1. 24 Sep, 2008 6 commits
    • Julia Lawall's avatar
      9p: introduce missing kfree · 62067824
      Julia Lawall authored
      Error handling code following a kmalloc should free the allocated data.
      
      The semantic match that finds the problem is as follows:
      (http://www.emn.fr/x-info/coccinelle/)
      
      // <smpl>
      @r exists@
      local idexpression x;
      statement S;
      expression E;
      identifier f,l;
      position p1,p2;
      expression *ptr != NULL;
      @@
      
      (
      if ((x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...)) == NULL) S
      |
      x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...);
      ...
      if (x == NULL) S
      )
      <... when != x
           when != if (...) { <+...x...+> }
      x->f = E
      ...>
      (
       return \(0\|<+...x...+>\|ptr\);
      |
       return@p2 ...;
      )
      
      @script:python@
      p1 << r.p1;
      p2 << r.p2;
      @@
      
      print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line)
      // </smpl>
      Signed-off-by: default avatarJulia Lawall <julia@diku.dk>
      Signed-off-by: default avatarEric Van Hensbergen <ericvh@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      62067824
    • Tejun Heo's avatar
      9p-trans_fd: fix and clean up module init/exit paths · 206ca50d
      Tejun Heo authored
      trans_fd leaked p9_mux_wq on module unload.  Fix it.  While at it,
      collapse p9_mux_global_init() into p9_trans_fd_init().  It's easier to
      follow this way and the global poll_tasks array is about to removed
      anyway.
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Signed-off-by: default avatarEric Van Hensbergen <ericvh@gmail.com>
      206ca50d
    • Tejun Heo's avatar
      9p-trans_fd: don't do fs segment mangling in p9_fd_poll() · ec3c68f2
      Tejun Heo authored
      p9_fd_poll() is never called with user pointers and f_op->poll()
      doesn't expect its arguments to be from userland.  There's no need to
      set kernel ds before calling f_op->poll() from p9_fd_poll().  Remove
      it.
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Signed-off-by: default avatarEric Van Hensbergen <ericvh@gmail.com>
      ec3c68f2
    • Tejun Heo's avatar
      9p-trans_fd: clean up p9_conn_create() · 571ffeaf
      Tejun Heo authored
      * Use kzalloc() to allocate p9_conn and remove 0/NULL initializations.
      
      * Clean up error return paths.
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Signed-off-by: default avatarEric Van Hensbergen <ericvh@gmail.com>
      571ffeaf
    • Tejun Heo's avatar
      9p-trans_fd: fix trans_fd::p9_conn_destroy() · 7dc5d24b
      Tejun Heo authored
      p9_conn_destroy() first kills all current requests by calling
      p9_conn_cancel(), then waits for the request list to be cleared by
      waiting on p9_conn->equeue.  After that, polling is stopped and the
      trans is destroyed.  This sequence has a few problems.
      
      * Read and write works were never cancelled and the p9_conn can be
        destroyed while the works are running as r/w works remove requests
        from the list and dereference the p9_conn from them.
      
      * The list emptiness wait using p9_conn->equeue wouldn't trigger
        because p9_conn_cancel() always clears all the lists and the only
        way the wait can be triggered is to have another task to issue a
        request between the slim window between p9_conn_cancel() and the
        wait, which isn't safe under the current implementation with or
        without the wait.
      
      This patch fixes the problem by first stopping poll, which can
      schedule r/w works, first and cancle r/w works which guarantees that
      r/w works are not and will not run from that point and then calling
      p9_conn_cancel() and do the rest of destruction.
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Signed-off-by: default avatarEric Van Hensbergen <ericvh@gmail.com>
      7dc5d24b
    • Tejun Heo's avatar
      9p: implement proper trans module refcounting and unregistration · 72029fe8
      Tejun Heo authored
      9p trans modules aren't refcounted nor were they unregistered
      properly.  Fix it.
      
      * Add 9p_trans_module->owner and reference the module on each trans
        instance creation and put it on destruction.
      
      * Protect v9fs_trans_list with a spinlock.  This isn't strictly
        necessary as the list is manipulated only during module loading /
        unloading but it's a good idea to make the API safe.
      
      * Unregister trans modules when the corresponding module is being
        unloaded.
      
      * While at it, kill unnecessary EXPORT_SYMBOL on p9_trans_fd_init().
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Signed-off-by: default avatarEric Van Hensbergen <ericvh@gmail.com>
      72029fe8
  2. 21 Sep, 2008 11 commits
  3. 20 Sep, 2008 10 commits
  4. 19 Sep, 2008 13 commits