From: Tejun Heo Date: Mon, 3 Feb 2014 19:02:57 +0000 (-0500) Subject: kernfs: invoke kernfs_unmap_bin_file() directly from kernfs_deactivate() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=ccf02aaf8167bb8bfb3c17c01c843d309b872671;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git kernfs: invoke kernfs_unmap_bin_file() directly from kernfs_deactivate() kernfs_unmap_bin_file() is supposed to unmap all memory mappings of the target file before kernfs_remove() finishes; however, it currently is being called from kernfs_addrm_finish() and has the same race problem as the original implementation of deactivation when there are multiple removers - only the remover which snatches the node to its addrm_cxt->removed list is guaranteed to wait for its completion before returning. It can be easily fixed by moving kernfs_unmap_bin_file() invocation from kernfs_addrm_finish() to kernfs_deactivated(). The function may be called multiple times but that shouldn't do any harm. Signed-off-by: Tejun Heo Signed-off-by: Greg Kroah-Hartman --- diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c index 3ac93737174a..9603c06550a0 100644 --- a/fs/kernfs/dir.c +++ b/fs/kernfs/dir.c @@ -177,9 +177,10 @@ void kernfs_put_active(struct kernfs_node *kn) * kernfs_deactivate - deactivate kernfs_node * @kn: kernfs_node to deactivate * - * Deny new active references and drain existing ones. Mutiple - * removers may invoke this function concurrently on @kn and all will - * return after deactivation and draining are complete. + * Deny new active references, drain existing ones and nuke all + * existing mmaps. Mutiple removers may invoke this function + * concurrently on @kn and all will return after deactivation and + * draining are complete. */ static void kernfs_deactivate(struct kernfs_node *kn) __releases(&kernfs_mutex) __acquires(&kernfs_mutex) @@ -213,6 +214,8 @@ static void kernfs_deactivate(struct kernfs_node *kn) rwsem_release(&kn->dep_map, 1, _RET_IP_); } + kernfs_unmap_bin_file(kn); + mutex_lock(&kernfs_mutex); } @@ -493,7 +496,6 @@ void kernfs_addrm_finish(struct kernfs_addrm_cxt *acxt) acxt->removed = kn->u.removed_list; - kernfs_unmap_bin_file(kn); kernfs_put(kn); } }