diff options
| author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2009-08-12 09:12:30 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-08-12 11:21:39 -0400 |
| commit | 1ae88b2e446261c038f2c0c3150ffae142b227a2 (patch) | |
| tree | b3c9c11e4391c59086308e2674661688db5b12f5 | |
| parent | 7cb7beb31aa3d941833b6a6e553687422c31e4b6 (diff) | |
NFS: Fix an O_DIRECT Oops...
We can't call nfs_readdata_release()/nfs_writedata_release() without
first initialising and referencing args.context. Doing so inside
nfs_direct_read_schedule_segment()/nfs_direct_write_schedule_segment()
causes an Oops.
We should rather be calling nfs_readdata_free()/nfs_writedata_free() in
those cases.
Looking at the O_DIRECT code, the "struct nfs_direct_req" is already
referencing the nfs_open_context for us. Since the readdata and writedata
structures carry a reference to that, we can simplify things by getting rid
of the extra nfs_open_context references, so that we can replace all
instances of nfs_readdata_release()/nfs_writedata_release().
Reported-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Tested-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| -rw-r--r-- | fs/nfs/direct.c | 20 | ||||
| -rw-r--r-- | fs/nfs/read.c | 6 | ||||
| -rw-r--r-- | fs/nfs/write.c | 6 | ||||
| -rw-r--r-- | include/linux/nfs_fs.h | 5 |
4 files changed, 16 insertions, 21 deletions
diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c index 489fc01a3204..e4e089a8f294 100644 --- a/fs/nfs/direct.c +++ b/fs/nfs/direct.c | |||
| @@ -255,7 +255,7 @@ static void nfs_direct_read_release(void *calldata) | |||
| 255 | 255 | ||
| 256 | if (put_dreq(dreq)) | 256 | if (put_dreq(dreq)) |
| 257 | nfs_direct_complete(dreq); | 257 | nfs_direct_complete(dreq); |
| 258 | nfs_readdata_release(calldata); | 258 | nfs_readdata_free(data); |
| 259 | } | 259 | } |
| 260 | 260 | ||
| 261 | static const struct rpc_call_ops nfs_read_direct_ops = { | 261 | static const struct rpc_call_ops nfs_read_direct_ops = { |
| @@ -314,14 +314,14 @@ static ssize_t nfs_direct_read_schedule_segment(struct nfs_direct_req *dreq, | |||
| 314 | data->npages, 1, 0, data->pagevec, NULL); | 314 | data->npages, 1, 0, data->pagevec, NULL); |
| 315 | up_read(¤t->mm->mmap_sem); | 315 | up_read(¤t->mm->mmap_sem); |
| 316 | if (result < 0) { | 316 | if (result < 0) { |
| 317 | nfs_readdata_release(data); | 317 | nfs_readdata_free(data); |
| 318 | break; | 318 | break; |
| 319 | } | 319 | } |
| 320 | if ((unsigned)result < data->npages) { | 320 | if ((unsigned)result < data->npages) { |
| 321 | bytes = result * PAGE_SIZE; | 321 | bytes = result * PAGE_SIZE; |
| 322 | if (bytes <= pgbase) { | 322 | if (bytes <= pgbase) { |
| 323 | nfs_direct_release_pages(data->pagevec, result); | 323 | nfs_direct_release_pages(data->pagevec, result); |
| 324 | nfs_readdata_release(data); | 324 | nfs_readdata_free(data); |
| 325 | break; | 325 | break; |
| 326 | } | 326 | } |
| 327 | bytes -= pgbase; | 327 | bytes -= pgbase; |
| @@ -334,7 +334,7 @@ static ssize_t nfs_direct_read_schedule_segment(struct nfs_direct_req *dreq, | |||
| 334 | data->inode = inode; | 334 | data->inode = inode; |
| 335 | data->cred = msg.rpc_cred; | 335 | data->cred = msg.rpc_cred; |
| 336 | data->args.fh = NFS_FH(inode); | 336 | data->args.fh = NFS_FH(inode); |
| 337 | data->args.context = get_nfs_open_context(ctx); | 337 | data->args.context = ctx; |
| 338 | data->args.offset = pos; | 338 | data->args.offset = pos; |
| 339 | data->args.pgbase = pgbase; | 339 | data->args.pgbase = pgbase; |
| 340 | data->args.pages = data->pagevec; | 340 | data->args.pages = data->pagevec; |
| @@ -441,7 +441,7 @@ static void nfs_direct_free_writedata(struct nfs_direct_req *dreq) | |||
| 441 | struct nfs_write_data *data = list_entry(dreq->rewrite_list.next, struct nfs_write_data, pages); | 441 | struct nfs_write_data *data = list_entry(dreq->rewrite_list.next, struct nfs_write_data, pages); |
| 442 | list_del(&data->pages); | 442 | list_del(&data->pages); |
| 443 | nfs_direct_release_pages(data->pagevec, data->npages); | 443 | nfs_direct_release_pages(data->pagevec, data->npages); |
| 444 | nfs_writedata_release(data); | 444 | nfs_writedata_free(data); |
| 445 | } | 445 | } |
| 446 | } | 446 | } |
| 447 | 447 | ||
| @@ -534,7 +534,7 @@ static void nfs_direct_commit_release(void *calldata) | |||
| 534 | 534 | ||
| 535 | dprintk("NFS: %5u commit returned %d\n", data->task.tk_pid, status); | 535 | dprintk("NFS: %5u commit returned %d\n", data->task.tk_pid, status); |
| 536 | nfs_direct_write_complete(dreq, data->inode); | 536 | nfs_direct_write_complete(dreq, data->inode); |
| 537 | nfs_commitdata_release(calldata); | 537 | nfs_commit_free(data); |
| 538 | } | 538 | } |
| 539 | 539 | ||
| 540 | static const struct rpc_call_ops nfs_commit_direct_ops = { | 540 | static const struct rpc_call_ops nfs_commit_direct_ops = { |
| @@ -570,7 +570,7 @@ static void nfs_direct_commit_schedule(struct nfs_direct_req *dreq) | |||
| 570 | data->args.fh = NFS_FH(data->inode); | 570 | data->args.fh = NFS_FH(data->inode); |
| 571 | data->args.offset = 0; | 571 | data->args.offset = 0; |
| 572 | data->args.count = 0; | 572 | data->args.count = 0; |
| 573 | data->args.context = get_nfs_open_context(dreq->ctx); | 573 | data->args.context = dreq->ctx; |
| 574 | data->res.count = 0; | 574 | data->res.count = 0; |
| 575 | data->res.fattr = &data->fattr; | 575 | data->res.fattr = &data->fattr; |
| 576 | data->res.verf = &data->verf; | 576 | data->res.verf = &data->verf; |
| @@ -734,14 +734,14 @@ static ssize_t nfs_direct_write_schedule_segment(struct nfs_direct_req *dreq, | |||
| 734 | data->npages, 0, 0, data->pagevec, NULL); | 734 | data->npages, 0, 0, data->pagevec, NULL); |
| 735 | up_read(¤t->mm->mmap_sem); | 735 | up_read(¤t->mm->mmap_sem); |
| 736 | if (result < 0) { | 736 | if (result < 0) { |
| 737 | nfs_writedata_release(data); | 737 | nfs_writedata_free(data); |
| 738 | break; | 738 | break; |
| 739 | } | 739 | } |
| 740 | if ((unsigned)result < data->npages) { | 740 | if ((unsigned)result < data->npages) { |
| 741 | bytes = result * PAGE_SIZE; | 741 | bytes = result * PAGE_SIZE; |
| 742 | if (bytes <= pgbase) { | 742 | if (bytes <= pgbase) { |
| 743 | nfs_direct_release_pages(data->pagevec, result); | 743 | nfs_direct_release_pages(data->pagevec, result); |
| 744 | nfs_writedata_release(data); | 744 | nfs_writedata_free(data); |
| 745 | break; | 745 | break; |
| 746 | } | 746 | } |
| 747 | bytes -= pgbase; | 747 | bytes -= pgbase; |
| @@ -756,7 +756,7 @@ static ssize_t nfs_direct_write_schedule_segment(struct nfs_direct_req *dreq, | |||
| 756 | data->inode = inode; | 756 | data->inode = inode; |
| 757 | data->cred = msg.rpc_cred; | 757 | data->cred = msg.rpc_cred; |
| 758 | data->args.fh = NFS_FH(inode); | 758 | data->args.fh = NFS_FH(inode); |
| 759 | data->args.context = get_nfs_open_context(ctx); | 759 | data->args.context = ctx; |
| 760 | data->args.offset = pos; | 760 | data->args.offset = pos; |
| 761 | data->args.pgbase = pgbase; | 761 | data->args.pgbase = pgbase; |
| 762 | data->args.pages = data->pagevec; | 762 | data->args.pages = data->pagevec; |
diff --git a/fs/nfs/read.c b/fs/nfs/read.c index 73ea5e8d66ce..12c9e66d3f1d 100644 --- a/fs/nfs/read.c +++ b/fs/nfs/read.c | |||
| @@ -60,17 +60,15 @@ struct nfs_read_data *nfs_readdata_alloc(unsigned int pagecount) | |||
| 60 | return p; | 60 | return p; |
| 61 | } | 61 | } |
| 62 | 62 | ||
| 63 | static void nfs_readdata_free(struct nfs_read_data *p) | 63 | void nfs_readdata_free(struct nfs_read_data *p) |
| 64 | { | 64 | { |
| 65 | if (p && (p->pagevec != &p->page_array[0])) | 65 | if (p && (p->pagevec != &p->page_array[0])) |
| 66 | kfree(p->pagevec); | 66 | kfree(p->pagevec); |
| 67 | mempool_free(p, nfs_rdata_mempool); | 67 | mempool_free(p, nfs_rdata_mempool); |
| 68 | } | 68 | } |
| 69 | 69 | ||
| 70 | void nfs_readdata_release(void *data) | 70 | static void nfs_readdata_release(struct nfs_read_data *rdata) |
| 71 | { | 71 | { |
| 72 | struct nfs_read_data *rdata = data; | ||
| 73 | |||
| 74 | put_nfs_open_context(rdata->args.context); | 72 | put_nfs_open_context(rdata->args.context); |
| 75 | nfs_readdata_free(rdata); | 73 | nfs_readdata_free(rdata); |
| 76 | } | 74 | } |
diff --git a/fs/nfs/write.c b/fs/nfs/write.c index 0a0a2ff767c3..a34fae21fe10 100644 --- a/fs/nfs/write.c +++ b/fs/nfs/write.c | |||
| @@ -87,17 +87,15 @@ struct nfs_write_data *nfs_writedata_alloc(unsigned int pagecount) | |||
| 87 | return p; | 87 | return p; |
| 88 | } | 88 | } |
| 89 | 89 | ||
| 90 | static void nfs_writedata_free(struct nfs_write_data *p) | 90 | void nfs_writedata_free(struct nfs_write_data *p) |
| 91 | { | 91 | { |
| 92 | if (p && (p->pagevec != &p->page_array[0])) | 92 | if (p && (p->pagevec != &p->page_array[0])) |
| 93 | kfree(p->pagevec); | 93 | kfree(p->pagevec); |
| 94 | mempool_free(p, nfs_wdata_mempool); | 94 | mempool_free(p, nfs_wdata_mempool); |
| 95 | } | 95 | } |
| 96 | 96 | ||
| 97 | void nfs_writedata_release(void *data) | 97 | static void nfs_writedata_release(struct nfs_write_data *wdata) |
| 98 | { | 98 | { |
| 99 | struct nfs_write_data *wdata = data; | ||
| 100 | |||
| 101 | put_nfs_open_context(wdata->args.context); | 99 | put_nfs_open_context(wdata->args.context); |
| 102 | nfs_writedata_free(wdata); | 100 | nfs_writedata_free(wdata); |
| 103 | } | 101 | } |
diff --git a/include/linux/nfs_fs.h b/include/linux/nfs_fs.h index fdffb413b192..f6b90240dd41 100644 --- a/include/linux/nfs_fs.h +++ b/include/linux/nfs_fs.h | |||
| @@ -473,7 +473,6 @@ extern int nfs_writepages(struct address_space *, struct writeback_control *); | |||
| 473 | extern int nfs_flush_incompatible(struct file *file, struct page *page); | 473 | extern int nfs_flush_incompatible(struct file *file, struct page *page); |
| 474 | extern int nfs_updatepage(struct file *, struct page *, unsigned int, unsigned int); | 474 | extern int nfs_updatepage(struct file *, struct page *, unsigned int, unsigned int); |
| 475 | extern int nfs_writeback_done(struct rpc_task *, struct nfs_write_data *); | 475 | extern int nfs_writeback_done(struct rpc_task *, struct nfs_write_data *); |
| 476 | extern void nfs_writedata_release(void *); | ||
| 477 | 476 | ||
| 478 | /* | 477 | /* |
| 479 | * Try to write back everything synchronously (but check the | 478 | * Try to write back everything synchronously (but check the |
| @@ -488,7 +487,6 @@ extern int nfs_wb_page_cancel(struct inode *inode, struct page* page); | |||
| 488 | extern int nfs_commit_inode(struct inode *, int); | 487 | extern int nfs_commit_inode(struct inode *, int); |
| 489 | extern struct nfs_write_data *nfs_commitdata_alloc(void); | 488 | extern struct nfs_write_data *nfs_commitdata_alloc(void); |
| 490 | extern void nfs_commit_free(struct nfs_write_data *wdata); | 489 | extern void nfs_commit_free(struct nfs_write_data *wdata); |
| 491 | extern void nfs_commitdata_release(void *wdata); | ||
| 492 | #else | 490 | #else |
| 493 | static inline int | 491 | static inline int |
| 494 | nfs_commit_inode(struct inode *inode, int how) | 492 | nfs_commit_inode(struct inode *inode, int how) |
| @@ -507,6 +505,7 @@ nfs_have_writebacks(struct inode *inode) | |||
| 507 | * Allocate nfs_write_data structures | 505 | * Allocate nfs_write_data structures |
| 508 | */ | 506 | */ |
| 509 | extern struct nfs_write_data *nfs_writedata_alloc(unsigned int npages); | 507 | extern struct nfs_write_data *nfs_writedata_alloc(unsigned int npages); |
| 508 | extern void nfs_writedata_free(struct nfs_write_data *); | ||
| 510 | 509 | ||
| 511 | /* | 510 | /* |
| 512 | * linux/fs/nfs/read.c | 511 | * linux/fs/nfs/read.c |
| @@ -515,7 +514,6 @@ extern int nfs_readpage(struct file *, struct page *); | |||
| 515 | extern int nfs_readpages(struct file *, struct address_space *, | 514 | extern int nfs_readpages(struct file *, struct address_space *, |
| 516 | struct list_head *, unsigned); | 515 | struct list_head *, unsigned); |
| 517 | extern int nfs_readpage_result(struct rpc_task *, struct nfs_read_data *); | 516 | extern int nfs_readpage_result(struct rpc_task *, struct nfs_read_data *); |
| 518 | extern void nfs_readdata_release(void *data); | ||
| 519 | extern int nfs_readpage_async(struct nfs_open_context *, struct inode *, | 517 | extern int nfs_readpage_async(struct nfs_open_context *, struct inode *, |
| 520 | struct page *); | 518 | struct page *); |
| 521 | 519 | ||
| @@ -523,6 +521,7 @@ extern int nfs_readpage_async(struct nfs_open_context *, struct inode *, | |||
| 523 | * Allocate nfs_read_data structures | 521 | * Allocate nfs_read_data structures |
| 524 | */ | 522 | */ |
| 525 | extern struct nfs_read_data *nfs_readdata_alloc(unsigned int npages); | 523 | extern struct nfs_read_data *nfs_readdata_alloc(unsigned int npages); |
| 524 | extern void nfs_readdata_free(struct nfs_read_data *); | ||
| 526 | 525 | ||
| 527 | /* | 526 | /* |
| 528 | * linux/fs/nfs3proc.c | 527 | * linux/fs/nfs3proc.c |