[XFS] Fix char size overflow in bmap_alloc call for unwritten extent

[safe/jmp/linux-2.6] / fs / block_dev.c

diff --git a/fs/block_dev.c b/fs/block_dev.c
index 5983d42..045f988 100644 (file)
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -5,14 +5,12 @@
  *  Copyright (C) 2001  Andrea Arcangeli <andrea@suse.de> SuSE
  */
 
-#include <linux/config.h>
 #include <linux/init.h>
 #include <linux/mm.h>
 #include <linux/fcntl.h>
 #include <linux/slab.h>
 #include <linux/kmod.h>
 #include <linux/major.h>
-#include <linux/devfs_fs_kernel.h>
 #include <linux/smp_lock.h>
 #include <linux/highmem.h>
 #include <linux/blkdev.h>
@@ -266,6 +264,9 @@ static void init_once(void * foo, kmem_cache_t * cachep, unsigned long flags)
                mutex_init(&bdev->bd_mount_mutex);
                INIT_LIST_HEAD(&bdev->bd_inodes);
                INIT_LIST_HEAD(&bdev->bd_list);
+#ifdef CONFIG_SYSFS
+               INIT_LIST_HEAD(&bdev->bd_holder_list);
+#endif
                inode_init_once(&ei->vfs_inode);
        }
 }
@@ -297,10 +298,10 @@ static struct super_operations bdev_sops = {
        .clear_inode = bdev_clear_inode,
 };
 
-static struct super_block *bd_get_sb(struct file_system_type *fs_type,
-       int flags, const char *dev_name, void *data)
+static int bd_get_sb(struct file_system_type *fs_type,
+       int flags, const char *dev_name, void *data, struct vfsmount *mnt)
 {
-       return get_sb_pseudo(fs_type, "bdev:", &bdev_sops, 0x62646576);
+       return get_sb_pseudo(fs_type, "bdev:", &bdev_sops, 0x62646576, mnt);
 }
 
 static struct file_system_type bd_type = {
@@ -411,21 +412,31 @@ EXPORT_SYMBOL(bdput);
 static struct block_device *bd_acquire(struct inode *inode)
 {
        struct block_device *bdev;
+
        spin_lock(&bdev_lock);
        bdev = inode->i_bdev;
-       if (bdev && igrab(bdev->bd_inode)) {
+       if (bdev) {
+               atomic_inc(&bdev->bd_inode->i_count);
                spin_unlock(&bdev_lock);
                return bdev;
        }
        spin_unlock(&bdev_lock);
+
        bdev = bdget(inode->i_rdev);
        if (bdev) {
                spin_lock(&bdev_lock);
-               if (inode->i_bdev)
-                       __bd_forget(inode);
-               inode->i_bdev = bdev;
-               inode->i_mapping = bdev->bd_inode->i_mapping;
-               list_add(&inode->i_devices, &bdev->bd_inodes);
+               if (!inode->i_bdev) {
+                       /*
+                        * We take an additional bd_inode->i_count for inode,
+                        * and it's released in clear_inode() of inode.
+                        * So, we can access it via ->i_mapping always
+                        * without igrab().
+                        */
+                       atomic_inc(&bdev->bd_inode->i_count);
+                       inode->i_bdev = bdev;
+                       inode->i_mapping = bdev->bd_inode->i_mapping;
+                       list_add(&inode->i_devices, &bdev->bd_inodes);
+               }
                spin_unlock(&bdev_lock);
        }
        return bdev;
@@ -435,10 +446,18 @@ static struct block_device *bd_acquire(struct inode *inode)
 
 void bd_forget(struct inode *inode)
 {
+       struct block_device *bdev = NULL;
+
        spin_lock(&bdev_lock);
-       if (inode->i_bdev)
+       if (inode->i_bdev) {
+               if (inode->i_sb != blockdev_superblock)
+                       bdev = inode->i_bdev;
                __bd_forget(inode);
+       }
        spin_unlock(&bdev_lock);
+
+       if (bdev)
+               iput(bdev->bd_inode);
 }
 
 int bd_claim(struct block_device *bdev, void *holder)
@@ -490,6 +509,300 @@ void bd_release(struct block_device *bdev)
 
 EXPORT_SYMBOL(bd_release);
 
+#ifdef CONFIG_SYSFS
+/*
+ * Functions for bd_claim_by_kobject / bd_release_from_kobject
+ *
+ *     If a kobject is passed to bd_claim_by_kobject()
+ *     and the kobject has a parent directory,
+ *     following symlinks are created:
+ *        o from the kobject to the claimed bdev
+ *        o from "holders" directory of the bdev to the parent of the kobject
+ *     bd_release_from_kobject() removes these symlinks.
+ *
+ *     Example:
+ *        If /dev/dm-0 maps to /dev/sda, kobject corresponding to
+ *        /sys/block/dm-0/slaves is passed to bd_claim_by_kobject(), then:
+ *           /sys/block/dm-0/slaves/sda --> /sys/block/sda
+ *           /sys/block/sda/holders/dm-0 --> /sys/block/dm-0
+ */
+
+static struct kobject *bdev_get_kobj(struct block_device *bdev)
+{
+       if (bdev->bd_contains != bdev)
+               return kobject_get(&bdev->bd_part->kobj);
+       else
+               return kobject_get(&bdev->bd_disk->kobj);
+}
+
+static struct kobject *bdev_get_holder(struct block_device *bdev)
+{
+       if (bdev->bd_contains != bdev)
+               return kobject_get(bdev->bd_part->holder_dir);
+       else
+               return kobject_get(bdev->bd_disk->holder_dir);
+}
+
+static void add_symlink(struct kobject *from, struct kobject *to)
+{
+       if (!from || !to)
+               return;
+       sysfs_create_link(from, to, kobject_name(to));
+}
+
+static void del_symlink(struct kobject *from, struct kobject *to)
+{
+       if (!from || !to)
+               return;
+       sysfs_remove_link(from, kobject_name(to));
+}
+
+/*
+ * 'struct bd_holder' contains pointers to kobjects symlinked by
+ * bd_claim_by_kobject.
+ * It's connected to bd_holder_list which is protected by bdev->bd_sem.
+ */
+struct bd_holder {
+       struct list_head list;  /* chain of holders of the bdev */
+       int count;              /* references from the holder */
+       struct kobject *sdir;   /* holder object, e.g. "/block/dm-0/slaves" */
+       struct kobject *hdev;   /* e.g. "/block/dm-0" */
+       struct kobject *hdir;   /* e.g. "/block/sda/holders" */
+       struct kobject *sdev;   /* e.g. "/block/sda" */
+};
+
+/*
+ * Get references of related kobjects at once.
+ * Returns 1 on success. 0 on failure.
+ *
+ * Should call bd_holder_release_dirs() after successful use.
+ */
+static int bd_holder_grab_dirs(struct block_device *bdev,
+                       struct bd_holder *bo)
+{
+       if (!bdev || !bo)
+               return 0;
+
+       bo->sdir = kobject_get(bo->sdir);
+       if (!bo->sdir)
+               return 0;
+
+       bo->hdev = kobject_get(bo->sdir->parent);
+       if (!bo->hdev)
+               goto fail_put_sdir;
+
+       bo->sdev = bdev_get_kobj(bdev);
+       if (!bo->sdev)
+               goto fail_put_hdev;
+
+       bo->hdir = bdev_get_holder(bdev);
+       if (!bo->hdir)
+               goto fail_put_sdev;
+
+       return 1;
+
+fail_put_sdev:
+       kobject_put(bo->sdev);
+fail_put_hdev:
+       kobject_put(bo->hdev);
+fail_put_sdir:
+       kobject_put(bo->sdir);
+
+       return 0;
+}
+
+/* Put references of related kobjects at once. */
+static void bd_holder_release_dirs(struct bd_holder *bo)
+{
+       kobject_put(bo->hdir);
+       kobject_put(bo->sdev);
+       kobject_put(bo->hdev);
+       kobject_put(bo->sdir);
+}
+
+static struct bd_holder *alloc_bd_holder(struct kobject *kobj)
+{
+       struct bd_holder *bo;
+
+       bo = kzalloc(sizeof(*bo), GFP_KERNEL);
+       if (!bo)
+               return NULL;
+
+       bo->count = 1;
+       bo->sdir = kobj;
+
+       return bo;
+}
+
+static void free_bd_holder(struct bd_holder *bo)
+{
+       kfree(bo);
+}
+
+/**
+ * add_bd_holder - create sysfs symlinks for bd_claim() relationship
+ *
+ * @bdev:      block device to be bd_claimed
+ * @bo:                preallocated and initialized by alloc_bd_holder()
+ *
+ * If there is no matching entry with @bo in @bdev->bd_holder_list,
+ * add @bo to the list, create symlinks.
+ *
+ * Returns 1 if @bo was added to the list.
+ * Returns 0 if @bo wasn't used by any reason and should be freed.
+ */
+static int add_bd_holder(struct block_device *bdev, struct bd_holder *bo)
+{
+       struct bd_holder *tmp;
+
+       if (!bo)
+               return 0;
+
+       list_for_each_entry(tmp, &bdev->bd_holder_list, list) {
+               if (tmp->sdir == bo->sdir) {
+                       tmp->count++;
+                       return 0;
+               }
+       }
+
+       if (!bd_holder_grab_dirs(bdev, bo))
+               return 0;
+
+       add_symlink(bo->sdir, bo->sdev);
+       add_symlink(bo->hdir, bo->hdev);
+       list_add_tail(&bo->list, &bdev->bd_holder_list);
+       return 1;
+}
+
+/**
+ * del_bd_holder - delete sysfs symlinks for bd_claim() relationship
+ *
+ * @bdev:      block device to be bd_claimed
+ * @kobj:      holder's kobject
+ *
+ * If there is matching entry with @kobj in @bdev->bd_holder_list
+ * and no other bd_claim() from the same kobject,
+ * remove the struct bd_holder from the list, delete symlinks for it.
+ *
+ * Returns a pointer to the struct bd_holder when it's removed from the list
+ * and ready to be freed.
+ * Returns NULL if matching claim isn't found or there is other bd_claim()
+ * by the same kobject.
+ */
+static struct bd_holder *del_bd_holder(struct block_device *bdev,
+                                       struct kobject *kobj)
+{
+       struct bd_holder *bo;
+
+       list_for_each_entry(bo, &bdev->bd_holder_list, list) {
+               if (bo->sdir == kobj) {
+                       bo->count--;
+                       BUG_ON(bo->count < 0);
+                       if (!bo->count) {
+                               list_del(&bo->list);
+                               del_symlink(bo->sdir, bo->sdev);
+                               del_symlink(bo->hdir, bo->hdev);
+                               bd_holder_release_dirs(bo);
+                               return bo;
+                       }
+                       break;
+               }
+       }
+
+       return NULL;
+}
+
+/**
+ * bd_claim_by_kobject - bd_claim() with additional kobject signature
+ *
+ * @bdev:      block device to be claimed
+ * @holder:    holder's signature
+ * @kobj:      holder's kobject
+ *
+ * Do bd_claim() and if it succeeds, create sysfs symlinks between
+ * the bdev and the holder's kobject.
+ * Use bd_release_from_kobject() when relesing the claimed bdev.
+ *
+ * Returns 0 on success. (same as bd_claim())
+ * Returns errno on failure.
+ */
+static int bd_claim_by_kobject(struct block_device *bdev, void *holder,
+                               struct kobject *kobj)
+{
+       int res;
+       struct bd_holder *bo;
+
+       if (!kobj)
+               return -EINVAL;
+
+       bo = alloc_bd_holder(kobj);
+       if (!bo)
+               return -ENOMEM;
+
+       mutex_lock_nested(&bdev->bd_mutex, BD_MUTEX_PARTITION);
+       res = bd_claim(bdev, holder);
+       if (res || !add_bd_holder(bdev, bo))
+               free_bd_holder(bo);
+       mutex_unlock(&bdev->bd_mutex);
+
+       return res;
+}
+
+/**
+ * bd_release_from_kobject - bd_release() with additional kobject signature
+ *
+ * @bdev:      block device to be released
+ * @kobj:      holder's kobject
+ *
+ * Do bd_release() and remove sysfs symlinks created by bd_claim_by_kobject().
+ */
+static void bd_release_from_kobject(struct block_device *bdev,
+                                       struct kobject *kobj)
+{
+       struct bd_holder *bo;
+
+       if (!kobj)
+               return;
+
+       mutex_lock_nested(&bdev->bd_mutex, BD_MUTEX_PARTITION);
+       bd_release(bdev);
+       if ((bo = del_bd_holder(bdev, kobj)))
+               free_bd_holder(bo);
+       mutex_unlock(&bdev->bd_mutex);
+}
+
+/**
+ * bd_claim_by_disk - wrapper function for bd_claim_by_kobject()
+ *
+ * @bdev:      block device to be claimed
+ * @holder:    holder's signature
+ * @disk:      holder's gendisk
+ *
+ * Call bd_claim_by_kobject() with getting @disk->slave_dir.
+ */
+int bd_claim_by_disk(struct block_device *bdev, void *holder,
+                       struct gendisk *disk)
+{
+       return bd_claim_by_kobject(bdev, holder, kobject_get(disk->slave_dir));
+}
+EXPORT_SYMBOL_GPL(bd_claim_by_disk);
+
+/**
+ * bd_release_from_disk - wrapper function for bd_release_from_kobject()
+ *
+ * @bdev:      block device to be claimed
+ * @disk:      holder's gendisk
+ *
+ * Call bd_release_from_kobject() and put @disk->slave_dir.
+ */
+void bd_release_from_disk(struct block_device *bdev, struct gendisk *disk)
+{
+       bd_release_from_kobject(bdev, disk->slave_dir);
+       kobject_put(disk->slave_dir);
+}
+EXPORT_SYMBOL_GPL(bd_release_from_disk);
+#endif
+
 /*
  * Tries to open block device by device number.  Use it ONLY if you
  * really do not have anything better - i.e. when you are behind a
@@ -509,6 +822,22 @@ struct block_device *open_by_devnum(dev_t dev, unsigned mode)
 
 EXPORT_SYMBOL(open_by_devnum);
 
+static int
+blkdev_get_partition(struct block_device *bdev, mode_t mode, unsigned flags);
+
+struct block_device *open_partition_by_devnum(dev_t dev, unsigned mode)
+{
+       struct block_device *bdev = bdget(dev);
+       int err = -ENOMEM;
+       int flags = mode & FMODE_WRITE ? O_RDWR : O_RDONLY;
+       if (bdev)
+               err = blkdev_get_partition(bdev, mode, flags);
+       return err ? ERR_PTR(err) : bdev;
+}
+
+EXPORT_SYMBOL(open_partition_by_devnum);
+
+
 /*
  * This routine checks whether a removable media has been changed,
  * and invalidates all buffer-cache-entries in that case. This
@@ -555,7 +884,66 @@ void bd_set_size(struct block_device *bdev, loff_t size)
 }
 EXPORT_SYMBOL(bd_set_size);
 
-static int do_open(struct block_device *bdev, struct file *file)
+static int __blkdev_put(struct block_device *bdev, unsigned int subclass)
+{
+       int ret = 0;
+       struct inode *bd_inode = bdev->bd_inode;
+       struct gendisk *disk = bdev->bd_disk;
+
+       mutex_lock_nested(&bdev->bd_mutex, subclass);
+       lock_kernel();
+       if (!--bdev->bd_openers) {
+               sync_blockdev(bdev);
+               kill_bdev(bdev);
+       }
+       if (bdev->bd_contains == bdev) {
+               if (disk->fops->release)
+                       ret = disk->fops->release(bd_inode, NULL);
+       } else {
+               mutex_lock_nested(&bdev->bd_contains->bd_mutex,
+                                 subclass + 1);
+               bdev->bd_contains->bd_part_count--;
+               mutex_unlock(&bdev->bd_contains->bd_mutex);
+       }
+       if (!bdev->bd_openers) {
+               struct module *owner = disk->fops->owner;
+
+               put_disk(disk);
+               module_put(owner);
+
+               if (bdev->bd_contains != bdev) {
+                       kobject_put(&bdev->bd_part->kobj);
+                       bdev->bd_part = NULL;
+               }
+               bdev->bd_disk = NULL;
+               bdev->bd_inode->i_data.backing_dev_info = &default_backing_dev_info;
+               if (bdev != bdev->bd_contains)
+                       __blkdev_put(bdev->bd_contains, subclass + 1);
+               bdev->bd_contains = NULL;
+       }
+       unlock_kernel();
+       mutex_unlock(&bdev->bd_mutex);
+       bdput(bdev);
+       return ret;
+}
+
+int blkdev_put(struct block_device *bdev)
+{
+       return __blkdev_put(bdev, BD_MUTEX_NORMAL);
+}
+EXPORT_SYMBOL(blkdev_put);
+
+int blkdev_put_partition(struct block_device *bdev)
+{
+       return __blkdev_put(bdev, BD_MUTEX_PARTITION);
+}
+EXPORT_SYMBOL(blkdev_put_partition);
+
+static int
+blkdev_get_whole(struct block_device *bdev, mode_t mode, unsigned flags);
+
+static int
+do_open(struct block_device *bdev, struct file *file, unsigned int subclass)
 {
        struct module *owner = NULL;
        struct gendisk *disk;
@@ -572,7 +960,8 @@ static int do_open(struct block_device *bdev, struct file *file)
        }
        owner = disk->fops->owner;
 
-       mutex_lock(&bdev->bd_mutex);
+       mutex_lock_nested(&bdev->bd_mutex, subclass);
+
        if (!bdev->bd_openers) {
                bdev->bd_disk = disk;
                bdev->bd_contains = bdev;
@@ -599,11 +988,11 @@ static int do_open(struct block_device *bdev, struct file *file)
                        ret = -ENOMEM;
                        if (!whole)
                                goto out_first;
-                       ret = blkdev_get(whole, file->f_mode, file->f_flags);
+                       ret = blkdev_get_whole(whole, file->f_mode, file->f_flags);
                        if (ret)
                                goto out_first;
                        bdev->bd_contains = whole;
-                       mutex_lock(&whole->bd_mutex);
+                       mutex_lock_nested(&whole->bd_mutex, BD_MUTEX_WHOLE);
                        whole->bd_part_count++;
                        p = disk->part[part - 1];
                        bdev->bd_inode->i_data.backing_dev_info =
@@ -631,7 +1020,8 @@ static int do_open(struct block_device *bdev, struct file *file)
                        if (bdev->bd_invalidated)
                                rescan_partitions(bdev->bd_disk, bdev);
                } else {
-                       mutex_lock(&bdev->bd_contains->bd_mutex);
+                       mutex_lock_nested(&bdev->bd_contains->bd_mutex,
+                                         BD_MUTEX_PARTITION);
                        bdev->bd_contains->bd_part_count++;
                        mutex_unlock(&bdev->bd_contains->bd_mutex);
                }
@@ -645,7 +1035,7 @@ out_first:
        bdev->bd_disk = NULL;
        bdev->bd_inode->i_data.backing_dev_info = &default_backing_dev_info;
        if (bdev != bdev->bd_contains)
-               blkdev_put(bdev->bd_contains);
+               __blkdev_put(bdev->bd_contains, BD_MUTEX_WHOLE);
        bdev->bd_contains = NULL;
        put_disk(disk);
        module_put(owner);
@@ -672,11 +1062,49 @@ int blkdev_get(struct block_device *bdev, mode_t mode, unsigned flags)
        fake_file.f_dentry = &fake_dentry;
        fake_dentry.d_inode = bdev->bd_inode;
 
-       return do_open(bdev, &fake_file);
+       return do_open(bdev, &fake_file, BD_MUTEX_NORMAL);
 }
 
 EXPORT_SYMBOL(blkdev_get);
 
+static int
+blkdev_get_whole(struct block_device *bdev, mode_t mode, unsigned flags)
+{
+       /*
+        * This crockload is due to bad choice of ->open() type.
+        * It will go away.
+        * For now, block device ->open() routine must _not_
+        * examine anything in 'inode' argument except ->i_rdev.
+        */
+       struct file fake_file = {};
+       struct dentry fake_dentry = {};
+       fake_file.f_mode = mode;
+       fake_file.f_flags = flags;
+       fake_file.f_dentry = &fake_dentry;
+       fake_dentry.d_inode = bdev->bd_inode;
+
+       return do_open(bdev, &fake_file, BD_MUTEX_WHOLE);
+}
+
+static int
+blkdev_get_partition(struct block_device *bdev, mode_t mode, unsigned flags)
+{
+       /*
+        * This crockload is due to bad choice of ->open() type.
+        * It will go away.
+        * For now, block device ->open() routine must _not_
+        * examine anything in 'inode' argument except ->i_rdev.
+        */
+       struct file fake_file = {};
+       struct dentry fake_dentry = {};
+       fake_file.f_mode = mode;
+       fake_file.f_flags = flags;
+       fake_file.f_dentry = &fake_dentry;
+       fake_dentry.d_inode = bdev->bd_inode;
+
+       return do_open(bdev, &fake_file, BD_MUTEX_PARTITION);
+}
+
 static int blkdev_open(struct inode * inode, struct file * filp)
 {
        struct block_device *bdev;
@@ -692,7 +1120,7 @@ static int blkdev_open(struct inode * inode, struct file * filp)
 
        bdev = bd_acquire(inode);
 
-       res = do_open(bdev, filp);
+       res = do_open(bdev, filp, BD_MUTEX_NORMAL);
        if (res)
                return res;
 
@@ -706,51 +1134,6 @@ static int blkdev_open(struct inode * inode, struct file * filp)
        return res;
 }
 
-int blkdev_put(struct block_device *bdev)
-{
-       int ret = 0;
-       struct inode *bd_inode = bdev->bd_inode;
-       struct gendisk *disk = bdev->bd_disk;
-
-       mutex_lock(&bdev->bd_mutex);
-       lock_kernel();
-       if (!--bdev->bd_openers) {
-               sync_blockdev(bdev);
-               kill_bdev(bdev);
-       }
-       if (bdev->bd_contains == bdev) {
-               if (disk->fops->release)
-                       ret = disk->fops->release(bd_inode, NULL);
-       } else {
-               mutex_lock(&bdev->bd_contains->bd_mutex);
-               bdev->bd_contains->bd_part_count--;
-               mutex_unlock(&bdev->bd_contains->bd_mutex);
-       }
-       if (!bdev->bd_openers) {
-               struct module *owner = disk->fops->owner;
-
-               put_disk(disk);
-               module_put(owner);
-
-               if (bdev->bd_contains != bdev) {
-                       kobject_put(&bdev->bd_part->kobj);
-                       bdev->bd_part = NULL;
-               }
-               bdev->bd_disk = NULL;
-               bdev->bd_inode->i_data.backing_dev_info = &default_backing_dev_info;
-               if (bdev != bdev->bd_contains) {
-                       blkdev_put(bdev->bd_contains);
-               }
-               bdev->bd_contains = NULL;
-       }
-       unlock_kernel();
-       mutex_unlock(&bdev->bd_mutex);
-       bdput(bdev);
-       return ret;
-}
-
-EXPORT_SYMBOL(blkdev_put);
-
 static int blkdev_close(struct inode * inode, struct file * filp)
 {
        struct block_device *bdev = I_BDEV(filp->f_mapping->host);
@@ -780,7 +1163,7 @@ static long block_ioctl(struct file *file, unsigned cmd, unsigned long arg)
        return blkdev_ioctl(file->f_mapping->host, file, cmd, arg);
 }
 
-struct address_space_operations def_blk_aops = {
+const struct address_space_operations def_blk_aops = {
        .readpage       = blkdev_readpage,
        .writepage      = blkdev_writepage,
        .sync_page      = block_sync_page,
@@ -790,7 +1173,7 @@ struct address_space_operations def_blk_aops = {
        .direct_IO      = blkdev_direct_IO,
 };
 
-struct file_operations def_blk_fops = {
+const struct file_operations def_blk_fops = {
        .open           = blkdev_open,
        .release        = blkdev_close,
        .llseek         = block_llseek,
@@ -807,6 +1190,8 @@ struct file_operations def_blk_fops = {
        .readv          = generic_file_readv,
        .writev         = generic_file_write_nolock,
        .sendfile       = generic_file_sendfile,
+       .splice_read    = generic_file_splice_read,
+       .splice_write   = generic_file_splice_write,
 };
 
 int ioctl_by_bdev(struct block_device *bdev, unsigned cmd, unsigned long arg)