From 198de4d7ac3a0f1351c6377ff657950457ed0038 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Wed, 5 Aug 2009 19:29:23 +0400 Subject: reorder alloc_fd/attach_fd in socketpair() Signed-off-by: Al Viro --- net/socket.c | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) (limited to 'net') diff --git a/net/socket.c b/net/socket.c index b94c3dd7101..bf538bea8fb 100644 --- a/net/socket.c +++ b/net/socket.c @@ -1396,23 +1396,30 @@ SYSCALL_DEFINE4(socketpair, int, family, int, type, int, protocol, goto out_release_both; } - fd2 = sock_alloc_fd(&newfile2, flags & O_CLOEXEC); - if (unlikely(fd2 < 0)) { - err = fd2; + err = sock_attach_fd(sock1, newfile1, flags & O_NONBLOCK); + if (unlikely(err < 0)) { put_filp(newfile1); put_unused_fd(fd1); goto out_release_both; } - err = sock_attach_fd(sock1, newfile1, flags & O_NONBLOCK); - if (unlikely(err < 0)) { - goto out_fd2; + fd2 = sock_alloc_fd(&newfile2, flags & O_CLOEXEC); + if (unlikely(fd2 < 0)) { + err = fd2; + fput(newfile1); + put_unused_fd(fd1); + sock_release(sock2); + goto out; } err = sock_attach_fd(sock2, newfile2, flags & O_NONBLOCK); if (unlikely(err < 0)) { + put_filp(newfile2); + put_unused_fd(fd2); fput(newfile1); - goto out_fd1; + put_unused_fd(fd1); + sock_release(sock2); + goto out; } audit_fd_pair(fd1, fd2); @@ -1438,16 +1445,6 @@ out_release_1: sock_release(sock1); out: return err; - -out_fd2: - put_filp(newfile1); - sock_release(sock1); -out_fd1: - put_filp(newfile2); - sock_release(sock2); - put_unused_fd(fd1); - put_unused_fd(fd2); - goto out; } /* -- cgit v1.2.3 From 7cbe66b6b53b6615f1033bd5b3dbad8162886373 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Wed, 5 Aug 2009 19:59:08 +0400 Subject: merge sock_alloc_fd/sock_attach_fd into a new helper Signed-off-by: Al Viro --- net/socket.c | 80 +++++++++++++++++------------------------------------------- 1 file changed, 23 insertions(+), 57 deletions(-) (limited to 'net') diff --git a/net/socket.c b/net/socket.c index bf538bea8fb..dbb3802a764 100644 --- a/net/socket.c +++ b/net/socket.c @@ -355,32 +355,30 @@ static const struct dentry_operations sockfs_dentry_operations = { * but we take care of internal coherence yet. */ -static int sock_alloc_fd(struct file **filep, int flags) +static int sock_alloc_file(struct socket *sock, struct file **f, int flags) { + struct qstr name = { .name = "" }; + struct dentry *dentry; + struct file *file; int fd; fd = get_unused_fd_flags(flags); - if (likely(fd >= 0)) { - struct file *file = get_empty_filp(); + if (unlikely(fd < 0)) + return fd; - *filep = file; - if (unlikely(!file)) { - put_unused_fd(fd); - return -ENFILE; - } - } else - *filep = NULL; - return fd; -} + file = get_empty_filp(); -static int sock_attach_fd(struct socket *sock, struct file *file, int flags) -{ - struct dentry *dentry; - struct qstr name = { .name = "" }; + if (unlikely(!file)) { + put_unused_fd(fd); + return -ENFILE; + } dentry = d_alloc(sock_mnt->mnt_sb->s_root, &name); - if (unlikely(!dentry)) + if (unlikely(!dentry)) { + put_filp(file); + put_unused_fd(fd); return -ENOMEM; + } dentry->d_op = &sockfs_dentry_operations; /* @@ -399,24 +397,18 @@ static int sock_attach_fd(struct socket *sock, struct file *file, int flags) file->f_pos = 0; file->private_data = sock; - return 0; + *f = file; + return fd; } int sock_map_fd(struct socket *sock, int flags) { struct file *newfile; - int fd = sock_alloc_fd(&newfile, flags); - - if (likely(fd >= 0)) { - int err = sock_attach_fd(sock, newfile, flags); + int fd = sock_alloc_file(sock, &newfile, flags); - if (unlikely(err < 0)) { - put_filp(newfile); - put_unused_fd(fd); - return err; - } + if (likely(fd >= 0)) fd_install(fd, newfile); - } + return fd; } @@ -1390,20 +1382,13 @@ SYSCALL_DEFINE4(socketpair, int, family, int, type, int, protocol, if (err < 0) goto out_release_both; - fd1 = sock_alloc_fd(&newfile1, flags & O_CLOEXEC); + fd1 = sock_alloc_file(sock1, &newfile1, flags); if (unlikely(fd1 < 0)) { err = fd1; goto out_release_both; } - err = sock_attach_fd(sock1, newfile1, flags & O_NONBLOCK); - if (unlikely(err < 0)) { - put_filp(newfile1); - put_unused_fd(fd1); - goto out_release_both; - } - - fd2 = sock_alloc_fd(&newfile2, flags & O_CLOEXEC); + fd2 = sock_alloc_file(sock2, &newfile2, flags); if (unlikely(fd2 < 0)) { err = fd2; fput(newfile1); @@ -1412,16 +1397,6 @@ SYSCALL_DEFINE4(socketpair, int, family, int, type, int, protocol, goto out; } - err = sock_attach_fd(sock2, newfile2, flags & O_NONBLOCK); - if (unlikely(err < 0)) { - put_filp(newfile2); - put_unused_fd(fd2); - fput(newfile1); - put_unused_fd(fd1); - sock_release(sock2); - goto out; - } - audit_fd_pair(fd1, fd2); fd_install(fd1, newfile1); fd_install(fd2, newfile2); @@ -1548,17 +1523,13 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, */ __module_get(newsock->ops->owner); - newfd = sock_alloc_fd(&newfile, flags & O_CLOEXEC); + newfd = sock_alloc_file(newsock, &newfile, flags); if (unlikely(newfd < 0)) { err = newfd; sock_release(newsock); goto out_put; } - err = sock_attach_fd(newsock, newfile, flags & O_NONBLOCK); - if (err < 0) - goto out_fd_simple; - err = security_socket_accept(sock, newsock); if (err) goto out_fd; @@ -1588,11 +1559,6 @@ out_put: fput_light(sock->file, fput_needed); out: return err; -out_fd_simple: - sock_release(newsock); - put_filp(newfile); - put_unused_fd(newfd); - goto out_put; out_fd: fput(newfile); put_unused_fd(newfd); -- cgit v1.2.3 From 6b18662e239a032f908b7f6e164bdf7e2e0a32c9 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 6 Aug 2009 02:02:43 +0400 Subject: 9p connect fixes * if we fail in p9_conn_create(), we shouldn't leak references to struct file. Logics in ->close() doesn't help - ->trans is already gone by the time it's called. * sock_create_kern() can fail. * use of sock_map_fd() is all fscked up; I'd fixed most of that, but the rest will have to wait for a bit more work in net/socket.c (we still are violating the basic rule of working with descriptor table: "once the reference is installed there, don't rely on finding it there again"). Signed-off-by: Al Viro --- net/9p/trans_fd.c | 112 ++++++++++++++++++++++-------------------------------- 1 file changed, 46 insertions(+), 66 deletions(-) (limited to 'net') diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c index 4dd873e3a1b..be1cb909d8c 100644 --- a/net/9p/trans_fd.c +++ b/net/9p/trans_fd.c @@ -42,6 +42,8 @@ #include #include +#include /* killme */ + #define P9_PORT 564 #define MAX_SOCK_BUF (64*1024) #define MAXPOLLWADDR 2 @@ -788,24 +790,41 @@ static int p9_fd_open(struct p9_client *client, int rfd, int wfd) static int p9_socket_open(struct p9_client *client, struct socket *csocket) { - int fd, ret; + struct p9_trans_fd *p; + int ret, fd; + + p = kmalloc(sizeof(struct p9_trans_fd), GFP_KERNEL); + if (!p) + return -ENOMEM; csocket->sk->sk_allocation = GFP_NOIO; fd = sock_map_fd(csocket, 0); if (fd < 0) { P9_EPRINTK(KERN_ERR, "p9_socket_open: failed to map fd\n"); + sock_release(csocket); + kfree(p); return fd; } - ret = p9_fd_open(client, fd, fd); - if (ret < 0) { - P9_EPRINTK(KERN_ERR, "p9_socket_open: failed to open fd\n"); + get_file(csocket->file); + get_file(csocket->file); + p->wr = p->rd = csocket->file; + client->trans = p; + client->status = Connected; + + sys_close(fd); /* still racy */ + + p->rd->f_flags |= O_NONBLOCK; + + p->conn = p9_conn_create(client); + if (IS_ERR(p->conn)) { + ret = PTR_ERR(p->conn); + p->conn = NULL; + kfree(p); + sockfd_put(csocket); sockfd_put(csocket); return ret; } - - ((struct p9_trans_fd *)client->trans)->rd->f_flags |= O_NONBLOCK; - return 0; } @@ -883,7 +902,6 @@ p9_fd_create_tcp(struct p9_client *client, const char *addr, char *args) struct socket *csocket; struct sockaddr_in sin_server; struct p9_fd_opts opts; - struct p9_trans_fd *p = NULL; /* this gets allocated in p9_fd_open */ err = parse_opts(args, &opts); if (err < 0) @@ -897,12 +915,11 @@ p9_fd_create_tcp(struct p9_client *client, const char *addr, char *args) sin_server.sin_family = AF_INET; sin_server.sin_addr.s_addr = in_aton(addr); sin_server.sin_port = htons(opts.port); - sock_create_kern(PF_INET, SOCK_STREAM, IPPROTO_TCP, &csocket); + err = sock_create_kern(PF_INET, SOCK_STREAM, IPPROTO_TCP, &csocket); - if (!csocket) { + if (err) { P9_EPRINTK(KERN_ERR, "p9_trans_tcp: problem creating socket\n"); - err = -EIO; - goto error; + return err; } err = csocket->ops->connect(csocket, @@ -912,30 +929,11 @@ p9_fd_create_tcp(struct p9_client *client, const char *addr, char *args) P9_EPRINTK(KERN_ERR, "p9_trans_tcp: problem connecting socket to %s\n", addr); - goto error; - } - - err = p9_socket_open(client, csocket); - if (err < 0) - goto error; - - p = (struct p9_trans_fd *) client->trans; - p->conn = p9_conn_create(client); - if (IS_ERR(p->conn)) { - err = PTR_ERR(p->conn); - p->conn = NULL; - goto error; - } - - return 0; - -error: - if (csocket) sock_release(csocket); + return err; + } - kfree(p); - - return err; + return p9_socket_open(client, csocket); } static int @@ -944,49 +942,33 @@ p9_fd_create_unix(struct p9_client *client, const char *addr, char *args) int err; struct socket *csocket; struct sockaddr_un sun_server; - struct p9_trans_fd *p = NULL; /* this gets allocated in p9_fd_open */ csocket = NULL; if (strlen(addr) > UNIX_PATH_MAX) { P9_EPRINTK(KERN_ERR, "p9_trans_unix: address too long: %s\n", addr); - err = -ENAMETOOLONG; - goto error; + return -ENAMETOOLONG; } sun_server.sun_family = PF_UNIX; strcpy(sun_server.sun_path, addr); - sock_create_kern(PF_UNIX, SOCK_STREAM, 0, &csocket); + err = sock_create_kern(PF_UNIX, SOCK_STREAM, 0, &csocket); + if (err < 0) { + P9_EPRINTK(KERN_ERR, "p9_trans_unix: problem creating socket\n"); + return err; + } err = csocket->ops->connect(csocket, (struct sockaddr *)&sun_server, sizeof(struct sockaddr_un) - 1, 0); if (err < 0) { P9_EPRINTK(KERN_ERR, "p9_trans_unix: problem connecting socket: %s: %d\n", addr, err); - goto error; - } - - err = p9_socket_open(client, csocket); - if (err < 0) - goto error; - - p = (struct p9_trans_fd *) client->trans; - p->conn = p9_conn_create(client); - if (IS_ERR(p->conn)) { - err = PTR_ERR(p->conn); - p->conn = NULL; - goto error; - } - - return 0; - -error: - if (csocket) sock_release(csocket); + return err; + } - kfree(p); - return err; + return p9_socket_open(client, csocket); } static int @@ -994,7 +976,7 @@ p9_fd_create(struct p9_client *client, const char *addr, char *args) { int err; struct p9_fd_opts opts; - struct p9_trans_fd *p = NULL; /* this get allocated in p9_fd_open */ + struct p9_trans_fd *p; parse_opts(args, &opts); @@ -1005,21 +987,19 @@ p9_fd_create(struct p9_client *client, const char *addr, char *args) err = p9_fd_open(client, opts.rfd, opts.wfd); if (err < 0) - goto error; + return err; p = (struct p9_trans_fd *) client->trans; p->conn = p9_conn_create(client); if (IS_ERR(p->conn)) { err = PTR_ERR(p->conn); p->conn = NULL; - goto error; + fput(p->rd); + fput(p->wr); + return err; } return 0; - -error: - kfree(p); - return err; } static struct p9_trans_module p9_tcp_trans = { -- cgit v1.2.3 From cc3808f8c354889982e7e323050f1e50ad99a009 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 6 Aug 2009 09:43:59 +0400 Subject: switch sock_alloc_file() to alloc_file() Signed-off-by: Al Viro --- net/socket.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'net') diff --git a/net/socket.c b/net/socket.c index dbb3802a764..eaaba3510e8 100644 --- a/net/socket.c +++ b/net/socket.c @@ -366,16 +366,8 @@ static int sock_alloc_file(struct socket *sock, struct file **f, int flags) if (unlikely(fd < 0)) return fd; - file = get_empty_filp(); - - if (unlikely(!file)) { - put_unused_fd(fd); - return -ENFILE; - } - dentry = d_alloc(sock_mnt->mnt_sb->s_root, &name); if (unlikely(!dentry)) { - put_filp(file); put_unused_fd(fd); return -ENOMEM; } @@ -388,11 +380,19 @@ static int sock_alloc_file(struct socket *sock, struct file **f, int flags) */ dentry->d_flags &= ~DCACHE_UNHASHED; d_instantiate(dentry, SOCK_INODE(sock)); + SOCK_INODE(sock)->i_fop = &socket_file_ops; - sock->file = file; - init_file(file, sock_mnt, dentry, FMODE_READ | FMODE_WRITE, + file = alloc_file(sock_mnt, dentry, FMODE_READ | FMODE_WRITE, &socket_file_ops); - SOCK_INODE(sock)->i_fop = &socket_file_ops; + if (unlikely(!file)) { + /* drop dentry, keep inode */ + atomic_inc(&path.dentry->d_inode->i_count); + dput(dentry); + put_unused_fd(fd); + return -ENFILE; + } + + sock->file = file; file->f_flags = O_RDWR | (flags & O_NONBLOCK); file->f_pos = 0; file->private_data = sock; -- cgit v1.2.3 From 2c48b9c45579a9b5e3e74694eebf3d2451f3dbd3 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sun, 9 Aug 2009 00:52:35 +0400 Subject: switch alloc_file() to passing struct path ... and have the caller grab both mnt and dentry; kill leak in infiniband, while we are at it. Signed-off-by: Al Viro --- arch/ia64/kernel/perfmon.c | 15 ++++++++------- drivers/infiniband/core/uverbs_main.c | 9 +++++++-- fs/anon_inodes.c | 18 +++++++++--------- fs/file_table.c | 13 ++++++------- fs/hugetlbfs/inode.c | 15 ++++++++------- fs/notify/inotify/inotify_user.c | 8 ++++++-- fs/pipe.c | 17 +++++++++-------- include/linux/file.h | 5 +++-- ipc/shm.c | 10 +++++----- mm/shmem.c | 14 ++++++++------ net/socket.c | 17 +++++++++-------- 11 files changed, 78 insertions(+), 63 deletions(-) (limited to 'net') diff --git a/arch/ia64/kernel/perfmon.c b/arch/ia64/kernel/perfmon.c index 599b233bef7..5246285a95f 100644 --- a/arch/ia64/kernel/perfmon.c +++ b/arch/ia64/kernel/perfmon.c @@ -2200,7 +2200,7 @@ pfm_alloc_file(pfm_context_t *ctx) { struct file *file; struct inode *inode; - struct dentry *dentry; + struct path path; char name[32]; struct qstr this; @@ -2225,18 +2225,19 @@ pfm_alloc_file(pfm_context_t *ctx) /* * allocate a new dcache entry */ - dentry = d_alloc(pfmfs_mnt->mnt_sb->s_root, &this); - if (!dentry) { + path.dentry = d_alloc(pfmfs_mnt->mnt_sb->s_root, &this); + if (!path.dentry) { iput(inode); return ERR_PTR(-ENOMEM); } + path.mnt = mntget(pfmfs_mnt); - dentry->d_op = &pfmfs_dentry_operations; - d_add(dentry, inode); + path.dentry->d_op = &pfmfs_dentry_operations; + d_add(path.dentry, inode); - file = alloc_file(pfmfs_mnt, dentry, FMODE_READ, &pfm_file_ops); + file = alloc_file(&path, FMODE_READ, &pfm_file_ops); if (!file) { - dput(dentry); + path_put(&path); return ERR_PTR(-ENFILE); } diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c index aec0fbdfe7f..5f284ffd430 100644 --- a/drivers/infiniband/core/uverbs_main.c +++ b/drivers/infiniband/core/uverbs_main.c @@ -492,6 +492,7 @@ struct file *ib_uverbs_alloc_event_file(struct ib_uverbs_file *uverbs_file, int is_async, int *fd) { struct ib_uverbs_event_file *ev_file; + struct path path; struct file *filp; int ret; @@ -519,8 +520,10 @@ struct file *ib_uverbs_alloc_event_file(struct ib_uverbs_file *uverbs_file, * system call on a uverbs file, which will already have a * module reference. */ - filp = alloc_file(uverbs_event_mnt, dget(uverbs_event_mnt->mnt_root), - FMODE_READ, fops_get(&uverbs_event_fops)); + path.mnt = uverbs_event_mnt; + path.dentry = uverbs_event_mnt->mnt_root; + path_get(&path); + filp = alloc_file(&path, FMODE_READ, fops_get(&uverbs_event_fops)); if (!filp) { ret = -ENFILE; goto err_fd; @@ -531,6 +534,8 @@ struct file *ib_uverbs_alloc_event_file(struct ib_uverbs_file *uverbs_file, return filp; err_fd: + fops_put(&uverbs_event_fops); + path_put(&path); put_unused_fd(*fd); err: diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c index 2ca7a7cafdb..94f5110c465 100644 --- a/fs/anon_inodes.c +++ b/fs/anon_inodes.c @@ -88,7 +88,7 @@ struct file *anon_inode_getfile(const char *name, void *priv, int flags) { struct qstr this; - struct dentry *dentry; + struct path path; struct file *file; int error; @@ -106,10 +106,11 @@ struct file *anon_inode_getfile(const char *name, this.name = name; this.len = strlen(name); this.hash = 0; - dentry = d_alloc(anon_inode_mnt->mnt_sb->s_root, &this); - if (!dentry) + path.dentry = d_alloc(anon_inode_mnt->mnt_sb->s_root, &this); + if (!path.dentry) goto err_module; + path.mnt = mntget(anon_inode_mnt); /* * We know the anon_inode inode count is always greater than zero, * so we can avoid doing an igrab() and we can use an open-coded @@ -117,14 +118,13 @@ struct file *anon_inode_getfile(const char *name, */ atomic_inc(&anon_inode_inode->i_count); - dentry->d_op = &anon_inodefs_dentry_operations; + path.dentry->d_op = &anon_inodefs_dentry_operations; /* Do not publish this dentry inside the global dentry hash table */ - dentry->d_flags &= ~DCACHE_UNHASHED; - d_instantiate(dentry, anon_inode_inode); + path.dentry->d_flags &= ~DCACHE_UNHASHED; + d_instantiate(path.dentry, anon_inode_inode); error = -ENFILE; - file = alloc_file(anon_inode_mnt, dentry, - FMODE_READ | FMODE_WRITE, fops); + file = alloc_file(&path, FMODE_READ | FMODE_WRITE, fops); if (!file) goto err_dput; file->f_mapping = anon_inode_inode->i_mapping; @@ -137,7 +137,7 @@ struct file *anon_inode_getfile(const char *name, return file; err_dput: - dput(dentry); + path_put(&path); err_module: module_put(fops->owner); return ERR_PTR(error); diff --git a/fs/file_table.c b/fs/file_table.c index 602a9ee3023..163cd28314e 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -162,8 +162,8 @@ fail: * If all the callers of init_file() are eliminated, its * code should be moved into this function. */ -struct file *alloc_file(struct vfsmount *mnt, struct dentry *dentry, - fmode_t mode, const struct file_operations *fop) +struct file *alloc_file(struct path *path, fmode_t mode, + const struct file_operations *fop) { struct file *file; @@ -171,9 +171,8 @@ struct file *alloc_file(struct vfsmount *mnt, struct dentry *dentry, if (!file) return NULL; - file->f_path.dentry = dentry; - file->f_path.mnt = mntget(mnt); - file->f_mapping = dentry->d_inode->i_mapping; + file->f_path = *path; + file->f_mapping = path->dentry->d_inode->i_mapping; file->f_mode = mode; file->f_op = fop; @@ -183,10 +182,10 @@ struct file *alloc_file(struct vfsmount *mnt, struct dentry *dentry, * visible. We do this for consistency, and so * that we can do debugging checks at __fput() */ - if ((mode & FMODE_WRITE) && !special_file(dentry->d_inode->i_mode)) { + if ((mode & FMODE_WRITE) && !special_file(path->dentry->d_inode->i_mode)) { int error = 0; file_take_write(file); - error = mnt_clone_write(mnt); + error = mnt_clone_write(path->mnt); WARN_ON(error); } return file; diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index 87a1258953b..6bd41525cd7 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -922,7 +922,8 @@ struct file *hugetlb_file_setup(const char *name, size_t size, int acctflag, int error = -ENOMEM; struct file *file; struct inode *inode; - struct dentry *dentry, *root; + struct path path; + struct dentry *root; struct qstr quick_string; *user = NULL; @@ -944,10 +945,11 @@ struct file *hugetlb_file_setup(const char *name, size_t size, int acctflag, quick_string.name = name; quick_string.len = strlen(quick_string.name); quick_string.hash = 0; - dentry = d_alloc(root, &quick_string); - if (!dentry) + path.dentry = d_alloc(root, &quick_string); + if (!path.dentry) goto out_shm_unlock; + path.mnt = mntget(hugetlbfs_vfsmount); error = -ENOSPC; inode = hugetlbfs_get_inode(root->d_sb, current_fsuid(), current_fsgid(), S_IFREG | S_IRWXUGO, 0); @@ -960,13 +962,12 @@ struct file *hugetlb_file_setup(const char *name, size_t size, int acctflag, acctflag)) goto out_inode; - d_instantiate(dentry, inode); + d_instantiate(path.dentry, inode); inode->i_size = size; inode->i_nlink = 0; error = -ENFILE; - file = alloc_file(hugetlbfs_vfsmount, dentry, - FMODE_WRITE | FMODE_READ, + file = alloc_file(&path, FMODE_WRITE | FMODE_READ, &hugetlbfs_file_operations); if (!file) goto out_dentry; /* inode is already attached */ @@ -977,7 +978,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size, int acctflag, out_inode: iput(inode); out_dentry: - dput(dentry); + path_put(&path); out_shm_unlock: if (*user) { user_shm_unlock(size, *user); diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c index 9e4f90042ea..8271cf05c95 100644 --- a/fs/notify/inotify/inotify_user.c +++ b/fs/notify/inotify/inotify_user.c @@ -646,6 +646,7 @@ SYSCALL_DEFINE1(inotify_init1, int, flags) struct fsnotify_group *group; struct user_struct *user; struct file *filp; + struct path path; int fd, ret; /* Check the IN_* constants for consistency. */ @@ -675,8 +676,10 @@ SYSCALL_DEFINE1(inotify_init1, int, flags) atomic_inc(&user->inotify_devs); - filp = alloc_file(inotify_mnt, dget(inotify_mnt->mnt_root), - FMODE_READ, &inotify_fops); + path.mnt = inotify_mnt; + path.dentry = inotify_mnt->mnt_root; + path_get(&path); + filp = alloc_file(&path, FMODE_READ, &inotify_fops); if (!filp) goto Enfile; @@ -689,6 +692,7 @@ SYSCALL_DEFINE1(inotify_init1, int, flags) Enfile: ret = -ENFILE; + path_put(&path); atomic_dec(&user->inotify_devs); out_free_uid: free_uid(user); diff --git a/fs/pipe.c b/fs/pipe.c index ae17d026aaa..81288bc2bcb 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -974,7 +974,7 @@ struct file *create_write_pipe(int flags) int err; struct inode *inode; struct file *f; - struct dentry *dentry; + struct path path; struct qstr name = { .name = "" }; err = -ENFILE; @@ -983,21 +983,22 @@ struct file *create_write_pipe(int flags) goto err; err = -ENOMEM; - dentry = d_alloc(pipe_mnt->mnt_sb->s_root, &name); - if (!dentry) + path.dentry = d_alloc(pipe_mnt->mnt_sb->s_root, &name); + if (!path.dentry) goto err_inode; + path.mnt = mntget(pipe_mnt); - dentry->d_op = &pipefs_dentry_operations; + path.dentry->d_op = &pipefs_dentry_operations; /* * We dont want to publish this dentry into global dentry hash table. * We pretend dentry is already hashed, by unsetting DCACHE_UNHASHED * This permits a working /proc/$pid/fd/XXX on pipes */ - dentry->d_flags &= ~DCACHE_UNHASHED; - d_instantiate(dentry, inode); + path.dentry->d_flags &= ~DCACHE_UNHASHED; + d_instantiate(path.dentry, inode); err = -ENFILE; - f = alloc_file(pipe_mnt, dentry, FMODE_WRITE, &write_pipefifo_fops); + f = alloc_file(&path, FMODE_WRITE, &write_pipefifo_fops); if (!f) goto err_dentry; f->f_mapping = inode->i_mapping; @@ -1009,7 +1010,7 @@ struct file *create_write_pipe(int flags) err_dentry: free_pipe_info(inode); - dput(dentry); + path_put(&path); return ERR_PTR(err); err_inode: diff --git a/include/linux/file.h b/include/linux/file.h index 6a8d3612eb2..5555508fd51 100644 --- a/include/linux/file.h +++ b/include/linux/file.h @@ -18,8 +18,9 @@ extern void drop_file_write_access(struct file *file); struct file_operations; struct vfsmount; struct dentry; -extern struct file *alloc_file(struct vfsmount *, struct dentry *dentry, - fmode_t mode, const struct file_operations *fop); +struct path; +extern struct file *alloc_file(struct path *, fmode_t mode, + const struct file_operations *fop); static inline void fput_light(struct file *file, int fput_needed) { diff --git a/ipc/shm.c b/ipc/shm.c index 11bec626c22..16e39230aa0 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -878,8 +878,8 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr) if (err) goto out_unlock; - path.dentry = dget(shp->shm_file->f_path.dentry); - path.mnt = shp->shm_file->f_path.mnt; + path = shp->shm_file->f_path; + path_get(&path); shp->shm_nattch++; size = i_size_read(path.dentry->d_inode); shm_unlock(shp); @@ -889,8 +889,8 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr) if (!sfd) goto out_put_dentry; - file = alloc_file(path.mnt, path.dentry, f_mode, - is_file_hugepages(shp->shm_file) ? + file = alloc_file(&path, f_mode, + is_file_hugepages(shp->shm_file) ? &shm_file_operations_huge : &shm_file_operations); if (!file) @@ -950,7 +950,7 @@ out_unlock: out_free: kfree(sfd); out_put_dentry: - dput(path.dentry); + path_put(&path); goto out_nattch; } diff --git a/mm/shmem.c b/mm/shmem.c index ef8f47473c5..d2ec7f029ff 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -2626,7 +2626,8 @@ struct file *shmem_file_setup(const char *name, loff_t size, unsigned long flags int error; struct file *file; struct inode *inode; - struct dentry *dentry, *root; + struct path path; + struct dentry *root; struct qstr this; if (IS_ERR(shm_mnt)) @@ -2643,16 +2644,17 @@ struct file *shmem_file_setup(const char *name, loff_t size, unsigned long flags this.len = strlen(name); this.hash = 0; /* will go */ root = shm_mnt->mnt_root; - dentry = d_alloc(root, &this); - if (!dentry) + path.dentry = d_alloc(root, &this); + if (!path.dentry) goto put_memory; + path.mnt = mntget(shm_mnt); error = -ENOSPC; inode = shmem_get_inode(root->d_sb, S_IFREG | S_IRWXUGO, 0, flags); if (!inode) goto put_dentry; - d_instantiate(dentry, inode); + d_instantiate(path.dentry, inode); inode->i_size = size; inode->i_nlink = 0; /* It is unlinked */ #ifndef CONFIG_MMU @@ -2662,7 +2664,7 @@ struct file *shmem_file_setup(const char *name, loff_t size, unsigned long flags #endif error = -ENFILE; - file = alloc_file(shm_mnt, dentry, FMODE_WRITE | FMODE_READ, + file = alloc_file(&path, FMODE_WRITE | FMODE_READ, &shmem_file_operations); if (!file) goto put_dentry; @@ -2671,7 +2673,7 @@ struct file *shmem_file_setup(const char *name, loff_t size, unsigned long flags return file; put_dentry: - dput(dentry); + path_put(&path); put_memory: shmem_unacct_size(flags, size); return ERR_PTR(error); diff --git a/net/socket.c b/net/socket.c index eaaba3510e8..dbfdfa96d29 100644 --- a/net/socket.c +++ b/net/socket.c @@ -358,7 +358,7 @@ static const struct dentry_operations sockfs_dentry_operations = { static int sock_alloc_file(struct socket *sock, struct file **f, int flags) { struct qstr name = { .name = "" }; - struct dentry *dentry; + struct path path; struct file *file; int fd; @@ -366,28 +366,29 @@ static int sock_alloc_file(struct socket *sock, struct file **f, int flags) if (unlikely(fd < 0)) return fd; - dentry = d_alloc(sock_mnt->mnt_sb->s_root, &name); - if (unlikely(!dentry)) { + path.dentry = d_alloc(sock_mnt->mnt_sb->s_root, &name); + if (unlikely(!path.dentry)) { put_unused_fd(fd); return -ENOMEM; } + path.mnt = mntget(sock_mnt); - dentry->d_op = &sockfs_dentry_operations; + path.dentry->d_op = &sockfs_dentry_operations; /* * We dont want to push this dentry into global dentry hash table. * We pretend dentry is already hashed, by unsetting DCACHE_UNHASHED * This permits a working /proc/$pid/fd/XXX on sockets */ - dentry->d_flags &= ~DCACHE_UNHASHED; - d_instantiate(dentry, SOCK_INODE(sock)); + path.dentry->d_flags &= ~DCACHE_UNHASHED; + d_instantiate(path.dentry, SOCK_INODE(sock)); SOCK_INODE(sock)->i_fop = &socket_file_ops; - file = alloc_file(sock_mnt, dentry, FMODE_READ | FMODE_WRITE, + file = alloc_file(&path, FMODE_READ | FMODE_WRITE, &socket_file_ops); if (unlikely(!file)) { /* drop dentry, keep inode */ atomic_inc(&path.dentry->d_inode->i_count); - dput(dentry); + path_put(&path); put_unused_fd(fd); return -ENFILE; } -- cgit v1.2.3