提交 2c48b9c4 编写于 作者: A Al Viro

switch alloc_file() to passing struct path

... and have the caller grab both mnt and dentry; kill
leak in infiniband, while we are at it.
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
上级 a95161aa
...@@ -2200,7 +2200,7 @@ pfm_alloc_file(pfm_context_t *ctx) ...@@ -2200,7 +2200,7 @@ pfm_alloc_file(pfm_context_t *ctx)
{ {
struct file *file; struct file *file;
struct inode *inode; struct inode *inode;
struct dentry *dentry; struct path path;
char name[32]; char name[32];
struct qstr this; struct qstr this;
...@@ -2225,18 +2225,19 @@ pfm_alloc_file(pfm_context_t *ctx) ...@@ -2225,18 +2225,19 @@ pfm_alloc_file(pfm_context_t *ctx)
/* /*
* allocate a new dcache entry * allocate a new dcache entry
*/ */
dentry = d_alloc(pfmfs_mnt->mnt_sb->s_root, &this); path.dentry = d_alloc(pfmfs_mnt->mnt_sb->s_root, &this);
if (!dentry) { if (!path.dentry) {
iput(inode); iput(inode);
return ERR_PTR(-ENOMEM); return ERR_PTR(-ENOMEM);
} }
path.mnt = mntget(pfmfs_mnt);
dentry->d_op = &pfmfs_dentry_operations; path.dentry->d_op = &pfmfs_dentry_operations;
d_add(dentry, inode); d_add(path.dentry, inode);
file = alloc_file(pfmfs_mnt, dentry, FMODE_READ, &pfm_file_ops); file = alloc_file(&path, FMODE_READ, &pfm_file_ops);
if (!file) { if (!file) {
dput(dentry); path_put(&path);
return ERR_PTR(-ENFILE); return ERR_PTR(-ENFILE);
} }
......
...@@ -492,6 +492,7 @@ struct file *ib_uverbs_alloc_event_file(struct ib_uverbs_file *uverbs_file, ...@@ -492,6 +492,7 @@ struct file *ib_uverbs_alloc_event_file(struct ib_uverbs_file *uverbs_file,
int is_async, int *fd) int is_async, int *fd)
{ {
struct ib_uverbs_event_file *ev_file; struct ib_uverbs_event_file *ev_file;
struct path path;
struct file *filp; struct file *filp;
int ret; int ret;
...@@ -519,8 +520,10 @@ struct file *ib_uverbs_alloc_event_file(struct ib_uverbs_file *uverbs_file, ...@@ -519,8 +520,10 @@ struct file *ib_uverbs_alloc_event_file(struct ib_uverbs_file *uverbs_file,
* system call on a uverbs file, which will already have a * system call on a uverbs file, which will already have a
* module reference. * module reference.
*/ */
filp = alloc_file(uverbs_event_mnt, dget(uverbs_event_mnt->mnt_root), path.mnt = uverbs_event_mnt;
FMODE_READ, fops_get(&uverbs_event_fops)); path.dentry = uverbs_event_mnt->mnt_root;
path_get(&path);
filp = alloc_file(&path, FMODE_READ, fops_get(&uverbs_event_fops));
if (!filp) { if (!filp) {
ret = -ENFILE; ret = -ENFILE;
goto err_fd; goto err_fd;
...@@ -531,6 +534,8 @@ struct file *ib_uverbs_alloc_event_file(struct ib_uverbs_file *uverbs_file, ...@@ -531,6 +534,8 @@ struct file *ib_uverbs_alloc_event_file(struct ib_uverbs_file *uverbs_file,
return filp; return filp;
err_fd: err_fd:
fops_put(&uverbs_event_fops);
path_put(&path);
put_unused_fd(*fd); put_unused_fd(*fd);
err: err:
......
...@@ -88,7 +88,7 @@ struct file *anon_inode_getfile(const char *name, ...@@ -88,7 +88,7 @@ struct file *anon_inode_getfile(const char *name,
void *priv, int flags) void *priv, int flags)
{ {
struct qstr this; struct qstr this;
struct dentry *dentry; struct path path;
struct file *file; struct file *file;
int error; int error;
...@@ -106,10 +106,11 @@ struct file *anon_inode_getfile(const char *name, ...@@ -106,10 +106,11 @@ struct file *anon_inode_getfile(const char *name,
this.name = name; this.name = name;
this.len = strlen(name); this.len = strlen(name);
this.hash = 0; this.hash = 0;
dentry = d_alloc(anon_inode_mnt->mnt_sb->s_root, &this); path.dentry = d_alloc(anon_inode_mnt->mnt_sb->s_root, &this);
if (!dentry) if (!path.dentry)
goto err_module; goto err_module;
path.mnt = mntget(anon_inode_mnt);
/* /*
* We know the anon_inode inode count is always greater than zero, * We know the anon_inode inode count is always greater than zero,
* so we can avoid doing an igrab() and we can use an open-coded * so we can avoid doing an igrab() and we can use an open-coded
...@@ -117,14 +118,13 @@ struct file *anon_inode_getfile(const char *name, ...@@ -117,14 +118,13 @@ struct file *anon_inode_getfile(const char *name,
*/ */
atomic_inc(&anon_inode_inode->i_count); atomic_inc(&anon_inode_inode->i_count);
dentry->d_op = &anon_inodefs_dentry_operations; path.dentry->d_op = &anon_inodefs_dentry_operations;
/* Do not publish this dentry inside the global dentry hash table */ /* Do not publish this dentry inside the global dentry hash table */
dentry->d_flags &= ~DCACHE_UNHASHED; path.dentry->d_flags &= ~DCACHE_UNHASHED;
d_instantiate(dentry, anon_inode_inode); d_instantiate(path.dentry, anon_inode_inode);
error = -ENFILE; error = -ENFILE;
file = alloc_file(anon_inode_mnt, dentry, file = alloc_file(&path, FMODE_READ | FMODE_WRITE, fops);
FMODE_READ | FMODE_WRITE, fops);
if (!file) if (!file)
goto err_dput; goto err_dput;
file->f_mapping = anon_inode_inode->i_mapping; file->f_mapping = anon_inode_inode->i_mapping;
...@@ -137,7 +137,7 @@ struct file *anon_inode_getfile(const char *name, ...@@ -137,7 +137,7 @@ struct file *anon_inode_getfile(const char *name,
return file; return file;
err_dput: err_dput:
dput(dentry); path_put(&path);
err_module: err_module:
module_put(fops->owner); module_put(fops->owner);
return ERR_PTR(error); return ERR_PTR(error);
......
...@@ -162,8 +162,8 @@ struct file *get_empty_filp(void) ...@@ -162,8 +162,8 @@ struct file *get_empty_filp(void)
* If all the callers of init_file() are eliminated, its * If all the callers of init_file() are eliminated, its
* code should be moved into this function. * code should be moved into this function.
*/ */
struct file *alloc_file(struct vfsmount *mnt, struct dentry *dentry, struct file *alloc_file(struct path *path, fmode_t mode,
fmode_t mode, const struct file_operations *fop) const struct file_operations *fop)
{ {
struct file *file; struct file *file;
...@@ -171,9 +171,8 @@ struct file *alloc_file(struct vfsmount *mnt, struct dentry *dentry, ...@@ -171,9 +171,8 @@ struct file *alloc_file(struct vfsmount *mnt, struct dentry *dentry,
if (!file) if (!file)
return NULL; return NULL;
file->f_path.dentry = dentry; file->f_path = *path;
file->f_path.mnt = mntget(mnt); file->f_mapping = path->dentry->d_inode->i_mapping;
file->f_mapping = dentry->d_inode->i_mapping;
file->f_mode = mode; file->f_mode = mode;
file->f_op = fop; file->f_op = fop;
...@@ -183,10 +182,10 @@ struct file *alloc_file(struct vfsmount *mnt, struct dentry *dentry, ...@@ -183,10 +182,10 @@ struct file *alloc_file(struct vfsmount *mnt, struct dentry *dentry,
* visible. We do this for consistency, and so * visible. We do this for consistency, and so
* that we can do debugging checks at __fput() * that we can do debugging checks at __fput()
*/ */
if ((mode & FMODE_WRITE) && !special_file(dentry->d_inode->i_mode)) { if ((mode & FMODE_WRITE) && !special_file(path->dentry->d_inode->i_mode)) {
int error = 0; int error = 0;
file_take_write(file); file_take_write(file);
error = mnt_clone_write(mnt); error = mnt_clone_write(path->mnt);
WARN_ON(error); WARN_ON(error);
} }
return file; return file;
......
...@@ -922,7 +922,8 @@ struct file *hugetlb_file_setup(const char *name, size_t size, int acctflag, ...@@ -922,7 +922,8 @@ struct file *hugetlb_file_setup(const char *name, size_t size, int acctflag,
int error = -ENOMEM; int error = -ENOMEM;
struct file *file; struct file *file;
struct inode *inode; struct inode *inode;
struct dentry *dentry, *root; struct path path;
struct dentry *root;
struct qstr quick_string; struct qstr quick_string;
*user = NULL; *user = NULL;
...@@ -944,10 +945,11 @@ struct file *hugetlb_file_setup(const char *name, size_t size, int acctflag, ...@@ -944,10 +945,11 @@ struct file *hugetlb_file_setup(const char *name, size_t size, int acctflag,
quick_string.name = name; quick_string.name = name;
quick_string.len = strlen(quick_string.name); quick_string.len = strlen(quick_string.name);
quick_string.hash = 0; quick_string.hash = 0;
dentry = d_alloc(root, &quick_string); path.dentry = d_alloc(root, &quick_string);
if (!dentry) if (!path.dentry)
goto out_shm_unlock; goto out_shm_unlock;
path.mnt = mntget(hugetlbfs_vfsmount);
error = -ENOSPC; error = -ENOSPC;
inode = hugetlbfs_get_inode(root->d_sb, current_fsuid(), inode = hugetlbfs_get_inode(root->d_sb, current_fsuid(),
current_fsgid(), S_IFREG | S_IRWXUGO, 0); current_fsgid(), S_IFREG | S_IRWXUGO, 0);
...@@ -960,13 +962,12 @@ struct file *hugetlb_file_setup(const char *name, size_t size, int acctflag, ...@@ -960,13 +962,12 @@ struct file *hugetlb_file_setup(const char *name, size_t size, int acctflag,
acctflag)) acctflag))
goto out_inode; goto out_inode;
d_instantiate(dentry, inode); d_instantiate(path.dentry, inode);
inode->i_size = size; inode->i_size = size;
inode->i_nlink = 0; inode->i_nlink = 0;
error = -ENFILE; error = -ENFILE;
file = alloc_file(hugetlbfs_vfsmount, dentry, file = alloc_file(&path, FMODE_WRITE | FMODE_READ,
FMODE_WRITE | FMODE_READ,
&hugetlbfs_file_operations); &hugetlbfs_file_operations);
if (!file) if (!file)
goto out_dentry; /* inode is already attached */ goto out_dentry; /* inode is already attached */
...@@ -977,7 +978,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size, int acctflag, ...@@ -977,7 +978,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size, int acctflag,
out_inode: out_inode:
iput(inode); iput(inode);
out_dentry: out_dentry:
dput(dentry); path_put(&path);
out_shm_unlock: out_shm_unlock:
if (*user) { if (*user) {
user_shm_unlock(size, *user); user_shm_unlock(size, *user);
......
...@@ -646,6 +646,7 @@ SYSCALL_DEFINE1(inotify_init1, int, flags) ...@@ -646,6 +646,7 @@ SYSCALL_DEFINE1(inotify_init1, int, flags)
struct fsnotify_group *group; struct fsnotify_group *group;
struct user_struct *user; struct user_struct *user;
struct file *filp; struct file *filp;
struct path path;
int fd, ret; int fd, ret;
/* Check the IN_* constants for consistency. */ /* Check the IN_* constants for consistency. */
...@@ -675,8 +676,10 @@ SYSCALL_DEFINE1(inotify_init1, int, flags) ...@@ -675,8 +676,10 @@ SYSCALL_DEFINE1(inotify_init1, int, flags)
atomic_inc(&user->inotify_devs); atomic_inc(&user->inotify_devs);
filp = alloc_file(inotify_mnt, dget(inotify_mnt->mnt_root), path.mnt = inotify_mnt;
FMODE_READ, &inotify_fops); path.dentry = inotify_mnt->mnt_root;
path_get(&path);
filp = alloc_file(&path, FMODE_READ, &inotify_fops);
if (!filp) if (!filp)
goto Enfile; goto Enfile;
...@@ -689,6 +692,7 @@ SYSCALL_DEFINE1(inotify_init1, int, flags) ...@@ -689,6 +692,7 @@ SYSCALL_DEFINE1(inotify_init1, int, flags)
Enfile: Enfile:
ret = -ENFILE; ret = -ENFILE;
path_put(&path);
atomic_dec(&user->inotify_devs); atomic_dec(&user->inotify_devs);
out_free_uid: out_free_uid:
free_uid(user); free_uid(user);
......
...@@ -974,7 +974,7 @@ struct file *create_write_pipe(int flags) ...@@ -974,7 +974,7 @@ struct file *create_write_pipe(int flags)
int err; int err;
struct inode *inode; struct inode *inode;
struct file *f; struct file *f;
struct dentry *dentry; struct path path;
struct qstr name = { .name = "" }; struct qstr name = { .name = "" };
err = -ENFILE; err = -ENFILE;
...@@ -983,21 +983,22 @@ struct file *create_write_pipe(int flags) ...@@ -983,21 +983,22 @@ struct file *create_write_pipe(int flags)
goto err; goto err;
err = -ENOMEM; err = -ENOMEM;
dentry = d_alloc(pipe_mnt->mnt_sb->s_root, &name); path.dentry = d_alloc(pipe_mnt->mnt_sb->s_root, &name);
if (!dentry) if (!path.dentry)
goto err_inode; goto err_inode;
path.mnt = mntget(pipe_mnt);
dentry->d_op = &pipefs_dentry_operations; path.dentry->d_op = &pipefs_dentry_operations;
/* /*
* We dont want to publish this dentry into global dentry hash table. * We dont want to publish this dentry into global dentry hash table.
* We pretend dentry is already hashed, by unsetting DCACHE_UNHASHED * We pretend dentry is already hashed, by unsetting DCACHE_UNHASHED
* This permits a working /proc/$pid/fd/XXX on pipes * This permits a working /proc/$pid/fd/XXX on pipes
*/ */
dentry->d_flags &= ~DCACHE_UNHASHED; path.dentry->d_flags &= ~DCACHE_UNHASHED;
d_instantiate(dentry, inode); d_instantiate(path.dentry, inode);
err = -ENFILE; err = -ENFILE;
f = alloc_file(pipe_mnt, dentry, FMODE_WRITE, &write_pipefifo_fops); f = alloc_file(&path, FMODE_WRITE, &write_pipefifo_fops);
if (!f) if (!f)
goto err_dentry; goto err_dentry;
f->f_mapping = inode->i_mapping; f->f_mapping = inode->i_mapping;
...@@ -1009,7 +1010,7 @@ struct file *create_write_pipe(int flags) ...@@ -1009,7 +1010,7 @@ struct file *create_write_pipe(int flags)
err_dentry: err_dentry:
free_pipe_info(inode); free_pipe_info(inode);
dput(dentry); path_put(&path);
return ERR_PTR(err); return ERR_PTR(err);
err_inode: err_inode:
......
...@@ -18,8 +18,9 @@ extern void drop_file_write_access(struct file *file); ...@@ -18,8 +18,9 @@ extern void drop_file_write_access(struct file *file);
struct file_operations; struct file_operations;
struct vfsmount; struct vfsmount;
struct dentry; struct dentry;
extern struct file *alloc_file(struct vfsmount *, struct dentry *dentry, struct path;
fmode_t mode, const struct file_operations *fop); extern struct file *alloc_file(struct path *, fmode_t mode,
const struct file_operations *fop);
static inline void fput_light(struct file *file, int fput_needed) static inline void fput_light(struct file *file, int fput_needed)
{ {
......
...@@ -878,8 +878,8 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr) ...@@ -878,8 +878,8 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr)
if (err) if (err)
goto out_unlock; goto out_unlock;
path.dentry = dget(shp->shm_file->f_path.dentry); path = shp->shm_file->f_path;
path.mnt = shp->shm_file->f_path.mnt; path_get(&path);
shp->shm_nattch++; shp->shm_nattch++;
size = i_size_read(path.dentry->d_inode); size = i_size_read(path.dentry->d_inode);
shm_unlock(shp); shm_unlock(shp);
...@@ -889,7 +889,7 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr) ...@@ -889,7 +889,7 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr)
if (!sfd) if (!sfd)
goto out_put_dentry; goto out_put_dentry;
file = alloc_file(path.mnt, path.dentry, f_mode, file = alloc_file(&path, f_mode,
is_file_hugepages(shp->shm_file) ? is_file_hugepages(shp->shm_file) ?
&shm_file_operations_huge : &shm_file_operations_huge :
&shm_file_operations); &shm_file_operations);
...@@ -950,7 +950,7 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr) ...@@ -950,7 +950,7 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr)
out_free: out_free:
kfree(sfd); kfree(sfd);
out_put_dentry: out_put_dentry:
dput(path.dentry); path_put(&path);
goto out_nattch; goto out_nattch;
} }
......
...@@ -2626,7 +2626,8 @@ struct file *shmem_file_setup(const char *name, loff_t size, unsigned long flags ...@@ -2626,7 +2626,8 @@ struct file *shmem_file_setup(const char *name, loff_t size, unsigned long flags
int error; int error;
struct file *file; struct file *file;
struct inode *inode; struct inode *inode;
struct dentry *dentry, *root; struct path path;
struct dentry *root;
struct qstr this; struct qstr this;
if (IS_ERR(shm_mnt)) if (IS_ERR(shm_mnt))
...@@ -2643,16 +2644,17 @@ struct file *shmem_file_setup(const char *name, loff_t size, unsigned long flags ...@@ -2643,16 +2644,17 @@ struct file *shmem_file_setup(const char *name, loff_t size, unsigned long flags
this.len = strlen(name); this.len = strlen(name);
this.hash = 0; /* will go */ this.hash = 0; /* will go */
root = shm_mnt->mnt_root; root = shm_mnt->mnt_root;
dentry = d_alloc(root, &this); path.dentry = d_alloc(root, &this);
if (!dentry) if (!path.dentry)
goto put_memory; goto put_memory;
path.mnt = mntget(shm_mnt);
error = -ENOSPC; error = -ENOSPC;
inode = shmem_get_inode(root->d_sb, S_IFREG | S_IRWXUGO, 0, flags); inode = shmem_get_inode(root->d_sb, S_IFREG | S_IRWXUGO, 0, flags);
if (!inode) if (!inode)
goto put_dentry; goto put_dentry;
d_instantiate(dentry, inode); d_instantiate(path.dentry, inode);
inode->i_size = size; inode->i_size = size;
inode->i_nlink = 0; /* It is unlinked */ inode->i_nlink = 0; /* It is unlinked */
#ifndef CONFIG_MMU #ifndef CONFIG_MMU
...@@ -2662,7 +2664,7 @@ struct file *shmem_file_setup(const char *name, loff_t size, unsigned long flags ...@@ -2662,7 +2664,7 @@ struct file *shmem_file_setup(const char *name, loff_t size, unsigned long flags
#endif #endif
error = -ENFILE; error = -ENFILE;
file = alloc_file(shm_mnt, dentry, FMODE_WRITE | FMODE_READ, file = alloc_file(&path, FMODE_WRITE | FMODE_READ,
&shmem_file_operations); &shmem_file_operations);
if (!file) if (!file)
goto put_dentry; goto put_dentry;
...@@ -2671,7 +2673,7 @@ struct file *shmem_file_setup(const char *name, loff_t size, unsigned long flags ...@@ -2671,7 +2673,7 @@ struct file *shmem_file_setup(const char *name, loff_t size, unsigned long flags
return file; return file;
put_dentry: put_dentry:
dput(dentry); path_put(&path);
put_memory: put_memory:
shmem_unacct_size(flags, size); shmem_unacct_size(flags, size);
return ERR_PTR(error); return ERR_PTR(error);
......
...@@ -358,7 +358,7 @@ static const struct dentry_operations sockfs_dentry_operations = { ...@@ -358,7 +358,7 @@ static const struct dentry_operations sockfs_dentry_operations = {
static int sock_alloc_file(struct socket *sock, struct file **f, int flags) static int sock_alloc_file(struct socket *sock, struct file **f, int flags)
{ {
struct qstr name = { .name = "" }; struct qstr name = { .name = "" };
struct dentry *dentry; struct path path;
struct file *file; struct file *file;
int fd; int fd;
...@@ -366,28 +366,29 @@ static int sock_alloc_file(struct socket *sock, struct file **f, int flags) ...@@ -366,28 +366,29 @@ static int sock_alloc_file(struct socket *sock, struct file **f, int flags)
if (unlikely(fd < 0)) if (unlikely(fd < 0))
return fd; return fd;
dentry = d_alloc(sock_mnt->mnt_sb->s_root, &name); path.dentry = d_alloc(sock_mnt->mnt_sb->s_root, &name);
if (unlikely(!dentry)) { if (unlikely(!path.dentry)) {
put_unused_fd(fd); put_unused_fd(fd);
return -ENOMEM; return -ENOMEM;
} }
path.mnt = mntget(sock_mnt);
dentry->d_op = &sockfs_dentry_operations; path.dentry->d_op = &sockfs_dentry_operations;
/* /*
* We dont want to push this dentry into global dentry hash table. * We dont want to push this dentry into global dentry hash table.
* We pretend dentry is already hashed, by unsetting DCACHE_UNHASHED * We pretend dentry is already hashed, by unsetting DCACHE_UNHASHED
* This permits a working /proc/$pid/fd/XXX on sockets * This permits a working /proc/$pid/fd/XXX on sockets
*/ */
dentry->d_flags &= ~DCACHE_UNHASHED; path.dentry->d_flags &= ~DCACHE_UNHASHED;
d_instantiate(dentry, SOCK_INODE(sock)); d_instantiate(path.dentry, SOCK_INODE(sock));
SOCK_INODE(sock)->i_fop = &socket_file_ops; SOCK_INODE(sock)->i_fop = &socket_file_ops;
file = alloc_file(sock_mnt, dentry, FMODE_READ | FMODE_WRITE, file = alloc_file(&path, FMODE_READ | FMODE_WRITE,
&socket_file_ops); &socket_file_ops);
if (unlikely(!file)) { if (unlikely(!file)) {
/* drop dentry, keep inode */ /* drop dentry, keep inode */
atomic_inc(&path.dentry->d_inode->i_count); atomic_inc(&path.dentry->d_inode->i_count);
dput(dentry); path_put(&path);
put_unused_fd(fd); put_unused_fd(fd);
return -ENFILE; return -ENFILE;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册