fix buffer overflow in the moxa driver (CVE-2005-0504)
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / fs / fs-writeback.c
blob785c7213a54f513186aa5e403a1a3066f646eb12
1 /*
2 * fs/fs-writeback.c
4 * Copyright (C) 2002, Linus Torvalds.
6 * Contains all the functions related to writing back and waiting
7 * upon dirty inodes against superblocks, and writing back dirty
8 * pages against inodes. ie: data writeback. Writeout of the
9 * inode itself is not handled here.
11 * 10Apr2002 akpm@zip.com.au
12 * Split out of fs/inode.c
13 * Additions for address_space-based writeback
16 #include <linux/kernel.h>
17 #include <linux/spinlock.h>
18 #include <linux/sched.h>
19 #include <linux/fs.h>
20 #include <linux/mm.h>
21 #include <linux/writeback.h>
22 #include <linux/blkdev.h>
23 #include <linux/backing-dev.h>
24 #include <linux/buffer_head.h>
26 extern struct super_block *blockdev_superblock;
28 /**
29 * __mark_inode_dirty - internal function
30 * @inode: inode to mark
31 * @flags: what kind of dirty (i.e. I_DIRTY_SYNC)
32 * Mark an inode as dirty. Callers should use mark_inode_dirty or
33 * mark_inode_dirty_sync.
35 * Put the inode on the super block's dirty list.
37 * CAREFUL! We mark it dirty unconditionally, but move it onto the
38 * dirty list only if it is hashed or if it refers to a blockdev.
39 * If it was not hashed, it will never be added to the dirty list
40 * even if it is later hashed, as it will have been marked dirty already.
42 * In short, make sure you hash any inodes _before_ you start marking
43 * them dirty.
45 * This function *must* be atomic for the I_DIRTY_PAGES case -
46 * set_page_dirty() is called under spinlock in several places.
48 * Note that for blockdevs, inode->dirtied_when represents the dirtying time of
49 * the block-special inode (/dev/hda1) itself. And the ->dirtied_when field of
50 * the kernel-internal blockdev inode represents the dirtying time of the
51 * blockdev's pages. This is why for I_DIRTY_PAGES we always use
52 * page->mapping->host, so the page-dirtying time is recorded in the internal
53 * blockdev inode.
55 void __mark_inode_dirty(struct inode *inode, int flags)
57 struct super_block *sb = inode->i_sb;
60 * Don't do this for I_DIRTY_PAGES - that doesn't actually
61 * dirty the inode itself
63 if (flags & (I_DIRTY_SYNC | I_DIRTY_DATASYNC)) {
64 if (sb->s_op->dirty_inode)
65 sb->s_op->dirty_inode(inode);
69 * make sure that changes are seen by all cpus before we test i_state
70 * -- mikulas
72 smp_mb();
74 /* avoid the locking if we can */
75 if ((inode->i_state & flags) == flags)
76 return;
78 if (unlikely(block_dump)) {
79 struct dentry *dentry = NULL;
80 const char *name = "?";
82 if (!list_empty(&inode->i_dentry)) {
83 dentry = list_entry(inode->i_dentry.next,
84 struct dentry, d_alias);
85 if (dentry && dentry->d_name.name)
86 name = (const char *) dentry->d_name.name;
89 if (inode->i_ino || strcmp(inode->i_sb->s_id, "bdev"))
90 printk(KERN_DEBUG
91 "%s(%d): dirtied inode %lu (%s) on %s\n",
92 current->comm, current->pid, inode->i_ino,
93 name, inode->i_sb->s_id);
96 spin_lock(&inode_lock);
97 if ((inode->i_state & flags) != flags) {
98 const int was_dirty = inode->i_state & I_DIRTY;
100 inode->i_state |= flags;
103 * If the inode is locked, just update its dirty state.
104 * The unlocker will place the inode on the appropriate
105 * superblock list, based upon its state.
107 if (inode->i_state & I_LOCK)
108 goto out;
111 * Only add valid (hashed) inodes to the superblock's
112 * dirty list. Add blockdev inodes as well.
114 if (!S_ISBLK(inode->i_mode)) {
115 if (hlist_unhashed(&inode->i_hash))
116 goto out;
118 if (inode->i_state & (I_FREEING|I_CLEAR))
119 goto out;
122 * If the inode was already on s_dirty or s_io, don't
123 * reposition it (that would break s_dirty time-ordering).
125 if (!was_dirty) {
126 inode->dirtied_when = jiffies;
127 list_move(&inode->i_list, &sb->s_dirty);
130 out:
131 spin_unlock(&inode_lock);
134 EXPORT_SYMBOL(__mark_inode_dirty);
136 static int write_inode(struct inode *inode, int sync)
138 if (inode->i_sb->s_op->write_inode && !is_bad_inode(inode))
139 return inode->i_sb->s_op->write_inode(inode, sync);
140 return 0;
144 * Write a single inode's dirty pages and inode data out to disk.
145 * If `wait' is set, wait on the writeout.
147 * The whole writeout design is quite complex and fragile. We want to avoid
148 * starvation of particular inodes when others are being redirtied, prevent
149 * livelocks, etc.
151 * Called under inode_lock.
153 static int
154 __sync_single_inode(struct inode *inode, struct writeback_control *wbc)
156 unsigned dirty;
157 struct address_space *mapping = inode->i_mapping;
158 struct super_block *sb = inode->i_sb;
159 int wait = wbc->sync_mode == WB_SYNC_ALL;
160 int ret;
162 BUG_ON(inode->i_state & I_LOCK);
164 /* Set I_LOCK, reset I_DIRTY */
165 dirty = inode->i_state & I_DIRTY;
166 inode->i_state |= I_LOCK;
167 inode->i_state &= ~I_DIRTY;
169 spin_unlock(&inode_lock);
171 ret = do_writepages(mapping, wbc);
173 /* Don't write the inode if only I_DIRTY_PAGES was set */
174 if (dirty & (I_DIRTY_SYNC | I_DIRTY_DATASYNC)) {
175 int err = write_inode(inode, wait);
176 if (ret == 0)
177 ret = err;
180 if (wait) {
181 int err = filemap_fdatawait(mapping);
182 if (ret == 0)
183 ret = err;
186 spin_lock(&inode_lock);
187 inode->i_state &= ~I_LOCK;
188 if (!(inode->i_state & I_FREEING)) {
189 if (!(inode->i_state & I_DIRTY) &&
190 mapping_tagged(mapping, PAGECACHE_TAG_DIRTY)) {
192 * We didn't write back all the pages. nfs_writepages()
193 * sometimes bales out without doing anything. Redirty
194 * the inode. It is still on sb->s_io.
196 if (wbc->for_kupdate) {
198 * For the kupdate function we leave the inode
199 * at the head of sb_dirty so it will get more
200 * writeout as soon as the queue becomes
201 * uncongested.
203 inode->i_state |= I_DIRTY_PAGES;
204 list_move_tail(&inode->i_list, &sb->s_dirty);
205 } else {
207 * Otherwise fully redirty the inode so that
208 * other inodes on this superblock will get some
209 * writeout. Otherwise heavy writing to one
210 * file would indefinitely suspend writeout of
211 * all the other files.
213 inode->i_state |= I_DIRTY_PAGES;
214 inode->dirtied_when = jiffies;
215 list_move(&inode->i_list, &sb->s_dirty);
217 } else if (inode->i_state & I_DIRTY) {
219 * Someone redirtied the inode while were writing back
220 * the pages.
222 list_move(&inode->i_list, &sb->s_dirty);
223 } else if (atomic_read(&inode->i_count)) {
225 * The inode is clean, inuse
227 list_move(&inode->i_list, &inode_in_use);
228 } else {
230 * The inode is clean, unused
232 list_move(&inode->i_list, &inode_unused);
235 wake_up_inode(inode);
236 return ret;
240 * Write out an inode's dirty pages. Called under inode_lock. Either the
241 * caller has ref on the inode (either via __iget or via syscall against an fd)
242 * or the inode has I_WILL_FREE set (via generic_forget_inode)
244 static int
245 __writeback_single_inode(struct inode *inode, struct writeback_control *wbc)
247 wait_queue_head_t *wqh;
249 if (!atomic_read(&inode->i_count))
250 WARN_ON(!(inode->i_state & (I_WILL_FREE|I_FREEING)));
251 else
252 WARN_ON(inode->i_state & I_WILL_FREE);
254 if ((wbc->sync_mode != WB_SYNC_ALL) && (inode->i_state & I_LOCK)) {
255 list_move(&inode->i_list, &inode->i_sb->s_dirty);
256 return 0;
260 * It's a data-integrity sync. We must wait.
262 if (inode->i_state & I_LOCK) {
263 DEFINE_WAIT_BIT(wq, &inode->i_state, __I_LOCK);
265 wqh = bit_waitqueue(&inode->i_state, __I_LOCK);
266 do {
267 spin_unlock(&inode_lock);
268 __wait_on_bit(wqh, &wq, inode_wait,
269 TASK_UNINTERRUPTIBLE);
270 spin_lock(&inode_lock);
271 } while (inode->i_state & I_LOCK);
273 return __sync_single_inode(inode, wbc);
277 * Write out a superblock's list of dirty inodes. A wait will be performed
278 * upon no inodes, all inodes or the final one, depending upon sync_mode.
280 * If older_than_this is non-NULL, then only write out inodes which
281 * had their first dirtying at a time earlier than *older_than_this.
283 * If we're a pdlfush thread, then implement pdflush collision avoidance
284 * against the entire list.
286 * WB_SYNC_HOLD is a hack for sys_sync(): reattach the inode to sb->s_dirty so
287 * that it can be located for waiting on in __writeback_single_inode().
289 * Called under inode_lock.
291 * If `bdi' is non-zero then we're being asked to writeback a specific queue.
292 * This function assumes that the blockdev superblock's inodes are backed by
293 * a variety of queues, so all inodes are searched. For other superblocks,
294 * assume that all inodes are backed by the same queue.
296 * FIXME: this linear search could get expensive with many fileystems. But
297 * how to fix? We need to go from an address_space to all inodes which share
298 * a queue with that address_space. (Easy: have a global "dirty superblocks"
299 * list).
301 * The inodes to be written are parked on sb->s_io. They are moved back onto
302 * sb->s_dirty as they are selected for writing. This way, none can be missed
303 * on the writer throttling path, and we get decent balancing between many
304 * throttled threads: we don't want them all piling up on __wait_on_inode.
306 static void
307 sync_sb_inodes(struct super_block *sb, struct writeback_control *wbc)
309 const unsigned long start = jiffies; /* livelock avoidance */
311 if (!wbc->for_kupdate || list_empty(&sb->s_io))
312 list_splice_init(&sb->s_dirty, &sb->s_io);
314 while (!list_empty(&sb->s_io)) {
315 struct inode *inode = list_entry(sb->s_io.prev,
316 struct inode, i_list);
317 struct address_space *mapping = inode->i_mapping;
318 struct backing_dev_info *bdi = mapping->backing_dev_info;
319 long pages_skipped;
321 if (!bdi_cap_writeback_dirty(bdi)) {
322 list_move(&inode->i_list, &sb->s_dirty);
323 if (sb == blockdev_superblock) {
325 * Dirty memory-backed blockdev: the ramdisk
326 * driver does this. Skip just this inode
328 continue;
331 * Dirty memory-backed inode against a filesystem other
332 * than the kernel-internal bdev filesystem. Skip the
333 * entire superblock.
335 break;
338 if (wbc->nonblocking && bdi_write_congested(bdi)) {
339 wbc->encountered_congestion = 1;
340 if (sb != blockdev_superblock)
341 break; /* Skip a congested fs */
342 list_move(&inode->i_list, &sb->s_dirty);
343 continue; /* Skip a congested blockdev */
346 if (wbc->bdi && bdi != wbc->bdi) {
347 if (sb != blockdev_superblock)
348 break; /* fs has the wrong queue */
349 list_move(&inode->i_list, &sb->s_dirty);
350 continue; /* blockdev has wrong queue */
353 /* Was this inode dirtied after sync_sb_inodes was called? */
354 if (time_after(inode->dirtied_when, start))
355 break;
357 /* Was this inode dirtied too recently? */
358 if (wbc->older_than_this && time_after(inode->dirtied_when,
359 *wbc->older_than_this))
360 break;
362 /* Is another pdflush already flushing this queue? */
363 if (current_is_pdflush() && !writeback_acquire(bdi))
364 break;
366 BUG_ON(inode->i_state & I_FREEING);
367 __iget(inode);
368 pages_skipped = wbc->pages_skipped;
369 __writeback_single_inode(inode, wbc);
370 if (wbc->sync_mode == WB_SYNC_HOLD) {
371 inode->dirtied_when = jiffies;
372 list_move(&inode->i_list, &sb->s_dirty);
374 if (current_is_pdflush())
375 writeback_release(bdi);
376 if (wbc->pages_skipped != pages_skipped) {
378 * writeback is not making progress due to locked
379 * buffers. Skip this inode for now.
381 list_move(&inode->i_list, &sb->s_dirty);
383 spin_unlock(&inode_lock);
384 cond_resched();
385 iput(inode);
386 spin_lock(&inode_lock);
387 if (wbc->nr_to_write <= 0)
388 break;
390 return; /* Leave any unwritten inodes on s_io */
394 * Start writeback of dirty pagecache data against all unlocked inodes.
396 * Note:
397 * We don't need to grab a reference to superblock here. If it has non-empty
398 * ->s_dirty it's hadn't been killed yet and kill_super() won't proceed
399 * past sync_inodes_sb() until both the ->s_dirty and ->s_io lists are
400 * empty. Since __sync_single_inode() regains inode_lock before it finally moves
401 * inode from superblock lists we are OK.
403 * If `older_than_this' is non-zero then only flush inodes which have a
404 * flushtime older than *older_than_this.
406 * If `bdi' is non-zero then we will scan the first inode against each
407 * superblock until we find the matching ones. One group will be the dirty
408 * inodes against a filesystem. Then when we hit the dummy blockdev superblock,
409 * sync_sb_inodes will seekout the blockdev which matches `bdi'. Maybe not
410 * super-efficient but we're about to do a ton of I/O...
412 void
413 writeback_inodes(struct writeback_control *wbc)
415 struct super_block *sb;
417 might_sleep();
418 spin_lock(&sb_lock);
419 restart:
420 sb = sb_entry(super_blocks.prev);
421 for (; sb != sb_entry(&super_blocks); sb = sb_entry(sb->s_list.prev)) {
422 if (!list_empty(&sb->s_dirty) || !list_empty(&sb->s_io)) {
423 /* we're making our own get_super here */
424 sb->s_count++;
425 spin_unlock(&sb_lock);
427 * If we can't get the readlock, there's no sense in
428 * waiting around, most of the time the FS is going to
429 * be unmounted by the time it is released.
431 if (down_read_trylock(&sb->s_umount)) {
432 if (sb->s_root) {
433 spin_lock(&inode_lock);
434 sync_sb_inodes(sb, wbc);
435 spin_unlock(&inode_lock);
437 up_read(&sb->s_umount);
439 spin_lock(&sb_lock);
440 if (__put_super_and_need_restart(sb))
441 goto restart;
443 if (wbc->nr_to_write <= 0)
444 break;
446 spin_unlock(&sb_lock);
450 * writeback and wait upon the filesystem's dirty inodes. The caller will
451 * do this in two passes - one to write, and one to wait. WB_SYNC_HOLD is
452 * used to park the written inodes on sb->s_dirty for the wait pass.
454 * A finite limit is set on the number of pages which will be written.
455 * To prevent infinite livelock of sys_sync().
457 * We add in the number of potentially dirty inodes, because each inode write
458 * can dirty pagecache in the underlying blockdev.
460 void sync_inodes_sb(struct super_block *sb, int wait)
462 struct writeback_control wbc = {
463 .sync_mode = wait ? WB_SYNC_ALL : WB_SYNC_HOLD,
465 unsigned long nr_dirty = read_page_state(nr_dirty);
466 unsigned long nr_unstable = read_page_state(nr_unstable);
468 wbc.nr_to_write = nr_dirty + nr_unstable +
469 (inodes_stat.nr_inodes - inodes_stat.nr_unused) +
470 nr_dirty + nr_unstable;
471 wbc.nr_to_write += wbc.nr_to_write / 2; /* Bit more for luck */
472 spin_lock(&inode_lock);
473 sync_sb_inodes(sb, &wbc);
474 spin_unlock(&inode_lock);
478 * Rather lame livelock avoidance.
480 static void set_sb_syncing(int val)
482 struct super_block *sb;
483 spin_lock(&sb_lock);
484 sb = sb_entry(super_blocks.prev);
485 for (; sb != sb_entry(&super_blocks); sb = sb_entry(sb->s_list.prev)) {
486 sb->s_syncing = val;
488 spin_unlock(&sb_lock);
492 * sync_inodes - writes all inodes to disk
493 * @wait: wait for completion
495 * sync_inodes() goes through each super block's dirty inode list, writes the
496 * inodes out, waits on the writeout and puts the inodes back on the normal
497 * list.
499 * This is for sys_sync(). fsync_dev() uses the same algorithm. The subtle
500 * part of the sync functions is that the blockdev "superblock" is processed
501 * last. This is because the write_inode() function of a typical fs will
502 * perform no I/O, but will mark buffers in the blockdev mapping as dirty.
503 * What we want to do is to perform all that dirtying first, and then write
504 * back all those inode blocks via the blockdev mapping in one sweep. So the
505 * additional (somewhat redundant) sync_blockdev() calls here are to make
506 * sure that really happens. Because if we call sync_inodes_sb(wait=1) with
507 * outstanding dirty inodes, the writeback goes block-at-a-time within the
508 * filesystem's write_inode(). This is extremely slow.
510 static void __sync_inodes(int wait)
512 struct super_block *sb;
514 spin_lock(&sb_lock);
515 restart:
516 list_for_each_entry(sb, &super_blocks, s_list) {
517 if (sb->s_syncing)
518 continue;
519 sb->s_syncing = 1;
520 sb->s_count++;
521 spin_unlock(&sb_lock);
522 down_read(&sb->s_umount);
523 if (sb->s_root) {
524 sync_inodes_sb(sb, wait);
525 sync_blockdev(sb->s_bdev);
527 up_read(&sb->s_umount);
528 spin_lock(&sb_lock);
529 if (__put_super_and_need_restart(sb))
530 goto restart;
532 spin_unlock(&sb_lock);
535 void sync_inodes(int wait)
537 set_sb_syncing(0);
538 __sync_inodes(0);
540 if (wait) {
541 set_sb_syncing(0);
542 __sync_inodes(1);
547 * write_inode_now - write an inode to disk
548 * @inode: inode to write to disk
549 * @sync: whether the write should be synchronous or not
551 * This function commits an inode to disk immediately if it is dirty. This is
552 * primarily needed by knfsd.
554 * The caller must either have a ref on the inode or must have set I_WILL_FREE.
556 int write_inode_now(struct inode *inode, int sync)
558 int ret;
559 struct writeback_control wbc = {
560 .nr_to_write = LONG_MAX,
561 .sync_mode = WB_SYNC_ALL,
564 if (!mapping_cap_writeback_dirty(inode->i_mapping))
565 wbc.nr_to_write = 0;
567 might_sleep();
568 spin_lock(&inode_lock);
569 ret = __writeback_single_inode(inode, &wbc);
570 spin_unlock(&inode_lock);
571 if (sync)
572 wait_on_inode(inode);
573 return ret;
575 EXPORT_SYMBOL(write_inode_now);
578 * sync_inode - write an inode and its pages to disk.
579 * @inode: the inode to sync
580 * @wbc: controls the writeback mode
582 * sync_inode() will write an inode and its pages to disk. It will also
583 * correctly update the inode on its superblock's dirty inode lists and will
584 * update inode->i_state.
586 * The caller must have a ref on the inode.
588 int sync_inode(struct inode *inode, struct writeback_control *wbc)
590 int ret;
592 spin_lock(&inode_lock);
593 ret = __writeback_single_inode(inode, wbc);
594 spin_unlock(&inode_lock);
595 return ret;
597 EXPORT_SYMBOL(sync_inode);
600 * generic_osync_inode - flush all dirty data for a given inode to disk
601 * @inode: inode to write
602 * @mapping: the address_space that should be flushed
603 * @what: what to write and wait upon
605 * This can be called by file_write functions for files which have the
606 * O_SYNC flag set, to flush dirty writes to disk.
608 * @what is a bitmask, specifying which part of the inode's data should be
609 * written and waited upon.
611 * OSYNC_DATA: i_mapping's dirty data
612 * OSYNC_METADATA: the buffers at i_mapping->private_list
613 * OSYNC_INODE: the inode itself
616 int generic_osync_inode(struct inode *inode, struct address_space *mapping, int what)
618 int err = 0;
619 int need_write_inode_now = 0;
620 int err2;
622 current->flags |= PF_SYNCWRITE;
623 if (what & OSYNC_DATA)
624 err = filemap_fdatawrite(mapping);
625 if (what & (OSYNC_METADATA|OSYNC_DATA)) {
626 err2 = sync_mapping_buffers(mapping);
627 if (!err)
628 err = err2;
630 if (what & OSYNC_DATA) {
631 err2 = filemap_fdatawait(mapping);
632 if (!err)
633 err = err2;
635 current->flags &= ~PF_SYNCWRITE;
637 spin_lock(&inode_lock);
638 if ((inode->i_state & I_DIRTY) &&
639 ((what & OSYNC_INODE) || (inode->i_state & I_DIRTY_DATASYNC)))
640 need_write_inode_now = 1;
641 spin_unlock(&inode_lock);
643 if (need_write_inode_now) {
644 err2 = write_inode_now(inode, 1);
645 if (!err)
646 err = err2;
648 else
649 wait_on_inode(inode);
651 return err;
654 EXPORT_SYMBOL(generic_osync_inode);
657 * writeback_acquire: attempt to get exclusive writeback access to a device
658 * @bdi: the device's backing_dev_info structure
660 * It is a waste of resources to have more than one pdflush thread blocked on
661 * a single request queue. Exclusion at the request_queue level is obtained
662 * via a flag in the request_queue's backing_dev_info.state.
664 * Non-request_queue-backed address_spaces will share default_backing_dev_info,
665 * unless they implement their own. Which is somewhat inefficient, as this
666 * may prevent concurrent writeback against multiple devices.
668 int writeback_acquire(struct backing_dev_info *bdi)
670 return !test_and_set_bit(BDI_pdflush, &bdi->state);
674 * writeback_in_progress: determine whether there is writeback in progress
675 * @bdi: the device's backing_dev_info structure.
677 * Determine whether there is writeback in progress against a backing device.
679 int writeback_in_progress(struct backing_dev_info *bdi)
681 return test_bit(BDI_pdflush, &bdi->state);
685 * writeback_release: relinquish exclusive writeback access against a device.
686 * @bdi: the device's backing_dev_info structure
688 void writeback_release(struct backing_dev_info *bdi)
690 BUG_ON(!writeback_in_progress(bdi));
691 clear_bit(BDI_pdflush, &bdi->state);