From a6849fa1f7d7d7adbeb6a696beeabfa078acf173 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 20 Sep 2010 00:56:27 -0700 Subject: sysfs: Fail bin file mmap if vma close is implemented. It is not reasonably possible to wrap vma->close(). To correctly wrap close would imply calling close on any vmas that remain when sysfs_remove_bin_file is called. Finding the proper lists walking them getting the locking right etc, requires deep knowledge of the mm subsystem and as such would require assistence from the mm subsystem to implement. That assistence does not currently exist. Signed-off-by: Eric W. Biederman Signed-off-by: Greg Kroah-Hartman --- fs/sysfs/bin.c | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-) (limited to 'fs/sysfs') diff --git a/fs/sysfs/bin.c b/fs/sysfs/bin.c index 4e321f7353fa..d31d7b7d5426 100644 --- a/fs/sysfs/bin.c +++ b/fs/sysfs/bin.c @@ -190,23 +190,6 @@ static void bin_vma_open(struct vm_area_struct *vma) sysfs_put_active(attr_sd); } -static void bin_vma_close(struct vm_area_struct *vma) -{ - struct file *file = vma->vm_file; - struct bin_buffer *bb = file->private_data; - struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata; - - if (!bb->vm_ops || !bb->vm_ops->close) - return; - - if (!sysfs_get_active(attr_sd)) - return; - - bb->vm_ops->close(vma); - - sysfs_put_active(attr_sd); -} - static int bin_fault(struct vm_area_struct *vma, struct vm_fault *vmf) { struct file *file = vma->vm_file; @@ -331,7 +314,6 @@ static int bin_migrate(struct vm_area_struct *vma, const nodemask_t *from, static const struct vm_operations_struct bin_vm_ops = { .open = bin_vma_open, - .close = bin_vma_close, .fault = bin_fault, .page_mkwrite = bin_page_mkwrite, .access = bin_access, @@ -377,6 +359,14 @@ static int mmap(struct file *file, struct vm_area_struct *vma) if (bb->mmapped && bb->vm_ops != vma->vm_ops) goto out_put; + /* + * It is not possible to successfully wrap close. + * So error if someone is trying to use close. + */ + rc = -EINVAL; + if (vma->vm_ops && vma->vm_ops->close) + goto out_put; + rc = 0; bb->mmapped = 1; bb->vm_ops = vma->vm_ops; -- cgit v1.2.3 From 38f49a5132f24d29236820eb5c7dd956e47f94a3 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 20 Sep 2010 00:57:03 -0700 Subject: sysfs: only access bin file vm_ops with the active lock bb->vm_ops is a cached copy of the vm_ops of the underlying sysfs bin file, which means that after sysfs_bin_remove_file completes it is only longer valid to deference bb->vm_ops. So move all of the tests of bb->vm_ops inside of where we hold the sysfs active lock. Signed-off-by: Eric W. Biederman Signed-off-by: Greg Kroah-Hartman --- fs/sysfs/bin.c | 42 ++++++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 16 deletions(-) (limited to 'fs/sysfs') diff --git a/fs/sysfs/bin.c b/fs/sysfs/bin.c index d31d7b7d5426..a4759833d62d 100644 --- a/fs/sysfs/bin.c +++ b/fs/sysfs/bin.c @@ -179,13 +179,14 @@ static void bin_vma_open(struct vm_area_struct *vma) struct bin_buffer *bb = file->private_data; struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata; - if (!bb->vm_ops || !bb->vm_ops->open) + if (!bb->vm_ops) return; if (!sysfs_get_active(attr_sd)) return; - bb->vm_ops->open(vma); + if (bb->vm_ops->open) + bb->vm_ops->open(vma); sysfs_put_active(attr_sd); } @@ -197,13 +198,15 @@ static int bin_fault(struct vm_area_struct *vma, struct vm_fault *vmf) struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata; int ret; - if (!bb->vm_ops || !bb->vm_ops->fault) + if (!bb->vm_ops) return VM_FAULT_SIGBUS; if (!sysfs_get_active(attr_sd)) return VM_FAULT_SIGBUS; - ret = bb->vm_ops->fault(vma, vmf); + ret = VM_FAULT_SIGBUS; + if (bb->vm_ops->fault) + ret = bb->vm_ops->fault(vma, vmf); sysfs_put_active(attr_sd); return ret; @@ -219,13 +222,12 @@ static int bin_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf) if (!bb->vm_ops) return VM_FAULT_SIGBUS; - if (!bb->vm_ops->page_mkwrite) - return 0; - if (!sysfs_get_active(attr_sd)) return VM_FAULT_SIGBUS; - ret = bb->vm_ops->page_mkwrite(vma, vmf); + ret = 0; + if (bb->vm_ops->page_mkwrite) + ret = bb->vm_ops->page_mkwrite(vma, vmf); sysfs_put_active(attr_sd); return ret; @@ -239,13 +241,15 @@ static int bin_access(struct vm_area_struct *vma, unsigned long addr, struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata; int ret; - if (!bb->vm_ops || !bb->vm_ops->access) + if (!bb->vm_ops) return -EINVAL; if (!sysfs_get_active(attr_sd)) return -EINVAL; - ret = bb->vm_ops->access(vma, addr, buf, len, write); + ret = -EINVAL; + if (bb->vm_ops->access) + ret = bb->vm_ops->access(vma, addr, buf, len, write); sysfs_put_active(attr_sd); return ret; @@ -259,13 +263,15 @@ static int bin_set_policy(struct vm_area_struct *vma, struct mempolicy *new) struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata; int ret; - if (!bb->vm_ops || !bb->vm_ops->set_policy) + if (!bb->vm_ops) return 0; if (!sysfs_get_active(attr_sd)) return -EINVAL; - ret = bb->vm_ops->set_policy(vma, new); + ret = 0; + if (bb->vm_ops->set_policy) + ret = bb->vm_ops->set_policy(vma, new); sysfs_put_active(attr_sd); return ret; @@ -279,13 +285,15 @@ static struct mempolicy *bin_get_policy(struct vm_area_struct *vma, struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata; struct mempolicy *pol; - if (!bb->vm_ops || !bb->vm_ops->get_policy) + if (!bb->vm_ops) return vma->vm_policy; if (!sysfs_get_active(attr_sd)) return vma->vm_policy; - pol = bb->vm_ops->get_policy(vma, addr); + pol = vma->vm_policy; + if (bb->vm_ops->get_policy) + pol = bb->vm_ops->get_policy(vma, addr); sysfs_put_active(attr_sd); return pol; @@ -299,13 +307,15 @@ static int bin_migrate(struct vm_area_struct *vma, const nodemask_t *from, struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata; int ret; - if (!bb->vm_ops || !bb->vm_ops->migrate) + if (!bb->vm_ops) return 0; if (!sysfs_get_active(attr_sd)) return 0; - ret = bb->vm_ops->migrate(vma, from, to, flags); + ret = 0; + if (bb->vm_ops->migrate) + ret = bb->vm_ops->migrate(vma, from, to, flags); sysfs_put_active(attr_sd); return ret; -- cgit v1.2.3