diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-09-27 12:31:09 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-09-27 12:31:09 -0400 |
| commit | e1f8826f5159d4aca5709c5d8d427319665fd5a1 (patch) | |
| tree | 2a42d2bffe5acb222d732d72b1bd4c002b683029 | |
| parent | 730d7d339884f20da28b59bf6f0a16af6400a113 (diff) | |
| parent | 721a769c034204e8e5f6ca4ecbff249e0225333b (diff) | |
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull reiserfs and UDF fixes from Jan Kara:
"The contains fix of an UDF oops when mounting corrupted media and a
fix of a race in reiserfs leading to oops"
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
reiserfs: fix race with flush_used_journal_lists and flush_journal_list
reiserfs: remove useless flush_old_journal_lists
udf: Fortify LVID loading
| -rw-r--r-- | fs/reiserfs/journal.c | 67 | ||||
| -rw-r--r-- | fs/udf/ialloc.c | 16 | ||||
| -rw-r--r-- | fs/udf/super.c | 64 | ||||
| -rw-r--r-- | fs/udf/udf_sb.h | 2 |
4 files changed, 52 insertions, 97 deletions
diff --git a/fs/reiserfs/journal.c b/fs/reiserfs/journal.c index 73feacc49b2e..fd777032c2ba 100644 --- a/fs/reiserfs/journal.c +++ b/fs/reiserfs/journal.c | |||
| @@ -1163,21 +1163,6 @@ static struct reiserfs_journal_list *find_newer_jl_for_cn(struct | |||
| 1163 | return NULL; | 1163 | return NULL; |
| 1164 | } | 1164 | } |
| 1165 | 1165 | ||
| 1166 | static int newer_jl_done(struct reiserfs_journal_cnode *cn) | ||
| 1167 | { | ||
| 1168 | struct super_block *sb = cn->sb; | ||
| 1169 | b_blocknr_t blocknr = cn->blocknr; | ||
| 1170 | |||
| 1171 | cn = cn->hprev; | ||
| 1172 | while (cn) { | ||
| 1173 | if (cn->sb == sb && cn->blocknr == blocknr && cn->jlist && | ||
| 1174 | atomic_read(&cn->jlist->j_commit_left) != 0) | ||
| 1175 | return 0; | ||
| 1176 | cn = cn->hprev; | ||
| 1177 | } | ||
| 1178 | return 1; | ||
| 1179 | } | ||
| 1180 | |||
| 1181 | static void remove_journal_hash(struct super_block *, | 1166 | static void remove_journal_hash(struct super_block *, |
| 1182 | struct reiserfs_journal_cnode **, | 1167 | struct reiserfs_journal_cnode **, |
| 1183 | struct reiserfs_journal_list *, unsigned long, | 1168 | struct reiserfs_journal_list *, unsigned long, |
| @@ -1353,7 +1338,6 @@ static int flush_journal_list(struct super_block *s, | |||
| 1353 | reiserfs_warning(s, "clm-2048", "called with wcount %d", | 1338 | reiserfs_warning(s, "clm-2048", "called with wcount %d", |
| 1354 | atomic_read(&journal->j_wcount)); | 1339 | atomic_read(&journal->j_wcount)); |
| 1355 | } | 1340 | } |
| 1356 | BUG_ON(jl->j_trans_id == 0); | ||
| 1357 | 1341 | ||
| 1358 | /* if flushall == 0, the lock is already held */ | 1342 | /* if flushall == 0, the lock is already held */ |
| 1359 | if (flushall) { | 1343 | if (flushall) { |
| @@ -1593,31 +1577,6 @@ static int flush_journal_list(struct super_block *s, | |||
| 1593 | return err; | 1577 | return err; |
| 1594 | } | 1578 | } |
| 1595 | 1579 | ||
| 1596 | static int test_transaction(struct super_block *s, | ||
| 1597 | struct reiserfs_journal_list *jl) | ||
| 1598 | { | ||
| 1599 | struct reiserfs_journal_cnode *cn; | ||
| 1600 | |||
| 1601 | if (jl->j_len == 0 || atomic_read(&jl->j_nonzerolen) == 0) | ||
| 1602 | return 1; | ||
| 1603 | |||
| 1604 | cn = jl->j_realblock; | ||
| 1605 | while (cn) { | ||
| 1606 | /* if the blocknr == 0, this has been cleared from the hash, | ||
| 1607 | ** skip it | ||
| 1608 | */ | ||
| 1609 | if (cn->blocknr == 0) { | ||
| 1610 | goto next; | ||
| 1611 | } | ||
| 1612 | if (cn->bh && !newer_jl_done(cn)) | ||
| 1613 | return 0; | ||
| 1614 | next: | ||
| 1615 | cn = cn->next; | ||
| 1616 | cond_resched(); | ||
| 1617 | } | ||
| 1618 | return 0; | ||
| 1619 | } | ||
| 1620 | |||
| 1621 | static int write_one_transaction(struct super_block *s, | 1580 | static int write_one_transaction(struct super_block *s, |
| 1622 | struct reiserfs_journal_list *jl, | 1581 | struct reiserfs_journal_list *jl, |
| 1623 | struct buffer_chunk *chunk) | 1582 | struct buffer_chunk *chunk) |
| @@ -1805,6 +1764,8 @@ static int flush_used_journal_lists(struct super_block *s, | |||
| 1805 | break; | 1764 | break; |
| 1806 | tjl = JOURNAL_LIST_ENTRY(tjl->j_list.next); | 1765 | tjl = JOURNAL_LIST_ENTRY(tjl->j_list.next); |
| 1807 | } | 1766 | } |
| 1767 | get_journal_list(jl); | ||
| 1768 | get_journal_list(flush_jl); | ||
| 1808 | /* try to find a group of blocks we can flush across all the | 1769 | /* try to find a group of blocks we can flush across all the |
| 1809 | ** transactions, but only bother if we've actually spanned | 1770 | ** transactions, but only bother if we've actually spanned |
| 1810 | ** across multiple lists | 1771 | ** across multiple lists |
| @@ -1813,6 +1774,8 @@ static int flush_used_journal_lists(struct super_block *s, | |||
| 1813 | ret = kupdate_transactions(s, jl, &tjl, &trans_id, len, i); | 1774 | ret = kupdate_transactions(s, jl, &tjl, &trans_id, len, i); |
| 1814 | } | 1775 | } |
| 1815 | flush_journal_list(s, flush_jl, 1); | 1776 | flush_journal_list(s, flush_jl, 1); |
| 1777 | put_journal_list(s, flush_jl); | ||
| 1778 | put_journal_list(s, jl); | ||
| 1816 | return 0; | 1779 | return 0; |
| 1817 | } | 1780 | } |
| 1818 | 1781 | ||
| @@ -3868,27 +3831,6 @@ int reiserfs_prepare_for_journal(struct super_block *sb, | |||
| 3868 | return 1; | 3831 | return 1; |
| 3869 | } | 3832 | } |
| 3870 | 3833 | ||
| 3871 | static void flush_old_journal_lists(struct super_block *s) | ||
| 3872 | { | ||
| 3873 | struct reiserfs_journal *journal = SB_JOURNAL(s); | ||
| 3874 | struct reiserfs_journal_list *jl; | ||
| 3875 | struct list_head *entry; | ||
| 3876 | time_t now = get_seconds(); | ||
| 3877 | |||
| 3878 | while (!list_empty(&journal->j_journal_list)) { | ||
| 3879 | entry = journal->j_journal_list.next; | ||
| 3880 | jl = JOURNAL_LIST_ENTRY(entry); | ||
| 3881 | /* this check should always be run, to send old lists to disk */ | ||
| 3882 | if (jl->j_timestamp < (now - (JOURNAL_MAX_TRANS_AGE * 4)) && | ||
| 3883 | atomic_read(&jl->j_commit_left) == 0 && | ||
| 3884 | test_transaction(s, jl)) { | ||
| 3885 | flush_used_journal_lists(s, jl); | ||
| 3886 | } else { | ||
| 3887 | break; | ||
| 3888 | } | ||
| 3889 | } | ||
| 3890 | } | ||
| 3891 | |||
| 3892 | /* | 3834 | /* |
| 3893 | ** long and ugly. If flush, will not return until all commit | 3835 | ** long and ugly. If flush, will not return until all commit |
| 3894 | ** blocks and all real buffers in the trans are on disk. | 3836 | ** blocks and all real buffers in the trans are on disk. |
| @@ -4232,7 +4174,6 @@ static int do_journal_end(struct reiserfs_transaction_handle *th, | |||
| 4232 | } | 4174 | } |
| 4233 | } | 4175 | } |
| 4234 | } | 4176 | } |
| 4235 | flush_old_journal_lists(sb); | ||
| 4236 | 4177 | ||
| 4237 | journal->j_current_jl->j_list_bitmap = | 4178 | journal->j_current_jl->j_list_bitmap = |
| 4238 | get_list_bitmap(sb, journal->j_current_jl); | 4179 | get_list_bitmap(sb, journal->j_current_jl); |
diff --git a/fs/udf/ialloc.c b/fs/udf/ialloc.c index 7e5aae4bf46f..6eaf5edf1ea1 100644 --- a/fs/udf/ialloc.c +++ b/fs/udf/ialloc.c | |||
| @@ -30,18 +30,17 @@ void udf_free_inode(struct inode *inode) | |||
| 30 | { | 30 | { |
| 31 | struct super_block *sb = inode->i_sb; | 31 | struct super_block *sb = inode->i_sb; |
| 32 | struct udf_sb_info *sbi = UDF_SB(sb); | 32 | struct udf_sb_info *sbi = UDF_SB(sb); |
| 33 | struct logicalVolIntegrityDescImpUse *lvidiu = udf_sb_lvidiu(sb); | ||
| 33 | 34 | ||
| 34 | mutex_lock(&sbi->s_alloc_mutex); | 35 | if (lvidiu) { |
| 35 | if (sbi->s_lvid_bh) { | 36 | mutex_lock(&sbi->s_alloc_mutex); |
| 36 | struct logicalVolIntegrityDescImpUse *lvidiu = | ||
| 37 | udf_sb_lvidiu(sbi); | ||
| 38 | if (S_ISDIR(inode->i_mode)) | 37 | if (S_ISDIR(inode->i_mode)) |
| 39 | le32_add_cpu(&lvidiu->numDirs, -1); | 38 | le32_add_cpu(&lvidiu->numDirs, -1); |
| 40 | else | 39 | else |
| 41 | le32_add_cpu(&lvidiu->numFiles, -1); | 40 | le32_add_cpu(&lvidiu->numFiles, -1); |
| 42 | udf_updated_lvid(sb); | 41 | udf_updated_lvid(sb); |
| 42 | mutex_unlock(&sbi->s_alloc_mutex); | ||
| 43 | } | 43 | } |
| 44 | mutex_unlock(&sbi->s_alloc_mutex); | ||
| 45 | 44 | ||
| 46 | udf_free_blocks(sb, NULL, &UDF_I(inode)->i_location, 0, 1); | 45 | udf_free_blocks(sb, NULL, &UDF_I(inode)->i_location, 0, 1); |
| 47 | } | 46 | } |
| @@ -55,6 +54,7 @@ struct inode *udf_new_inode(struct inode *dir, umode_t mode, int *err) | |||
| 55 | uint32_t start = UDF_I(dir)->i_location.logicalBlockNum; | 54 | uint32_t start = UDF_I(dir)->i_location.logicalBlockNum; |
| 56 | struct udf_inode_info *iinfo; | 55 | struct udf_inode_info *iinfo; |
| 57 | struct udf_inode_info *dinfo = UDF_I(dir); | 56 | struct udf_inode_info *dinfo = UDF_I(dir); |
| 57 | struct logicalVolIntegrityDescImpUse *lvidiu; | ||
| 58 | 58 | ||
| 59 | inode = new_inode(sb); | 59 | inode = new_inode(sb); |
| 60 | 60 | ||
| @@ -92,12 +92,10 @@ struct inode *udf_new_inode(struct inode *dir, umode_t mode, int *err) | |||
| 92 | return NULL; | 92 | return NULL; |
| 93 | } | 93 | } |
| 94 | 94 | ||
| 95 | if (sbi->s_lvid_bh) { | 95 | lvidiu = udf_sb_lvidiu(sb); |
| 96 | struct logicalVolIntegrityDescImpUse *lvidiu; | 96 | if (lvidiu) { |
| 97 | |||
| 98 | iinfo->i_unique = lvid_get_unique_id(sb); | 97 | iinfo->i_unique = lvid_get_unique_id(sb); |
| 99 | mutex_lock(&sbi->s_alloc_mutex); | 98 | mutex_lock(&sbi->s_alloc_mutex); |
| 100 | lvidiu = udf_sb_lvidiu(sbi); | ||
| 101 | if (S_ISDIR(mode)) | 99 | if (S_ISDIR(mode)) |
| 102 | le32_add_cpu(&lvidiu->numDirs, 1); | 100 | le32_add_cpu(&lvidiu->numDirs, 1); |
| 103 | else | 101 | else |
diff --git a/fs/udf/super.c b/fs/udf/super.c index 839a2bad7f45..91219385691d 100644 --- a/fs/udf/super.c +++ b/fs/udf/super.c | |||
| @@ -94,13 +94,25 @@ static unsigned int udf_count_free(struct super_block *); | |||
| 94 | static int udf_statfs(struct dentry *, struct kstatfs *); | 94 | static int udf_statfs(struct dentry *, struct kstatfs *); |
| 95 | static int udf_show_options(struct seq_file *, struct dentry *); | 95 | static int udf_show_options(struct seq_file *, struct dentry *); |
| 96 | 96 | ||
| 97 | struct logicalVolIntegrityDescImpUse *udf_sb_lvidiu(struct udf_sb_info *sbi) | 97 | struct logicalVolIntegrityDescImpUse *udf_sb_lvidiu(struct super_block *sb) |
| 98 | { | 98 | { |
| 99 | struct logicalVolIntegrityDesc *lvid = | 99 | struct logicalVolIntegrityDesc *lvid; |
| 100 | (struct logicalVolIntegrityDesc *)sbi->s_lvid_bh->b_data; | 100 | unsigned int partnum; |
| 101 | __u32 number_of_partitions = le32_to_cpu(lvid->numOfPartitions); | 101 | unsigned int offset; |
| 102 | __u32 offset = number_of_partitions * 2 * | 102 | |
| 103 | sizeof(uint32_t)/sizeof(uint8_t); | 103 | if (!UDF_SB(sb)->s_lvid_bh) |
| 104 | return NULL; | ||
| 105 | lvid = (struct logicalVolIntegrityDesc *)UDF_SB(sb)->s_lvid_bh->b_data; | ||
| 106 | partnum = le32_to_cpu(lvid->numOfPartitions); | ||
| 107 | if ((sb->s_blocksize - sizeof(struct logicalVolIntegrityDescImpUse) - | ||
| 108 | offsetof(struct logicalVolIntegrityDesc, impUse)) / | ||
| 109 | (2 * sizeof(uint32_t)) < partnum) { | ||
| 110 | udf_err(sb, "Logical volume integrity descriptor corrupted " | ||
| 111 | "(numOfPartitions = %u)!\n", partnum); | ||
| 112 | return NULL; | ||
| 113 | } | ||
| 114 | /* The offset is to skip freeSpaceTable and sizeTable arrays */ | ||
| 115 | offset = partnum * 2 * sizeof(uint32_t); | ||
| 104 | return (struct logicalVolIntegrityDescImpUse *)&(lvid->impUse[offset]); | 116 | return (struct logicalVolIntegrityDescImpUse *)&(lvid->impUse[offset]); |
| 105 | } | 117 | } |
| 106 | 118 | ||
| @@ -629,9 +641,10 @@ static int udf_remount_fs(struct super_block *sb, int *flags, char *options) | |||
| 629 | struct udf_options uopt; | 641 | struct udf_options uopt; |
| 630 | struct udf_sb_info *sbi = UDF_SB(sb); | 642 | struct udf_sb_info *sbi = UDF_SB(sb); |
| 631 | int error = 0; | 643 | int error = 0; |
| 644 | struct logicalVolIntegrityDescImpUse *lvidiu = udf_sb_lvidiu(sb); | ||
| 632 | 645 | ||
| 633 | if (sbi->s_lvid_bh) { | 646 | if (lvidiu) { |
| 634 | int write_rev = le16_to_cpu(udf_sb_lvidiu(sbi)->minUDFWriteRev); | 647 | int write_rev = le16_to_cpu(lvidiu->minUDFWriteRev); |
| 635 | if (write_rev > UDF_MAX_WRITE_VERSION && !(*flags & MS_RDONLY)) | 648 | if (write_rev > UDF_MAX_WRITE_VERSION && !(*flags & MS_RDONLY)) |
| 636 | return -EACCES; | 649 | return -EACCES; |
| 637 | } | 650 | } |
| @@ -1905,11 +1918,12 @@ static void udf_open_lvid(struct super_block *sb) | |||
| 1905 | 1918 | ||
| 1906 | if (!bh) | 1919 | if (!bh) |
| 1907 | return; | 1920 | return; |
| 1908 | |||
| 1909 | mutex_lock(&sbi->s_alloc_mutex); | ||
| 1910 | lvid = (struct logicalVolIntegrityDesc *)bh->b_data; | 1921 | lvid = (struct logicalVolIntegrityDesc *)bh->b_data; |
| 1911 | lvidiu = udf_sb_lvidiu(sbi); | 1922 | lvidiu = udf_sb_lvidiu(sb); |
| 1923 | if (!lvidiu) | ||
| 1924 | return; | ||
| 1912 | 1925 | ||
| 1926 | mutex_lock(&sbi->s_alloc_mutex); | ||
| 1913 | lvidiu->impIdent.identSuffix[0] = UDF_OS_CLASS_UNIX; | 1927 | lvidiu->impIdent.identSuffix[0] = UDF_OS_CLASS_UNIX; |
| 1914 | lvidiu->impIdent.identSuffix[1] = UDF_OS_ID_LINUX; | 1928 | lvidiu->impIdent.identSuffix[1] = UDF_OS_ID_LINUX; |
| 1915 | udf_time_to_disk_stamp(&lvid->recordingDateAndTime, | 1929 | udf_time_to_disk_stamp(&lvid->recordingDateAndTime, |
| @@ -1937,10 +1951,12 @@ static void udf_close_lvid(struct super_block *sb) | |||
| 1937 | 1951 | ||
| 1938 | if (!bh) | 1952 | if (!bh) |
| 1939 | return; | 1953 | return; |
| 1954 | lvid = (struct logicalVolIntegrityDesc *)bh->b_data; | ||
| 1955 | lvidiu = udf_sb_lvidiu(sb); | ||
| 1956 | if (!lvidiu) | ||
| 1957 | return; | ||
| 1940 | 1958 | ||
| 1941 | mutex_lock(&sbi->s_alloc_mutex); | 1959 | mutex_lock(&sbi->s_alloc_mutex); |
| 1942 | lvid = (struct logicalVolIntegrityDesc *)bh->b_data; | ||
| 1943 | lvidiu = udf_sb_lvidiu(sbi); | ||
| 1944 | lvidiu->impIdent.identSuffix[0] = UDF_OS_CLASS_UNIX; | 1960 | lvidiu->impIdent.identSuffix[0] = UDF_OS_CLASS_UNIX; |
| 1945 | lvidiu->impIdent.identSuffix[1] = UDF_OS_ID_LINUX; | 1961 | lvidiu->impIdent.identSuffix[1] = UDF_OS_ID_LINUX; |
| 1946 | udf_time_to_disk_stamp(&lvid->recordingDateAndTime, CURRENT_TIME); | 1962 | udf_time_to_disk_stamp(&lvid->recordingDateAndTime, CURRENT_TIME); |
| @@ -2093,15 +2109,19 @@ static int udf_fill_super(struct super_block *sb, void *options, int silent) | |||
| 2093 | 2109 | ||
| 2094 | if (sbi->s_lvid_bh) { | 2110 | if (sbi->s_lvid_bh) { |
| 2095 | struct logicalVolIntegrityDescImpUse *lvidiu = | 2111 | struct logicalVolIntegrityDescImpUse *lvidiu = |
| 2096 | udf_sb_lvidiu(sbi); | 2112 | udf_sb_lvidiu(sb); |
| 2097 | uint16_t minUDFReadRev = le16_to_cpu(lvidiu->minUDFReadRev); | 2113 | uint16_t minUDFReadRev; |
| 2098 | uint16_t minUDFWriteRev = le16_to_cpu(lvidiu->minUDFWriteRev); | 2114 | uint16_t minUDFWriteRev; |
| 2099 | /* uint16_t maxUDFWriteRev = | ||
| 2100 | le16_to_cpu(lvidiu->maxUDFWriteRev); */ | ||
| 2101 | 2115 | ||
| 2116 | if (!lvidiu) { | ||
| 2117 | ret = -EINVAL; | ||
| 2118 | goto error_out; | ||
| 2119 | } | ||
| 2120 | minUDFReadRev = le16_to_cpu(lvidiu->minUDFReadRev); | ||
| 2121 | minUDFWriteRev = le16_to_cpu(lvidiu->minUDFWriteRev); | ||
| 2102 | if (minUDFReadRev > UDF_MAX_READ_VERSION) { | 2122 | if (minUDFReadRev > UDF_MAX_READ_VERSION) { |
| 2103 | udf_err(sb, "minUDFReadRev=%x (max is %x)\n", | 2123 | udf_err(sb, "minUDFReadRev=%x (max is %x)\n", |
| 2104 | le16_to_cpu(lvidiu->minUDFReadRev), | 2124 | minUDFReadRev, |
| 2105 | UDF_MAX_READ_VERSION); | 2125 | UDF_MAX_READ_VERSION); |
| 2106 | ret = -EINVAL; | 2126 | ret = -EINVAL; |
| 2107 | goto error_out; | 2127 | goto error_out; |
| @@ -2265,11 +2285,7 @@ static int udf_statfs(struct dentry *dentry, struct kstatfs *buf) | |||
| 2265 | struct logicalVolIntegrityDescImpUse *lvidiu; | 2285 | struct logicalVolIntegrityDescImpUse *lvidiu; |
| 2266 | u64 id = huge_encode_dev(sb->s_bdev->bd_dev); | 2286 | u64 id = huge_encode_dev(sb->s_bdev->bd_dev); |
| 2267 | 2287 | ||
| 2268 | if (sbi->s_lvid_bh != NULL) | 2288 | lvidiu = udf_sb_lvidiu(sb); |
| 2269 | lvidiu = udf_sb_lvidiu(sbi); | ||
| 2270 | else | ||
| 2271 | lvidiu = NULL; | ||
| 2272 | |||
| 2273 | buf->f_type = UDF_SUPER_MAGIC; | 2289 | buf->f_type = UDF_SUPER_MAGIC; |
| 2274 | buf->f_bsize = sb->s_blocksize; | 2290 | buf->f_bsize = sb->s_blocksize; |
| 2275 | buf->f_blocks = sbi->s_partmaps[sbi->s_partition].s_partition_len; | 2291 | buf->f_blocks = sbi->s_partmaps[sbi->s_partition].s_partition_len; |
diff --git a/fs/udf/udf_sb.h b/fs/udf/udf_sb.h index ed401e94aa8c..1f32c7bd9f57 100644 --- a/fs/udf/udf_sb.h +++ b/fs/udf/udf_sb.h | |||
| @@ -162,7 +162,7 @@ static inline struct udf_sb_info *UDF_SB(struct super_block *sb) | |||
| 162 | return sb->s_fs_info; | 162 | return sb->s_fs_info; |
| 163 | } | 163 | } |
| 164 | 164 | ||
| 165 | struct logicalVolIntegrityDescImpUse *udf_sb_lvidiu(struct udf_sb_info *sbi); | 165 | struct logicalVolIntegrityDescImpUse *udf_sb_lvidiu(struct super_block *sb); |
| 166 | 166 | ||
| 167 | int udf_compute_nr_groups(struct super_block *sb, u32 partition); | 167 | int udf_compute_nr_groups(struct super_block *sb, u32 partition); |
| 168 | 168 | ||