1354
+
/*
1355
+
* To avoid deadlock between space budget (holds ui_mutex and
1356
+
* waits wb work) and writeback work(waits ui_mutex), do space
1357
+
* budget before ubifs inodes locked.
1358
+
*/
1359
+
err = ubifs_budget_space(c, &wht_req);
1360
+
if (err) {
1361
+
/*
1362
+
* Whiteout inode can not be written on flash by
1363
+
* ubifs_jnl_write_inode(), because it's neither
1364
+
* dirty nor zero-nlink.
1365
+
*/
1366
+
iput(whiteout);
1367
+
goto out_release;
1368
+
}
1369
+
1370
+
/* Add the old_dentry size to the old_dir size. */
1371
+
old_sz -= CALC_DENT_SIZE(fname_len(&old_nm));
1384
1372
}
1385
1373
1386
1374
lock_4_inodes(old_dir, new_dir, new_inode, whiteout);
···
1476
1416
sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1477
1417
if (unlink && IS_SYNC(new_inode))
1478
1418
sync = 1;
1479
-
}
1480
-
1481
-
if (whiteout) {
1482
-
struct ubifs_budget_req wht_req = { .dirtied_ino = 1,
1483
-
.dirtied_ino_d = \
1484
-
ALIGN(ubifs_inode(whiteout)->data_len, 8) };
1485
-
1486
-
err = ubifs_budget_space(c, &wht_req);
1487
-
if (err) {
1488
-
kfree(whiteout_ui->data);
1489
-
whiteout_ui->data_len = 0;
1490
-
iput(whiteout);
1491
-
goto out_release;
1492
-
}
1493
-
1494
-
inc_nlink(whiteout);
1495
-
mark_inode_dirty(whiteout);
1496
-
1497
-
spin_lock(&whiteout->i_lock);
1498
-
whiteout->i_state &= ~I_LINKABLE;
1499
-
spin_unlock(&whiteout->i_lock);
1500
-
1501
-
iput(whiteout);
1419
+
/*
1420
+
* S_SYNC flag of whiteout inherits from the old_dir, and we
1421
+
* have already checked the old dir inode. So there is no need
1422
+
* to check whiteout.
1423
+
*/
1502
1424
}
1503
1425
1504
1426
err = ubifs_jnl_rename(c, old_dir, old_inode, &old_nm, new_dir,
···
1491
1449
unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1492
1450
ubifs_release_budget(c, &req);
1493
1451
1452
+
if (whiteout) {
1453
+
ubifs_release_budget(c, &wht_req);
1454
+
iput(whiteout);
1455
+
}
1456
+
1494
1457
mutex_lock(&old_inode_ui->ui_mutex);
1495
1458
release = old_inode_ui->dirty;
1496
1459
mark_inode_dirty_sync(old_inode);
···
1504
1457
if (release)
1505
1458
ubifs_release_budget(c, &ino_req);
1506
1459
if (IS_SYNC(old_inode))
1507
-
err = old_inode->i_sb->s_op->write_inode(old_inode, NULL);
1460
+
/*
1461
+
* Rename finished here. Although old inode cannot be updated
1462
+
* on flash, old ctime is not a big problem, don't return err
1463
+
* code to userspace.
1464
+
*/
1465
+
old_inode->i_sb->s_op->write_inode(old_inode, NULL);
1508
1466
1509
1467
fscrypt_free_filename(&old_nm);
1510
1468
fscrypt_free_filename(&new_nm);
1511
-
return err;
1469
+
return 0;
1512
1470
1513
1471
out_cancel:
1514
1472
if (unlink) {
···
1534
1482
inc_nlink(old_dir);
1535
1483
}
1536
1484
}
1485
+
unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1537
1486
if (whiteout) {
1538
-
drop_nlink(whiteout);
1487
+
ubifs_release_budget(c, &wht_req);
1539
1488
iput(whiteout);
1540
1489
}
1541
-
unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1542
1490
out_release:
1543
1491
ubifs_release_budget(c, &ino_req);
1544
1492
ubifs_release_budget(c, &req);
+7
-7
fs/ubifs/file.c
+7
-7
fs/ubifs/file.c
···
570
570
}
571
571
572
572
if (!PagePrivate(page)) {
573
-
SetPagePrivate(page);
573
+
attach_page_private(page, (void *)1);
574
574
atomic_long_inc(&c->dirty_pg_cnt);
575
575
__set_page_dirty_nobuffers(page);
576
576
}
···
947
947
release_existing_page_budget(c);
948
948
949
949
atomic_long_dec(&c->dirty_pg_cnt);
950
-
ClearPagePrivate(page);
950
+
detach_page_private(page);
951
951
ClearPageChecked(page);
952
952
953
953
kunmap(page);
···
1304
1304
release_existing_page_budget(c);
1305
1305
1306
1306
atomic_long_dec(&c->dirty_pg_cnt);
1307
-
folio_clear_private(folio);
1307
+
folio_detach_private(folio);
1308
1308
folio_clear_checked(folio);
1309
1309
}
1310
1310
···
1471
1471
return rc;
1472
1472
1473
1473
if (PagePrivate(page)) {
1474
-
ClearPagePrivate(page);
1475
-
SetPagePrivate(newpage);
1474
+
detach_page_private(page);
1475
+
attach_page_private(newpage, (void *)1);
1476
1476
}
1477
1477
1478
1478
if (mode != MIGRATE_SYNC_NO_COPY)
···
1496
1496
return 0;
1497
1497
ubifs_assert(c, PagePrivate(page));
1498
1498
ubifs_assert(c, 0);
1499
-
ClearPagePrivate(page);
1499
+
detach_page_private(page);
1500
1500
ClearPageChecked(page);
1501
1501
return 1;
1502
1502
}
···
1567
1567
else {
1568
1568
if (!PageChecked(page))
1569
1569
ubifs_convert_page_budget(c);
1570
-
SetPagePrivate(page);
1570
+
attach_page_private(page, (void *)1);
1571
1571
atomic_long_inc(&c->dirty_pg_cnt);
1572
1572
__set_page_dirty_nobuffers(page);
1573
1573
}
+30
-4
fs/ubifs/io.c
+30
-4
fs/ubifs/io.c
···
854
854
*/
855
855
n = aligned_len >> c->max_write_shift;
856
856
if (n) {
857
-
n <<= c->max_write_shift;
857
+
int m = n - 1;
858
+
858
859
dbg_io("write %d bytes to LEB %d:%d", n, wbuf->lnum,
859
860
wbuf->offs);
860
-
err = ubifs_leb_write(c, wbuf->lnum, buf + written,
861
-
wbuf->offs, n);
861
+
862
+
if (m) {
863
+
/* '(n-1)<<c->max_write_shift < len' is always true. */
864
+
m <<= c->max_write_shift;
865
+
err = ubifs_leb_write(c, wbuf->lnum, buf + written,
866
+
wbuf->offs, m);
867
+
if (err)
868
+
goto out;
869
+
wbuf->offs += m;
870
+
aligned_len -= m;
871
+
len -= m;
872
+
written += m;
873
+
}
874
+
875
+
/*
876
+
* The non-written len of buf may be less than 'n' because
877
+
* parameter 'len' is not 8 bytes aligned, so here we read
878
+
* min(len, n) bytes from buf.
879
+
*/
880
+
n = 1 << c->max_write_shift;
881
+
memcpy(wbuf->buf, buf + written, min(len, n));
882
+
if (n > len) {
883
+
ubifs_assert(c, n - len < 8);
884
+
ubifs_pad(c, wbuf->buf + len, n - len);
885
+
}
886
+
887
+
err = ubifs_leb_write(c, wbuf->lnum, wbuf->buf, wbuf->offs, n);
862
888
if (err)
863
889
goto out;
864
890
wbuf->offs += n;
865
891
aligned_len -= n;
866
-
len -= n;
892
+
len -= min(len, n);
867
893
written += n;
868
894
}
869
895
+1
-1
fs/ubifs/ioctl.c
+1
-1
fs/ubifs/ioctl.c
···
108
108
struct ubifs_inode *ui = ubifs_inode(inode);
109
109
struct ubifs_info *c = inode->i_sb->s_fs_info;
110
110
struct ubifs_budget_req req = { .dirtied_ino = 1,
111
-
.dirtied_ino_d = ui->data_len };
111
+
.dirtied_ino_d = ALIGN(ui->data_len, 8) };
112
112
113
113
err = ubifs_budget_space(c, &req);
114
114
if (err)
+44
-8
fs/ubifs/journal.c
+44
-8
fs/ubifs/journal.c
···
1207
1207
* @sync: non-zero if the write-buffer has to be synchronized
1208
1208
*
1209
1209
* This function implements the re-name operation which may involve writing up
1210
-
* to 4 inodes and 2 directory entries. It marks the written inodes as clean
1211
-
* and returns zero on success. In case of failure, a negative error code is
1212
-
* returned.
1210
+
* to 4 inodes(new inode, whiteout inode, old and new parent directory inodes)
1211
+
* and 2 directory entries. It marks the written inodes as clean and returns
1212
+
* zero on success. In case of failure, a negative error code is returned.
1213
1213
*/
1214
1214
int ubifs_jnl_rename(struct ubifs_info *c, const struct inode *old_dir,
1215
1215
const struct inode *old_inode,
···
1222
1222
void *p;
1223
1223
union ubifs_key key;
1224
1224
struct ubifs_dent_node *dent, *dent2;
1225
-
int err, dlen1, dlen2, ilen, lnum, offs, len, orphan_added = 0;
1225
+
int err, dlen1, dlen2, ilen, wlen, lnum, offs, len, orphan_added = 0;
1226
1226
int aligned_dlen1, aligned_dlen2, plen = UBIFS_INO_NODE_SZ;
1227
1227
int last_reference = !!(new_inode && new_inode->i_nlink == 0);
1228
1228
int move = (old_dir != new_dir);
1229
-
struct ubifs_inode *new_ui;
1229
+
struct ubifs_inode *new_ui, *whiteout_ui;
1230
1230
u8 hash_old_dir[UBIFS_HASH_ARR_SZ];
1231
1231
u8 hash_new_dir[UBIFS_HASH_ARR_SZ];
1232
1232
u8 hash_new_inode[UBIFS_HASH_ARR_SZ];
1233
+
u8 hash_whiteout_inode[UBIFS_HASH_ARR_SZ];
1233
1234
u8 hash_dent1[UBIFS_HASH_ARR_SZ];
1234
1235
u8 hash_dent2[UBIFS_HASH_ARR_SZ];
1235
1236
···
1250
1249
} else
1251
1250
ilen = 0;
1252
1251
1252
+
if (whiteout) {
1253
+
whiteout_ui = ubifs_inode(whiteout);
1254
+
ubifs_assert(c, mutex_is_locked(&whiteout_ui->ui_mutex));
1255
+
ubifs_assert(c, whiteout->i_nlink == 1);
1256
+
ubifs_assert(c, !whiteout_ui->dirty);
1257
+
wlen = UBIFS_INO_NODE_SZ;
1258
+
wlen += whiteout_ui->data_len;
1259
+
} else
1260
+
wlen = 0;
1261
+
1253
1262
aligned_dlen1 = ALIGN(dlen1, 8);
1254
1263
aligned_dlen2 = ALIGN(dlen2, 8);
1255
-
len = aligned_dlen1 + aligned_dlen2 + ALIGN(ilen, 8) + ALIGN(plen, 8);
1264
+
len = aligned_dlen1 + aligned_dlen2 + ALIGN(ilen, 8) +
1265
+
ALIGN(wlen, 8) + ALIGN(plen, 8);
1256
1266
if (move)
1257
1267
len += plen;
1258
1268
···
1325
1313
p += ALIGN(ilen, 8);
1326
1314
}
1327
1315
1316
+
if (whiteout) {
1317
+
pack_inode(c, p, whiteout, 0);
1318
+
err = ubifs_node_calc_hash(c, p, hash_whiteout_inode);
1319
+
if (err)
1320
+
goto out_release;
1321
+
1322
+
p += ALIGN(wlen, 8);
1323
+
}
1324
+
1328
1325
if (!move) {
1329
1326
pack_inode(c, p, old_dir, 1);
1330
1327
err = ubifs_node_calc_hash(c, p, hash_old_dir);
···
1373
1352
if (new_inode)
1374
1353
ubifs_wbuf_add_ino_nolock(&c->jheads[BASEHD].wbuf,
1375
1354
new_inode->i_ino);
1355
+
if (whiteout)
1356
+
ubifs_wbuf_add_ino_nolock(&c->jheads[BASEHD].wbuf,
1357
+
whiteout->i_ino);
1376
1358
}
1377
1359
release_head(c, BASEHD);
1378
1360
···
1392
1368
err = ubifs_tnc_add_nm(c, &key, lnum, offs, dlen2, hash_dent2, old_nm);
1393
1369
if (err)
1394
1370
goto out_ro;
1395
-
1396
-
ubifs_delete_orphan(c, whiteout->i_ino);
1397
1371
} else {
1398
1372
err = ubifs_add_dirt(c, lnum, dlen2);
1399
1373
if (err)
···
1410
1388
if (err)
1411
1389
goto out_ro;
1412
1390
offs += ALIGN(ilen, 8);
1391
+
}
1392
+
1393
+
if (whiteout) {
1394
+
ino_key_init(c, &key, whiteout->i_ino);
1395
+
err = ubifs_tnc_add(c, &key, lnum, offs, wlen,
1396
+
hash_whiteout_inode);
1397
+
if (err)
1398
+
goto out_ro;
1399
+
offs += ALIGN(wlen, 8);
1413
1400
}
1414
1401
1415
1402
ino_key_init(c, &key, old_dir->i_ino);
···
1441
1410
new_ui->synced_i_size = new_ui->ui_size;
1442
1411
spin_unlock(&new_ui->ui_lock);
1443
1412
}
1413
+
/*
1414
+
* No need to mark whiteout inode clean.
1415
+
* Whiteout doesn't have non-zero size, no need to update
1416
+
* synced_i_size for whiteout_ui.
1417
+
*/
1444
1418
mark_inode_clean(c, ubifs_inode(old_dir));
1445
1419
if (move)
1446
1420
mark_inode_clean(c, ubifs_inode(new_dir));
+1
-1
fs/ubifs/ubifs.h
+1
-1
fs/ubifs/ubifs.h
···
381
381
* @ui_mutex exists for two main reasons. At first it prevents inodes from
382
382
* being written back while UBIFS changing them, being in the middle of an VFS
383
383
* operation. This way UBIFS makes sure the inode fields are consistent. For
384
-
* example, in 'ubifs_rename()' we change 3 inodes simultaneously, and
384
+
* example, in 'ubifs_rename()' we change 4 inodes simultaneously, and
385
385
* write-back must not write any of them before we have finished.
386
386
*
387
387
* The second reason is budgeting - UBIFS has to budget all operations. If an