1
linux/fs
Alexey Dobriyan 2d3a4e3666 proc: fix ->open'less usage due to ->proc_fops flip
Typical PDE creation code looks like:

	pde = create_proc_entry("foo", 0, NULL);
	if (pde)
		pde->proc_fops = &foo_proc_fops;

Notice that PDE is first created, only then ->proc_fops is set up to
final value. This is a problem because right after creation
a) PDE is fully visible in /proc , and
b) ->proc_fops are proc_file_operations which do not have ->open callback. So, it's
   possible to ->read without ->open (see one class of oopses below).

The fix is new API called proc_create() which makes sure ->proc_fops are
set up before gluing PDE to main tree. Typical new code looks like:

	pde = proc_create("foo", 0, NULL, &foo_proc_fops);
	if (!pde)
		return -ENOMEM;

Fix most networking users for a start.

In the long run, create_proc_entry() for regular files will go.

BUG: unable to handle kernel NULL pointer dereference at virtual address 00000024
printing eip: c1188c1b *pdpt = 000000002929e001 *pde = 0000000000000000
Oops: 0002 [#1] PREEMPT SMP DEBUG_PAGEALLOC
last sysfs file: /sys/block/sda/sda1/dev
Modules linked in: foo af_packet ipv6 cpufreq_ondemand loop serio_raw psmouse k8temp hwmon sr_mod cdrom

Pid: 24679, comm: cat Not tainted (2.6.24-rc3-mm1 #2)
EIP: 0060:[<c1188c1b>] EFLAGS: 00210002 CPU: 0
EIP is at mutex_lock_nested+0x75/0x25d
EAX: 000006fe EBX: fffffffb ECX: 00001000 EDX: e9340570
ESI: 00000020 EDI: 00200246 EBP: e9340570 ESP: e8ea1ef8
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process cat (pid: 24679, ti=E8EA1000 task=E9340570 task.ti=E8EA1000)
Stack: 00000000 c106f7ce e8ee05b4 00000000 00000001 458003d0 f6fb6f20 fffffffb
       00000000 c106f7aa 00001000 c106f7ce 08ae9000 f6db53f0 00000020 00200246
       00000000 00000002 00000000 00200246 00200246 e8ee05a0 fffffffb e8ee0550
Call Trace:
 [<c106f7ce>] seq_read+0x24/0x28a
 [<c106f7aa>] seq_read+0x0/0x28a
 [<c106f7ce>] seq_read+0x24/0x28a
 [<c106f7aa>] seq_read+0x0/0x28a
 [<c10818b8>] proc_reg_read+0x60/0x73
 [<c1081858>] proc_reg_read+0x0/0x73
 [<c105a34f>] vfs_read+0x6c/0x8b
 [<c105a6f3>] sys_read+0x3c/0x63
 [<c10025f2>] sysenter_past_esp+0x5f/0xa5
 [<c10697a7>] destroy_inode+0x24/0x33
 =======================
INFO: lockdep is turned off.
Code: 75 21 68 e1 1a 19 c1 68 87 00 00 00 68 b8 e8 1f c1 68 25 73 1f c1 e8 84 06 e9 ff e8 52 b8 e7 ff 83 c4 10 9c 5f fa e8 28 89 ea ff <f0> fe 4e 04 79 0a f3 90 80 7e 04 00 7e f8 eb f0 39 76 34 74 33
EIP: [<c1188c1b>] mutex_lock_nested+0x75/0x25d SS:ESP 0068:e8ea1ef8

[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-08 09:22:24 -08:00
..
9p Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p) 2008-02-07 08:42:26 -08:00
adfs
affs iget: stop AFFS from using iget() and read_inode() 2008-02-07 08:42:27 -08:00
afs iget: use iget_failed() in AFS 2008-02-07 08:42:26 -08:00
autofs iget: stop autofs from using iget() and read_inode() 2008-02-07 08:42:27 -08:00
autofs4 pid namespaces: round up the API 2007-10-19 11:53:37 -07:00
befs iget: stop BEFS from using iget() and read_inode() 2008-02-07 08:42:27 -08:00
bfs iget: stop BFS from using iget() and read_inode() 2008-02-07 08:42:27 -08:00
cifs iget: stop CIFS from using iget() and read_inode() 2008-02-07 08:42:27 -08:00
coda coda: convert struct class_device to struct device 2008-01-24 20:40:05 -08:00
configfs configfs: file.c fix possible recursive locking 2008-01-25 15:05:47 -08:00
cramfs fs/cramfs/inode.c: replace hardcoded value with preprocessor constant 2007-10-18 14:37:29 -07:00
debugfs Kobject: convert fs/* from kobject_unregister() to kobject_put() 2008-01-24 20:40:40 -08:00
devpts
dlm dlm: static initialization improvements 2008-01-30 11:04:43 -06:00
ecryptfs ecryptfs: check for existing key_tfm at mount time 2008-02-06 10:41:13 -08:00
efs iget: stop EFS from using iget() and read_inode() 2008-02-07 08:42:27 -08:00
exportfs exportfs: update documentation 2007-10-22 08:13:21 -07:00
ext2 iget: stop EXT2 from using iget() and read_inode() 2008-02-07 08:42:27 -08:00
ext3 iget: stop EXT3 from using iget() and read_inode() 2008-02-07 08:42:27 -08:00
ext4 iget: stop EXT4 from using iget() and read_inode() 2008-02-07 08:42:27 -08:00
fat iget: stop FAT from using iget() and read_inode() 2008-02-07 08:42:28 -08:00
freevxfs iget: stop FreeVXFS from using iget() and read_inode() 2008-02-07 08:42:28 -08:00
fuse iget: stop FUSE from using iget() and read_inode() 2008-02-07 08:42:28 -08:00
gfs2 iget: use iget_failed() in GFS2 2008-02-07 08:42:27 -08:00
hfs hfs: update comment to reflect actual init and exit routines 2008-02-06 10:41:05 -08:00
hfsplus iget: stop HFSPLUS from using iget() and read_inode() 2008-02-07 08:42:28 -08:00
hostfs iget: stop HOSTFS from using iget() and read_inode() 2008-02-07 08:42:29 -08:00
hpfs
hppfs iget: stop HPPFS from using iget() and read_inode() 2008-02-07 08:42:29 -08:00
hugetlbfs hugetlb: allow sticky directory mount option 2008-02-05 09:44:14 -08:00
isofs iget: stop ISOFS from using read_inode() 2008-02-07 08:42:28 -08:00
jbd make jbd/journal.c:__journal_abort_hard() static 2008-02-06 10:41:20 -08:00
jbd2 BKL-removal: remove incorrect comment refering to lock_kernel() from jbd/jbd2 2008-02-06 10:41:20 -08:00
jffs2 Merge git://git.infradead.org/mtd-2.6 2008-02-07 10:20:31 -08:00
jfs BKL-removal: Implement a compat_ioctl handler for JFS 2008-02-07 13:45:29 -06:00
lockd NLM: tear down RPC clients in nlm_shutdown_hosts 2008-02-01 16:42:15 -05:00
minix iget: stop the MINIX filesystem from using iget() and read_inode() 2008-02-07 08:42:28 -08:00
msdos
ncpfs NCPFS: update diagnostic strings to match routine names. 2008-02-06 10:41:05 -08:00
nfs NFS: Fix a potential file corruption issue when writing 2008-02-07 19:20:20 -05:00
nfs_common
nfsd Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p) 2008-02-07 08:42:26 -08:00
nls sparse pointer use of zero as null 2007-10-18 14:37:31 -07:00
ntfs is_vmalloc_addr(): Check if an address is within the vmalloc boundaries 2008-02-05 09:44:14 -08:00
ocfs2 ocfs2: Negotiate locking protocol versions. 2008-02-06 16:11:29 -08:00
openpromfs iget: stop OPENPROMFS from using iget() and read_inode() 2008-02-07 08:42:29 -08:00
partitions Block: Fix whole_disk attribute bug 2008-02-07 11:31:46 -08:00
proc proc: fix ->open'less usage due to ->proc_fops flip 2008-02-08 09:22:24 -08:00
qnx4 iget: stop QNX4 from using iget() and read_inode() 2008-02-07 08:42:28 -08:00
ramfs
reiserfs Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p) 2008-02-07 08:42:26 -08:00
romfs iget: stop ROMFS from using iget() and read_inode() 2008-02-07 08:42:28 -08:00
smbfs smbfs: fix calculation of kernel_recvmsg size parameter in smb_receive() 2008-02-06 10:41:02 -08:00
sysfs sysfs: remove BUG_ON() from sysfs_remove_group() 2008-02-07 11:31:46 -08:00
sysv iget: stop the SYSV filesystem from using iget() and read_inode() 2008-02-07 08:42:29 -08:00
udf
ufs iget: stop UFS from using iget() and read_inode() 2008-02-07 08:42:29 -08:00
vfat Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p) 2008-02-07 08:42:26 -08:00
xfs Merge branch 'for-linus' of git://oss.sgi.com:8090/xfs/xfs-2.6 2008-02-07 19:12:12 -08:00
aio.c core: remove last users of empty FASTCALL macro 2008-01-30 13:31:17 +01:00
anon_inodes.c
attr.c VFS: make notify_change pass ATTR_KILL_S*ID to setattr operations 2007-10-18 14:37:22 -07:00
bad_inode.c iget: introduce a function to register iget failure 2008-02-07 08:42:26 -08:00
binfmt_aout.c Sanitize the type of struct user.u_ar0 2008-02-07 08:42:30 -08:00
binfmt_elf_fdpic.c pid namespaces: changes to show virtual ids to user 2007-10-19 11:53:40 -07:00
binfmt_elf.c brk randomization: introduce CONFIG_COMPAT_BRK 2008-02-06 22:39:44 +01:00
binfmt_em86.c Convert files to UTF-8 and some cleanups 2007-10-19 23:21:04 +02:00
binfmt_flat.c
binfmt_misc.c Convert files to UTF-8 and some cleanups 2007-10-19 23:21:04 +02:00
binfmt_script.c Convert files to UTF-8 and some cleanups 2007-10-19 23:21:04 +02:00
binfmt_som.c
bio.c __bio_clone: don't calculate hw/phys segment counts 2008-01-28 10:04:46 +01:00
block_dev.c kill an unused PTR_ERR in bdev_cache_init() 2008-02-06 10:41:06 -08:00
buffer.c bufferhead: revert constructor removal 2008-02-05 09:44:14 -08:00
char_dev.c Kobject: rename kobject_init_ng() to kobject_init() 2008-01-24 20:40:38 -08:00
compat_binfmt_elf.c x86: compat_binfmt_elf 2008-01-30 13:31:46 +01:00
compat_ioctl.c dm ioctl: move compat code 2008-02-08 02:09:56 +00:00
compat.c fs: remove dead config CONFIG_HAS_COMPAT_EPOLL_EVENT symbol 2008-02-06 10:41:03 -08:00
dcache.c inotify: remove debug code 2008-02-06 10:41:07 -08:00
dcookies.c
direct-io.c Pagecache zeroing: zero_user_segment, zero_user_segments and zero_user 2008-02-05 09:44:13 -08:00
dnotify.c
dquot.c quota: improve inode list scanning in add_dquot_ref() 2008-02-06 10:41:07 -08:00
drop_caches.c
eventfd.c fs/eventfd.c should #include <linux/syscalls.h> 2008-02-06 10:41:03 -08:00
eventpoll.c lockdep: annotate epoll 2008-02-05 09:44:07 -08:00
exec.c exec: rework the group exit and fix the race with kill 2008-02-05 09:44:07 -08:00
fcntl.c pid namespaces: changes to show virtual ids to user 2007-10-19 11:53:40 -07:00
fifo.c
file_table.c fs/file_table.c: use list_for_each_entry() instead of list_for_each() 2007-10-19 11:53:38 -07:00
file.c get rid of NR_OPEN and introduce a sysctl_nr_open 2008-02-06 10:41:06 -08:00
filesystems.c
fs-writeback.c fs: use list_for_each_entry_reverse and kill sb_entry 2008-02-06 10:41:05 -08:00
generic_acl.c
inode.c iget: remove iget() and the read_inode() super op as being obsolete 2008-02-07 08:42:29 -08:00
inotify_user.c inotify: fix check for one-shot watches before destroying them 2008-02-08 09:22:22 -08:00
inotify.c inotify: remove debug code 2008-02-06 10:41:07 -08:00
internal.h
ioctl.c VFS: factor out three helpers for FIBMAP/FIONBIO/FIOASYNC file ioctls 2008-02-07 08:42:16 -08:00
ioprio.c cfq-iosched: relax IOPRIO_CLASS_IDLE restrictions 2008-01-28 11:38:15 +01:00
Kconfig SUNRPC xptrdma: simplify build configuration 2008-02-07 19:58:08 -05:00
Kconfig.binfmt x86: compat_binfmt_elf Kconfig 2008-01-30 13:31:46 +01:00
libfs.c Pagecache zeroing: zero_user_segment, zero_user_segments and zero_user 2008-02-05 09:44:13 -08:00
locks.c pid-namespaces-vs-locks-interaction 2008-02-03 17:51:36 -05:00
Makefile x86: compat_binfmt_elf Kconfig 2008-01-30 13:31:46 +01:00
mbcache.c fs: Fix to correct the mbcache entries counter 2007-10-25 15:18:29 -07:00
mpage.c Pagecache zeroing: zero_user_segment, zero_user_segments and zero_user 2008-02-05 09:44:13 -08:00
namei.c inotify: send IN_ATTRIB events when link count changes 2008-02-06 10:41:05 -08:00
namespace.c Use ilog2() in fs/namespace.c 2008-02-06 10:41:09 -08:00
nfsctl.c
no-block.c
open.c mark sys_open/sys_read exports unused 2007-11-14 18:45:42 -08:00
pipe.c
pnode.c MNT_UNBINDABLE fix 2008-02-06 10:41:02 -08:00
pnode.h [PATCH] new helpers - collect_mounts() and release_collected_mounts() 2007-10-21 02:37:25 -04:00
posix_acl.c
quota_v1.c
quota_v2.c
quota.c Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p) 2008-02-07 08:42:26 -08:00
read_write.c ext4: export iov_shorten from kernel for ext4's use 2008-01-28 23:58:27 -05:00
read_write.h
readdir.c Use mutex_lock_killable in vfs_readdir 2007-12-06 17:39:54 -05:00
select.c make sys_poll() wait at least timeout ms 2008-02-06 10:41:09 -08:00
seq_file.c
signalfd.c fs/signalfd.c should #include <linux/syscalls.h> 2008-02-06 10:41:03 -08:00
splice.c splice: always updated atime in direct splice 2008-02-01 09:26:32 +01:00
stack.c
stat.c
super.c Convert files to UTF-8 and some cleanups 2007-10-19 23:21:04 +02:00
sync.c
timerfd.c timerfd: new timerfd API 2008-02-05 09:44:07 -08:00
utimes.c fs/utimes.c should #include <linux/syscalls.h> 2008-02-06 10:41:03 -08:00
xattr_acl.c
xattr.c VFS: Reorder vfs_getxattr to avoid unnecessary calls to the LSM 2008-02-05 09:44:20 -08:00