Commit 6f6efce5 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'xfs-6.9-merge-9' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux 

Pull xfs fixes from Chandan Babu:

 - Fix invalid pointer dereference by initializing xmbuf before
   tracepoint function is invoked

 - Use memalloc_nofs_save() when inserting into quota radix tree

* tag 'xfs-6.9-merge-9' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
  xfs: quota radix tree allocations need to be NOFS on insert
  xfs: fix dev_t usage in xmbuf tracepoints
parents c150b809 0c6ca06a

fs/xfs/xfs_buf_mem.c

+2 −2
Original line number Diff line number Diff line
@@ -81,8 +81,6 @@ xmbuf_alloc( 
	/* ensure all writes are below EOF to avoid pagecache zeroing */

	i_size_write(inode, inode->i_sb->s_maxbytes);



	trace_xmbuf_create(btp);



	error = xfs_buf_cache_init(btp->bt_cache);

	if (error)

		goto out_file;
@@ -99,6 +97,8 @@ xmbuf_alloc( 
	if (error)

		goto out_bcache;



	trace_xmbuf_create(btp);



	*btpp = btp;

	return 0;

fs/xfs/xfs_dquot.c

+13 −5
Original line number Diff line number Diff line
@@ -811,6 +811,12 @@ xfs_qm_dqget_cache_lookup( 
 * caller should throw away the dquot and start over.  Otherwise, the dquot

 * is returned locked (and held by the cache) as if there had been a cache

 * hit.

 *

 * The insert needs to be done under memalloc_nofs context because the radix

 * tree can do memory allocation during insert. The qi->qi_tree_lock is taken in

 * memory reclaim when freeing unused dquots, so we cannot have the radix tree

 * node allocation recursing into filesystem reclaim whilst we hold the

 * qi_tree_lock.

 */

static int

xfs_qm_dqget_cache_insert(
@@ -820,25 +826,27 @@ xfs_qm_dqget_cache_insert( 
	xfs_dqid_t		id,

	struct xfs_dquot	*dqp)

{

	unsigned int		nofs_flags;

	int			error;



	nofs_flags = memalloc_nofs_save();

	mutex_lock(&qi->qi_tree_lock);

	error = radix_tree_insert(tree, id, dqp);

	if (unlikely(error)) {

		/* Duplicate found!  Caller must try again. */

		mutex_unlock(&qi->qi_tree_lock);

		trace_xfs_dqget_dup(dqp);

		return error;

		goto out_unlock;

	}



	/* Return a locked dquot to the caller, with a reference taken. */

	xfs_dqlock(dqp);

	dqp->q_nrefs = 1;



	qi->qi_dquots++;

	mutex_unlock(&qi->qi_tree_lock);



	return 0;

out_unlock:

	mutex_unlock(&qi->qi_tree_lock);

	memalloc_nofs_restore(nofs_flags);

	return error;

}



/* Check our input parameters. */

fs/xfs/xfs_trace.h

+7 −2
Original line number Diff line number Diff line
@@ -4626,6 +4626,7 @@ TRACE_EVENT(xmbuf_create, 
		char		*path;

		struct file	*file = btp->bt_file;



		__entry->dev = btp->bt_mount->m_super->s_dev;

		__entry->ino = file_inode(file)->i_ino;

		memset(pathname, 0, sizeof(pathname));

		path = file_path(file, pathname, sizeof(pathname) - 1);
@@ -4633,7 +4634,8 @@ TRACE_EVENT(xmbuf_create, 
			path = "(unknown)";

		strncpy(__entry->pathname, path, sizeof(__entry->pathname));

	),

	TP_printk("xmino 0x%lx path '%s'",

	TP_printk("dev %d:%d xmino 0x%lx path '%s'",

		  MAJOR(__entry->dev), MINOR(__entry->dev),

		  __entry->ino,

		  __entry->pathname)

);
@@ -4642,6 +4644,7 @@ TRACE_EVENT(xmbuf_free, 
	TP_PROTO(struct xfs_buftarg *btp),

	TP_ARGS(btp),

	TP_STRUCT__entry(

		__field(dev_t, dev)

		__field(unsigned long, ino)

		__field(unsigned long long, bytes)

		__field(loff_t, size)
@@ -4650,11 +4653,13 @@ TRACE_EVENT(xmbuf_free, 
		struct file	*file = btp->bt_file;

		struct inode	*inode = file_inode(file);



		__entry->dev = btp->bt_mount->m_super->s_dev;

		__entry->size = i_size_read(inode);

		__entry->bytes = (inode->i_blocks << SECTOR_SHIFT) + inode->i_bytes;

		__entry->ino = inode->i_ino;

	),

	TP_printk("xmino 0x%lx mem_bytes 0x%llx isize 0x%llx",

	TP_printk("dev %d:%d xmino 0x%lx mem_bytes 0x%llx isize 0x%llx",

		  MAJOR(__entry->dev), MINOR(__entry->dev),

		  __entry->ino,

		  __entry->bytes,

		  __entry->size)