/* * linux/fs/hpfs/name.c * * Mikulas Patocka (mikulas@artax.karlin.mff.cuni.cz), 1998-1999 * * operations with filenames */ #include "hpfs_fn.h" static inline int not_allowed_char(unsigned char c) { return c<' ' || c=='"' || c=='*' || c=='/' || c==':' || c=='<' || c=='>' || c=='?' || c=='\\' || c=='|'; } static inline int no_dos_char(unsigned char c) { /* Characters that are allowed in HPFS but not in DOS */ return c=='+' || c==',' || c==';' || c=='=' || c=='[' || c==']'; } static inline unsigned char upcase(unsigned char *dir, unsigned char a) { if (a<128 || a==255) return a>='a' && a<='z' ? a - 0x20 : a; if (!dir) return a; return dir[a-128]; } unsigned char hpfs_upcase(unsigned char *dir, unsigned char a) { return upcase(dir, a); } static inline unsigned char locase(unsigned char *dir, unsigned char a) { if (a<128 || a==255) return a>='A' && a<='Z' ? a + 0x20 : a; if (!dir) return a; return dir[a]; } int hpfs_chk_name(const unsigned char *name, unsigned *len) { int i; if (*len > 254) return -ENAMETOOLONG; hpfs_adjust_length(name, len); if (!*len) return -EINVAL; for (i = 0; i < *len; i++) if (not_allowed_char(name[i])) return -EINVAL; if (*len == 1) if (name[0] == '.') return -EINVAL; if (*len == 2) if (name[0] == '.' && name[1] == '.') return -EINVAL; return 0; } unsigned char *hpfs_translate_name(struct super_block *s, unsigned char *from, unsigned len, int lc, int lng) { unsigned char *to; int i; if (hpfs_sb(s)->sb_chk >= 2) if (hpfs_is_name_long(from, len) != lng) { pr_err("Long name flag mismatch - name "); for (i = 0; i < len; i++) pr_cont("%c", from[i]); pr_cont(" misidentified as %s.\n", lng ? "short" : "long"); pr_err("It's nothing serious. It could happen because of bug in OS/2.\nSet checks=normal to disable this message.\n"); } if (!lc) return from; if (!(to = kmalloc(len, GFP_KERNEL))) { pr_err("can't allocate memory for name conversion buffer\n"); return from; } for (i = 0; i < len; i++) to[i] = locase(hpfs_sb(s)->sb_cp_table,from[i]); return to; } int hpfs_compare_names(struct super_block *s, const unsigned char *n1, unsigned l1, const unsigned char *n2, unsigned l2, int last) { unsigned l = l1 < l2 ? l1 : l2; unsigned i; if (last) return -1; for (i = 0; i < l; i++) { unsigned char c1 = upcase(hpfs_sb(s)->sb_cp_table,n1[i]); unsigned char c2 = upcase(hpfs_sb(s)->sb_cp_table,n2[i]); if (c1 < c2) return -1; if (c1 > c2) return 1; } if (l1 < l2) return -1; if (l1 > l2) return 1; return 0; } int hpfs_is_name_long(const unsigned char *name, unsigned len) { int i,j; for (i = 0; i < len && name[i] != '.'; i++) if (no_dos_char(name[i])) return 1; if (!i || i > 8) return 1; if (i == len) return 0; for (j = i + 1; j < len; j++) if (name[j] == '.' || no_dos_char(name[i])) return 1; return j - i > 4; } /* OS/2 clears dots and spaces at the end of file name, so we have to */ void hpfs_adjust_length(const unsigned char *name, unsigned *len) { if (!*len) return; if (*len == 1 && name[0] == '.') return; if (*len == 2 && name[0] == '.' && name[1] == '.') return; while (*len && (name[*len - 1] == '.' || name[*len - 1] == ' ')) (*len)--; } io?h=nds-private-remove&id=966d2b04e070bc040319aaebfec09e0144dc3341'>iio/lsiio.c
diff options
context:
space:
mode:
authorDouglas Miller <dougmill@linux.vnet.ibm.com>2017-01-28 06:42:20 -0600
committerTejun Heo <tj@kernel.org>2017-01-28 07:49:42 -0500
commit966d2b04e070bc040319aaebfec09e0144dc3341 (patch)
tree4b96156e3d1dd4dfd6039b7c219c9dc4616da52d /tools/iio/lsiio.c
parent1b1bc42c1692e9b62756323c675a44cb1a1f9dbd (diff)
percpu-refcount: fix reference leak during percpu-atomic transition
percpu_ref_tryget() and percpu_ref_tryget_live() should return "true" IFF they acquire a reference. But the return value from atomic_long_inc_not_zero() is a long and may have high bits set, e.g. PERCPU_COUNT_BIAS, and the return value of the tryget routines is bool so the reference may actually be acquired but the routines return "false" which results in a reference leak since the caller assumes it does not need to do a corresponding percpu_ref_put(). This was seen when performing CPU hotplug during I/O, as hangs in blk_mq_freeze_queue_wait where percpu_ref_kill (blk_mq_freeze_queue_start) raced with percpu_ref_tryget (blk_mq_timeout_work). Sample stack trace: __switch_to+0x2c0/0x450 __schedule+0x2f8/0x970 schedule+0x48/0xc0 blk_mq_freeze_queue_wait+0x94/0x120 blk_mq_queue_reinit_work+0xb8/0x180 blk_mq_queue_reinit_prepare+0x84/0xa0 cpuhp_invoke_callback+0x17c/0x600 cpuhp_up_callbacks+0x58/0x150 _cpu_up+0xf0/0x1c0 do_cpu_up+0x120/0x150 cpu_subsys_online+0x64/0xe0 device_online+0xb4/0x120 online_store+0xb4/0xc0 dev_attr_store+0x68/0xa0 sysfs_kf_write+0x80/0xb0 kernfs_fop_write+0x17c/0x250 __vfs_write+0x6c/0x1e0 vfs_write+0xd0/0x270 SyS_write+0x6c/0x110 system_call+0x38/0xe0 Examination of the queue showed a single reference (no PERCPU_COUNT_BIAS, and __PERCPU_REF_DEAD, __PERCPU_REF_ATOMIC set) and no requests. However, conditions at the time of the race are count of PERCPU_COUNT_BIAS + 0 and __PERCPU_REF_DEAD and __PERCPU_REF_ATOMIC set. The fix is to make the tryget routines use an actual boolean internally instead of the atomic long result truncated to a int. Fixes: e625305b3907 percpu-refcount: make percpu_ref based on longs instead of ints Link: https://bugzilla.kernel.org/show_bug.cgi?id=190751 Signed-off-by: Douglas Miller <dougmill@linux.vnet.ibm.com> Reviewed-by: Jens Axboe <axboe@fb.com> Signed-off-by: Tejun Heo <tj@kernel.org> Fixes: e625305b3907 ("percpu-refcount: make percpu_ref based on longs instead of ints") Cc: stable@vger.kernel.org # v3.18+
Diffstat (limited to 'tools/iio/lsiio.c')