diff options
author | Josef Bacik <josef@redhat.com> | 2012-06-04 14:03:51 -0400 |
---|---|---|
committer | Chris Mason <chris.mason@oracle.com> | 2012-06-14 21:29:16 -0400 |
commit | 606686eeac4550d2212bf3d621a810407ef5e9bf (patch) | |
tree | 50adade3a750137b68304dc280d7a75436417b12 /fs/btrfs/volumes.c | |
parent | 17ca04aff7e6171df684b7b65804df8830eb8c15 (diff) |
Btrfs: use rcu to protect device->name
Al pointed out that we can just toss out the old name on a device and add a
new one arbitrarily, so anybody who uses device->name in printk could
possibly use free'd memory. Instead of adding locking around all of this he
suggested doing it with RCU, so I've introduced a struct rcu_string that
does just that and have gone through and protected all accesses to
device->name that aren't under the uuid_mutex with rcu_read_lock(). This
protects us and I will use it for dealing with removing the device that we
used to mount the file system in a later patch. Thanks,
Reviewed-by: David Sterba <dsterba@suse.cz>
Signed-off-by: Josef Bacik <josef@redhat.com>
Diffstat (limited to 'fs/btrfs/volumes.c')
-rw-r--r-- | fs/btrfs/volumes.c | 92 |
1 files changed, 58 insertions, 34 deletions
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index 7782020996fe..8a3d2594b807 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c | |||
@@ -35,6 +35,7 @@ | |||
35 | #include "volumes.h" | 35 | #include "volumes.h" |
36 | #include "async-thread.h" | 36 | #include "async-thread.h" |
37 | #include "check-integrity.h" | 37 | #include "check-integrity.h" |
38 | #include "rcu-string.h" | ||
38 | 39 | ||
39 | static int init_first_rw_device(struct btrfs_trans_handle *trans, | 40 | static int init_first_rw_device(struct btrfs_trans_handle *trans, |
40 | struct btrfs_root *root, | 41 | struct btrfs_root *root, |
@@ -64,7 +65,7 @@ static void free_fs_devices(struct btrfs_fs_devices *fs_devices) | |||
64 | device = list_entry(fs_devices->devices.next, | 65 | device = list_entry(fs_devices->devices.next, |
65 | struct btrfs_device, dev_list); | 66 | struct btrfs_device, dev_list); |
66 | list_del(&device->dev_list); | 67 | list_del(&device->dev_list); |
67 | kfree(device->name); | 68 | rcu_string_free(device->name); |
68 | kfree(device); | 69 | kfree(device); |
69 | } | 70 | } |
70 | kfree(fs_devices); | 71 | kfree(fs_devices); |
@@ -334,8 +335,8 @@ static noinline int device_list_add(const char *path, | |||
334 | { | 335 | { |
335 | struct btrfs_device *device; | 336 | struct btrfs_device *device; |
336 | struct btrfs_fs_devices *fs_devices; | 337 | struct btrfs_fs_devices *fs_devices; |
338 | struct rcu_string *name; | ||
337 | u64 found_transid = btrfs_super_generation(disk_super); | 339 | u64 found_transid = btrfs_super_generation(disk_super); |
338 | char *name; | ||
339 | 340 | ||
340 | fs_devices = find_fsid(disk_super->fsid); | 341 | fs_devices = find_fsid(disk_super->fsid); |
341 | if (!fs_devices) { | 342 | if (!fs_devices) { |
@@ -369,11 +370,13 @@ static noinline int device_list_add(const char *path, | |||
369 | memcpy(device->uuid, disk_super->dev_item.uuid, | 370 | memcpy(device->uuid, disk_super->dev_item.uuid, |
370 | BTRFS_UUID_SIZE); | 371 | BTRFS_UUID_SIZE); |
371 | spin_lock_init(&device->io_lock); | 372 | spin_lock_init(&device->io_lock); |
372 | device->name = kstrdup(path, GFP_NOFS); | 373 | |
373 | if (!device->name) { | 374 | name = rcu_string_strdup(path, GFP_NOFS); |
375 | if (!name) { | ||
374 | kfree(device); | 376 | kfree(device); |
375 | return -ENOMEM; | 377 | return -ENOMEM; |
376 | } | 378 | } |
379 | rcu_assign_pointer(device->name, name); | ||
377 | INIT_LIST_HEAD(&device->dev_alloc_list); | 380 | INIT_LIST_HEAD(&device->dev_alloc_list); |
378 | 381 | ||
379 | /* init readahead state */ | 382 | /* init readahead state */ |
@@ -390,12 +393,12 @@ static noinline int device_list_add(const char *path, | |||
390 | 393 | ||
391 | device->fs_devices = fs_devices; | 394 | device->fs_devices = fs_devices; |
392 | fs_devices->num_devices++; | 395 | fs_devices->num_devices++; |
393 | } else if (!device->name || strcmp(device->name, path)) { | 396 | } else if (!device->name || strcmp(device->name->str, path)) { |
394 | name = kstrdup(path, GFP_NOFS); | 397 | name = rcu_string_strdup(path, GFP_NOFS); |
395 | if (!name) | 398 | if (!name) |
396 | return -ENOMEM; | 399 | return -ENOMEM; |
397 | kfree(device->name); | 400 | rcu_string_free(device->name); |
398 | device->name = name; | 401 | rcu_assign_pointer(device->name, name); |
399 | if (device->missing) { | 402 | if (device->missing) { |
400 | fs_devices->missing_devices--; | 403 | fs_devices->missing_devices--; |
401 | device->missing = 0; | 404 | device->missing = 0; |
@@ -430,15 +433,22 @@ static struct btrfs_fs_devices *clone_fs_devices(struct btrfs_fs_devices *orig) | |||
430 | 433 | ||
431 | /* We have held the volume lock, it is safe to get the devices. */ | 434 | /* We have held the volume lock, it is safe to get the devices. */ |
432 | list_for_each_entry(orig_dev, &orig->devices, dev_list) { | 435 | list_for_each_entry(orig_dev, &orig->devices, dev_list) { |
436 | struct rcu_string *name; | ||
437 | |||
433 | device = kzalloc(sizeof(*device), GFP_NOFS); | 438 | device = kzalloc(sizeof(*device), GFP_NOFS); |
434 | if (!device) | 439 | if (!device) |
435 | goto error; | 440 | goto error; |
436 | 441 | ||
437 | device->name = kstrdup(orig_dev->name, GFP_NOFS); | 442 | /* |
438 | if (!device->name) { | 443 | * This is ok to do without rcu read locked because we hold the |
444 | * uuid mutex so nothing we touch in here is going to disappear. | ||
445 | */ | ||
446 | name = rcu_string_strdup(orig_dev->name->str, GFP_NOFS); | ||
447 | if (!name) { | ||
439 | kfree(device); | 448 | kfree(device); |
440 | goto error; | 449 | goto error; |
441 | } | 450 | } |
451 | rcu_assign_pointer(device->name, name); | ||
442 | 452 | ||
443 | device->devid = orig_dev->devid; | 453 | device->devid = orig_dev->devid; |
444 | device->work.func = pending_bios_fn; | 454 | device->work.func = pending_bios_fn; |
@@ -491,7 +501,7 @@ again: | |||
491 | } | 501 | } |
492 | list_del_init(&device->dev_list); | 502 | list_del_init(&device->dev_list); |
493 | fs_devices->num_devices--; | 503 | fs_devices->num_devices--; |
494 | kfree(device->name); | 504 | rcu_string_free(device->name); |
495 | kfree(device); | 505 | kfree(device); |
496 | } | 506 | } |
497 | 507 | ||
@@ -516,7 +526,7 @@ static void __free_device(struct work_struct *work) | |||
516 | if (device->bdev) | 526 | if (device->bdev) |
517 | blkdev_put(device->bdev, device->mode); | 527 | blkdev_put(device->bdev, device->mode); |
518 | 528 | ||
519 | kfree(device->name); | 529 | rcu_string_free(device->name); |
520 | kfree(device); | 530 | kfree(device); |
521 | } | 531 | } |
522 | 532 | ||
@@ -540,6 +550,7 @@ static int __btrfs_close_devices(struct btrfs_fs_devices *fs_devices) | |||
540 | mutex_lock(&fs_devices->device_list_mutex); | 550 | mutex_lock(&fs_devices->device_list_mutex); |
541 | list_for_each_entry(device, &fs_devices->devices, dev_list) { | 551 | list_for_each_entry(device, &fs_devices->devices, dev_list) { |
542 | struct btrfs_device *new_device; | 552 | struct btrfs_device *new_device; |
553 | struct rcu_string *name; | ||
543 | 554 | ||
544 | if (device->bdev) | 555 | if (device->bdev) |
545 | fs_devices->open_devices--; | 556 | fs_devices->open_devices--; |
@@ -555,8 +566,11 @@ static int __btrfs_close_devices(struct btrfs_fs_devices *fs_devices) | |||
555 | new_device = kmalloc(sizeof(*new_device), GFP_NOFS); | 566 | new_device = kmalloc(sizeof(*new_device), GFP_NOFS); |
556 | BUG_ON(!new_device); /* -ENOMEM */ | 567 | BUG_ON(!new_device); /* -ENOMEM */ |
557 | memcpy(new_device, device, sizeof(*new_device)); | 568 | memcpy(new_device, device, sizeof(*new_device)); |
558 | new_device->name = kstrdup(device->name, GFP_NOFS); | 569 | |
559 | BUG_ON(device->name && !new_device->name); /* -ENOMEM */ | 570 | /* Safe because we are under uuid_mutex */ |
571 | name = rcu_string_strdup(device->name->str, GFP_NOFS); | ||
572 | BUG_ON(device->name && !name); /* -ENOMEM */ | ||
573 | rcu_assign_pointer(new_device->name, name); | ||
560 | new_device->bdev = NULL; | 574 | new_device->bdev = NULL; |
561 | new_device->writeable = 0; | 575 | new_device->writeable = 0; |
562 | new_device->in_fs_metadata = 0; | 576 | new_device->in_fs_metadata = 0; |
@@ -621,9 +635,9 @@ static int __btrfs_open_devices(struct btrfs_fs_devices *fs_devices, | |||
621 | if (!device->name) | 635 | if (!device->name) |
622 | continue; | 636 | continue; |
623 | 637 | ||
624 | bdev = blkdev_get_by_path(device->name, flags, holder); | 638 | bdev = blkdev_get_by_path(device->name->str, flags, holder); |
625 | if (IS_ERR(bdev)) { | 639 | if (IS_ERR(bdev)) { |
626 | printk(KERN_INFO "open %s failed\n", device->name); | 640 | printk(KERN_INFO "open %s failed\n", device->name->str); |
627 | goto error; | 641 | goto error; |
628 | } | 642 | } |
629 | filemap_write_and_wait(bdev->bd_inode->i_mapping); | 643 | filemap_write_and_wait(bdev->bd_inode->i_mapping); |
@@ -1632,6 +1646,7 @@ int btrfs_init_new_device(struct btrfs_root *root, char *device_path) | |||
1632 | struct block_device *bdev; | 1646 | struct block_device *bdev; |
1633 | struct list_head *devices; | 1647 | struct list_head *devices; |
1634 | struct super_block *sb = root->fs_info->sb; | 1648 | struct super_block *sb = root->fs_info->sb; |
1649 | struct rcu_string *name; | ||
1635 | u64 total_bytes; | 1650 | u64 total_bytes; |
1636 | int seeding_dev = 0; | 1651 | int seeding_dev = 0; |
1637 | int ret = 0; | 1652 | int ret = 0; |
@@ -1671,23 +1686,24 @@ int btrfs_init_new_device(struct btrfs_root *root, char *device_path) | |||
1671 | goto error; | 1686 | goto error; |
1672 | } | 1687 | } |
1673 | 1688 | ||
1674 | device->name = kstrdup(device_path, GFP_NOFS); | 1689 | name = rcu_string_strdup(device_path, GFP_NOFS); |
1675 | if (!device->name) { | 1690 | if (!name) { |
1676 | kfree(device); | 1691 | kfree(device); |
1677 | ret = -ENOMEM; | 1692 | ret = -ENOMEM; |
1678 | goto error; | 1693 | goto error; |
1679 | } | 1694 | } |
1695 | rcu_assign_pointer(device->name, name); | ||
1680 | 1696 | ||
1681 | ret = find_next_devid(root, &device->devid); | 1697 | ret = find_next_devid(root, &device->devid); |
1682 | if (ret) { | 1698 | if (ret) { |
1683 | kfree(device->name); | 1699 | rcu_string_free(device->name); |
1684 | kfree(device); | 1700 | kfree(device); |
1685 | goto error; | 1701 | goto error; |
1686 | } | 1702 | } |
1687 | 1703 | ||
1688 | trans = btrfs_start_transaction(root, 0); | 1704 | trans = btrfs_start_transaction(root, 0); |
1689 | if (IS_ERR(trans)) { | 1705 | if (IS_ERR(trans)) { |
1690 | kfree(device->name); | 1706 | rcu_string_free(device->name); |
1691 | kfree(device); | 1707 | kfree(device); |
1692 | ret = PTR_ERR(trans); | 1708 | ret = PTR_ERR(trans); |
1693 | goto error; | 1709 | goto error; |
@@ -1796,7 +1812,7 @@ error_trans: | |||
1796 | unlock_chunks(root); | 1812 | unlock_chunks(root); |
1797 | btrfs_abort_transaction(trans, root, ret); | 1813 | btrfs_abort_transaction(trans, root, ret); |
1798 | btrfs_end_transaction(trans, root); | 1814 | btrfs_end_transaction(trans, root); |
1799 | kfree(device->name); | 1815 | rcu_string_free(device->name); |
1800 | kfree(device); | 1816 | kfree(device); |
1801 | error: | 1817 | error: |
1802 | blkdev_put(bdev, FMODE_EXCL); | 1818 | blkdev_put(bdev, FMODE_EXCL); |
@@ -4204,10 +4220,17 @@ int btrfs_map_bio(struct btrfs_root *root, int rw, struct bio *bio, | |||
4204 | bio->bi_sector = bbio->stripes[dev_nr].physical >> 9; | 4220 | bio->bi_sector = bbio->stripes[dev_nr].physical >> 9; |
4205 | dev = bbio->stripes[dev_nr].dev; | 4221 | dev = bbio->stripes[dev_nr].dev; |
4206 | if (dev && dev->bdev && (rw != WRITE || dev->writeable)) { | 4222 | if (dev && dev->bdev && (rw != WRITE || dev->writeable)) { |
4223 | #ifdef DEBUG | ||
4224 | struct rcu_string *name; | ||
4225 | |||
4226 | rcu_read_lock(); | ||
4227 | name = rcu_dereference(dev->name); | ||
4207 | pr_debug("btrfs_map_bio: rw %d, secor=%llu, dev=%lu " | 4228 | pr_debug("btrfs_map_bio: rw %d, secor=%llu, dev=%lu " |
4208 | "(%s id %llu), size=%u\n", rw, | 4229 | "(%s id %llu), size=%u\n", rw, |
4209 | (u64)bio->bi_sector, (u_long)dev->bdev->bd_dev, | 4230 | (u64)bio->bi_sector, (u_long)dev->bdev->bd_dev, |
4210 | dev->name, dev->devid, bio->bi_size); | 4231 | name->str, dev->devid, bio->bi_size); |
4232 | rcu_read_unlock(); | ||
4233 | #endif | ||
4211 | bio->bi_bdev = dev->bdev; | 4234 | bio->bi_bdev = dev->bdev; |
4212 | if (async_submit) | 4235 | if (async_submit) |
4213 | schedule_bio(root, dev, rw, bio); | 4236 | schedule_bio(root, dev, rw, bio); |
@@ -4694,8 +4717,9 @@ int btrfs_init_dev_stats(struct btrfs_fs_info *fs_info) | |||
4694 | key.offset = device->devid; | 4717 | key.offset = device->devid; |
4695 | ret = btrfs_search_slot(NULL, dev_root, &key, path, 0, 0); | 4718 | ret = btrfs_search_slot(NULL, dev_root, &key, path, 0, 0); |
4696 | if (ret) { | 4719 | if (ret) { |
4697 | printk(KERN_WARNING "btrfs: no dev_stats entry found for device %s (devid %llu) (OK on first mount after mkfs)\n", | 4720 | printk_in_rcu(KERN_WARNING "btrfs: no dev_stats entry found for device %s (devid %llu) (OK on first mount after mkfs)\n", |
4698 | device->name, (unsigned long long)device->devid); | 4721 | rcu_str_deref(device->name), |
4722 | (unsigned long long)device->devid); | ||
4699 | __btrfs_reset_dev_stats(device); | 4723 | __btrfs_reset_dev_stats(device); |
4700 | device->dev_stats_valid = 1; | 4724 | device->dev_stats_valid = 1; |
4701 | btrfs_release_path(path); | 4725 | btrfs_release_path(path); |
@@ -4747,8 +4771,8 @@ static int update_dev_stat_item(struct btrfs_trans_handle *trans, | |||
4747 | BUG_ON(!path); | 4771 | BUG_ON(!path); |
4748 | ret = btrfs_search_slot(trans, dev_root, &key, path, -1, 1); | 4772 | ret = btrfs_search_slot(trans, dev_root, &key, path, -1, 1); |
4749 | if (ret < 0) { | 4773 | if (ret < 0) { |
4750 | printk(KERN_WARNING "btrfs: error %d while searching for dev_stats item for device %s!\n", | 4774 | printk_in_rcu(KERN_WARNING "btrfs: error %d while searching for dev_stats item for device %s!\n", |
4751 | ret, device->name); | 4775 | ret, rcu_str_deref(device->name)); |
4752 | goto out; | 4776 | goto out; |
4753 | } | 4777 | } |
4754 | 4778 | ||
@@ -4757,8 +4781,8 @@ static int update_dev_stat_item(struct btrfs_trans_handle *trans, | |||
4757 | /* need to delete old one and insert a new one */ | 4781 | /* need to delete old one and insert a new one */ |
4758 | ret = btrfs_del_item(trans, dev_root, path); | 4782 | ret = btrfs_del_item(trans, dev_root, path); |
4759 | if (ret != 0) { | 4783 | if (ret != 0) { |
4760 | printk(KERN_WARNING "btrfs: delete too small dev_stats item for device %s failed %d!\n", | 4784 | printk_in_rcu(KERN_WARNING "btrfs: delete too small dev_stats item for device %s failed %d!\n", |
4761 | device->name, ret); | 4785 | rcu_str_deref(device->name), ret); |
4762 | goto out; | 4786 | goto out; |
4763 | } | 4787 | } |
4764 | ret = 1; | 4788 | ret = 1; |
@@ -4770,8 +4794,8 @@ static int update_dev_stat_item(struct btrfs_trans_handle *trans, | |||
4770 | ret = btrfs_insert_empty_item(trans, dev_root, path, | 4794 | ret = btrfs_insert_empty_item(trans, dev_root, path, |
4771 | &key, sizeof(*ptr)); | 4795 | &key, sizeof(*ptr)); |
4772 | if (ret < 0) { | 4796 | if (ret < 0) { |
4773 | printk(KERN_WARNING "btrfs: insert dev_stats item for device %s failed %d!\n", | 4797 | printk_in_rcu(KERN_WARNING "btrfs: insert dev_stats item for device %s failed %d!\n", |
4774 | device->name, ret); | 4798 | rcu_str_deref(device->name), ret); |
4775 | goto out; | 4799 | goto out; |
4776 | } | 4800 | } |
4777 | } | 4801 | } |
@@ -4823,9 +4847,9 @@ void btrfs_dev_stat_print_on_error(struct btrfs_device *dev) | |||
4823 | { | 4847 | { |
4824 | if (!dev->dev_stats_valid) | 4848 | if (!dev->dev_stats_valid) |
4825 | return; | 4849 | return; |
4826 | printk_ratelimited(KERN_ERR | 4850 | printk_ratelimited_in_rcu(KERN_ERR |
4827 | "btrfs: bdev %s errs: wr %u, rd %u, flush %u, corrupt %u, gen %u\n", | 4851 | "btrfs: bdev %s errs: wr %u, rd %u, flush %u, corrupt %u, gen %u\n", |
4828 | dev->name, | 4852 | rcu_str_deref(dev->name), |
4829 | btrfs_dev_stat_read(dev, BTRFS_DEV_STAT_WRITE_ERRS), | 4853 | btrfs_dev_stat_read(dev, BTRFS_DEV_STAT_WRITE_ERRS), |
4830 | btrfs_dev_stat_read(dev, BTRFS_DEV_STAT_READ_ERRS), | 4854 | btrfs_dev_stat_read(dev, BTRFS_DEV_STAT_READ_ERRS), |
4831 | btrfs_dev_stat_read(dev, BTRFS_DEV_STAT_FLUSH_ERRS), | 4855 | btrfs_dev_stat_read(dev, BTRFS_DEV_STAT_FLUSH_ERRS), |
@@ -4837,8 +4861,8 @@ void btrfs_dev_stat_print_on_error(struct btrfs_device *dev) | |||
4837 | 4861 | ||
4838 | static void btrfs_dev_stat_print_on_load(struct btrfs_device *dev) | 4862 | static void btrfs_dev_stat_print_on_load(struct btrfs_device *dev) |
4839 | { | 4863 | { |
4840 | printk(KERN_INFO "btrfs: bdev %s errs: wr %u, rd %u, flush %u, corrupt %u, gen %u\n", | 4864 | printk_in_rcu(KERN_INFO "btrfs: bdev %s errs: wr %u, rd %u, flush %u, corrupt %u, gen %u\n", |
4841 | dev->name, | 4865 | rcu_str_deref(dev->name), |
4842 | btrfs_dev_stat_read(dev, BTRFS_DEV_STAT_WRITE_ERRS), | 4866 | btrfs_dev_stat_read(dev, BTRFS_DEV_STAT_WRITE_ERRS), |
4843 | btrfs_dev_stat_read(dev, BTRFS_DEV_STAT_READ_ERRS), | 4867 | btrfs_dev_stat_read(dev, BTRFS_DEV_STAT_READ_ERRS), |
4844 | btrfs_dev_stat_read(dev, BTRFS_DEV_STAT_FLUSH_ERRS), | 4868 | btrfs_dev_stat_read(dev, BTRFS_DEV_STAT_FLUSH_ERRS), |