1. 23 10月, 2008 8 次提交
  2. 29 9月, 2008 1 次提交
    • L
      Fix NULL pointer dereference in proc_sys_compare · d0185c08
      Linus Torvalds 提交于
      The VFS interface for the 'd_compare()' is a bit special (read: 'odd'),
      because it really just essentially replaces a memcmp().  The filesystem
      is supposed to just compare the two names with whatever case-independent
      or other function.
      
      And when I say 'is supposed to', I obviously mean that 'procfs does odd
      things, and actually looks at the dentry that we don't even pass down,
      rather than just the name'.  Which results in problems, because we
      actually call d_compare before we have even verified that the dentry is
      still hashed at all.
      
      And that causes a problm since the inode that procfs looks at may have
      been free'd and the d_inode pointer is NULL.  procfs just assumes that
      all dentries are positive, since procfs itself never generates a
      negative one.  But memory pressure will still result in the dentry
      getting torn down, and as it is removed by RCU, it still remains visible
      on some lists - and to d_compare.
      
      If the filesystem just did a name comparison, we wouldn't care.  And we
      could just fix procfs to know about negative dentries too.  But rather
      than have the low-level filesystems know about internal VFS details,
      just move the check for a unhashed dentry up a bit, so that we will only
      call d_compare on dentries that are still active.
      
      The actual oops this caused didn't look like a NULL pointer dereference
      because procfs did a 'container_of(inode, struct proc_inode, vfs_inode)'
      to get at its internal proc_inode information from the inode pointer,
      and accessed a field below the inode. So the oops would look something
      like
      
      	BUG: unable to handle kernel paging request at fffffffffffffff0
      	IP: [<ffffffff802bc6c6>] proc_sys_compare+0x36/0x50
      
      and was seen on both x86-64 (Alexey Dobriyan and Hugh Dickins) and
      ppc64 (Hugh Dickins).
      Reported-by: NAlexey Dobriyan <adobriyan@gmail.com>
      Acked-by: NHugh Dickins <hugh@veritas.com>
      Cc: Al Viro <viro@ZenIV.linux.org.uk>
      Reviewed-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-of-by: NLinus Torvalds <torvalds@linux-foundation.org>
      d0185c08
  3. 25 8月, 2008 1 次提交
  4. 28 7月, 2008 1 次提交
  5. 27 7月, 2008 1 次提交
  6. 25 7月, 2008 1 次提交
    • K
      fix soft lock up at NFS mount via per-SB LRU-list of unused dentries · da3bbdd4
      Kentaro Makita 提交于
      [Summary]
      
       Split LRU-list of unused dentries to one per superblock to avoid soft
       lock up during NFS mounts and remounting of any filesystem.
      
       Previously I posted here:
       http://lkml.org/lkml/2008/3/5/590
      
      [Descriptions]
      
      - background
      
        dentry_unused is a list of dentries which are not referenced.
        dentry_unused grows up when references on directories or files are
        released.  This list can be very long if there is huge free memory.
      
      - the problem
      
        When shrink_dcache_sb() is called, it scans all dentry_unused linearly
        under spin_lock(), and if dentry->d_sb is differnt from given
        superblock, scan next dentry.  This scan costs very much if there are
        many entries, and very ineffective if there are many superblocks.
      
        IOW, When we need to shrink unused dentries on one dentry, but scans
        unused dentries on all superblocks in the system.  For example, we scan
        500 dentries to unmount a filesystem, but scans 1,000,000 or more unused
        dentries on other superblocks.
      
        In our case , At mounting NFS*, shrink_dcache_sb() is called to shrink
        unused dentries on NFS, but scans 100,000,000 unused dentries on
        superblocks in the system such as local ext3 filesystems.  I hear NFS
        mounting took 1 min on some system in use.
      
      * : NFS uses virtual filesystem in rpc layer, so NFS is affected by
        this problem.
      
        100,000,000 is possible number on large systems.
      
        Per-superblock LRU of unused dentried can reduce the cost in
        reasonable manner.
      
      - How to fix
      
        I found this problem is solved by David Chinner's "Per-superblock
        unused dentry LRU lists V3"(1), so I rebase it and add some fix to
        reclaim with fairness, which is in Andrew Morton's comments(2).
      
        1) http://lkml.org/lkml/2006/5/25/318
        2) http://lkml.org/lkml/2006/5/25/320
      
        Split LRU-list of unused dentries to each superblocks.  Then, NFS
        mounting will check dentries under a superblock instead of all.  But
        this spliting will break LRU of dentry-unused.  So, I've attempted to
        make reclaim unused dentrins with fairness by calculate number of
        dentries to scan on this sb based on following way
      
        number of dentries to scan on this sb =
        count * (number of dentries on this sb / number of dentries in the machine)
      
      - ToDo
       - I have to measuring performance number and do stress tests.
      
       - When unmount occurs during prune_dcache(), scanning on same
        superblock, It is unable to reach next superblock because it is gone
        away.  We restart scannig superblock from first one, it causes
        unfairness of reclaim unused dentries on first superblock.  But I think
        this happens very rarely.
      
      - Test Results
      
        Result on 6GB boxes with excessive unused dentries.
      
      Without patch:
      
      $ cat /proc/sys/fs/dentry-state
      10181835        10180203        45      0       0       0
      # mount -t nfs 10.124.60.70:/work/kernel-src nfs
      real    0m1.830s
      user    0m0.001s
      sys     0m1.653s
      
       With this patch:
      $ cat /proc/sys/fs/dentry-state
      10236610        10234751        45      0       0       0
      # mount -t nfs 10.124.60.70:/work/kernel-src nfs
      real    0m0.106s
      user    0m0.002s
      sys     0m0.032s
      
      [akpm@linux-foundation.org: fix comments]
      Signed-off-by: NKentaro Makita <k-makita@np.css.fujitsu.com>
      Cc: Neil Brown <neilb@suse.de>
      Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
      Cc: David Chinner <dgc@sgi.com>
      Cc: "J. Bruce Fields" <bfields@fieldses.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      da3bbdd4
  7. 24 6月, 2008 3 次提交
  8. 23 6月, 2008 1 次提交
  9. 23 4月, 2008 2 次提交
  10. 15 2月, 2008 5 次提交
  11. 07 2月, 2008 2 次提交
  12. 22 10月, 2007 1 次提交
  13. 21 10月, 2007 1 次提交
    • A
      [PATCH] audit: watching subtrees · 74c3cbe3
      Al Viro 提交于
      New kind of audit rule predicates: "object is visible in given subtree".
      The part that can be sanely implemented, that is.  Limitations:
      	* if you have hardlink from outside of tree, you'd better watch
      it too (or just watch the object itself, obviously)
      	* if you mount something under a watched tree, tell audit
      that new chunk should be added to watched subtrees
      	* if you umount something in a watched tree and it's still mounted
      elsewhere, you will get matches on events happening there.  New command
      tells audit to recalculate the trees, trimming such sources of false
      positives.
      
      Note that it's _not_ about path - if something mounted in several places
      (multiple mount, bindings, different namespaces, etc.), the match does
      _not_ depend on which one we are using for access.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      74c3cbe3
  14. 17 10月, 2007 6 次提交
  15. 20 7月, 2007 1 次提交
    • P
      mm: Remove slab destructors from kmem_cache_create(). · 20c2df83
      Paul Mundt 提交于
      Slab destructors were no longer supported after Christoph's
      c59def9f change. They've been
      BUGs for both slab and slub, and slob never supported them
      either.
      
      This rips out support for the dtor pointer from kmem_cache_create()
      completely and fixes up every single callsite in the kernel (there were
      about 224, not including the slab allocator definitions themselves,
      or the documentation references).
      Signed-off-by: NPaul Mundt <lethal@linux-sh.org>
      20c2df83
  16. 18 7月, 2007 1 次提交
  17. 09 5月, 2007 4 次提交