mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-29 23:53:32 +00:00
5a622f2d0f
Creating PDEs with refcount 0 and "deleted" flag has problems (see below). Switch to usual scheme: * PDE is created with refcount 1 * every de_get does +1 * every de_put() and remove_proc_entry() do -1 * once refcount reaches 0, PDE is freed. This elegantly fixes at least two following races (both observed) without introducing new locks, without abusing old locks, without spreading lock_kernel(): 1) PDE leak remove_proc_entry de_put ----------------- ------ [refcnt = 1] if (atomic_read(&de->count) == 0) if (atomic_dec_and_test(&de->count)) if (de->deleted) /* also not taken! */ free_proc_entry(de); else de->deleted = 1; [refcount=0, deleted=1] 2) use after free remove_proc_entry de_put ----------------- ------ [refcnt = 1] if (atomic_dec_and_test(&de->count)) if (atomic_read(&de->count) == 0) free_proc_entry(de); /* boom! */ if (de->deleted) free_proc_entry(de); BUG: unable to handle kernel paging request at virtual address 6b6b6b6b printing eip: c10acdda *pdpt = 00000000338f8001 *pde = 0000000000000000 Oops: 0000 [#1] PREEMPT SMP Modules linked in: af_packet ipv6 cpufreq_ondemand loop serio_raw psmouse k8temp hwmon sr_mod cdrom Pid: 23161, comm: cat Not tainted (2.6.24-rc2-8c0863403f109a43d7000b4646da4818220d501f #4) EIP: 0060:[<c10acdda>] EFLAGS: 00210097 CPU: 1 EIP is at strnlen+0x6/0x18 EAX: 6b6b6b6b EBX: 6b6b6b6b ECX: 6b6b6b6b EDX: fffffffe ESI: c128fa3b EDI: f380bf34 EBP: ffffffff ESP: f380be44 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Process cat (pid: 23161, ti=f380b000 task=f38f2570 task.ti=f380b000) Stack: c10ac4f0 00000278 c12ce000 f43cd2a8 00000163 00000000 7da86067 00000400 c128fa20 00896b18 f38325a8 c128fe20 ffffffff 00000000 c11f291e 00000400 f75be300 c128fa20 f769c9a0 c10ac779 f380bf34 f7bfee70 c1018e6b f380bf34 Call Trace: [<c10ac4f0>] vsnprintf+0x2ad/0x49b [<c10ac779>] vscnprintf+0x14/0x1f [<c1018e6b>] vprintk+0xc5/0x2f9 [<c10379f1>] handle_fasteoi_irq+0x0/0xab [<c1004f44>] do_IRQ+0x9f/0xb7 [<c117db3b>] preempt_schedule_irq+0x3f/0x5b [<c100264e>] need_resched+0x1f/0x21 [<c10190ba>] printk+0x1b/0x1f [<c107c8ad>] de_put+0x3d/0x50 [<c107c8f8>] proc_delete_inode+0x38/0x41 [<c107c8c0>] proc_delete_inode+0x0/0x41 [<c1066298>] generic_delete_inode+0x5e/0xc6 [<c1065aa9>] iput+0x60/0x62 [<c1063c8e>] d_kill+0x2d/0x46 [<c1063fa9>] dput+0xdc/0xe4 [<c10571a1>] __fput+0xb0/0xcd [<c1054e49>] filp_close+0x48/0x4f [<c1055ee9>] sys_close+0x67/0xa5 [<c10026b6>] sysenter_past_esp+0x5f/0x85 ======================= Code: c9 74 0c f2 ae 74 05 bf 01 00 00 00 4f 89 fa 5f 89 d0 c3 85 c9 57 89 c7 89 d0 74 05 f2 ae 75 01 4f 89 f8 5f c3 89 c1 89 c8 eb 06 <80> 38 00 74 07 40 4a 83 fa ff 75 f4 29 c8 c3 90 90 90 57 83 c9 EIP: [<c10acdda>] strnlen+0x6/0x18 SS:ESP 0068:f380be44 Also, remove broken usage of ->deleted from reiserfs: if sget() succeeds, module is already pinned and remove_proc_entry() can't happen => nobody can mark PDE deleted. Dummy proc root in netns code is not marked with refcount 1. AFAICS, we never get it, it's just for proper /proc/net removal. I double checked CLONE_NETNS continues to work. Patch survives many hours of modprobe/rmmod/cat loops without new bugs which can be attributed to refcounting. Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
---|---|---|
.. | ||
bitmap.c | ||
dir.c | ||
do_balan.c | ||
file.c | ||
fix_node.c | ||
hashes.c | ||
ibalance.c | ||
inode.c | ||
ioctl.c | ||
item_ops.c | ||
journal.c | ||
lbalance.c | ||
Makefile | ||
namei.c | ||
objectid.c | ||
prints.c | ||
procfs.c | ||
README | ||
resize.c | ||
stree.c | ||
super.c | ||
tail_conversion.c | ||
xattr.c | ||
xattr_acl.c | ||
xattr_security.c | ||
xattr_trusted.c | ||
xattr_user.c |
[LICENSING] ReiserFS is hereby licensed under the GNU General Public License version 2. Source code files that contain the phrase "licensing governed by reiserfs/README" are "governed files" throughout this file. Governed files are licensed under the GPL. The portions of them owned by Hans Reiser, or authorized to be licensed by him, have been in the past, and likely will be in the future, licensed to other parties under other licenses. If you add your code to governed files, and don't want it to be owned by Hans Reiser, put your copyright label on that code so the poor blight and his customers can keep things straight. All portions of governed files not labeled otherwise are owned by Hans Reiser, and by adding your code to it, widely distributing it to others or sending us a patch, and leaving the sentence in stating that licensing is governed by the statement in this file, you accept this. It will be a kindness if you identify whether Hans Reiser is allowed to license code labeled as owned by you on your behalf other than under the GPL, because he wants to know if it is okay to do so and put a check in the mail to you (for non-trivial improvements) when he makes his next sale. He makes no guarantees as to the amount if any, though he feels motivated to motivate contributors, and you can surely discuss this with him before or after contributing. You have the right to decline to allow him to license your code contribution other than under the GPL. Further licensing options are available for commercial and/or other interests directly from Hans Reiser: hans@reiser.to. If you interpret the GPL as not allowing those additional licensing options, you read it wrongly, and Richard Stallman agrees with me, when carefully read you can see that those restrictions on additional terms do not apply to the owner of the copyright, and my interpretation of this shall govern for this license. Finally, nothing in this license shall be interpreted to allow you to fail to fairly credit me, or to remove my credits, without my permission, unless you are an end user not redistributing to others. If you have doubts about how to properly do that, or about what is fair, ask. (Last I spoke with him Richard was contemplating how best to address the fair crediting issue in the next GPL version.) [END LICENSING] Reiserfs is a file system based on balanced tree algorithms, which is described at http://devlinux.com/namesys. Stop reading here. Go there, then return. Send bug reports to yura@namesys.botik.ru. mkreiserfs and other utilities are in reiserfs/utils, or wherever your Linux provider put them. There is some disagreement about how useful it is for users to get their fsck and mkreiserfs out of sync with the version of reiserfs that is in their kernel, with many important distributors wanting them out of sync.:-) Please try to remember to recompile and reinstall fsck and mkreiserfs with every update of reiserfs, this is a common source of confusion. Note that some of the utilities cannot be compiled without accessing the balancing code which is in the kernel code, and relocating the utilities may require you to specify where that code can be found. Yes, if you update your reiserfs kernel module you do have to recompile your kernel, most of the time. The errors you get will be quite cryptic if your forget to do so. Real users, as opposed to folks who want to hack and then understand what went wrong, will want REISERFS_CHECK off. Hideous Commercial Pitch: Spread your development costs across other OS vendors. Select from the best in the world, not the best in your building, by buying from third party OS component suppliers. Leverage the software component development power of the internet. Be the most aggressive in taking advantage of the commercial possibilities of decentralized internet development, and add value through your branded integration that you sell as an operating system. Let your competitors be the ones to compete against the entire internet by themselves. Be hip, get with the new economic trend, before your competitors do. Send email to hans@reiser.to. To understand the code, after reading the website, start reading the code by reading reiserfs_fs.h first. Hans Reiser was the project initiator, primary architect, source of all funding for the first 5.5 years, and one of the programmers. He owns the copyright. Vladimir Saveljev was one of the programmers, and he worked long hours writing the cleanest code. He always made the effort to be the best he could be, and to make his code the best that it could be. What resulted was quite remarkable. I don't think that money can ever motivate someone to work the way he did, he is one of the most selfless men I know. Yura helps with benchmarking, coding hashes, and block pre-allocation code. Anatoly Pinchuk is a former member of our team who worked closely with Vladimir throughout the project's development. He wrote a quite substantial portion of the total code. He realized that there was a space problem with packing tails of files for files larger than a node that start on a node aligned boundary (there are reasons to want to node align files), and he invented and implemented indirect items and unformatted nodes as the solution. Konstantin Shvachko, with the help of the Russian version of a VC, tried to put me in a position where I was forced into giving control of the project to him. (Fortunately, as the person paying the money for all salaries from my dayjob I owned all copyrights, and you can't really force takeovers of sole proprietorships.) This was something curious, because he never really understood the value of our project, why we should do what we do, or why innovation was possible in general, but he was sure that he ought to be controlling it. Every innovation had to be forced past him while he was with us. He added two years to the time required to complete reiserfs, and was a net loss for me. Mikhail Gilula was a brilliant innovator who also left in a destructive way that erased the value of his contributions, and that he was shown much generosity just makes it more painful. Grigory Zaigralin was an extremely effective system administrator for our group. Igor Krasheninnikov was wonderful at hardware procurement, repair, and network installation. Jeremy Fitzhardinge wrote the teahash.c code, and he gives credit to a textbook he got the algorithm from in the code. Note that his analysis of how we could use the hashing code in making 32 bit NFS cookies work was probably more important than the actual algorithm. Colin Plumb also contributed to it. Chris Mason dived right into our code, and in just a few months produced the journaling code that dramatically increased the value of ReiserFS. He is just an amazing programmer. Igor Zagorovsky is writing much of the new item handler and extent code for our next major release. Alexander Zarochentcev (sometimes known as zam, or sasha), wrote the resizer, and is hard at work on implementing allocate on flush. SGI implemented allocate on flush before us for XFS, and generously took the time to convince me we should do it also. They are great people, and a great company. Yuri Shevchuk and Nikita Danilov are doing squid cache optimization. Vitaly Fertman is doing fsck. Jeff Mahoney, of SuSE, contributed a few cleanup fixes, most notably the endian safe patches which allow ReiserFS to run on any platform supported by the Linux kernel. SuSE, IntegratedLinux.com, Ecila, MP3.com, bigstorage.com, and the Alpha PC Company made it possible for me to not have a day job anymore, and to dramatically increase our staffing. Ecila funded hypertext feature development, MP3.com funded journaling, SuSE funded core development, IntegratedLinux.com funded squid web cache appliances, bigstorage.com funded HSM, and the alpha PC company funded the alpha port. Many of these tasks were helped by sponsors other than the ones just named. SuSE has helped in much more than just funding....