免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
楼主: sisi8408

Kernel Bug-Vulnerability-Comment library [复制链接]

论坛徽章:
0
发表于 2007-08-24 13:26 |显示全部楼层
确如思一克大侠所言,得以解惑,鲜花和致敬奉上,还有¥6。


  1. /*
  2. * linux-2.6.20.7/fs/dcache.c
  3. */
  4. static void dentry_iput(struct dentry * dentry)
  5. {
  6.         struct inode * inode = dentry->d_inode;
  7.        
  8.         if (inode) {
  9.                 dentry->d_inode = NULL;
  10.                 list_del_init(&dentry->d_alias);
  11.                 spin_unlock(&dentry->d_lock);
  12.                 spin_unlock(&dcache_lock);

  13.                 if (!inode->i_nlink)
  14.                         fsnotify_inoderemove(inode);
  15.                
  16.                 if (dentry->d_op && dentry->d_op->d_iput)
  17.                         dentry->d_op->d_iput(dentry, inode);
  18.                 else
  19.                         iput(inode);
  20.         } else {
  21.                 spin_unlock(&dentry->d_lock);
  22.                 spin_unlock(&dcache_lock);
  23.         }
  24. }
复制代码

[ 本帖最后由 sisi8408 于 2007-8-27 16:22 编辑 ]

论坛徽章:
0
发表于 2007-08-25 07:04 |显示全部楼层
偶也来贴一个

2.6.22

int tcp_set_allowed_congestion_control(char *val)
{
    struct tcp_congestion_ops *ca;
    char *clone, *name;
    int ret = 0;

    clone = kstrdup(val, GFP_USER);
    if (!clone)
        return -ENOMEM;

    spin_lock(&tcp_cong_list_lock);
    /* pass 1 check for bad entries */
    while ((name = strsep(&clone, " ")) && *name) {
        ca = tcp_ca_find(name);
        if (!ca) {
            ret = -ENOENT;
            goto out;
        }
    }

    /* pass 2 clear old values */
    list_for_each_entry_rcu(ca, &tcp_cong_list, list)
        ca->flags &= ~TCP_CONG_NON_RESTRICTED;

    /* pass 3 mark as allowed */
    while ((name = strsep(&val, " ")) && *name) {
        ca = tcp_ca_find(name);
        WARN_ON(!ca);
        if (ca)
            ca->flags |= TCP_CONG_NON_RESTRICTED;
    }
out:
    spin_unlock(&tcp_cong_list_lock);

    return ret;
}


[ 本帖最后由 daemeon 于 2007-8-25 16:21 编辑 ]

论坛徽章:
0
发表于 2007-08-25 13:50 |显示全部楼层

回复 #42 daemeon 的帖子

鲜花奉上,还有¥1。

另外,劳烦daemeon大哥注明kernel版本,方便大家查询比对。

clone not released?

[ 本帖最后由 sisi8408 于 2007-8-25 14:07 编辑 ]

论坛徽章:
0
发表于 2007-08-25 19:58 |显示全部楼层

回复 #42 daemeon 的帖子


  1. int tcp_set_allowed_congestion_control(char *val)
  2. {
  3.      .............

  4. out:
  5.     spin_unlock(&tcp_cong_list_lock);
  6.     if (clone)
  7.             kfree(clone);
  8.     return ret;
  9. }

  10. /*
  11. * based upon linux/2.6.20.7/mm/utils.c
  12. */
  13. char * kstrdup(const char *s, gfp_t gfp)
  14. {
  15.         size_t len;
  16.         char *buf;

  17.         if (!s)
  18.                 return NULL;

  19.         len = strlen(s) + 1;
  20.         buf = kmalloc_track_caller(len, gfp);
  21.         if (buf)
  22.                 memcpy(buf, s, len);
  23.         return buf;
  24. }
复制代码

论坛徽章:
0
发表于 2007-08-25 20:48 |显示全部楼层

回复 #44 sisi8408 的帖子

the variable 'clone' is modified by strsep. we need another variable to save original value.

论坛徽章:
0
发表于 2007-08-26 08:42 |显示全部楼层
try again


  1. int tcp_set_allowed_congestion_control(char *val)
  2. {
  3.     struct tcp_congestion_ops *ca;
  4.     char *clone, *name;
  5. +    char *org;
  6.     int ret = 0;

  7.     clone = kstrdup(val, GFP_USER);
  8.     if (!clone)
  9.         return -ENOMEM;
  10. +  org = clone;
  11.     spin_lock(&tcp_cong_list_lock);
  12.     /* pass 1 check for bad entries */
  13.     while ((name = strsep(&clone, " ")) && *name) {
  14.         ca = tcp_ca_find(name);
  15.         if (!ca) {
  16.             ret = -ENOENT;
  17.             goto out;
  18.         }
  19.     }

  20.     /* pass 2 clear old values */
  21.     list_for_each_entry_rcu(ca, &tcp_cong_list, list)
  22.         ca->flags &= ~TCP_CONG_NON_RESTRICTED;

  23.     /* pass 3 mark as allowed */
  24.     while ((name = strsep(&val, " ")) && *name) {
  25.         ca = tcp_ca_find(name);
  26.         WARN_ON(!ca);
  27.         if (ca)
  28.             ca->flags |= TCP_CONG_NON_RESTRICTED;
  29.     }
  30. out:
  31.     spin_unlock(&tcp_cong_list_lock);
  32. +  if (org)  kfree(org);
  33.     return ret;
  34. }
复制代码

论坛徽章:
0
发表于 2007-08-27 15:29 |显示全部楼层

  1. static ssize_t dlmfs_file_read(struct file *filp,
  2.                                char __user *buf, size_t count,
  3.                                loff_t *ppos)
  4. {
  5.         int bytes_left;
  6.         ssize_t readlen;
  7.         char *lvb_buf;
  8.         struct inode *inode = filp->f_path.dentry->d_inode;

  9.         mlog(0, "inode %lu, count = %zu, *ppos = %llu\n",
  10.                 inode->i_ino, count, *ppos);

  11.         if (*ppos >= i_size_read(inode))
  12.                 return 0;

  13.         if (!count)
  14.                 return 0;

  15.         if (!access_ok(VERIFY_WRITE, buf, count))
  16.                 return -EFAULT;

  17.         /* don't read past the lvb */
  18.         if ((count + *ppos) > i_size_read(inode))
  19.                 readlen = i_size_read(inode) - *ppos;
  20.         else
  21. /*
  22. * linux-2.6.22.5/fs/ocfs2/dlm/dlmfs.c
  23. * ¥2
  24. * what relation between count and ppos?
  25. * readlen determined right?
  26. * say, i_size_read(inode) = 8M bytes, count = 4096 bytes.
  27. */
  28.                 readlen = count - *ppos;

  29.         lvb_buf = kmalloc(readlen, GFP_NOFS);
  30.         if (!lvb_buf)
  31.                 return -ENOMEM;

  32.         user_dlm_read_lvb(inode, lvb_buf, readlen);
  33.         bytes_left = __copy_to_user(buf, lvb_buf, readlen);
  34.         readlen -= bytes_left;

  35.         kfree(lvb_buf);

  36.         *ppos = *ppos + readlen;

  37.         mlog(0, "read %zd bytes\n", readlen);

  38.         return readlen;
  39. }
复制代码

论坛徽章:
0
发表于 2007-08-27 16:20 |显示全部楼层

  1. static ssize_t dlmfs_file_write(struct file *filp,
  2.                                 const char __user *buf, size_t count,
  3.                                 loff_t *ppos)
  4. {
  5.         int bytes_left;
  6.         ssize_t writelen;
  7.         char *lvb_buf;
  8.         struct inode *inode = filp->f_path.dentry->d_inode;

  9.         mlog(0, "inode %lu, count = %zu, *ppos = %llu\n",
  10.                 inode->i_ino, count, *ppos);

  11.         if (*ppos >= i_size_read(inode))
  12.                 return -ENOSPC;

  13.         if (!count)
  14.                 return 0;

  15.         if (!access_ok(VERIFY_READ, buf, count))
  16.                 return -EFAULT;

  17.         /* don't write past the lvb */
  18.         if ((count + *ppos) > i_size_read(inode))
  19.                 writelen = i_size_read(inode) - *ppos;
  20.         else
  21. /*
  22. * linux-2.6.22.5/fs/ocfs2/dlm/dlmfs.c

  23. #!/bin/sh
  24. if [ $# != 2 ]
  25. then
  26.         echo disasfun objectfile functionname
  27.         exit 1
  28. fi
  29. OBJFILE=$1
  30. FUNNAME=$2
  31. ADDRSZ=`objdump -t $OBJFILE | gawk -- "{
  32.         if (\\\$3 == \\"F\\" && \\\$6 == \\"$FUNNAME\\") {
  33.                 printf(\\"%s %s\\", \\\$1, \\\$5)
  34.         }
  35. }"`
  36. ADDR=`echo $ADDRSZ | gawk "{ printf(\\"%s\\",\\\$1)}"`
  37. SIZE=`echo $ADDRSZ | gawk "{ printf(\\"%s\\",\\\$2)}"`
  38. if [ -z "$ADDR" -o -z "$SIZE" ]
  39. then
  40.         echo Cannot find address or size of function $FUNNAME
  41.         exit 2
  42. fi
  43. objdump -S $OBJFILE --start-address=0x$ADDR --stop-address=$((0x$ADDR + 0x$SIZE))

  44. * writelen determined right?
  45. */
  46.                 writelen = count - *ppos;

  47.         lvb_buf = kmalloc(writelen, GFP_NOFS);
  48.         if (!lvb_buf)
  49.                 return -ENOMEM;

  50.         bytes_left = copy_from_user(lvb_buf, buf, writelen);
  51.         writelen -= bytes_left;
  52.         if (writelen)
  53.                 user_dlm_write_lvb(inode, lvb_buf, writelen);

  54.         kfree(lvb_buf);

  55.         *ppos = *ppos + writelen;
  56.         mlog(0, "wrote %zd bytes\n", writelen);
  57.         return writelen;
  58. }
复制代码

[ 本帖最后由 sisi8408 于 2008-3-1 10:19 编辑 ]

论坛徽章:
0
发表于 2007-08-28 15:15 |显示全部楼层

  1. static int ocfs2_write_data_page(struct inode *inode, handle_t *handle,
  2.                                  u64 *p_blkno, struct page *page,
  3.                                  struct ocfs2_write_ctxt *wc, int new)
  4. {
  5.         int ret, copied = 0;
  6.         unsigned int from = 0, to = 0;
  7.         unsigned int cluster_start, cluster_end;
  8.         unsigned int zero_from = 0, zero_to = 0;

  9.         ocfs2_figure_cluster_boundaries(OCFS2_SB(inode->i_sb), wc->w_cpos,
  10.                                         &cluster_start, &cluster_end);

  11.         if ((wc->w_pos >> PAGE_CACHE_SHIFT) == page->index
  12.             && !wc->w_finished_copy) {
  13.                 wc->w_this_page = page;
  14.                 wc->w_this_page_new = new;
  15.                
  16.                 ret = wc->w_write_data_page(inode, wc, p_blkno, &from, &to);

  17.                 if (ret < 0) {
  18.                         mlog_errno(ret);
  19.                         goto out;
  20.                 }
  21.                 copied = ret;

  22.                 zero_from = from;
  23.                 zero_to = to;

  24.                 if (new) {
  25.                         from = cluster_start;
  26.                         to = cluster_end;
  27.                 }
  28.         } else {
  29.                 /*
  30.                  * If we haven't allocated the new page yet, we
  31.                  * shouldn't be writing it out without copying user
  32.                  * data. This is likely a math error from the caller.
  33.                  */
  34.                 BUG_ON(!new);

  35.                 from = cluster_start;
  36.                 to = cluster_end;

  37.                 ret = ocfs2_map_page_blocks(page, p_blkno, inode,
  38.                                             cluster_start, cluster_end, 1);
  39.                 if (ret) {
  40.                         mlog_errno(ret);
  41.                         goto out;
  42.                 }
  43.         }

  44.         /*
  45.          * Parts of newly allocated pages need to be zero'd.
  46.          *
  47.          * Above, we have also rewritten 'to' and 'from' - as far as
  48.          * the rest of the function is concerned, the entire cluster
  49.          * range inside of a page needs to be written.
  50.          *
  51.          * We can skip this if the page is uptodate - it's already
  52.          * been zero'd from being read in as a hole.
  53.          */
  54.         if (new && !PageUptodate(page))
  55.                 ocfs2_clear_page_regions(page, OCFS2_SB(inode->i_sb),
  56.                                          wc->w_cpos, zero_from, zero_to);
  57.         flush_dcache_page(page);

  58.         if (ocfs2_should_order_data(inode)) {
  59.                 ret = walk_page_buffers(handle,
  60.                                         page_buffers(page),
  61.                                         from, to, NULL,
  62.                                         ocfs2_journal_dirty_data);
  63.                 if (ret < 0)
  64. /*
  65. * linux-2.6.22.5/fs/ocfs2/aops.c
  66. *
  67. * how to & necessary to include this case on return?
  68. * how to re-check in mlog?
  69. */
  70.                         mlog_errno(ret);
  71.         }

  72.         /*
  73.          * We don't use generic_commit_write() because we need to
  74.          * handle our own i_size update.
  75.          */
  76.         ret = block_commit_write(page, from, to);
  77.         if (ret)
  78.                 mlog_errno(ret);
  79. out:
  80.         return copied ? copied : ret;
  81. }
复制代码

论坛徽章:
0
发表于 2007-08-30 13:33 |显示全部楼层

  1. static int ocfs2_try_to_merge_extent_map(struct ocfs2_extent_map_item *emi,
  2.                                          struct ocfs2_extent_map_item *ins)
  3. {
  4.         /*
  5.          * Handle contiguousness
  6.          */
  7.         if (ins->ei_phys == (emi->ei_phys + emi->ei_clusters) &&
  8.             ins->ei_cpos == (emi->ei_cpos + emi->ei_clusters) &&
  9.             ins->ei_flags == emi->ei_flags) {
  10.                 emi->ei_clusters += ins->ei_clusters;
  11.                 return 1;
  12.         } else if ((ins->ei_phys + ins->ei_clusters) == emi->ei_phys &&
  13. /*
  14. * linux-2.6.22.5/fs/ocfs2/extent_map.c
  15. * why not
  16. * (ins->ei_cpos + ins->ei_clusters) == emi->ei_cpos
  17. * and more symmetric??
  18. */
  19.                    (ins->ei_cpos + ins->ei_clusters) == emi->ei_phys &&
  20.                    ins->ei_flags == emi->ei_flags) {
  21.                 emi->ei_phys = ins->ei_phys;
  22.                 emi->ei_cpos = ins->ei_cpos;
  23.                 emi->ei_clusters += ins->ei_clusters;
  24.                 return 1;
  25.         }

  26.         /*
  27.          * Overlapping extents - this shouldn't happen unless we've
  28.          * split an extent to change it's flags. That is exceedingly
  29.          * rare, so there's no sense in trying to optimize it yet.
  30.          */
  31.         if (ocfs2_ei_is_contained(emi, ins) ||
  32.             ocfs2_ei_is_contained(ins, emi)) {
  33. /*
  34. * more care needed in em-cache, even a small/simple one.
  35. */
  36.                 ocfs2_copy_emi_fields(emi, ins);
  37.                 return 1;
  38.         }

  39.         /* No merge was possible. */
  40.         return 0;
  41. }
复制代码

[ 本帖最后由 sisi8408 于 2007-8-30 13:51 编辑 ]
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

DTCC2020中国数据库技术大会

【架构革新 高效可控】2020年12月21日-23日第十一届中国数据库技术大会将在北京隆重召开。

大会设置2大主会场,20+技术专场,将邀请超百位行业专家,重点围绕数据架构、AI与大数据、传统企业数据库实践和国产开源数据库等内容展开分享和探讨,为广大数据领域从业人士提供一场年度盛会和交流平台。

http://dtcc.it168.com


大会官网>>
  

北京盛拓优讯信息技术有限公司. 版权所有 16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122
中国互联网协会会员  联系我们:huangweiwei@it168.com
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP