Amerigo Wang
2009-Jul-06 05:29 UTC
[Patch] btrfs: use file_remove_suid() after i_mutex is held
file_remove_suid() should be called with i_mutex held, file_update_time() too. So move them after mutex_lock(). Plus, check the return value of kmalloc(). Signed-off-by: WANG Cong <amwang@redhat.com> --- diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index 7c3cd24..cd36301 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -944,14 +944,17 @@ static ssize_t btrfs_file_write(struct file *file, const char __user *buf, if (count == 0) goto out_nolock; + mutex_lock(&inode->i_mutex); + err = file_remove_suid(file); if (err) - goto out_nolock; + goto out; file_update_time(file); pages = kmalloc(nrptrs * sizeof(struct page *), GFP_KERNEL); + if (!pages) + goto out; - mutex_lock(&inode->i_mutex); BTRFS_I(inode)->sequence++; first_index = pos >> PAGE_CACHE_SHIFT; last_index = (pos + count) >> PAGE_CACHE_SHIFT; -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Arjan van de Ven
2009-Jul-06 05:48 UTC
Re: [Patch] btrfs: use file_remove_suid() after i_mutex is held
On Mon, 6 Jul 2009 01:29:14 -0400 Amerigo Wang <amwang@redhat.com> wrote:> > file_remove_suid() should be called with i_mutex held, > file_update_time() too. So move them after mutex_lock(). > > Plus, check the return value of kmalloc(). > > Signed-off-by: WANG Cong <amwang@redhat.com> > > --- > diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c > index 7c3cd24..cd36301 100644 > --- a/fs/btrfs/file.c > +++ b/fs/btrfs/file.c > @@ -944,14 +944,17 @@ static ssize_t btrfs_file_write(struct file > *file, const char __user *buf, if (count == 0) > goto out_nolock; > > + mutex_lock(&inode->i_mutex); > + > err = file_remove_suid(file); > if (err) > - goto out_nolock; > + goto out; > file_update_time(file); > > pages = kmalloc(nrptrs * sizeof(struct page *), GFP_KERNEL); > + if (!pages) > + goto out; >Hi, I don''t think you can keep this at GFP_KERNEL once you hold i_mutex.... very likely this needs to now turn into GFP_NOFS! -- Arjan van de Ven Intel Open Source Technology Centre For development, discussion and tips for power savings, visit http://www.lesswatts.org -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Amerigo Wang
2009-Jul-06 06:24 UTC
Re: [Patch] btrfs: use file_remove_suid() after i_mutex is held
Arjan van de Ven wrote:> On Mon, 6 Jul 2009 01:29:14 -0400 > Amerigo Wang <amwang@redhat.com> wrote: > > >> file_remove_suid() should be called with i_mutex held, >> file_update_time() too. So move them after mutex_lock(). >> >> Plus, check the return value of kmalloc(). >> >> Signed-off-by: WANG Cong <amwang@redhat.com> >> >> --- >> diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c >> index 7c3cd24..cd36301 100644 >> --- a/fs/btrfs/file.c >> +++ b/fs/btrfs/file.c >> @@ -944,14 +944,17 @@ static ssize_t btrfs_file_write(struct file >> *file, const char __user *buf, if (count == 0) >> goto out_nolock; >> >> + mutex_lock(&inode->i_mutex); >> + >> err = file_remove_suid(file); >> if (err) >> - goto out_nolock; >> + goto out; >> file_update_time(file); >> >> pages = kmalloc(nrptrs * sizeof(struct page *), GFP_KERNEL); >> + if (!pages) >> + goto out; >> >> > Hi, > > I don''t think you can keep this at GFP_KERNEL once you hold i_mutex.... > very likely this needs to now turn into GFP_NOFS! >Good point! Hmm, GFP_KERNEL adds __GFP_FS while GFP_NOFS not... Just moving that kmalloc() up, before mutex_lock(), I think, can solve this. I will update this patch now... Thanks! -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html