/* * collate.c - NTFS kernel collation handling. Part of the Linux-NTFS project. * * Copyright (c) 2004 Anton Altaparmakov * * This program/include file is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as published * by the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program/include file is distributed in the hope that it will be * useful, but WITHOUT ANY WARRANTY; without even the implied warranty * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (in the main directory of the Linux-NTFS * distribution in the file COPYING); if not, write to the Free Software * Foundation,Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include "collate.h" #include "debug.h" #include "ntfs.h" static int ntfs_collate_binary(ntfs_volume *vol, const void *data1, const int data1_len, const void *data2, const int data2_len) { int rc; ntfs_debug("Entering."); rc = memcmp(data1, data2, min(data1_len, data2_len)); if (!rc && (data1_len != data2_len)) { if (data1_len < data2_len) rc = -1; else rc = 1; } ntfs_debug("Done, returning %i", rc); return rc; } static int ntfs_collate_ntofs_ulong(ntfs_volume *vol, const void *data1, const int data1_len, const void *data2, const int data2_len) { int rc; u32 d1, d2; ntfs_debug("Entering."); // FIXME: We don't really want to bug here. BUG_ON(data1_len != data2_len); BUG_ON(data1_len != 4); d1 = le32_to_cpup(data1); d2 = le32_to_cpup(data2); if (d1 < d2) rc = -1; else { if (d1 == d2) rc = 0; else rc = 1; } ntfs_debug("Done, returning %i", rc); return rc; } typedef int (*ntfs_collate_func_t)(ntfs_volume *, const void *, const int, const void *, const int); static ntfs_collate_func_t ntfs_do_collate0x0[3] = { ntfs_collate_binary, NULL/*ntfs_collate_file_name*/, NULL/*ntfs_collate_unicode_string*/, }; static ntfs_collate_func_t ntfs_do_collate0x1[4] = { ntfs_collate_ntofs_ulong, NULL/*ntfs_collate_ntofs_sid*/, NULL/*ntfs_collate_ntofs_security_hash*/, NULL/*ntfs_collate_ntofs_ulongs*/, }; /** * ntfs_collate - collate two data items using a specified collation rule * @vol: ntfs volume to which the data items belong * @cr: collation rule to use when comparing the items * @data1: first data item to collate * @data1_len: length in bytes of @data1 * @data2: second data item to collate * @data2_len: length in bytes of @data2 * * Collate the two data items @data1 and @data2 using the collation rule @cr * and return -1, 0, ir 1 if @data1 is found, respectively, to collate before, * to match, or to collate after @data2. * * For speed we use the collation rule @cr as an index into two tables of * function pointers to call the appropriate collation function. */ int ntfs_collate(ntfs_volume *vol, COLLATION_RULE cr, const void *data1, const int data1_len, const void *data2, const int data2_len) { int i; ntfs_debug("Entering."); /* * FIXME: At the moment we only support COLLATION_BINARY and * COLLATION_NTOFS_ULONG, so we BUG() for everything else for now. */ BUG_ON(cr != COLLATION_BINARY && cr != COLLATION_NTOFS_ULONG); i = le32_to_cpu(cr); BUG_ON(i < 0); if (i <= 0x02) return ntfs_do_collate0x0[i](vol, data1, data1_len, data2, data2_len); BUG_ON(i < 0x10); i -= 0x10; if (likely(i <= 3)) return ntfs_do_collate0x1[i](vol, data1, data1_len, data2, data2_len); BUG(); return 0; } 09e0144dc3341'/>
context:
space:
mode:
authorDouglas Miller <dougmill@linux.vnet.ibm.com>2017-01-28 06:42:20 -0600
committerTejun Heo <tj@kernel.org>2017-01-28 07:49:42 -0500
commit966d2b04e070bc040319aaebfec09e0144dc3341 (patch)
tree4b96156e3d1dd4dfd6039b7c219c9dc4616da52d /net/mac80211/aes_ccm.h
parent1b1bc42c1692e9b62756323c675a44cb1a1f9dbd (diff)
percpu-refcount: fix reference leak during percpu-atomic transition
percpu_ref_tryget() and percpu_ref_tryget_live() should return "true" IFF they acquire a reference. But the return value from atomic_long_inc_not_zero() is a long and may have high bits set, e.g. PERCPU_COUNT_BIAS, and the return value of the tryget routines is bool so the reference may actually be acquired but the routines return "false" which results in a reference leak since the caller assumes it does not need to do a corresponding percpu_ref_put(). This was seen when performing CPU hotplug during I/O, as hangs in blk_mq_freeze_queue_wait where percpu_ref_kill (blk_mq_freeze_queue_start) raced with percpu_ref_tryget (blk_mq_timeout_work). Sample stack trace: __switch_to+0x2c0/0x450 __schedule+0x2f8/0x970 schedule+0x48/0xc0 blk_mq_freeze_queue_wait+0x94/0x120 blk_mq_queue_reinit_work+0xb8/0x180 blk_mq_queue_reinit_prepare+0x84/0xa0 cpuhp_invoke_callback+0x17c/0x600 cpuhp_up_callbacks+0x58/0x150 _cpu_up+0xf0/0x1c0 do_cpu_up+0x120/0x150 cpu_subsys_online+0x64/0xe0 device_online+0xb4/0x120 online_store+0xb4/0xc0 dev_attr_store+0x68/0xa0 sysfs_kf_write+0x80/0xb0 kernfs_fop_write+0x17c/0x250 __vfs_write+0x6c/0x1e0 vfs_write+0xd0/0x270 SyS_write+0x6c/0x110 system_call+0x38/0xe0 Examination of the queue showed a single reference (no PERCPU_COUNT_BIAS, and __PERCPU_REF_DEAD, __PERCPU_REF_ATOMIC set) and no requests. However, conditions at the time of the race are count of PERCPU_COUNT_BIAS + 0 and __PERCPU_REF_DEAD and __PERCPU_REF_ATOMIC set. The fix is to make the tryget routines use an actual boolean internally instead of the atomic long result truncated to a int. Fixes: e625305b3907 percpu-refcount: make percpu_ref based on longs instead of ints Link: https://bugzilla.kernel.org/show_bug.cgi?id=190751 Signed-off-by: Douglas Miller <dougmill@linux.vnet.ibm.com> Reviewed-by: Jens Axboe <axboe@fb.com> Signed-off-by: Tejun Heo <tj@kernel.org> Fixes: e625305b3907 ("percpu-refcount: make percpu_ref based on longs instead of ints") Cc: stable@vger.kernel.org # v3.18+
Diffstat (limited to 'net/mac80211/aes_ccm.h')