tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

aio: Stop using i_private_data and i_private_lock

Instead of using i_private_data and i_private_lock, just create aio
inodes with appropriate necessary fields.

Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://patch.msgid.link/20260326095354.16340-67-jack@suse.cz
Tested-by: syzbot@syzkaller.appspotmail.com
Signed-off-by: Christian Brauner <brauner@kernel.org>

authored by

Jan Kara and committed by
Christian Brauner 3833d335 2811f2a8

+66 -12
+66 -12
fs/aio.c
··· 218 218 struct eventfd_ctx *ki_eventfd; 219 219 }; 220 220 221 + struct aio_inode_info { 222 + struct inode vfs_inode; 223 + spinlock_t migrate_lock; 224 + struct kioctx *ctx; 225 + }; 226 + 227 + static inline struct aio_inode_info *AIO_I(struct inode *inode) 228 + { 229 + return container_of(inode, struct aio_inode_info, vfs_inode); 230 + } 231 + 221 232 /*------ sysctl variables----*/ 222 233 static DEFINE_SPINLOCK(aio_nr_lock); 223 234 static unsigned long aio_nr; /* current system wide number of aio requests */ ··· 262 251 263 252 static struct kmem_cache *kiocb_cachep; 264 253 static struct kmem_cache *kioctx_cachep; 254 + static struct kmem_cache *aio_inode_cachep; 265 255 266 256 static struct vfsmount *aio_mnt; 267 257 ··· 273 261 { 274 262 struct file *file; 275 263 struct inode *inode = alloc_anon_inode(aio_mnt->mnt_sb); 264 + 276 265 if (IS_ERR(inode)) 277 266 return ERR_CAST(inode); 278 267 279 268 inode->i_mapping->a_ops = &aio_ctx_aops; 280 - inode->i_mapping->i_private_data = ctx; 269 + AIO_I(inode)->ctx = ctx; 281 270 inode->i_size = PAGE_SIZE * nr_pages; 282 271 283 272 file = alloc_file_pseudo(inode, aio_mnt, "[aio]", ··· 288 275 return file; 289 276 } 290 277 278 + static struct inode *aio_alloc_inode(struct super_block *sb) 279 + { 280 + struct aio_inode_info *ai; 281 + 282 + ai = alloc_inode_sb(sb, aio_inode_cachep, GFP_KERNEL); 283 + if (!ai) 284 + return NULL; 285 + ai->ctx = NULL; 286 + 287 + return &ai->vfs_inode; 288 + } 289 + 290 + static void aio_free_inode(struct inode *inode) 291 + { 292 + kmem_cache_free(aio_inode_cachep, AIO_I(inode)); 293 + } 294 + 295 + static const struct super_operations aio_super_operations = { 296 + .alloc_inode = aio_alloc_inode, 297 + .free_inode = aio_free_inode, 298 + .statfs = simple_statfs, 299 + }; 300 + 291 301 static int aio_init_fs_context(struct fs_context *fc) 292 302 { 293 - if (!init_pseudo(fc, AIO_RING_MAGIC)) 303 + struct pseudo_fs_context *pfc; 304 + 305 + pfc = init_pseudo(fc, AIO_RING_MAGIC); 306 + if (!pfc) 294 307 return -ENOMEM; 295 308 fc->s_iflags |= SB_I_NOEXEC; 309 + pfc->ops = &aio_super_operations; 296 310 return 0; 311 + } 312 + 313 + static void init_once(void *obj) 314 + { 315 + struct aio_inode_info *ai = obj; 316 + 317 + inode_init_once(&ai->vfs_inode); 318 + spin_lock_init(&ai->migrate_lock); 297 319 } 298 320 299 321 /* aio_setup ··· 342 294 .init_fs_context = aio_init_fs_context, 343 295 .kill_sb = kill_anon_super, 344 296 }; 297 + 298 + aio_inode_cachep = kmem_cache_create("aio_inode_cache", 299 + sizeof(struct aio_inode_info), 0, 300 + (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|SLAB_ACCOUNT), 301 + init_once); 345 302 aio_mnt = kern_mount(&aio_fs); 346 303 if (IS_ERR(aio_mnt)) 347 304 panic("Failed to create aio fs mount."); ··· 361 308 static void put_aio_ring_file(struct kioctx *ctx) 362 309 { 363 310 struct file *aio_ring_file = ctx->aio_ring_file; 364 - struct address_space *i_mapping; 365 311 366 312 if (aio_ring_file) { 367 - truncate_setsize(file_inode(aio_ring_file), 0); 313 + struct inode *inode = file_inode(aio_ring_file); 314 + 315 + truncate_setsize(inode, 0); 368 316 369 317 /* Prevent further access to the kioctx from migratepages */ 370 - i_mapping = aio_ring_file->f_mapping; 371 - spin_lock(&i_mapping->i_private_lock); 372 - i_mapping->i_private_data = NULL; 318 + spin_lock(&AIO_I(inode)->migrate_lock); 319 + AIO_I(inode)->ctx = NULL; 373 320 ctx->aio_ring_file = NULL; 374 - spin_unlock(&i_mapping->i_private_lock); 321 + spin_unlock(&AIO_I(inode)->migrate_lock); 375 322 376 323 fput(aio_ring_file); 377 324 } ··· 461 408 struct folio *src, enum migrate_mode mode) 462 409 { 463 410 struct kioctx *ctx; 411 + struct aio_inode_info *ai = AIO_I(mapping->host); 464 412 unsigned long flags; 465 413 pgoff_t idx; 466 414 int rc = 0; 467 415 468 - /* mapping->i_private_lock here protects against the kioctx teardown. */ 469 - spin_lock(&mapping->i_private_lock); 470 - ctx = mapping->i_private_data; 416 + /* ai->migrate_lock here protects against the kioctx teardown. */ 417 + spin_lock(&ai->migrate_lock); 418 + ctx = ai->ctx; 471 419 if (!ctx) { 472 420 rc = -EINVAL; 473 421 goto out; ··· 521 467 out_unlock: 522 468 mutex_unlock(&ctx->ring_lock); 523 469 out: 524 - spin_unlock(&mapping->i_private_lock); 470 + spin_unlock(&ai->migrate_lock); 525 471 return rc; 526 472 } 527 473 #else