From c6e8c6ccf96e9249805d0e9828b994f4c926ad51 Mon Sep 17 00:00:00 2001 From: KaiGai Kohei Date: Thu, 29 Jun 2006 15:33:02 +0100 Subject: [JFFS2][XATTR] Fix xd->refcnt race condition When xd->refcnt is checked whether this xdatum should be released or not, atomic_dec_and_lock() is used to ensure holding the c->erase_completion_lock. This fix change a specification of delete_xattr_datum(). Previously, it's only called when xd->refcnt equals zero. (calling it with positive xd->refcnt cause a BUG()) If you applied this patch, the function checks whether xd->refcnt is zero or not under the spinlock if necessary. Then, it marks xd DEAD flahs and links with xattr_dead_list or releases it immediately when xd->refcnt become zero. Signed-off-by: KaiGai Kohei Signed-off-by: David Woodhouse --- fs/jffs2/xattr.c | 45 ++++++++++++++++++++++----------------------- 1 file changed, 22 insertions(+), 23 deletions(-) (limited to 'fs') diff --git a/fs/jffs2/xattr.c b/fs/jffs2/xattr.c index 18e66dbf23b..25bc1ae0864 100644 --- a/fs/jffs2/xattr.c +++ b/fs/jffs2/xattr.c @@ -50,9 +50,10 @@ * is used to write xdatum to medium. xd->version will be incremented. * create_xattr_datum(c, xprefix, xname, xvalue, xsize) * is used to create new xdatum and write to medium. - * delete_xattr_datum(c, xd) - * is used to delete a xdatum. It marks xd JFFS2_XFLAGS_DEAD, and allows - * GC to reclaim those physical nodes. + * unrefer_xattr_datum(c, xd) + * is used to delete a xdatum. When nobody refers this xdatum, JFFS2_XFLAGS_DEAD + * is set on xd->flags and chained xattr_dead_list or release it immediately. + * In the first case, the garbage collector release it later. * -------------------------------------------------- */ static uint32_t xattr_datum_hashkey(int xprefix, const char *xname, const char *xvalue, int xsize) { @@ -394,22 +395,24 @@ static struct jffs2_xattr_datum *create_xattr_datum(struct jffs2_sb_info *c, return xd; } -static void delete_xattr_datum(struct jffs2_sb_info *c, struct jffs2_xattr_datum *xd) +static void unrefer_xattr_datum(struct jffs2_sb_info *c, struct jffs2_xattr_datum *xd) { /* must be called under down_write(xattr_sem) */ - BUG_ON(atomic_read(&xd->refcnt)); + if (atomic_dec_and_lock(&xd->refcnt, &c->erase_completion_lock)) { + uint32_t xid = xd->xid, version = xd->version; - unload_xattr_datum(c, xd); - xd->flags |= JFFS2_XFLAGS_DEAD; - spin_lock(&c->erase_completion_lock); - if (xd->node == (void *)xd) { - BUG_ON(!(xd->flags & JFFS2_XFLAGS_INVALID)); - jffs2_free_xattr_datum(xd); - } else { - list_add(&xd->xindex, &c->xattr_dead_list); + unload_xattr_datum(c, xd); + xd->flags |= JFFS2_XFLAGS_DEAD; + if (xd->node == (void *)xd) { + BUG_ON(!(xd->flags & JFFS2_XFLAGS_INVALID)); + jffs2_free_xattr_datum(xd); + } else { + list_add(&xd->xindex, &c->xattr_dead_list); + } + spin_unlock(&c->erase_completion_lock); + + dbg_xattr("xdatum(xid=%u, version=%u) was removed.\n", xid, version); } - spin_unlock(&c->erase_completion_lock); - dbg_xattr("xdatum(xid=%u, version=%u) was removed.\n", xd->xid, xd->version); } /* -------- xref related functions ------------------ @@ -580,8 +583,7 @@ static void delete_xattr_ref(struct jffs2_sb_info *c, struct jffs2_xattr_ref *re dbg_xattr("xref(ino=%u, xid=%u, xseqno=%u) was removed.\n", ref->ino, ref->xid, ref->xseqno); - if (atomic_dec_and_test(&xd->refcnt)) - delete_xattr_datum(c, xd); + unrefer_xattr_datum(c, xd); } void jffs2_xattr_delete_inode(struct jffs2_sb_info *c, struct jffs2_inode_cache *ic) @@ -1119,8 +1121,7 @@ int do_jffs2_setxattr(struct inode *inode, int xprefix, const char *xname, ref->next = c->xref_dead_list; c->xref_dead_list = ref; spin_unlock(&c->erase_completion_lock); - if (atomic_dec_and_test(&xd->refcnt)) - delete_xattr_datum(c, xd); + unrefer_xattr_datum(c, xd); } else { ref->ic = ic; ref->xd = xd; @@ -1156,8 +1157,7 @@ int do_jffs2_setxattr(struct inode *inode, int xprefix, const char *xname, down_write(&c->xattr_sem); if (rc) { JFFS2_WARNING("jffs2_reserve_space()=%d, request=%u\n", rc, request); - if (atomic_dec_and_test(&xd->refcnt)) - delete_xattr_datum(c, xd); + unrefer_xattr_datum(c, xd); up_write(&c->xattr_sem); return rc; } @@ -1170,8 +1170,7 @@ int do_jffs2_setxattr(struct inode *inode, int xprefix, const char *xname, ic->xref = ref; } rc = PTR_ERR(newref); - if (atomic_dec_and_test(&xd->refcnt)) - delete_xattr_datum(c, xd); + unrefer_xattr_datum(c, xd); } else if (ref) { delete_xattr_ref(c, ref); } -- cgit From c05d52c748da10a3f27f6e638875514153776b15 Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Thu, 22 Jun 2006 12:03:35 +0200 Subject: fs/jffs2/: make 2 functions static This patch makes two needlessly global functions static. Signed-off-by: Adrian Bunk Signed-off-by: David Woodhouse --- fs/jffs2/malloc.c | 2 +- fs/jffs2/nodelist.h | 2 -- fs/jffs2/scan.c | 4 ++-- 3 files changed, 3 insertions(+), 5 deletions(-) (limited to 'fs') diff --git a/fs/jffs2/malloc.c b/fs/jffs2/malloc.c index 8310c95478e..33f29100501 100644 --- a/fs/jffs2/malloc.c +++ b/fs/jffs2/malloc.c @@ -190,7 +190,7 @@ void jffs2_free_tmp_dnode_info(struct jffs2_tmp_dnode_info *x) kmem_cache_free(tmp_dnode_info_slab, x); } -struct jffs2_raw_node_ref *jffs2_alloc_refblock(void) +static struct jffs2_raw_node_ref *jffs2_alloc_refblock(void) { struct jffs2_raw_node_ref *ret; diff --git a/fs/jffs2/nodelist.h b/fs/jffs2/nodelist.h index b16c60bbcf6..be6d4a4dd8e 100644 --- a/fs/jffs2/nodelist.h +++ b/fs/jffs2/nodelist.h @@ -427,8 +427,6 @@ char *jffs2_getlink(struct jffs2_sb_info *c, struct jffs2_inode_info *f); /* scan.c */ int jffs2_scan_medium(struct jffs2_sb_info *c); void jffs2_rotate_lists(struct jffs2_sb_info *c); -int jffs2_fill_scan_buf(struct jffs2_sb_info *c, void *buf, - uint32_t ofs, uint32_t len); struct jffs2_inode_cache *jffs2_scan_make_ino_cache(struct jffs2_sb_info *c, uint32_t ino); int jffs2_scan_classify_jeb(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb); int jffs2_scan_dirty_space(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, uint32_t size); diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c index 2bfdc33752d..e2413466ddd 100644 --- a/fs/jffs2/scan.c +++ b/fs/jffs2/scan.c @@ -274,8 +274,8 @@ int jffs2_scan_medium(struct jffs2_sb_info *c) return ret; } -int jffs2_fill_scan_buf (struct jffs2_sb_info *c, void *buf, - uint32_t ofs, uint32_t len) +static int jffs2_fill_scan_buf(struct jffs2_sb_info *c, void *buf, + uint32_t ofs, uint32_t len) { int ret; size_t retlen; -- cgit From c7afb0f97700e73109564f83c35bfeeb14cb653b Mon Sep 17 00:00:00 2001 From: KaiGai Kohei Date: Sun, 2 Jul 2006 15:13:46 +0100 Subject: [JFFS2][XATTR] Fix memory leak in POSIX-ACL support jffs2_clear_acl() which releases acl caches allocated by kmalloc() was defined but it was never called. Thus, we faced to the risk of memory leaking. This patch plugs jffs2_clear_acl() into jffs2_do_clear_inode(). It ensures to release acl cache when inode is cleared. Signed-off-by: KaiGai Kohei Signed-off-by: David Woodhouse --- fs/jffs2/acl.c | 4 +--- fs/jffs2/acl.h | 4 ++-- fs/jffs2/readinode.c | 1 + 3 files changed, 4 insertions(+), 5 deletions(-) (limited to 'fs') diff --git a/fs/jffs2/acl.c b/fs/jffs2/acl.c index 9c2077e7e08..0ae3cd10702 100644 --- a/fs/jffs2/acl.c +++ b/fs/jffs2/acl.c @@ -345,10 +345,8 @@ int jffs2_init_acl(struct inode *inode, struct inode *dir) return rc; } -void jffs2_clear_acl(struct inode *inode) +void jffs2_clear_acl(struct jffs2_inode_info *f) { - struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode); - if (f->i_acl_access && f->i_acl_access != JFFS2_ACL_NOT_CACHED) { posix_acl_release(f->i_acl_access); f->i_acl_access = JFFS2_ACL_NOT_CACHED; diff --git a/fs/jffs2/acl.h b/fs/jffs2/acl.h index 8893bd1a6ba..fa327dbd317 100644 --- a/fs/jffs2/acl.h +++ b/fs/jffs2/acl.h @@ -30,7 +30,7 @@ struct jffs2_acl_header { extern int jffs2_permission(struct inode *, int, struct nameidata *); extern int jffs2_acl_chmod(struct inode *); extern int jffs2_init_acl(struct inode *, struct inode *); -extern void jffs2_clear_acl(struct inode *); +extern void jffs2_clear_acl(struct jffs2_inode_info *); extern struct xattr_handler jffs2_acl_access_xattr_handler; extern struct xattr_handler jffs2_acl_default_xattr_handler; @@ -40,6 +40,6 @@ extern struct xattr_handler jffs2_acl_default_xattr_handler; #define jffs2_permission NULL #define jffs2_acl_chmod(inode) (0) #define jffs2_init_acl(inode,dir) (0) -#define jffs2_clear_acl(inode) +#define jffs2_clear_acl(f) #endif /* CONFIG_JFFS2_FS_POSIX_ACL */ diff --git a/fs/jffs2/readinode.c b/fs/jffs2/readinode.c index cc1899268c4..266423b2709 100644 --- a/fs/jffs2/readinode.c +++ b/fs/jffs2/readinode.c @@ -968,6 +968,7 @@ void jffs2_do_clear_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f) struct jffs2_full_dirent *fd, *fds; int deleted; + jffs2_clear_acl(f); jffs2_xattr_delete_inode(c, f->inocache); down(&f->sem); deleted = f->inocache && !f->inocache->nlink; -- cgit