tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'for-linus-v3.8-rc6' of git://oss.sgi.com/xfs/xfs

Pull xfs bugfixes from Ben Myers:
"Here are fixes for returning EFSCORRUPTED on probe of a non-xfs
filesystem, the stack switch in xfs_bmapi_allocate, a crash in
_xfs_buf_find, speculative preallocation as the filesystem nears
ENOSPC, an unmount hang, a race with AIO, and a regression with
xfs_fsr:

- fix return value when filesystem probe finds no XFS magic, a
regression introduced in 9802182.

- fix stack switch in __xfs_bmapi_allocate by moving the check for
stack switch up into xfs_bmapi_write.

- fix oops in _xfs_buf_find by validating that the requested block is
within the filesystem bounds.

- limit speculative preallocation near ENOSPC.

- fix an unmount hang in xfs_wait_buftarg by freeing the
xfs_buf_log_item in xfs_buf_item_unlock.

- fix a possible use after free with AIO.

- fix xfs_swap_extents after removal of xfs_flushinval_pages, a
regression introduced in commit fb59581404a."

* tag 'for-linus-v3.8-rc6' of git://oss.sgi.com/xfs/xfs:
xfs: Fix xfs_swap_extents() after removal of xfs_flushinval_pages()
xfs: Fix possible use-after-free with AIO
xfs: fix shutdown hang on invalid inode during create
xfs: limit speculative prealloc near ENOSPC thresholds
xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end
xfs: pull up stack_switch check into xfs_bmapi_write
xfs: Do not return EFSCORRUPTED when filesystem probe finds no XFS magic

Linus Torvalds f96736e1 8e5d573a

+47 -9
+1 -1
fs/xfs/xfs_aops.c
··· 86 86 } 87 87 88 88 if (ioend->io_iocb) { 89 + inode_dio_done(ioend->io_inode); 89 90 if (ioend->io_isasync) { 90 91 aio_complete(ioend->io_iocb, ioend->io_error ? 91 92 ioend->io_error : ioend->io_result, 0); 92 93 } 93 - inode_dio_done(ioend->io_inode); 94 94 } 95 95 96 96 mempool_free(ioend, xfs_ioend_pool);
+3 -3
fs/xfs/xfs_bmap.c
··· 4680 4680 return error; 4681 4681 } 4682 4682 4683 - if (bma->flags & XFS_BMAPI_STACK_SWITCH) 4684 - bma->stack_switch = 1; 4685 - 4686 4683 error = xfs_bmap_alloc(bma); 4687 4684 if (error) 4688 4685 return error; ··· 4952 4955 bma.userdata = 0; 4953 4956 bma.flist = flist; 4954 4957 bma.firstblock = firstblock; 4958 + 4959 + if (flags & XFS_BMAPI_STACK_SWITCH) 4960 + bma.stack_switch = 1; 4955 4961 4956 4962 while (bno < end && n < *nmap) { 4957 4963 inhole = eof || bma.got.br_startoff > bno;
+20
fs/xfs/xfs_buf.c
··· 487 487 struct rb_node *parent; 488 488 xfs_buf_t *bp; 489 489 xfs_daddr_t blkno = map[0].bm_bn; 490 + xfs_daddr_t eofs; 490 491 int numblks = 0; 491 492 int i; 492 493 ··· 498 497 /* Check for IOs smaller than the sector size / not sector aligned */ 499 498 ASSERT(!(numbytes < (1 << btp->bt_sshift))); 500 499 ASSERT(!(BBTOB(blkno) & (xfs_off_t)btp->bt_smask)); 500 + 501 + /* 502 + * Corrupted block numbers can get through to here, unfortunately, so we 503 + * have to check that the buffer falls within the filesystem bounds. 504 + */ 505 + eofs = XFS_FSB_TO_BB(btp->bt_mount, btp->bt_mount->m_sb.sb_dblocks); 506 + if (blkno >= eofs) { 507 + /* 508 + * XXX (dgc): we should really be returning EFSCORRUPTED here, 509 + * but none of the higher level infrastructure supports 510 + * returning a specific error on buffer lookup failures. 511 + */ 512 + xfs_alert(btp->bt_mount, 513 + "%s: Block out of range: block 0x%llx, EOFS 0x%llx ", 514 + __func__, blkno, eofs); 515 + return NULL; 516 + } 501 517 502 518 /* get tree root */ 503 519 pag = xfs_perag_get(btp->bt_mount, ··· 1505 1487 while (!list_empty(&btp->bt_lru)) { 1506 1488 bp = list_first_entry(&btp->bt_lru, struct xfs_buf, b_lru); 1507 1489 if (atomic_read(&bp->b_hold) > 1) { 1490 + trace_xfs_buf_wait_buftarg(bp, _RET_IP_); 1491 + list_move_tail(&bp->b_lru, &btp->bt_lru); 1508 1492 spin_unlock(&btp->bt_lru_lock); 1509 1493 delay(100); 1510 1494 goto restart;
+10 -2
fs/xfs/xfs_buf_item.c
··· 652 652 653 653 /* 654 654 * If the buf item isn't tracking any data, free it, otherwise drop the 655 - * reference we hold to it. 655 + * reference we hold to it. If we are aborting the transaction, this may 656 + * be the only reference to the buf item, so we free it anyway 657 + * regardless of whether it is dirty or not. A dirty abort implies a 658 + * shutdown, anyway. 656 659 */ 657 660 clean = 1; 658 661 for (i = 0; i < bip->bli_format_count; i++) { ··· 667 664 } 668 665 if (clean) 669 666 xfs_buf_item_relse(bp); 670 - else 667 + else if (aborted) { 668 + if (atomic_dec_and_test(&bip->bli_refcount)) { 669 + ASSERT(XFS_FORCED_SHUTDOWN(lip->li_mountp)); 670 + xfs_buf_item_relse(bp); 671 + } 672 + } else 671 673 atomic_dec(&bip->bli_refcount); 672 674 673 675 if (!hold)
+2 -2
fs/xfs/xfs_dfrag.c
··· 246 246 goto out_unlock; 247 247 } 248 248 249 - error = -filemap_write_and_wait(VFS_I(ip)->i_mapping); 249 + error = -filemap_write_and_wait(VFS_I(tip)->i_mapping); 250 250 if (error) 251 251 goto out_unlock; 252 - truncate_pagecache_range(VFS_I(ip), 0, -1); 252 + truncate_pagecache_range(VFS_I(tip), 0, -1); 253 253 254 254 /* Verify O_DIRECT for ftmp */ 255 255 if (VN_CACHED(VFS_I(tip)) != 0) {
+9
fs/xfs/xfs_iomap.c
··· 351 351 } 352 352 if (shift) 353 353 alloc_blocks >>= shift; 354 + 355 + /* 356 + * If we are still trying to allocate more space than is 357 + * available, squash the prealloc hard. This can happen if we 358 + * have a large file on a small filesystem and the above 359 + * lowspace thresholds are smaller than MAXEXTLEN. 360 + */ 361 + while (alloc_blocks >= freesp) 362 + alloc_blocks >>= 4; 354 363 } 355 364 356 365 if (alloc_blocks < mp->m_writeio_blocks)
+1 -1
fs/xfs/xfs_mount.c
··· 658 658 return; 659 659 } 660 660 /* quietly fail */ 661 - xfs_buf_ioerror(bp, EFSCORRUPTED); 661 + xfs_buf_ioerror(bp, EWRONGFS); 662 662 } 663 663 664 664 static void
+1
fs/xfs/xfs_trace.h
··· 341 341 DEFINE_BUF_EVENT(xfs_buf_item_iodone); 342 342 DEFINE_BUF_EVENT(xfs_buf_item_iodone_async); 343 343 DEFINE_BUF_EVENT(xfs_buf_error_relse); 344 + DEFINE_BUF_EVENT(xfs_buf_wait_buftarg); 344 345 DEFINE_BUF_EVENT(xfs_trans_read_buf_io); 345 346 DEFINE_BUF_EVENT(xfs_trans_read_buf_shut); 346 347