diff options
author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2009-08-12 09:12:30 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-08-12 11:21:39 -0400 |
commit | 1ae88b2e446261c038f2c0c3150ffae142b227a2 (patch) | |
tree | b3c9c11e4391c59086308e2674661688db5b12f5 /fs | |
parent | 7cb7beb31aa3d941833b6a6e553687422c31e4b6 (diff) |
NFS: Fix an O_DIRECT Oops...
We can't call nfs_readdata_release()/nfs_writedata_release() without
first initialising and referencing args.context. Doing so inside
nfs_direct_read_schedule_segment()/nfs_direct_write_schedule_segment()
causes an Oops.
We should rather be calling nfs_readdata_free()/nfs_writedata_free() in
those cases.
Looking at the O_DIRECT code, the "struct nfs_direct_req" is already
referencing the nfs_open_context for us. Since the readdata and writedata
structures carry a reference to that, we can simplify things by getting rid
of the extra nfs_open_context references, so that we can replace all
instances of nfs_readdata_release()/nfs_writedata_release().
Reported-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Tested-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/nfs/direct.c | 20 | ||||
-rw-r--r-- | fs/nfs/read.c | 6 | ||||
-rw-r--r-- | fs/nfs/write.c | 6 |
3 files changed, 14 insertions, 18 deletions
diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c index 489fc01a3204..e4e089a8f294 100644 --- a/fs/nfs/direct.c +++ b/fs/nfs/direct.c | |||
@@ -255,7 +255,7 @@ static void nfs_direct_read_release(void *calldata) | |||
255 | 255 | ||
256 | if (put_dreq(dreq)) | 256 | if (put_dreq(dreq)) |
257 | nfs_direct_complete(dreq); | 257 | nfs_direct_complete(dreq); |
258 | nfs_readdata_release(calldata); | 258 | nfs_readdata_free(data); |
259 | } | 259 | } |
260 | 260 | ||
261 | static const struct rpc_call_ops nfs_read_direct_ops = { | 261 | static const struct rpc_call_ops nfs_read_direct_ops = { |
@@ -314,14 +314,14 @@ static ssize_t nfs_direct_read_schedule_segment(struct nfs_direct_req *dreq, | |||
314 | data->npages, 1, 0, data->pagevec, NULL); | 314 | data->npages, 1, 0, data->pagevec, NULL); |
315 | up_read(¤t->mm->mmap_sem); | 315 | up_read(¤t->mm->mmap_sem); |
316 | if (result < 0) { | 316 | if (result < 0) { |
317 | nfs_readdata_release(data); | 317 | nfs_readdata_free(data); |
318 | break; | 318 | break; |
319 | } | 319 | } |
320 | if ((unsigned)result < data->npages) { | 320 | if ((unsigned)result < data->npages) { |
321 | bytes = result * PAGE_SIZE; | 321 | bytes = result * PAGE_SIZE; |
322 | if (bytes <= pgbase) { | 322 | if (bytes <= pgbase) { |
323 | nfs_direct_release_pages(data->pagevec, result); | 323 | nfs_direct_release_pages(data->pagevec, result); |
324 | nfs_readdata_release(data); | 324 | nfs_readdata_free(data); |
325 | break; | 325 | break; |
326 | } | 326 | } |
327 | bytes -= pgbase; | 327 | bytes -= pgbase; |
@@ -334,7 +334,7 @@ static ssize_t nfs_direct_read_schedule_segment(struct nfs_direct_req *dreq, | |||
334 | data->inode = inode; | 334 | data->inode = inode; |
335 | data->cred = msg.rpc_cred; | 335 | data->cred = msg.rpc_cred; |
336 | data->args.fh = NFS_FH(inode); | 336 | data->args.fh = NFS_FH(inode); |
337 | data->args.context = get_nfs_open_context(ctx); | 337 | data->args.context = ctx; |
338 | data->args.offset = pos; | 338 | data->args.offset = pos; |
339 | data->args.pgbase = pgbase; | 339 | data->args.pgbase = pgbase; |
340 | data->args.pages = data->pagevec; | 340 | data->args.pages = data->pagevec; |
@@ -441,7 +441,7 @@ static void nfs_direct_free_writedata(struct nfs_direct_req *dreq) | |||
441 | struct nfs_write_data *data = list_entry(dreq->rewrite_list.next, struct nfs_write_data, pages); | 441 | struct nfs_write_data *data = list_entry(dreq->rewrite_list.next, struct nfs_write_data, pages); |
442 | list_del(&data->pages); | 442 | list_del(&data->pages); |
443 | nfs_direct_release_pages(data->pagevec, data->npages); | 443 | nfs_direct_release_pages(data->pagevec, data->npages); |
444 | nfs_writedata_release(data); | 444 | nfs_writedata_free(data); |
445 | } | 445 | } |
446 | } | 446 | } |
447 | 447 | ||
@@ -534,7 +534,7 @@ static void nfs_direct_commit_release(void *calldata) | |||
534 | 534 | ||
535 | dprintk("NFS: %5u commit returned %d\n", data->task.tk_pid, status); | 535 | dprintk("NFS: %5u commit returned %d\n", data->task.tk_pid, status); |
536 | nfs_direct_write_complete(dreq, data->inode); | 536 | nfs_direct_write_complete(dreq, data->inode); |
537 | nfs_commitdata_release(calldata); | 537 | nfs_commit_free(data); |
538 | } | 538 | } |
539 | 539 | ||
540 | static const struct rpc_call_ops nfs_commit_direct_ops = { | 540 | static const struct rpc_call_ops nfs_commit_direct_ops = { |
@@ -570,7 +570,7 @@ static void nfs_direct_commit_schedule(struct nfs_direct_req *dreq) | |||
570 | data->args.fh = NFS_FH(data->inode); | 570 | data->args.fh = NFS_FH(data->inode); |
571 | data->args.offset = 0; | 571 | data->args.offset = 0; |
572 | data->args.count = 0; | 572 | data->args.count = 0; |
573 | data->args.context = get_nfs_open_context(dreq->ctx); | 573 | data->args.context = dreq->ctx; |
574 | data->res.count = 0; | 574 | data->res.count = 0; |
575 | data->res.fattr = &data->fattr; | 575 | data->res.fattr = &data->fattr; |
576 | data->res.verf = &data->verf; | 576 | data->res.verf = &data->verf; |
@@ -734,14 +734,14 @@ static ssize_t nfs_direct_write_schedule_segment(struct nfs_direct_req *dreq, | |||
734 | data->npages, 0, 0, data->pagevec, NULL); | 734 | data->npages, 0, 0, data->pagevec, NULL); |
735 | up_read(¤t->mm->mmap_sem); | 735 | up_read(¤t->mm->mmap_sem); |
736 | if (result < 0) { | 736 | if (result < 0) { |
737 | nfs_writedata_release(data); | 737 | nfs_writedata_free(data); |
738 | break; | 738 | break; |
739 | } | 739 | } |
740 | if ((unsigned)result < data->npages) { | 740 | if ((unsigned)result < data->npages) { |
741 | bytes = result * PAGE_SIZE; | 741 | bytes = result * PAGE_SIZE; |
742 | if (bytes <= pgbase) { | 742 | if (bytes <= pgbase) { |
743 | nfs_direct_release_pages(data->pagevec, result); | 743 | nfs_direct_release_pages(data->pagevec, result); |
744 | nfs_writedata_release(data); | 744 | nfs_writedata_free(data); |
745 | break; | 745 | break; |
746 | } | 746 | } |
747 | bytes -= pgbase; | 747 | bytes -= pgbase; |
@@ -756,7 +756,7 @@ static ssize_t nfs_direct_write_schedule_segment(struct nfs_direct_req *dreq, | |||
756 | data->inode = inode; | 756 | data->inode = inode; |
757 | data->cred = msg.rpc_cred; | 757 | data->cred = msg.rpc_cred; |
758 | data->args.fh = NFS_FH(inode); | 758 | data->args.fh = NFS_FH(inode); |
759 | data->args.context = get_nfs_open_context(ctx); | 759 | data->args.context = ctx; |
760 | data->args.offset = pos; | 760 | data->args.offset = pos; |
761 | data->args.pgbase = pgbase; | 761 | data->args.pgbase = pgbase; |
762 | data->args.pages = data->pagevec; | 762 | data->args.pages = data->pagevec; |
diff --git a/fs/nfs/read.c b/fs/nfs/read.c index 73ea5e8d66ce..12c9e66d3f1d 100644 --- a/fs/nfs/read.c +++ b/fs/nfs/read.c | |||
@@ -60,17 +60,15 @@ struct nfs_read_data *nfs_readdata_alloc(unsigned int pagecount) | |||
60 | return p; | 60 | return p; |
61 | } | 61 | } |
62 | 62 | ||
63 | static void nfs_readdata_free(struct nfs_read_data *p) | 63 | void nfs_readdata_free(struct nfs_read_data *p) |
64 | { | 64 | { |
65 | if (p && (p->pagevec != &p->page_array[0])) | 65 | if (p && (p->pagevec != &p->page_array[0])) |
66 | kfree(p->pagevec); | 66 | kfree(p->pagevec); |
67 | mempool_free(p, nfs_rdata_mempool); | 67 | mempool_free(p, nfs_rdata_mempool); |
68 | } | 68 | } |
69 | 69 | ||
70 | void nfs_readdata_release(void *data) | 70 | static void nfs_readdata_release(struct nfs_read_data *rdata) |
71 | { | 71 | { |
72 | struct nfs_read_data *rdata = data; | ||
73 | |||
74 | put_nfs_open_context(rdata->args.context); | 72 | put_nfs_open_context(rdata->args.context); |
75 | nfs_readdata_free(rdata); | 73 | nfs_readdata_free(rdata); |
76 | } | 74 | } |
diff --git a/fs/nfs/write.c b/fs/nfs/write.c index 0a0a2ff767c3..a34fae21fe10 100644 --- a/fs/nfs/write.c +++ b/fs/nfs/write.c | |||
@@ -87,17 +87,15 @@ struct nfs_write_data *nfs_writedata_alloc(unsigned int pagecount) | |||
87 | return p; | 87 | return p; |
88 | } | 88 | } |
89 | 89 | ||
90 | static void nfs_writedata_free(struct nfs_write_data *p) | 90 | void nfs_writedata_free(struct nfs_write_data *p) |
91 | { | 91 | { |
92 | if (p && (p->pagevec != &p->page_array[0])) | 92 | if (p && (p->pagevec != &p->page_array[0])) |
93 | kfree(p->pagevec); | 93 | kfree(p->pagevec); |
94 | mempool_free(p, nfs_wdata_mempool); | 94 | mempool_free(p, nfs_wdata_mempool); |
95 | } | 95 | } |
96 | 96 | ||
97 | void nfs_writedata_release(void *data) | 97 | static void nfs_writedata_release(struct nfs_write_data *wdata) |
98 | { | 98 | { |
99 | struct nfs_write_data *wdata = data; | ||
100 | |||
101 | put_nfs_open_context(wdata->args.context); | 99 | put_nfs_open_context(wdata->args.context); |
102 | nfs_writedata_free(wdata); | 100 | nfs_writedata_free(wdata); |
103 | } | 101 | } |