Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'for-linus-20160304' of git://git.infradead.org/linux-mtd

Pull jffs2 fixes from David Woodhouse:
"This contains two important JFFS2 fixes marked for stable:

- a lock ordering problem between the page lock and the internal
f->sem mutex, which was causing occasional deadlocks in garbage
collection

- a scan failure causing moved directories to sometimes end up
appearing to have hard links.

There are also a couple of trivial MAINTAINERS file updates"

* tag 'for-linus-20160304' of git://git.infradead.org/linux-mtd:
MAINTAINERS: add maintainer entry for FREESCALE GPMI NAND driver
Fix directory hardlinks from deleted directories
jffs2: Fix page lock / f->sem deadlock
Revert "jffs2: Fix lock acquisition order bug in jffs2_write_begin"
MAINTAINERS: update Han's email

+99 -53
+7 -1
MAINTAINERS
··· 4518 4518 S: Maintained 4519 4519 F: drivers/dma/fsldma.* 4520 4520 4521 + FREESCALE GPMI NAND DRIVER 4522 + M: Han Xu <han.xu@nxp.com> 4523 + L: linux-mtd@lists.infradead.org 4524 + S: Maintained 4525 + F: drivers/mtd/nand/gpmi-nand/* 4526 + 4521 4527 FREESCALE I2C CPM DRIVER 4522 4528 M: Jochen Friedrich <jochen@scram.de> 4523 4529 L: linuxppc-dev@lists.ozlabs.org ··· 4540 4534 F: drivers/video/fbdev/imxfb.c 4541 4535 4542 4536 FREESCALE QUAD SPI DRIVER 4543 - M: Han Xu <han.xu@freescale.com> 4537 + M: Han Xu <han.xu@nxp.com> 4544 4538 L: linux-mtd@lists.infradead.org 4545 4539 S: Maintained 4546 4540 F: drivers/mtd/spi-nor/fsl-quadspi.c
+1 -4
fs/jffs2/README.Locking
··· 2 2 JFFS2 LOCKING DOCUMENTATION 3 3 --------------------------- 4 4 5 - At least theoretically, JFFS2 does not require the Big Kernel Lock 6 - (BKL), which was always helpfully obtained for it by Linux 2.4 VFS 7 - code. It has its own locking, as described below. 8 - 9 5 This document attempts to describe the existing locking rules for 10 6 JFFS2. It is not expected to remain perfectly up to date, but ought to 11 7 be fairly close. ··· 65 69 any f->sem held. 66 70 2. Never attempt to lock two file mutexes in one thread. 67 71 No ordering rules have been made for doing so. 72 + 3. Never lock a page cache page with f->sem held. 68 73 69 74 70 75 erase_completion_lock spinlock
+57 -18
fs/jffs2/build.c
··· 50 50 51 51 52 52 static void jffs2_build_inode_pass1(struct jffs2_sb_info *c, 53 - struct jffs2_inode_cache *ic) 53 + struct jffs2_inode_cache *ic, 54 + int *dir_hardlinks) 54 55 { 55 56 struct jffs2_full_dirent *fd; 56 57 ··· 70 69 dbg_fsbuild("child \"%s\" (ino #%u) of dir ino #%u doesn't exist!\n", 71 70 fd->name, fd->ino, ic->ino); 72 71 jffs2_mark_node_obsolete(c, fd->raw); 72 + /* Clear the ic/raw union so it doesn't cause problems later. */ 73 + fd->ic = NULL; 73 74 continue; 74 75 } 75 76 77 + /* From this point, fd->raw is no longer used so we can set fd->ic */ 78 + fd->ic = child_ic; 79 + child_ic->pino_nlink++; 80 + /* If we appear (at this stage) to have hard-linked directories, 81 + * set a flag to trigger a scan later */ 76 82 if (fd->type == DT_DIR) { 77 - if (child_ic->pino_nlink) { 78 - JFFS2_ERROR("child dir \"%s\" (ino #%u) of dir ino #%u appears to be a hard link\n", 79 - fd->name, fd->ino, ic->ino); 80 - /* TODO: What do we do about it? */ 81 - } else { 82 - child_ic->pino_nlink = ic->ino; 83 - } 84 - } else 85 - child_ic->pino_nlink++; 83 + child_ic->flags |= INO_FLAGS_IS_DIR; 84 + if (child_ic->pino_nlink > 1) 85 + *dir_hardlinks = 1; 86 + } 86 87 87 88 dbg_fsbuild("increased nlink for child \"%s\" (ino #%u)\n", fd->name, fd->ino); 88 89 /* Can't free scan_dents so far. We might need them in pass 2 */ ··· 98 95 */ 99 96 static int jffs2_build_filesystem(struct jffs2_sb_info *c) 100 97 { 101 - int ret; 102 - int i; 98 + int ret, i, dir_hardlinks = 0; 103 99 struct jffs2_inode_cache *ic; 104 100 struct jffs2_full_dirent *fd; 105 101 struct jffs2_full_dirent *dead_fds = NULL; ··· 122 120 /* Now scan the directory tree, increasing nlink according to every dirent found. */ 123 121 for_each_inode(i, c, ic) { 124 122 if (ic->scan_dents) { 125 - jffs2_build_inode_pass1(c, ic); 123 + jffs2_build_inode_pass1(c, ic, &dir_hardlinks); 126 124 cond_resched(); 127 125 } 128 126 } ··· 158 156 } 159 157 160 158 dbg_fsbuild("pass 2a complete\n"); 159 + 160 + if (dir_hardlinks) { 161 + /* If we detected directory hardlinks earlier, *hopefully* 162 + * they are gone now because some of the links were from 163 + * dead directories which still had some old dirents lying 164 + * around and not yet garbage-collected, but which have 165 + * been discarded above. So clear the pino_nlink field 166 + * in each directory, so that the final scan below can 167 + * print appropriate warnings. */ 168 + for_each_inode(i, c, ic) { 169 + if (ic->flags & INO_FLAGS_IS_DIR) 170 + ic->pino_nlink = 0; 171 + } 172 + } 161 173 dbg_fsbuild("freeing temporary data structures\n"); 162 174 163 175 /* Finally, we can scan again and free the dirent structs */ ··· 179 163 while(ic->scan_dents) { 180 164 fd = ic->scan_dents; 181 165 ic->scan_dents = fd->next; 166 + /* We do use the pino_nlink field to count nlink of 167 + * directories during fs build, so set it to the 168 + * parent ino# now. Now that there's hopefully only 169 + * one. */ 170 + if (fd->type == DT_DIR) { 171 + if (!fd->ic) { 172 + /* We'll have complained about it and marked the coresponding 173 + raw node obsolete already. Just skip it. */ 174 + continue; 175 + } 176 + 177 + /* We *have* to have set this in jffs2_build_inode_pass1() */ 178 + BUG_ON(!(fd->ic->flags & INO_FLAGS_IS_DIR)); 179 + 180 + /* We clear ic->pino_nlink ∀ directories' ic *only* if dir_hardlinks 181 + * is set. Otherwise, we know this should never trigger anyway, so 182 + * we don't do the check. And ic->pino_nlink still contains the nlink 183 + * value (which is 1). */ 184 + if (dir_hardlinks && fd->ic->pino_nlink) { 185 + JFFS2_ERROR("child dir \"%s\" (ino #%u) of dir ino #%u is also hard linked from dir ino #%u\n", 186 + fd->name, fd->ino, ic->ino, fd->ic->pino_nlink); 187 + /* Should we unlink it from its previous parent? */ 188 + } 189 + 190 + /* For directories, ic->pino_nlink holds that parent inode # */ 191 + fd->ic->pino_nlink = ic->ino; 192 + } 182 193 jffs2_free_full_dirent(fd); 183 194 } 184 195 ic->scan_dents = NULL; ··· 284 241 285 242 /* Reduce nlink of the child. If it's now zero, stick it on the 286 243 dead_fds list to be cleaned up later. Else just free the fd */ 287 - 288 - if (fd->type == DT_DIR) 289 - child_ic->pino_nlink = 0; 290 - else 291 - child_ic->pino_nlink--; 244 + child_ic->pino_nlink--; 292 245 293 246 if (!child_ic->pino_nlink) { 294 247 dbg_fsbuild("inode #%u (\"%s\") now has no links; adding to dead_fds list.\n",
+19 -22
fs/jffs2/file.c
··· 137 137 struct page *pg; 138 138 struct inode *inode = mapping->host; 139 139 struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode); 140 - struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb); 141 - struct jffs2_raw_inode ri; 142 - uint32_t alloc_len = 0; 143 140 pgoff_t index = pos >> PAGE_CACHE_SHIFT; 144 141 uint32_t pageofs = index << PAGE_CACHE_SHIFT; 145 142 int ret = 0; 146 143 144 + pg = grab_cache_page_write_begin(mapping, index, flags); 145 + if (!pg) 146 + return -ENOMEM; 147 + *pagep = pg; 148 + 147 149 jffs2_dbg(1, "%s()\n", __func__); 148 150 149 151 if (pageofs > inode->i_size) { 150 - ret = jffs2_reserve_space(c, sizeof(ri), &alloc_len, 151 - ALLOC_NORMAL, JFFS2_SUMMARY_INODE_SIZE); 152 - if (ret) 153 - return ret; 154 - } 155 - 156 - mutex_lock(&f->sem); 157 - pg = grab_cache_page_write_begin(mapping, index, flags); 158 - if (!pg) { 159 - if (alloc_len) 160 - jffs2_complete_reservation(c); 161 - mutex_unlock(&f->sem); 162 - return -ENOMEM; 163 - } 164 - *pagep = pg; 165 - 166 - if (alloc_len) { 167 152 /* Make new hole frag from old EOF to new page */ 153 + struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb); 154 + struct jffs2_raw_inode ri; 168 155 struct jffs2_full_dnode *fn; 156 + uint32_t alloc_len; 169 157 170 158 jffs2_dbg(1, "Writing new hole frag 0x%x-0x%x between current EOF and new page\n", 171 159 (unsigned int)inode->i_size, pageofs); 172 160 161 + ret = jffs2_reserve_space(c, sizeof(ri), &alloc_len, 162 + ALLOC_NORMAL, JFFS2_SUMMARY_INODE_SIZE); 163 + if (ret) 164 + goto out_page; 165 + 166 + mutex_lock(&f->sem); 173 167 memset(&ri, 0, sizeof(ri)); 174 168 175 169 ri.magic = cpu_to_je16(JFFS2_MAGIC_BITMASK); ··· 190 196 if (IS_ERR(fn)) { 191 197 ret = PTR_ERR(fn); 192 198 jffs2_complete_reservation(c); 199 + mutex_unlock(&f->sem); 193 200 goto out_page; 194 201 } 195 202 ret = jffs2_add_full_dnode_to_inode(c, f, fn); ··· 205 210 jffs2_mark_node_obsolete(c, fn->raw); 206 211 jffs2_free_full_dnode(fn); 207 212 jffs2_complete_reservation(c); 213 + mutex_unlock(&f->sem); 208 214 goto out_page; 209 215 } 210 216 jffs2_complete_reservation(c); 211 217 inode->i_size = pageofs; 218 + mutex_unlock(&f->sem); 212 219 } 213 220 214 221 /* ··· 219 222 * case of a short-copy. 220 223 */ 221 224 if (!PageUptodate(pg)) { 225 + mutex_lock(&f->sem); 222 226 ret = jffs2_do_readpage_nolock(inode, pg); 227 + mutex_unlock(&f->sem); 223 228 if (ret) 224 229 goto out_page; 225 230 } 226 - mutex_unlock(&f->sem); 227 231 jffs2_dbg(1, "end write_begin(). pg->flags %lx\n", pg->flags); 228 232 return ret; 229 233 230 234 out_page: 231 235 unlock_page(pg); 232 236 page_cache_release(pg); 233 - mutex_unlock(&f->sem); 234 237 return ret; 235 238 } 236 239
+10 -7
fs/jffs2/gc.c
··· 1296 1296 BUG_ON(start > orig_start); 1297 1297 } 1298 1298 1299 - /* First, use readpage() to read the appropriate page into the page cache */ 1300 - /* Q: What happens if we actually try to GC the _same_ page for which commit_write() 1301 - * triggered garbage collection in the first place? 1302 - * A: I _think_ it's OK. read_cache_page shouldn't deadlock, we'll write out the 1303 - * page OK. We'll actually write it out again in commit_write, which is a little 1304 - * suboptimal, but at least we're correct. 1305 - */ 1299 + /* The rules state that we must obtain the page lock *before* f->sem, so 1300 + * drop f->sem temporarily. Since we also hold c->alloc_sem, nothing's 1301 + * actually going to *change* so we're safe; we only allow reading. 1302 + * 1303 + * It is important to note that jffs2_write_begin() will ensure that its 1304 + * page is marked Uptodate before allocating space. That means that if we 1305 + * end up here trying to GC the *same* page that jffs2_write_begin() is 1306 + * trying to write out, read_cache_page() will not deadlock. */ 1307 + mutex_unlock(&f->sem); 1306 1308 pg_ptr = jffs2_gc_fetch_page(c, f, start, &pg); 1309 + mutex_lock(&f->sem); 1307 1310 1308 1311 if (IS_ERR(pg_ptr)) { 1309 1312 pr_warn("read_cache_page() returned error: %ld\n",
+5 -1
fs/jffs2/nodelist.h
··· 194 194 #define INO_STATE_CLEARING 6 /* In clear_inode() */ 195 195 196 196 #define INO_FLAGS_XATTR_CHECKED 0x01 /* has no duplicate xattr_ref */ 197 + #define INO_FLAGS_IS_DIR 0x02 /* is a directory */ 197 198 198 199 #define RAWNODE_CLASS_INODE_CACHE 0 199 200 #define RAWNODE_CLASS_XATTR_DATUM 1 ··· 250 249 251 250 struct jffs2_full_dirent 252 251 { 253 - struct jffs2_raw_node_ref *raw; 252 + union { 253 + struct jffs2_raw_node_ref *raw; 254 + struct jffs2_inode_cache *ic; /* Just during part of build */ 255 + }; 254 256 struct jffs2_full_dirent *next; 255 257 uint32_t version; 256 258 uint32_t ino; /* == zero for unlink */