tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable

* git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable:
Btrfs: check return value of alloc_extent_map()
Btrfs - Fix memory leak in btrfs_init_new_device()
btrfs: prevent heap corruption in btrfs_ioctl_space_info()
Btrfs: Fix balance panic
Btrfs: don't release pages when we can't clear the uptodate bits
Btrfs: fix page->private races

Linus Torvalds 007a14af 261cd298

+68 -11
+6 -2
fs/btrfs/disk-io.c
··· 359 359 360 360 tree = &BTRFS_I(page->mapping->host)->io_tree; 361 361 362 - if (page->private == EXTENT_PAGE_PRIVATE) 362 + if (page->private == EXTENT_PAGE_PRIVATE) { 363 + WARN_ON(1); 363 364 goto out; 364 - if (!page->private) 365 + } 366 + if (!page->private) { 367 + WARN_ON(1); 365 368 goto out; 369 + } 366 370 len = page->private >> 2; 367 371 WARN_ON(len == 0); 368 372
+1 -1
fs/btrfs/extent-tree.c
··· 6583 6583 u64 end = start + extent_key->offset - 1; 6584 6584 6585 6585 em = alloc_extent_map(GFP_NOFS); 6586 - BUG_ON(!em || IS_ERR(em)); 6586 + BUG_ON(!em); 6587 6587 6588 6588 em->start = start; 6589 6589 em->len = extent_key->offset;
+44 -4
fs/btrfs/extent_io.c
··· 1946 1946 1947 1947 static void set_page_extent_head(struct page *page, unsigned long len) 1948 1948 { 1949 + WARN_ON(!PagePrivate(page)); 1949 1950 set_page_private(page, EXTENT_PAGE_PRIVATE_FIRST_PAGE | len << 2); 1950 1951 } 1951 1952 ··· 2822 2821 * at this point we can safely clear everything except the 2823 2822 * locked bit and the nodatasum bit 2824 2823 */ 2825 - clear_extent_bit(tree, start, end, 2824 + ret = clear_extent_bit(tree, start, end, 2826 2825 ~(EXTENT_LOCKED | EXTENT_NODATASUM), 2827 2826 0, 0, NULL, mask); 2827 + 2828 + /* if clear_extent_bit failed for enomem reasons, 2829 + * we can't allow the release to continue. 2830 + */ 2831 + if (ret < 0) 2832 + ret = 0; 2833 + else 2834 + ret = 1; 2828 2835 } 2829 2836 return ret; 2830 2837 } ··· 3203 3194 } 3204 3195 if (!PageUptodate(p)) 3205 3196 uptodate = 0; 3206 - unlock_page(p); 3197 + 3198 + /* 3199 + * see below about how we avoid a nasty race with release page 3200 + * and why we unlock later 3201 + */ 3202 + if (i != 0) 3203 + unlock_page(p); 3207 3204 } 3208 3205 if (uptodate) 3209 3206 set_bit(EXTENT_BUFFER_UPTODATE, &eb->bflags); ··· 3233 3218 atomic_inc(&eb->refs); 3234 3219 spin_unlock(&tree->buffer_lock); 3235 3220 radix_tree_preload_end(); 3221 + 3222 + /* 3223 + * there is a race where release page may have 3224 + * tried to find this extent buffer in the radix 3225 + * but failed. It will tell the VM it is safe to 3226 + * reclaim the, and it will clear the page private bit. 3227 + * We must make sure to set the page private bit properly 3228 + * after the extent buffer is in the radix tree so 3229 + * it doesn't get lost 3230 + */ 3231 + set_page_extent_mapped(eb->first_page); 3232 + set_page_extent_head(eb->first_page, eb->len); 3233 + if (!page0) 3234 + unlock_page(eb->first_page); 3236 3235 return eb; 3237 3236 3238 3237 free_eb: 3238 + if (eb->first_page && !page0) 3239 + unlock_page(eb->first_page); 3240 + 3239 3241 if (!atomic_dec_and_test(&eb->refs)) 3240 3242 return exists; 3241 3243 btrfs_release_extent_buffer(eb); ··· 3303 3271 continue; 3304 3272 3305 3273 lock_page(page); 3274 + WARN_ON(!PagePrivate(page)); 3275 + 3276 + set_page_extent_mapped(page); 3306 3277 if (i == 0) 3307 3278 set_page_extent_head(page, eb->len); 3308 - else 3309 - set_page_private(page, EXTENT_PAGE_PRIVATE); 3310 3279 3311 3280 clear_page_dirty_for_io(page); 3312 3281 spin_lock_irq(&page->mapping->tree_lock); ··· 3497 3464 3498 3465 for (i = start_i; i < num_pages; i++) { 3499 3466 page = extent_buffer_page(eb, i); 3467 + 3468 + WARN_ON(!PagePrivate(page)); 3469 + 3470 + set_page_extent_mapped(page); 3471 + if (i == 0) 3472 + set_page_extent_head(page, eb->len); 3473 + 3500 3474 if (inc_all_pages) 3501 3475 page_cache_get(page); 3502 3476 if (!PageUptodate(page)) {
+2 -2
fs/btrfs/extent_map.c
··· 51 51 { 52 52 struct extent_map *em; 53 53 em = kmem_cache_alloc(extent_map_cache, mask); 54 - if (!em || IS_ERR(em)) 55 - return em; 54 + if (!em) 55 + return NULL; 56 56 em->in_tree = 0; 57 57 em->flags = 0; 58 58 em->compress_type = BTRFS_COMPRESS_NONE;
+1
fs/btrfs/file.c
··· 186 186 split = alloc_extent_map(GFP_NOFS); 187 187 if (!split2) 188 188 split2 = alloc_extent_map(GFP_NOFS); 189 + BUG_ON(!split || !split2); 189 190 190 191 write_lock(&em_tree->lock); 191 192 em = lookup_extent_mapping(em_tree, start, len);
+3
fs/btrfs/inode.c
··· 644 644 async_extent->ram_size - 1, 0); 645 645 646 646 em = alloc_extent_map(GFP_NOFS); 647 + BUG_ON(!em); 647 648 em->start = async_extent->start; 648 649 em->len = async_extent->ram_size; 649 650 em->orig_start = em->start; ··· 821 820 BUG_ON(ret); 822 821 823 822 em = alloc_extent_map(GFP_NOFS); 823 + BUG_ON(!em); 824 824 em->start = start; 825 825 em->orig_start = em->start; 826 826 ram_size = ins.offset; ··· 1171 1169 struct extent_map_tree *em_tree; 1172 1170 em_tree = &BTRFS_I(inode)->extent_tree; 1173 1171 em = alloc_extent_map(GFP_NOFS); 1172 + BUG_ON(!em); 1174 1173 em->start = cur_offset; 1175 1174 em->orig_start = em->start; 1176 1175 em->len = num_bytes;
+8 -2
fs/btrfs/ioctl.c
··· 2208 2208 int num_types = 4; 2209 2209 int alloc_size; 2210 2210 int ret = 0; 2211 - int slot_count = 0; 2211 + u64 slot_count = 0; 2212 2212 int i, c; 2213 2213 2214 2214 if (copy_from_user(&space_args, ··· 2247 2247 goto out; 2248 2248 } 2249 2249 2250 - slot_count = min_t(int, space_args.space_slots, slot_count); 2250 + slot_count = min_t(u64, space_args.space_slots, slot_count); 2251 2251 2252 2252 alloc_size = sizeof(*dest) * slot_count; 2253 2253 ··· 2266 2266 /* now we have a buffer to copy into */ 2267 2267 for (i = 0; i < num_types; i++) { 2268 2268 struct btrfs_space_info *tmp; 2269 + 2270 + if (!slot_count) 2271 + break; 2269 2272 2270 2273 info = NULL; 2271 2274 rcu_read_lock(); ··· 2291 2288 memcpy(dest, &space, sizeof(space)); 2292 2289 dest++; 2293 2290 space_args.total_spaces++; 2291 + slot_count--; 2294 2292 } 2293 + if (!slot_count) 2294 + break; 2295 2295 } 2296 2296 up_read(&info->groups_sem); 2297 2297 }
+1
fs/btrfs/relocation.c
··· 1157 1157 new_node->bytenr = dest->node->start; 1158 1158 new_node->level = node->level; 1159 1159 new_node->lowest = node->lowest; 1160 + new_node->checked = 1; 1160 1161 new_node->root = dest; 1161 1162 1162 1163 if (!node->lowest) {
+2
fs/btrfs/volumes.c
··· 1605 1605 1606 1606 ret = find_next_devid(root, &device->devid); 1607 1607 if (ret) { 1608 + kfree(device->name); 1608 1609 kfree(device); 1609 1610 goto error; 1610 1611 } 1611 1612 1612 1613 trans = btrfs_start_transaction(root, 0); 1613 1614 if (IS_ERR(trans)) { 1615 + kfree(device->name); 1614 1616 kfree(device); 1615 1617 ret = PTR_ERR(trans); 1616 1618 goto error;