netns xfrm: fix "ip xfrm state|policy count" misreport

[safe/jmp/linux-2.6] / fs / proc / inode.c

diff --git a/fs/proc/inode.c b/fs/proc/inode.c
index b08d100..445a02b 100644 (file)
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
@@ -17,38 +17,13 @@
 #include <linux/init.h>
 #include <linux/module.h>
 #include <linux/smp_lock.h>
+#include <linux/sysctl.h>
 
 #include <asm/system.h>
 #include <asm/uaccess.h>
 
 #include "internal.h"
 
-struct proc_dir_entry *de_get(struct proc_dir_entry *de)
-{
-       atomic_inc(&de->count);
-       return de;
-}
-
-/*
- * Decrements the use count and checks for deferred deletion.
- */
-void de_put(struct proc_dir_entry *de)
-{
-       lock_kernel();
-       if (!atomic_read(&de->count)) {
-               printk("de_put: entry %s already free!\n", de->name);
-               unlock_kernel();
-               return;
-       }
-
-       if (atomic_dec_and_test(&de->count))
-               free_proc_entry(de);
-       unlock_kernel();
-}
-
-/*
- * Decrement the use count of the proc_dir_entry.
- */
 static void proc_delete_inode(struct inode *inode)
 {
        struct proc_dir_entry *de;
@@ -60,11 +35,10 @@ static void proc_delete_inode(struct inode *inode)
 
        /* Let go of any associated proc directory entry */
        de = PROC_I(inode)->pde;
-       if (de) {
-               if (de->owner)
-                       module_put(de->owner);
-               de_put(de);
-       }
+       if (de)
+               pde_put(de);
+       if (PROC_I(inode)->sysctl)
+               sysctl_head_put(PROC_I(inode)->sysctl);
        clear_inode(inode);
 }
 
@@ -84,6 +58,8 @@ static struct inode *proc_alloc_inode(struct super_block *sb)
        ei->fd = 0;
        ei->op.proc_get_link = NULL;
        ei->pde = NULL;
+       ei->sysctl = NULL;
+       ei->sysctl_entry = NULL;
        inode = &ei->vfs_inode;
        inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
        return inode;
@@ -94,27 +70,20 @@ static void proc_destroy_inode(struct inode *inode)
        kmem_cache_free(proc_inode_cachep, PROC_I(inode));
 }
 
-static void init_once(struct kmem_cache * cachep, void *foo)
+static void init_once(void *foo)
 {
        struct proc_inode *ei = (struct proc_inode *) foo;
 
        inode_init_once(&ei->vfs_inode);
 }
 
-int __init proc_init_inodecache(void)
+void __init proc_init_inodecache(void)
 {
        proc_inode_cachep = kmem_cache_create("proc_inode_cache",
                                             sizeof(struct proc_inode),
                                             0, (SLAB_RECLAIM_ACCOUNT|
                                                SLAB_MEM_SPREAD|SLAB_PANIC),
                                             init_once);
-       return 0;
-}
-
-static int proc_remount(struct super_block *sb, int *flags, char *data)
-{
-       *flags |= MS_NODIRATIME;
-       return 0;
 }
 
 static const struct super_operations proc_sops = {
@@ -123,15 +92,19 @@ static const struct super_operations proc_sops = {
        .drop_inode     = generic_delete_inode,
        .delete_inode   = proc_delete_inode,
        .statfs         = simple_statfs,
-       .remount_fs     = proc_remount,
 };
 
-static void pde_users_dec(struct proc_dir_entry *pde)
+static void __pde_users_dec(struct proc_dir_entry *pde)
 {
-       spin_lock(&pde->pde_unload_lock);
        pde->pde_users--;
        if (pde->pde_unload_completion && pde->pde_users == 0)
                complete(pde->pde_unload_completion);
+}
+
+void pde_users_dec(struct proc_dir_entry *pde)
+{
+       spin_lock(&pde->pde_unload_lock);
+       __pde_users_dec(pde);
        spin_unlock(&pde->pde_unload_lock);
 }
 
@@ -318,36 +291,97 @@ static int proc_reg_open(struct inode *inode, struct file *file)
        struct proc_dir_entry *pde = PDE(inode);
        int rv = 0;
        int (*open)(struct inode *, struct file *);
+       int (*release)(struct inode *, struct file *);
+       struct pde_opener *pdeo;
+
+       /*
+        * What for, you ask? Well, we can have open, rmmod, remove_proc_entry
+        * sequence. ->release won't be called because ->proc_fops will be
+        * cleared. Depending on complexity of ->release, consequences vary.
+        *
+        * We can't wait for mercy when close will be done for real, it's
+        * deadlockable: rmmod foo </proc/foo . So, we're going to do ->release
+        * by hand in remove_proc_entry(). For this, save opener's credentials
+        * for later.
+        */
+       pdeo = kmalloc(sizeof(struct pde_opener), GFP_KERNEL);
+       if (!pdeo)
+               return -ENOMEM;
 
        spin_lock(&pde->pde_unload_lock);
        if (!pde->proc_fops) {
                spin_unlock(&pde->pde_unload_lock);
-               return rv;
+               kfree(pdeo);
+               return -EINVAL;
        }
        pde->pde_users++;
        open = pde->proc_fops->open;
+       release = pde->proc_fops->release;
        spin_unlock(&pde->pde_unload_lock);
 
        if (open)
                rv = open(inode, file);
 
-       pde_users_dec(pde);
+       spin_lock(&pde->pde_unload_lock);
+       if (rv == 0 && release) {
+               /* To know what to release. */
+               pdeo->inode = inode;
+               pdeo->file = file;
+               /* Strictly for "too late" ->release in proc_reg_release(). */
+               pdeo->release = release;
+               list_add(&pdeo->lh, &pde->pde_openers);
+       } else
+               kfree(pdeo);
+       __pde_users_dec(pde);
+       spin_unlock(&pde->pde_unload_lock);
        return rv;
 }
 
+static struct pde_opener *find_pde_opener(struct proc_dir_entry *pde,
+                                       struct inode *inode, struct file *file)
+{
+       struct pde_opener *pdeo;
+
+       list_for_each_entry(pdeo, &pde->pde_openers, lh) {
+               if (pdeo->inode == inode && pdeo->file == file)
+                       return pdeo;
+       }
+       return NULL;
+}
+
 static int proc_reg_release(struct inode *inode, struct file *file)
 {
        struct proc_dir_entry *pde = PDE(inode);
        int rv = 0;
        int (*release)(struct inode *, struct file *);
+       struct pde_opener *pdeo;
 
        spin_lock(&pde->pde_unload_lock);
+       pdeo = find_pde_opener(pde, inode, file);
        if (!pde->proc_fops) {
-               spin_unlock(&pde->pde_unload_lock);
+               /*
+                * Can't simply exit, __fput() will think that everything is OK,
+                * and move on to freeing struct file. remove_proc_entry() will
+                * find slacker in opener's list and will try to do non-trivial
+                * things with struct file. Therefore, remove opener from list.
+                *
+                * But if opener is removed from list, who will ->release it?
+                */
+               if (pdeo) {
+                       list_del(&pdeo->lh);
+                       spin_unlock(&pde->pde_unload_lock);
+                       rv = pdeo->release(inode, file);
+                       kfree(pdeo);
+               } else
+                       spin_unlock(&pde->pde_unload_lock);
                return rv;
        }
        pde->pde_users++;
        release = pde->proc_fops->release;
+       if (pdeo) {
+               list_del(&pdeo->lh);
+               kfree(pdeo);
+       }
        spin_unlock(&pde->pde_unload_lock);
 
        if (release)
@@ -389,12 +423,9 @@ struct inode *proc_get_inode(struct super_block *sb, unsigned int ino,
 {
        struct inode * inode;
 
-       if (!try_module_get(de->owner))
-               goto out_mod;
-
        inode = iget_locked(sb, ino);
        if (!inode)
-               goto out_ino;
+               return NULL;
        if (inode->i_state & I_NEW) {
                inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
                PROC_I(inode)->fd = 0;
@@ -426,13 +457,8 @@ struct inode *proc_get_inode(struct super_block *sb, unsigned int ino,
                }
                unlock_new_inode(inode);
        } else
-              module_put(de->owner);
+              pde_put(de);
        return inode;
-
-out_ino:
-       module_put(de->owner);
-out_mod:
-       return NULL;
 }                      
 
 int proc_fill_super(struct super_block *s)
@@ -446,7 +472,7 @@ int proc_fill_super(struct super_block *s)
        s->s_op = &proc_sops;
        s->s_time_gran = 1;
        
-       de_get(&proc_root);
+       pde_get(&proc_root);
        root_inode = proc_get_inode(s, PROC_ROOT_INO, &proc_root);
        if (!root_inode)
                goto out_no_root;
@@ -460,6 +486,6 @@ int proc_fill_super(struct super_block *s)
 out_no_root:
        printk("proc_read_super: get root inode failed\n");
        iput(root_inode);
-       de_put(&proc_root);
+       pde_put(&proc_root);
        return -ENOMEM;
 }