1
linux/mm
Cesar Eduardo Barros 2130781e2a sys_swapon: fix inode locking
A conflict between 52c50567d8 ("mm: swap: unlock swapfile inode mutex
before closing file on bad swapfiles") and 83ef99befc ("sys_swapon:
remove did_down variable") caused a double unlock of the inode mutex
(once in bad_swap: before the filp_close, once at the end just before
returning).

The patch which added the extra unlock cleared did_down to avoid
unlocking twice, but the other patch removed the did_down variable.

To fix, set inode to NULL after the first unlock, since it will be used
after that point only for the final unlock.

While checking this patch, I found a path which could unlock without
locking, in case the same inode was added as a swapfile twice. To fix,
move the setting of the inode variable further down, to just before
claim_swapfile, which will lock the inode before doing anything else.

Cc: Mel Gorman <mgorman@suse.de>
Cc: Hugh Dickins <hughd@google.com>
Cc: Eric B Munson <emunson@mgebm.net>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Cesar Eduardo Barros <cesarb@cesarb.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-03-23 07:54:22 -07:00
..
backing-dev.c
bootmem.c bootmem: Move contig_page_data definition to bootmem.c/nobootmem.c 2011-02-24 14:43:06 +01:00
bounce.c
compaction.c mm: compaction: minimise the time IRQs are disabled while isolating pages for migration 2011-03-22 17:44:05 -07:00
debug-pagealloc.c
dmapool.c mm/dmapool.c: use TASK_UNINTERRUPTIBLE in dma_pool_alloc() 2011-01-13 17:32:48 -08:00
fadvise.c
failslab.c
filemap_xip.c
filemap.c mm: don't return 0 too early from find_get_pages() 2011-03-22 17:44:04 -07:00
fremap.c
highmem.c
huge_memory.c mm: use __GFP_OTHER_NODE for transparent huge pages 2011-03-22 17:44:05 -07:00
hugetlb.c hugetlbfs: correct handling of negative input to /proc/sys/vm/nr_hugepages 2011-03-22 17:44:04 -07:00
hwpoison-inject.c
init-mm.c
internal.h mm: export __get_user_pages 2011-03-17 13:08:27 -03:00
Kconfig mm: compaction: don't depend on HUGETLB_PAGE 2011-01-26 10:50:02 +10:00
Kconfig.debug mm: debug-pagealloc: fix kconfig dependency warning 2011-03-22 17:44:02 -07:00
kmemcheck.c
kmemleak-test.c kmemleak: remove memset by using kzalloc 2011-01-27 18:31:51 +00:00
kmemleak.c kmemleak: Allow kmemleak metadata allocations to fail 2011-01-27 18:32:06 +00:00
ksm.c mm: rename drop_anon_vma() to put_anon_vma() 2011-03-22 17:44:03 -07:00
maccess.c
madvise.c thp: khugepaged: make khugepaged aware about madvise 2011-01-13 17:32:47 -08:00
Makefile bootmem: Separate out CONFIG_NO_BOOTMEM code into nobootmem.c 2011-02-24 14:43:05 +01:00
memblock.c mm/memblock: properly handle overlaps and fix error path 2011-03-22 17:44:09 -07:00
memcontrol.c pagewalk: only split huge pages when necessary 2011-03-22 17:44:04 -07:00
memory_hotplug.c Merge branch 'slub/hotplug' into slab/urgent 2011-01-15 13:28:17 +02:00
memory-failure.c mm: change __remove_from_page_cache() 2011-03-22 17:44:02 -07:00
memory.c mm: allow GUP to fail instead of waiting on a page 2011-03-22 17:44:02 -07:00
mempolicy.c mempolicy: remove redundant check in __mpol_equal() 2011-03-22 17:44:04 -07:00
mempool.c
migrate.c mm: compaction: Use async migration for __GFP_NO_KSWAPD and enforce no writeback 2011-03-22 17:44:05 -07:00
mincore.c thp: mincore transparent hugepage support 2011-01-13 17:32:44 -08:00
mlock.c mlock: operate on any regions with protection != PROT_NONE 2011-02-02 10:20:50 +11:00
mm_init.c
mmap.c brk: fix min_brk lower bound computation for COMPAT_BRK 2011-01-13 17:32:48 -08:00
mmu_context.c
mmu_notifier.c thp: mmu_notifier_test_young 2011-01-13 17:32:46 -08:00
mmzone.c mm: page allocator: adjust the per-cpu counter threshold when memory is low 2011-01-13 17:32:31 -08:00
mprotect.c thp: mprotect: transparent huge page support 2011-01-13 17:32:44 -08:00
mremap.c mm: fix possible cause of a page_mapped BUG 2011-02-23 21:55:06 -08:00
msync.c
nobootmem.c bootmem: Move __alloc_memory_core_early() to nobootmem.c 2011-02-24 14:43:06 +01:00
nommu.c mlock: do not hold mmap_sem for extended periods of time 2011-01-13 17:32:36 -08:00
oom_kill.c oom: suppress nodes that are not allowed from meminfo on oom kill 2011-03-22 17:44:01 -07:00
page_alloc.c mm/page_alloc.c: use list_move() instead of list_del()/list_add() combination 2011-03-22 17:44:09 -07:00
page_cgroup.c mm: notifier_from_errno() cleanup 2011-03-22 17:44:01 -07:00
page_io.c
page_isolation.c
page-writeback.c writeback: make mapping->writeback_index to point to the last written page 2011-03-22 17:44:09 -07:00
pagewalk.c pagewalk: only split huge pages when necessary 2011-03-22 17:44:04 -07:00
percpu-km.c
percpu-vm.c mm: remove gfp mask from pcpu_get_vm_areas 2011-01-13 17:32:34 -08:00
percpu.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
pgtable-generic.c mm/pgtable-generic.c: fix CONFIG_SWAP=n build 2011-01-26 10:49:58 +10:00
prio_tree.c
quicklist.c
readahead.c
rmap.c mm: simplify anon_vma refcounts 2011-03-22 17:44:03 -07:00
shmem.c shmem: let shared anonymous be nonlinear again 2011-03-22 17:44:09 -07:00
slab.c mm: notifier_from_errno() cleanup 2011-03-22 17:44:01 -07:00
slob.c mm: Remove support for kmem_cache_name() 2011-01-23 21:00:05 +02:00
slub.c slub: Add statistics for this_cmpxchg_double failures 2011-03-22 20:48:04 +02:00
sparse-vmemmap.c
sparse.c thp: remove PG_buddy 2011-01-13 17:32:43 -08:00
swap_state.c thp: split_huge_page paging 2011-01-13 17:32:41 -08:00
swap.c mm: simplify code of swap.c 2011-03-22 17:44:09 -07:00
swapfile.c sys_swapon: fix inode locking 2011-03-23 07:54:22 -07:00
thrash.c
truncate.c mm: deactivate invalidated pages 2011-03-22 17:44:03 -07:00
util.c kernel: kmem_ptr_validate considered harmful 2011-01-07 17:50:16 +11:00
vmalloc.c vmalloc: remove confusing comment on vwrite() 2011-03-22 17:44:09 -07:00
vmscan.c mm: vmscan: kswapd should not free an excessive number of pages when balancing small zones 2011-03-22 17:44:04 -07:00
vmstat.c mm: add __GFP_OTHER_NODE flag 2011-03-22 17:44:05 -07:00