From: Jan Harkes <jaharkes@cs.cmu.edu>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Jan Harkes <jaharkes@cs.cmu.edu>,
linux-fsdevel@vger.kernel.org, stable@vger.kernel.org
Subject: [PATCH 01/22] coda: pass the host file in vma->vm_file on mmap
Date: Fri, 17 May 2019 14:36:39 -0400 [thread overview]
Message-ID: <0e850c6e59c0b147dc2dcd51a3af004c948c3697.1558117389.git.jaharkes@cs.cmu.edu> (raw)
In-Reply-To: <cover.1558117389.git.jaharkes@cs.cmu.edu>
Various file systems expect that vma->vm_file points at their own file
handle, several use file_inode(vma->vm_file) to get at their inode or
use vma->vm_file->private_data. However the way Coda wrapped mmap on a
host file broke this assumption, vm_file was still pointing at the Coda
file and the host file systems would scribble over Coda's inode and
private file data.
This patch fixes the incorrect expectation and wraps vm_ops->open and
vm_ops->close to allow Coda to track when the vm_area_struct is
destroyed so we still release the reference on the Coda file handle at
the right time.
Cc: stable@vger.kernel.org
Signed-off-by: Jan Harkes <jaharkes@cs.cmu.edu>
---
fs/coda/file.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 68 insertions(+), 2 deletions(-)
diff --git a/fs/coda/file.c b/fs/coda/file.c
index 1cbc1f2298ee..43d371551d2b 100644
--- a/fs/coda/file.c
+++ b/fs/coda/file.c
@@ -27,6 +27,13 @@
#include "coda_linux.h"
#include "coda_int.h"
+struct coda_vm_ops {
+ atomic_t refcnt;
+ struct file *coda_file;
+ const struct vm_operations_struct *host_vm_ops;
+ struct vm_operations_struct vm_ops;
+};
+
static ssize_t
coda_file_read_iter(struct kiocb *iocb, struct iov_iter *to)
{
@@ -61,6 +68,34 @@ coda_file_write_iter(struct kiocb *iocb, struct iov_iter *to)
return ret;
}
+static void
+coda_vm_open(struct vm_area_struct *vma)
+{
+ struct coda_vm_ops *cvm_ops =
+ container_of(vma->vm_ops, struct coda_vm_ops, vm_ops);
+
+ atomic_inc(&cvm_ops->refcnt);
+
+ if (cvm_ops->host_vm_ops && cvm_ops->host_vm_ops->open)
+ cvm_ops->host_vm_ops->open(vma);
+}
+
+static void
+coda_vm_close(struct vm_area_struct *vma)
+{
+ struct coda_vm_ops *cvm_ops =
+ container_of(vma->vm_ops, struct coda_vm_ops, vm_ops);
+
+ if (cvm_ops->host_vm_ops && cvm_ops->host_vm_ops->close)
+ cvm_ops->host_vm_ops->close(vma);
+
+ if (atomic_dec_and_test(&cvm_ops->refcnt)) {
+ vma->vm_ops = cvm_ops->host_vm_ops;
+ fput(cvm_ops->coda_file);
+ kfree(cvm_ops);
+ }
+}
+
static int
coda_file_mmap(struct file *coda_file, struct vm_area_struct *vma)
{
@@ -68,6 +103,8 @@ coda_file_mmap(struct file *coda_file, struct vm_area_struct *vma)
struct coda_inode_info *cii;
struct file *host_file;
struct inode *coda_inode, *host_inode;
+ struct coda_vm_ops *cvm_ops;
+ int ret;
cfi = CODA_FTOC(coda_file);
BUG_ON(!cfi || cfi->cfi_magic != CODA_MAGIC);
@@ -76,6 +113,13 @@ coda_file_mmap(struct file *coda_file, struct vm_area_struct *vma)
if (!host_file->f_op->mmap)
return -ENODEV;
+ if (WARN_ON(coda_file != vma->vm_file))
+ return -EIO;
+
+ cvm_ops = kmalloc(sizeof(struct coda_vm_ops), GFP_KERNEL);
+ if (!cvm_ops)
+ return -ENOMEM;
+
coda_inode = file_inode(coda_file);
host_inode = file_inode(host_file);
@@ -89,6 +133,7 @@ coda_file_mmap(struct file *coda_file, struct vm_area_struct *vma)
* the container file on us! */
else if (coda_inode->i_mapping != host_inode->i_mapping) {
spin_unlock(&cii->c_lock);
+ kfree(cvm_ops);
return -EBUSY;
}
@@ -97,7 +142,29 @@ coda_file_mmap(struct file *coda_file, struct vm_area_struct *vma)
cfi->cfi_mapcount++;
spin_unlock(&cii->c_lock);
- return call_mmap(host_file, vma);
+ vma->vm_file = get_file(host_file);
+ ret = call_mmap(vma->vm_file, vma);
+
+ if (ret) {
+ /* if call_mmap fails, our caller will put coda_file so we
+ * should drop the reference to the host_file that we got.
+ */
+ fput(host_file);
+ kfree(cvm_ops);
+ } else {
+ /* here we add redirects for the open/close vm_operations */
+ cvm_ops->host_vm_ops = vma->vm_ops;
+ if (vma->vm_ops)
+ cvm_ops->vm_ops = *vma->vm_ops;
+
+ cvm_ops->vm_ops.open = coda_vm_open;
+ cvm_ops->vm_ops.close = coda_vm_close;
+ cvm_ops->coda_file = coda_file;
+ atomic_set(&cvm_ops->refcnt, 1);
+
+ vma->vm_ops = &cvm_ops->vm_ops;
+ }
+ return ret;
}
int coda_open(struct inode *coda_inode, struct file *coda_file)
@@ -207,4 +274,3 @@ const struct file_operations coda_file_operations = {
.fsync = coda_fsync,
.splice_read = generic_file_splice_read,
};
-
--
2.20.1
next prev parent reply other threads:[~2019-05-17 18:37 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-17 18:36 [PATCH 00/22] Coda updates Jan Harkes
2019-05-17 18:36 ` Jan Harkes [this message]
[not found] ` <20190518122241.D867120B7C@mail.kernel.org>
2019-05-18 13:18 ` [PATCH 01/22] coda: pass the host file in vma->vm_file on mmap Jan Harkes
2019-05-17 18:36 ` [PATCH 02/22] uapi linux/coda.h: use __kernel_pid_t for userspace Jan Harkes
2019-05-17 18:36 ` [PATCH 03/22] uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers Jan Harkes
2019-05-17 18:36 ` [PATCH 04/22] coda: add error handling for fget Jan Harkes
2019-05-17 18:36 ` [PATCH 05/22] coda: potential buffer overflow in coda_psdev_write() Jan Harkes
2019-05-17 18:36 ` [PATCH 06/22] coda: Fix build using bare-metal toolchain Jan Harkes
2019-05-17 18:36 ` [PATCH 07/22] coda: don't try to print names that were considered too long Jan Harkes
2019-05-17 18:36 ` [PATCH 08/22] uapi linux/coda_psdev.h: Move CODA_REQ_ from uapi to kernel side headers Jan Harkes
2019-05-17 18:36 ` [PATCH 09/22] coda: clean up indentation, replace spaces with tab Jan Harkes
2019-05-17 18:36 ` [PATCH 10/22] coda: stop using 'struct timespec' in user API Jan Harkes
2019-05-17 18:36 ` [PATCH 11/22] coda: change Coda's user api to use 64-bit time_t in timespec Jan Harkes
2019-05-17 18:36 ` [PATCH 12/22] coda: get rid of CODA_ALLOC() Jan Harkes
2019-05-17 18:36 ` [PATCH 13/22] coda: get rid of CODA_FREE() Jan Harkes
2019-05-17 18:36 ` [PATCH 14/22] coda: bump module version Jan Harkes
2019-05-17 18:36 ` [PATCH 15/22] coda: Move internal defs out of include/linux/ [ver #2] Jan Harkes
2019-05-17 18:36 ` [PATCH 16/22] coda: remove uapi/linux/coda_psdev.h Jan Harkes
2019-05-17 23:29 ` Andrew Morton
2019-05-17 23:49 ` Andrew Morton
2019-05-17 23:51 ` Jan Harkes
2019-05-17 18:36 ` [PATCH 17/22] coda: destroy mutex in put_super() Jan Harkes
2019-05-17 18:36 ` [PATCH 18/22] coda: use SIZE() for stat Jan Harkes
2019-05-17 18:36 ` [PATCH 19/22] coda: add __init to init_coda_psdev() Jan Harkes
2019-05-17 18:36 ` [PATCH 20/22] coda: remove sysctl object from module when unused Jan Harkes
2019-05-17 18:36 ` [PATCH 21/22] coda: remove sb test in coda_fid_to_inode() Jan Harkes
2019-05-17 18:37 ` [PATCH 22/22] coda: ftoc validity check integration Jan Harkes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0e850c6e59c0b147dc2dcd51a3af004c948c3697.1558117389.git.jaharkes@cs.cmu.edu \
--to=jaharkes@cs.cmu.edu \
--cc=akpm@linux-foundation.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).