[PATCH] 9p: fix segfault caused by race condition in meta-data operations

Running dbench multithreaded exposed a race condition where fid structures were removed while in use. This patch adds semaphores to meta-data operations to protect the fid structure. Some cleanup of error-case handling in the inode operations is also included. Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Eric Van Hensbergen <ericvh@gmail.com> 2007-01-26 03:57:06 -0500
committer: Linus Torvalds <torvalds@woody.linux-foundation.org> 2007-01-26 16:51:00 -0500
commit: da977b2c7eb4d6312f063a7b486f2aad99809710 (patch)
tree: bb8a2afc766c16e3349e03dfb8a706dca6408395 /fs/9p/vfs_inode.c
parent: ff76e1dfc8728278ee231feeb93146f9c57c3ec3 (diff)
1 files changed, 118 insertions, 86 deletions
diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c
index 05d30e89ba45..9109ba1d6969 100644
--- a/fs/9p/vfs_inode.c
+++ b/fs/9p/vfs_inode.c
@@ -416,12 +416,8 @@ static int v9fs_remove(struct inode *dir, struct dentry *file, int rmdir)
        sb = file_inode->i_sb;
        v9ses = v9fs_inode2v9ses(file_inode);
        v9fid = v9fs_fid_lookup(file);
+        if(IS_ERR(v9fid))
-        if (!v9fid) {
+                return PTR_ERR(v9fid);
-                dprintk(DEBUG_ERROR,
-                        "no v9fs_fid\n");
-                return -EBADF;
-        }
        fid = v9fid->fid;
        if (fid < 0) {
@@ -433,11 +429,13 @@ static int v9fs_remove(struct inode *dir, struct dentry *file, int rmdir)
        result = v9fs_t_remove(v9ses, fid, &fcall);
        if (result < 0) {
                PRINT_FCALL_ERROR("remove fails", fcall);
+                goto Error;
        }
        v9fs_put_idpool(fid, &v9ses->fidpool);
        v9fs_fid_destroy(v9fid);
+Error:
        kfree(fcall);
        return result;
 }
@@ -473,9 +471,13 @@ v9fs_vfs_create(struct inode *dir, struct dentry *dentry, int mode,
        inode = NULL;
        vfid = NULL;
        v9ses = v9fs_inode2v9ses(dir);
-        dfid = v9fs_fid_lookup(dentry->d_parent);
+        dfid = v9fs_fid_clone(dentry->d_parent);
-        perm = unixmode2p9mode(v9ses, mode);
+        if(IS_ERR(dfid)) {
+                err = PTR_ERR(dfid);
+                goto error;
+        }
+        perm = unixmode2p9mode(v9ses, mode);
        if (nd && nd->flags & LOOKUP_OPEN)
                flags = nd->intent.open.flags - 1;
        else
@@ -485,9 +487,10 @@ v9fs_vfs_create(struct inode *dir, struct dentry *dentry, int mode,
                perm, v9fs_uflags2omode(flags), NULL, &fid, &qid, &iounit);
        if (err)
-                goto error;
+                goto clunk_dfid;
        vfid = v9fs_clone_walk(v9ses, dfid->fid, dentry);
+        v9fs_fid_clunk(v9ses, dfid);
        if (IS_ERR(vfid)) {
                err = PTR_ERR(vfid);
                vfid = NULL;
@@ -525,6 +528,9 @@ v9fs_vfs_create(struct inode *dir, struct dentry *dentry, int mode,
        return 0;
+clunk_dfid:
+        v9fs_fid_clunk(v9ses, dfid);
 error:
        if (vfid)
                v9fs_fid_destroy(vfid);
@@ -551,7 +557,12 @@ static int v9fs_vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
        inode = NULL;
        vfid = NULL;
        v9ses = v9fs_inode2v9ses(dir);
-        dfid = v9fs_fid_lookup(dentry->d_parent);
+        dfid = v9fs_fid_clone(dentry->d_parent);
+        if(IS_ERR(dfid)) {
+                err = PTR_ERR(dfid);
+                goto error;
+        }
        perm = unixmode2p9mode(v9ses, mode | S_IFDIR);
        err = v9fs_create(v9ses, dfid->fid, (char *) dentry->d_name.name,
@@ -559,37 +570,36 @@ static int v9fs_vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
        if (err) {
                dprintk(DEBUG_ERROR, "create error %d\n", err);
-                goto error;
+                goto clean_up_dfid;
-        }
-        err = v9fs_t_clunk(v9ses, fid);
-        if (err) {
-                dprintk(DEBUG_ERROR, "clunk error %d\n", err);
-                goto error;
        }
        vfid = v9fs_clone_walk(v9ses, dfid->fid, dentry);
        if (IS_ERR(vfid)) {
                err = PTR_ERR(vfid);
                vfid = NULL;
-                goto error;
+                goto clean_up_dfid;
        }
+        v9fs_fid_clunk(v9ses, dfid);
        inode = v9fs_inode_from_fid(v9ses, vfid->fid, dir->i_sb);
        if (IS_ERR(inode)) {
                err = PTR_ERR(inode);
                inode = NULL;
-                goto error;
+                goto clean_up_fids;
        }
        dentry->d_op = &v9fs_dentry_operations;
        d_instantiate(dentry, inode);
        return 0;
-error:
+clean_up_fids:
        if (vfid)
                v9fs_fid_destroy(vfid);
+clean_up_dfid:
+        v9fs_fid_clunk(v9ses, dfid);
+error:
        return err;
 }
@@ -622,28 +632,23 @@ static struct dentry *v9fs_vfs_lookup(struct inode *dir, struct dentry *dentry,
        dentry->d_op = &v9fs_dentry_operations;
        dirfid = v9fs_fid_lookup(dentry->d_parent);
-        if (!dirfid) {
+        if(IS_ERR(dirfid))
-                dprintk(DEBUG_ERROR, "no dirfid\n");
+                return ERR_PTR(PTR_ERR(dirfid));
-                return ERR_PTR(-EINVAL);
-        }
        dirfidnum = dirfid->fid;
-        if (dirfidnum < 0) {
-                dprintk(DEBUG_ERROR, "no dirfid for inode %p, #%lu\n",
-                        dir, dir->i_ino);
-                return ERR_PTR(-EBADF);
-        }
        newfid = v9fs_get_idpool(&v9ses->fidpool);
        if (newfid < 0) {
                eprintk(KERN_WARNING, "newfid fails!\n");
-                return ERR_PTR(-ENOSPC);
+                result = -ENOSPC;
+                goto Release_Dirfid;
        }
        result = v9fs_t_walk(v9ses, dirfidnum, newfid,
                (char *)dentry->d_name.name, &fcall);
+        up(&dirfid->lock);
        if (result < 0) {
                if (fcall && fcall->id == RWALK)
                        v9fs_t_clunk(v9ses, newfid);
@@ -701,8 +706,12 @@ static struct dentry *v9fs_vfs_lookup(struct inode *dir, struct dentry *dentry,
        return NULL;
-      FreeFcall:
+Release_Dirfid:
+        up(&dirfid->lock);
+FreeFcall:
        kfree(fcall);
        return ERR_PTR(result);
 }
@@ -746,10 +755,8 @@ v9fs_vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
        struct inode *old_inode = old_dentry->d_inode;
        struct v9fs_session_info *v9ses = v9fs_inode2v9ses(old_inode);
        struct v9fs_fid *oldfid = v9fs_fid_lookup(old_dentry);
-        struct v9fs_fid *olddirfid =
+        struct v9fs_fid *olddirfid;
-            v9fs_fid_lookup(old_dentry->d_parent);
+        struct v9fs_fid *newdirfid;
-        struct v9fs_fid *newdirfid =
-            v9fs_fid_lookup(new_dentry->d_parent);
        struct v9fs_wstat wstat;
        struct v9fs_fcall *fcall = NULL;
        int fid = -1;
@@ -759,16 +766,26 @@ v9fs_vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
        dprintk(DEBUG_VFS, "\n");
-        if ((!oldfid) || (!olddirfid) || (!newdirfid)) {
+        if(IS_ERR(oldfid))
-                dprintk(DEBUG_ERROR, "problem with arguments\n");
+                return PTR_ERR(oldfid);
-                return -EBADF;
+        olddirfid = v9fs_fid_clone(old_dentry->d_parent);
+        if(IS_ERR(olddirfid)) {
+                retval = PTR_ERR(olddirfid);
+                goto Release_lock;
+        }
+        newdirfid = v9fs_fid_clone(new_dentry->d_parent);
+        if(IS_ERR(newdirfid)) {
+                retval = PTR_ERR(newdirfid);
+                goto Clunk_olddir;
        }
        /* 9P can only handle file rename in the same directory */
        if (memcmp(&olddirfid->qid, &newdirfid->qid, sizeof(newdirfid->qid))) {
                dprintk(DEBUG_ERROR, "old dir and new dir are different\n");
                retval = -EXDEV;
-                goto FreeFcallnBail;
+                goto Clunk_newdir;
        }
        fid = oldfid->fid;
@@ -779,7 +796,7 @@ v9fs_vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
                dprintk(DEBUG_ERROR, "no fid for old file #%lu\n",
                        old_inode->i_ino);
                retval = -EBADF;
-                goto FreeFcallnBail;
+                goto Clunk_newdir;
        }
        v9fs_blank_wstat(&wstat);
@@ -788,11 +805,20 @@ v9fs_vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
        retval = v9fs_t_wstat(v9ses, fid, &wstat, &fcall);
-      FreeFcallnBail:
        if (retval < 0)
                PRINT_FCALL_ERROR("wstat error", fcall);
        kfree(fcall);
+Clunk_newdir:
+        v9fs_fid_clunk(v9ses, newdirfid);
+Clunk_olddir:
+        v9fs_fid_clunk(v9ses, olddirfid);
+Release_lock:
+        up(&oldfid->lock);
        return retval;
 }
@@ -810,15 +836,12 @@ v9fs_vfs_getattr(struct vfsmount *mnt, struct dentry *dentry,
 {
        struct v9fs_fcall *fcall = NULL;
        struct v9fs_session_info *v9ses = v9fs_inode2v9ses(dentry->d_inode);
-        struct v9fs_fid *fid = v9fs_fid_lookup(dentry);
+        struct v9fs_fid *fid = v9fs_fid_clone(dentry);
        int err = -EPERM;
        dprintk(DEBUG_VFS, "dentry: %p\n", dentry);
-        if (!fid) {
+        if(IS_ERR(fid))
-                dprintk(DEBUG_ERROR,
+                return PTR_ERR(fid);
-                        "couldn't find fid associated with dentry\n");
-                return -EBADF;
-        }
        err = v9fs_t_stat(v9ses, fid->fid, &fcall);
@@ -831,6 +854,7 @@ v9fs_vfs_getattr(struct vfsmount *mnt, struct dentry *dentry,
        }
        kfree(fcall);
+        v9fs_fid_clunk(v9ses, fid);
        return err;
 }
@@ -844,18 +868,14 @@ v9fs_vfs_getattr(struct vfsmount *mnt, struct dentry *dentry,
 static int v9fs_vfs_setattr(struct dentry *dentry, struct iattr *iattr)
 {
        struct v9fs_session_info *v9ses = v9fs_inode2v9ses(dentry->d_inode);
-        struct v9fs_fid *fid = v9fs_fid_lookup(dentry);
+        struct v9fs_fid *fid = v9fs_fid_clone(dentry);
        struct v9fs_fcall *fcall = NULL;
        struct v9fs_wstat wstat;
        int res = -EPERM;
        dprintk(DEBUG_VFS, "\n");
+        if(IS_ERR(fid))
-        if (!fid) {
+                return PTR_ERR(fid);
-                dprintk(DEBUG_ERROR,
-                        "Couldn't find fid associated with dentry\n");
-                return -EBADF;
-        }
        v9fs_blank_wstat(&wstat);
        if (iattr->ia_valid & ATTR_MODE)
@@ -887,6 +907,7 @@ static int v9fs_vfs_setattr(struct dentry *dentry, struct iattr *iattr)
        if (res >= 0)
                res = inode_setattr(dentry->d_inode, iattr);
+        v9fs_fid_clunk(v9ses, fid);
        return res;
 }
@@ -987,18 +1008,15 @@ static int v9fs_readlink(struct dentry *dentry, char *buffer, int buflen)
        struct v9fs_fcall *fcall = NULL;
        struct v9fs_session_info *v9ses = v9fs_inode2v9ses(dentry->d_inode);
-        struct v9fs_fid *fid = v9fs_fid_lookup(dentry);
+        struct v9fs_fid *fid = v9fs_fid_clone(dentry);
-        if (!fid) {
+        if(IS_ERR(fid))
-                dprintk(DEBUG_ERROR, "could not resolve fid from dentry\n");
+                return PTR_ERR(fid);
-                retval = -EBADF;
-                goto FreeFcall;
-        }
        if (!v9ses->extended) {
                retval = -EBADF;
                dprintk(DEBUG_ERROR, "not extended\n");
-                goto FreeFcall;
+                goto ClunkFid;
        }
        dprintk(DEBUG_VFS, " %s\n", dentry->d_name.name);
@@ -1009,8 +1027,10 @@ static int v9fs_readlink(struct dentry *dentry, char *buffer, int buflen)
                goto FreeFcall;
        }
-        if (!fcall)
+        if (!fcall) {
-                return -EIO;
+                retval = -EIO;
+                goto ClunkFid;
+        }
        if (!(fcall->params.rstat.stat.mode & V9FS_DMSYMLINK)) {
                retval = -EINVAL;
@@ -1028,9 +1048,12 @@ static int v9fs_readlink(struct dentry *dentry, char *buffer, int buflen)
                fcall->params.rstat.stat.extension.str, buffer);
        retval = buflen;
-      FreeFcall:
+FreeFcall:
        kfree(fcall);
+ClunkFid:
+        v9fs_fid_clunk(v9ses, fid);
        return retval;
 }
@@ -1123,52 +1146,58 @@ static int v9fs_vfs_mkspecial(struct inode *dir, struct dentry *dentry,
        int err;
        u32 fid, perm;
        struct v9fs_session_info *v9ses;
-        struct v9fs_fid *dfid, *vfid;
+        struct v9fs_fid *dfid, *vfid = NULL;
-        struct inode *inode;
+        struct inode *inode = NULL;
-        inode = NULL;
-        vfid = NULL;
        v9ses = v9fs_inode2v9ses(dir);
-        dfid = v9fs_fid_lookup(dentry->d_parent);
-        perm = unixmode2p9mode(v9ses, mode);
        if (!v9ses->extended) {
                dprintk(DEBUG_ERROR, "not extended\n");
                return -EPERM;
        }
+        dfid = v9fs_fid_clone(dentry->d_parent);
+        if(IS_ERR(dfid)) {
+                err = PTR_ERR(dfid);
+                goto error;
+        }
+        perm = unixmode2p9mode(v9ses, mode);
        err = v9fs_create(v9ses, dfid->fid, (char *) dentry->d_name.name,
                perm, V9FS_OREAD, (char *) extension, &fid, NULL, NULL);
        if (err)
-                goto error;
+                goto clunk_dfid;
        err = v9fs_t_clunk(v9ses, fid);
        if (err)
-                goto error;
+                goto clunk_dfid;
        vfid = v9fs_clone_walk(v9ses, dfid->fid, dentry);
        if (IS_ERR(vfid)) {
                err = PTR_ERR(vfid);
                vfid = NULL;
-                goto error;
+                goto clunk_dfid;
        }
        inode = v9fs_inode_from_fid(v9ses, vfid->fid, dir->i_sb);
        if (IS_ERR(inode)) {
                err = PTR_ERR(inode);
                inode = NULL;
-                goto error;
+                goto free_vfid;
        }
        dentry->d_op = &v9fs_dentry_operations;
        d_instantiate(dentry, inode);
        return 0;
-error:
+free_vfid:
-        if (vfid)
+        v9fs_fid_destroy(vfid);
-                v9fs_fid_destroy(vfid);
+clunk_dfid:
+        v9fs_fid_clunk(v9ses, dfid);
+error:
        return err;
 }
@@ -1209,26 +1238,29 @@ v9fs_vfs_link(struct dentry *old_dentry, struct inode *dir,
              struct dentry *dentry)
 {
        int retval;
+        struct v9fs_session_info *v9ses = v9fs_inode2v9ses(dir);
        struct v9fs_fid *oldfid;
        char *name;
        dprintk(DEBUG_VFS, " %lu,%s,%s\n", dir->i_ino, dentry->d_name.name,
                old_dentry->d_name.name);
-        oldfid = v9fs_fid_lookup(old_dentry);
+        oldfid = v9fs_fid_clone(old_dentry);
-        if (!oldfid) {
+        if(IS_ERR(oldfid))
-                dprintk(DEBUG_ERROR, "can't find oldfid\n");
+                return PTR_ERR(oldfid);
-                return -EPERM;
-        }
        name = __getname();
-        if (unlikely(!name))
+        if (unlikely(!name)) {
-                return -ENOMEM;
+                retval = -ENOMEM;
+                goto clunk_fid;
+        }
        sprintf(name, "%d\n", oldfid->fid);
        retval = v9fs_vfs_mkspecial(dir, dentry, V9FS_DMLINK, name);
        __putname(name);
+clunk_fid:
+        v9fs_fid_clunk(v9ses, oldfid);
        return retval;
 }
author	Eric Van Hensbergen <ericvh@gmail.com>	2007-01-26 03:57:06 -0500
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>	2007-01-26 16:51:00 -0500
commit	da977b2c7eb4d6312f063a7b486f2aad99809710 (patch)
tree	bb8a2afc766c16e3349e03dfb8a706dca6408395 /fs/9p/vfs_inode.c
parent	ff76e1dfc8728278ee231feeb93146f9c57c3ec3 (diff)

diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c index 05d30e89ba45..9109ba1d6969 100644 --- a/fs/9p/vfs_inode.c +++ b/fs/9p/vfs_inode.c
@@ -416,12 +416,8 @@ static int v9fs_remove(struct inode dir, struct dentry file, int rmdir)
416	sb = file_inode->i_sb;	416	sb = file_inode->i_sb;
417	v9ses = v9fs_inode2v9ses(file_inode);	417	v9ses = v9fs_inode2v9ses(file_inode);
418	v9fid = v9fs_fid_lookup(file);	418	v9fid = v9fs_fid_lookup(file);
419		419	if(IS_ERR(v9fid))
420	if (!v9fid) {	420	return PTR_ERR(v9fid);
421	dprintk(DEBUG_ERROR,
422	"no v9fs_fid\n");
423	return -EBADF;
424	}
425		421
426	fid = v9fid->fid;	422	fid = v9fid->fid;
427	if (fid < 0) {	423	if (fid < 0) {
@@ -433,11 +429,13 @@ static int v9fs_remove(struct inode dir, struct dentry file, int rmdir)
433	result = v9fs_t_remove(v9ses, fid, &fcall);	429	result = v9fs_t_remove(v9ses, fid, &fcall);
434	if (result < 0) {	430	if (result < 0) {
435	PRINT_FCALL_ERROR("remove fails", fcall);	431	PRINT_FCALL_ERROR("remove fails", fcall);
		432	goto Error;
436	}	433	}
437		434
438	v9fs_put_idpool(fid, &v9ses->fidpool);	435	v9fs_put_idpool(fid, &v9ses->fidpool);
439	v9fs_fid_destroy(v9fid);	436	v9fs_fid_destroy(v9fid);
440		437
		438	Error:
441	kfree(fcall);	439	kfree(fcall);
442	return result;	440	return result;
443	}	441	}
@@ -473,9 +471,13 @@ v9fs_vfs_create(struct inode dir, struct dentry dentry, int mode,
473	inode = NULL;	471	inode = NULL;
474	vfid = NULL;	472	vfid = NULL;
475	v9ses = v9fs_inode2v9ses(dir);	473	v9ses = v9fs_inode2v9ses(dir);
476	dfid = v9fs_fid_lookup(dentry->d_parent);	474	dfid = v9fs_fid_clone(dentry->d_parent);
477	perm = unixmode2p9mode(v9ses, mode);	475	if(IS_ERR(dfid)) {
		476	err = PTR_ERR(dfid);
		477	goto error;
		478	}
478		479
		480	perm = unixmode2p9mode(v9ses, mode);
479	if (nd && nd->flags & LOOKUP_OPEN)	481	if (nd && nd->flags & LOOKUP_OPEN)
480	flags = nd->intent.open.flags - 1;	482	flags = nd->intent.open.flags - 1;
481	else	483	else
@@ -485,9 +487,10 @@ v9fs_vfs_create(struct inode dir, struct dentry dentry, int mode,
485	perm, v9fs_uflags2omode(flags), NULL, &fid, &qid, &iounit);	487	perm, v9fs_uflags2omode(flags), NULL, &fid, &qid, &iounit);
486		488
487	if (err)	489	if (err)
488	goto error;	490	goto clunk_dfid;
489		491
490	vfid = v9fs_clone_walk(v9ses, dfid->fid, dentry);	492	vfid = v9fs_clone_walk(v9ses, dfid->fid, dentry);
		493	v9fs_fid_clunk(v9ses, dfid);
491	if (IS_ERR(vfid)) {	494	if (IS_ERR(vfid)) {
492	err = PTR_ERR(vfid);	495	err = PTR_ERR(vfid);
493	vfid = NULL;	496	vfid = NULL;
@@ -525,6 +528,9 @@ v9fs_vfs_create(struct inode dir, struct dentry dentry, int mode,
525		528
526	return 0;	529	return 0;
527		530
		531	clunk_dfid:
		532	v9fs_fid_clunk(v9ses, dfid);
		533
528	error:	534	error:
529	if (vfid)	535	if (vfid)
530	v9fs_fid_destroy(vfid);	536	v9fs_fid_destroy(vfid);
@@ -551,7 +557,12 @@ static int v9fs_vfs_mkdir(struct inode dir, struct dentry dentry, int mode)
551	inode = NULL;	557	inode = NULL;
552	vfid = NULL;	558	vfid = NULL;
553	v9ses = v9fs_inode2v9ses(dir);	559	v9ses = v9fs_inode2v9ses(dir);
554	dfid = v9fs_fid_lookup(dentry->d_parent);	560	dfid = v9fs_fid_clone(dentry->d_parent);
		561	if(IS_ERR(dfid)) {
		562	err = PTR_ERR(dfid);
		563	goto error;
		564	}
		565
555	perm = unixmode2p9mode(v9ses, mode \| S_IFDIR);	566	perm = unixmode2p9mode(v9ses, mode \| S_IFDIR);
556		567
557	err = v9fs_create(v9ses, dfid->fid, (char *) dentry->d_name.name,	568	err = v9fs_create(v9ses, dfid->fid, (char *) dentry->d_name.name,
@@ -559,37 +570,36 @@ static int v9fs_vfs_mkdir(struct inode dir, struct dentry dentry, int mode)
559		570
560	if (err) {	571	if (err) {
561	dprintk(DEBUG_ERROR, "create error %d\n", err);	572	dprintk(DEBUG_ERROR, "create error %d\n", err);
562	goto error;	573	goto clean_up_dfid;
563	}
564
565	err = v9fs_t_clunk(v9ses, fid);
566	if (err) {
567	dprintk(DEBUG_ERROR, "clunk error %d\n", err);
568	goto error;
569	}	574	}
570		575
571	vfid = v9fs_clone_walk(v9ses, dfid->fid, dentry);	576	vfid = v9fs_clone_walk(v9ses, dfid->fid, dentry);
572	if (IS_ERR(vfid)) {	577	if (IS_ERR(vfid)) {
573	err = PTR_ERR(vfid);	578	err = PTR_ERR(vfid);
574	vfid = NULL;	579	vfid = NULL;
575	goto error;	580	goto clean_up_dfid;
576	}	581	}
577		582
		583	v9fs_fid_clunk(v9ses, dfid);
578	inode = v9fs_inode_from_fid(v9ses, vfid->fid, dir->i_sb);	584	inode = v9fs_inode_from_fid(v9ses, vfid->fid, dir->i_sb);
579	if (IS_ERR(inode)) {	585	if (IS_ERR(inode)) {
580	err = PTR_ERR(inode);	586	err = PTR_ERR(inode);
581	inode = NULL;	587	inode = NULL;
582	goto error;	588	goto clean_up_fids;
583	}	589	}
584		590
585	dentry->d_op = &v9fs_dentry_operations;	591	dentry->d_op = &v9fs_dentry_operations;
586	d_instantiate(dentry, inode);	592	d_instantiate(dentry, inode);
587	return 0;	593	return 0;
588		594
589	error:	595	clean_up_fids:
590	if (vfid)	596	if (vfid)
591	v9fs_fid_destroy(vfid);	597	v9fs_fid_destroy(vfid);
592		598
		599	clean_up_dfid:
		600	v9fs_fid_clunk(v9ses, dfid);
		601
		602	error:
593	return err;	603	return err;
594	}	604	}
595		605
@@ -622,28 +632,23 @@ static struct dentry v9fs_vfs_lookup(struct inode dir, struct dentry *dentry,
622	dentry->d_op = &v9fs_dentry_operations;	632	dentry->d_op = &v9fs_dentry_operations;
623	dirfid = v9fs_fid_lookup(dentry->d_parent);	633	dirfid = v9fs_fid_lookup(dentry->d_parent);
624		634
625	if (!dirfid) {	635	if(IS_ERR(dirfid))
626	dprintk(DEBUG_ERROR, "no dirfid\n");	636	return ERR_PTR(PTR_ERR(dirfid));
627	return ERR_PTR(-EINVAL);
628	}
629		637
630	dirfidnum = dirfid->fid;	638	dirfidnum = dirfid->fid;
631		639
632	if (dirfidnum < 0) {
633	dprintk(DEBUG_ERROR, "no dirfid for inode %p, #%lu\n",
634	dir, dir->i_ino);
635	return ERR_PTR(-EBADF);
636	}
637
638	newfid = v9fs_get_idpool(&v9ses->fidpool);	640	newfid = v9fs_get_idpool(&v9ses->fidpool);
639	if (newfid < 0) {	641	if (newfid < 0) {
640	eprintk(KERN_WARNING, "newfid fails!\n");	642	eprintk(KERN_WARNING, "newfid fails!\n");
641	return ERR_PTR(-ENOSPC);	643	result = -ENOSPC;
		644	goto Release_Dirfid;
642	}	645	}
643		646
644	result = v9fs_t_walk(v9ses, dirfidnum, newfid,	647	result = v9fs_t_walk(v9ses, dirfidnum, newfid,
645	(char *)dentry->d_name.name, &fcall);	648	(char *)dentry->d_name.name, &fcall);
646		649
		650	up(&dirfid->lock);
		651
647	if (result < 0) {	652	if (result < 0) {
648	if (fcall && fcall->id == RWALK)	653	if (fcall && fcall->id == RWALK)
649	v9fs_t_clunk(v9ses, newfid);	654	v9fs_t_clunk(v9ses, newfid);
@@ -701,8 +706,12 @@ static struct dentry v9fs_vfs_lookup(struct inode dir, struct dentry *dentry,
701		706
702	return NULL;	707	return NULL;
703		708
704	FreeFcall:	709	Release_Dirfid:
		710	up(&dirfid->lock);
		711
		712	FreeFcall:
705	kfree(fcall);	713	kfree(fcall);
		714
706	return ERR_PTR(result);	715	return ERR_PTR(result);
707	}	716	}
708		717
@@ -746,10 +755,8 @@ v9fs_vfs_rename(struct inode old_dir, struct dentry old_dentry,
746	struct inode *old_inode = old_dentry->d_inode;	755	struct inode *old_inode = old_dentry->d_inode;
747	struct v9fs_session_info *v9ses = v9fs_inode2v9ses(old_inode);	756	struct v9fs_session_info *v9ses = v9fs_inode2v9ses(old_inode);
748	struct v9fs_fid *oldfid = v9fs_fid_lookup(old_dentry);	757	struct v9fs_fid *oldfid = v9fs_fid_lookup(old_dentry);
749	struct v9fs_fid *olddirfid =	758	struct v9fs_fid *olddirfid;
750	v9fs_fid_lookup(old_dentry->d_parent);	759	struct v9fs_fid *newdirfid;
751	struct v9fs_fid *newdirfid =
752	v9fs_fid_lookup(new_dentry->d_parent);
753	struct v9fs_wstat wstat;	760	struct v9fs_wstat wstat;
754	struct v9fs_fcall *fcall = NULL;	761	struct v9fs_fcall *fcall = NULL;
755	int fid = -1;	762	int fid = -1;
@@ -759,16 +766,26 @@ v9fs_vfs_rename(struct inode old_dir, struct dentry old_dentry,
759		766
760	dprintk(DEBUG_VFS, "\n");	767	dprintk(DEBUG_VFS, "\n");
761		768
762	if ((!oldfid) \|\| (!olddirfid) \|\| (!newdirfid)) {	769	if(IS_ERR(oldfid))
763	dprintk(DEBUG_ERROR, "problem with arguments\n");	770	return PTR_ERR(oldfid);
764	return -EBADF;	771
		772	olddirfid = v9fs_fid_clone(old_dentry->d_parent);
		773	if(IS_ERR(olddirfid)) {
		774	retval = PTR_ERR(olddirfid);
		775	goto Release_lock;
		776	}
		777
		778	newdirfid = v9fs_fid_clone(new_dentry->d_parent);
		779	if(IS_ERR(newdirfid)) {
		780	retval = PTR_ERR(newdirfid);
		781	goto Clunk_olddir;
765	}	782	}
766		783
767	/* 9P can only handle file rename in the same directory */	784	/* 9P can only handle file rename in the same directory */
768	if (memcmp(&olddirfid->qid, &newdirfid->qid, sizeof(newdirfid->qid))) {	785	if (memcmp(&olddirfid->qid, &newdirfid->qid, sizeof(newdirfid->qid))) {
769	dprintk(DEBUG_ERROR, "old dir and new dir are different\n");	786	dprintk(DEBUG_ERROR, "old dir and new dir are different\n");
770	retval = -EXDEV;	787	retval = -EXDEV;
771	goto FreeFcallnBail;	788	goto Clunk_newdir;
772	}	789	}
773		790
774	fid = oldfid->fid;	791	fid = oldfid->fid;
@@ -779,7 +796,7 @@ v9fs_vfs_rename(struct inode old_dir, struct dentry old_dentry,
779	dprintk(DEBUG_ERROR, "no fid for old file #%lu\n",	796	dprintk(DEBUG_ERROR, "no fid for old file #%lu\n",
780	old_inode->i_ino);	797	old_inode->i_ino);
781	retval = -EBADF;	798	retval = -EBADF;
782	goto FreeFcallnBail;	799	goto Clunk_newdir;
783	}	800	}
784		801
785	v9fs_blank_wstat(&wstat);	802	v9fs_blank_wstat(&wstat);
@@ -788,11 +805,20 @@ v9fs_vfs_rename(struct inode old_dir, struct dentry old_dentry,
788		805
789	retval = v9fs_t_wstat(v9ses, fid, &wstat, &fcall);	806	retval = v9fs_t_wstat(v9ses, fid, &wstat, &fcall);
790		807
791	FreeFcallnBail:
792	if (retval < 0)	808	if (retval < 0)
793	PRINT_FCALL_ERROR("wstat error", fcall);	809	PRINT_FCALL_ERROR("wstat error", fcall);
794		810
795	kfree(fcall);	811	kfree(fcall);
		812
		813	Clunk_newdir:
		814	v9fs_fid_clunk(v9ses, newdirfid);
		815
		816	Clunk_olddir:
		817	v9fs_fid_clunk(v9ses, olddirfid);
		818
		819	Release_lock:
		820	up(&oldfid->lock);
		821
796	return retval;	822	return retval;
797	}	823	}
798		824
@@ -810,15 +836,12 @@ v9fs_vfs_getattr(struct vfsmount mnt, struct dentry dentry,
810	{	836	{
811	struct v9fs_fcall *fcall = NULL;	837	struct v9fs_fcall *fcall = NULL;
812	struct v9fs_session_info *v9ses = v9fs_inode2v9ses(dentry->d_inode);	838	struct v9fs_session_info *v9ses = v9fs_inode2v9ses(dentry->d_inode);
813	struct v9fs_fid *fid = v9fs_fid_lookup(dentry);	839	struct v9fs_fid *fid = v9fs_fid_clone(dentry);
814	int err = -EPERM;	840	int err = -EPERM;
815		841
816	dprintk(DEBUG_VFS, "dentry: %p\n", dentry);	842	dprintk(DEBUG_VFS, "dentry: %p\n", dentry);
817	if (!fid) {	843	if(IS_ERR(fid))
818	dprintk(DEBUG_ERROR,	844	return PTR_ERR(fid);
819	"couldn't find fid associated with dentry\n");
820	return -EBADF;
821	}
822		845
823	err = v9fs_t_stat(v9ses, fid->fid, &fcall);	846	err = v9fs_t_stat(v9ses, fid->fid, &fcall);
824		847
@@ -831,6 +854,7 @@ v9fs_vfs_getattr(struct vfsmount mnt, struct dentry dentry,
831	}	854	}
832		855
833	kfree(fcall);	856	kfree(fcall);
		857	v9fs_fid_clunk(v9ses, fid);
834	return err;	858	return err;
835	}	859	}
836		860
@@ -844,18 +868,14 @@ v9fs_vfs_getattr(struct vfsmount mnt, struct dentry dentry,
844	static int v9fs_vfs_setattr(struct dentry dentry, struct iattr iattr)	868	static int v9fs_vfs_setattr(struct dentry dentry, struct iattr iattr)
845	{	869	{
846	struct v9fs_session_info *v9ses = v9fs_inode2v9ses(dentry->d_inode);	870	struct v9fs_session_info *v9ses = v9fs_inode2v9ses(dentry->d_inode);
847	struct v9fs_fid *fid = v9fs_fid_lookup(dentry);	871	struct v9fs_fid *fid = v9fs_fid_clone(dentry);
848	struct v9fs_fcall *fcall = NULL;	872	struct v9fs_fcall *fcall = NULL;
849	struct v9fs_wstat wstat;	873	struct v9fs_wstat wstat;
850	int res = -EPERM;	874	int res = -EPERM;
851		875
852	dprintk(DEBUG_VFS, "\n");	876	dprintk(DEBUG_VFS, "\n");
853		877	if(IS_ERR(fid))
854	if (!fid) {	878	return PTR_ERR(fid);
855	dprintk(DEBUG_ERROR,
856	"Couldn't find fid associated with dentry\n");
857	return -EBADF;
858	}
859		879
860	v9fs_blank_wstat(&wstat);	880	v9fs_blank_wstat(&wstat);
861	if (iattr->ia_valid & ATTR_MODE)	881	if (iattr->ia_valid & ATTR_MODE)
@@ -887,6 +907,7 @@ static int v9fs_vfs_setattr(struct dentry dentry, struct iattr iattr)
887	if (res >= 0)	907	if (res >= 0)
888	res = inode_setattr(dentry->d_inode, iattr);	908	res = inode_setattr(dentry->d_inode, iattr);
889		909
		910	v9fs_fid_clunk(v9ses, fid);
890	return res;	911	return res;
891	}	912	}
892		913
@@ -987,18 +1008,15 @@ static int v9fs_readlink(struct dentry dentry, char buffer, int buflen)
987		1008
988	struct v9fs_fcall *fcall = NULL;	1009	struct v9fs_fcall *fcall = NULL;
989	struct v9fs_session_info *v9ses = v9fs_inode2v9ses(dentry->d_inode);	1010	struct v9fs_session_info *v9ses = v9fs_inode2v9ses(dentry->d_inode);
990	struct v9fs_fid *fid = v9fs_fid_lookup(dentry);	1011	struct v9fs_fid *fid = v9fs_fid_clone(dentry);
991		1012
992	if (!fid) {	1013	if(IS_ERR(fid))
993	dprintk(DEBUG_ERROR, "could not resolve fid from dentry\n");	1014	return PTR_ERR(fid);
994	retval = -EBADF;
995	goto FreeFcall;
996	}
997		1015
998	if (!v9ses->extended) {	1016	if (!v9ses->extended) {
999	retval = -EBADF;	1017	retval = -EBADF;
1000	dprintk(DEBUG_ERROR, "not extended\n");	1018	dprintk(DEBUG_ERROR, "not extended\n");
1001	goto FreeFcall;	1019	goto ClunkFid;
1002	}	1020	}
1003		1021
1004	dprintk(DEBUG_VFS, " %s\n", dentry->d_name.name);	1022	dprintk(DEBUG_VFS, " %s\n", dentry->d_name.name);
@@ -1009,8 +1027,10 @@ static int v9fs_readlink(struct dentry dentry, char buffer, int buflen)
1009	goto FreeFcall;	1027	goto FreeFcall;
1010	}	1028	}
1011		1029
1012	if (!fcall)	1030	if (!fcall) {
1013	return -EIO;	1031	retval = -EIO;
		1032	goto ClunkFid;
		1033	}
1014		1034
1015	if (!(fcall->params.rstat.stat.mode & V9FS_DMSYMLINK)) {	1035	if (!(fcall->params.rstat.stat.mode & V9FS_DMSYMLINK)) {
1016	retval = -EINVAL;	1036	retval = -EINVAL;
@@ -1028,9 +1048,12 @@ static int v9fs_readlink(struct dentry dentry, char buffer, int buflen)
1028	fcall->params.rstat.stat.extension.str, buffer);	1048	fcall->params.rstat.stat.extension.str, buffer);
1029	retval = buflen;	1049	retval = buflen;
1030		1050
1031	FreeFcall:	1051	FreeFcall:
1032	kfree(fcall);	1052	kfree(fcall);
1033		1053
		1054	ClunkFid:
		1055	v9fs_fid_clunk(v9ses, fid);
		1056
1034	return retval;	1057	return retval;
1035	}	1058	}
1036		1059
@@ -1123,52 +1146,58 @@ static int v9fs_vfs_mkspecial(struct inode dir, struct dentry dentry,
1123	int err;	1146	int err;
1124	u32 fid, perm;	1147	u32 fid, perm;
1125	struct v9fs_session_info *v9ses;	1148	struct v9fs_session_info *v9ses;
1126	struct v9fs_fid dfid, vfid;	1149	struct v9fs_fid dfid, vfid = NULL;
1127	struct inode *inode;	1150	struct inode *inode = NULL;
1128		1151
1129	inode = NULL;
1130	vfid = NULL;
1131	v9ses = v9fs_inode2v9ses(dir);	1152	v9ses = v9fs_inode2v9ses(dir);
1132	dfid = v9fs_fid_lookup(dentry->d_parent);
1133	perm = unixmode2p9mode(v9ses, mode);
1134
1135	if (!v9ses->extended) {	1153	if (!v9ses->extended) {
1136	dprintk(DEBUG_ERROR, "not extended\n");	1154	dprintk(DEBUG_ERROR, "not extended\n");
1137	return -EPERM;	1155	return -EPERM;
1138	}	1156	}
1139		1157
		1158	dfid = v9fs_fid_clone(dentry->d_parent);
		1159	if(IS_ERR(dfid)) {
		1160	err = PTR_ERR(dfid);
		1161	goto error;
		1162	}
		1163
		1164	perm = unixmode2p9mode(v9ses, mode);
		1165
1140	err = v9fs_create(v9ses, dfid->fid, (char *) dentry->d_name.name,	1166	err = v9fs_create(v9ses, dfid->fid, (char *) dentry->d_name.name,
1141	perm, V9FS_OREAD, (char *) extension, &fid, NULL, NULL);	1167	perm, V9FS_OREAD, (char *) extension, &fid, NULL, NULL);
1142		1168
1143	if (err)	1169	if (err)
1144	goto error;	1170	goto clunk_dfid;
1145		1171
1146	err = v9fs_t_clunk(v9ses, fid);	1172	err = v9fs_t_clunk(v9ses, fid);
1147	if (err)	1173	if (err)
1148	goto error;	1174	goto clunk_dfid;
1149		1175
1150	vfid = v9fs_clone_walk(v9ses, dfid->fid, dentry);	1176	vfid = v9fs_clone_walk(v9ses, dfid->fid, dentry);
1151	if (IS_ERR(vfid)) {	1177	if (IS_ERR(vfid)) {
1152	err = PTR_ERR(vfid);	1178	err = PTR_ERR(vfid);
1153	vfid = NULL;	1179	vfid = NULL;
1154	goto error;	1180	goto clunk_dfid;
1155	}	1181	}
1156		1182
1157	inode = v9fs_inode_from_fid(v9ses, vfid->fid, dir->i_sb);	1183	inode = v9fs_inode_from_fid(v9ses, vfid->fid, dir->i_sb);
1158	if (IS_ERR(inode)) {	1184	if (IS_ERR(inode)) {
1159	err = PTR_ERR(inode);	1185	err = PTR_ERR(inode);
1160	inode = NULL;	1186	inode = NULL;
1161	goto error;	1187	goto free_vfid;
1162	}	1188	}
1163		1189
1164	dentry->d_op = &v9fs_dentry_operations;	1190	dentry->d_op = &v9fs_dentry_operations;
1165	d_instantiate(dentry, inode);	1191	d_instantiate(dentry, inode);
1166	return 0;	1192	return 0;
1167		1193
1168	error:	1194	free_vfid:
1169	if (vfid)	1195	v9fs_fid_destroy(vfid);
1170	v9fs_fid_destroy(vfid);	1196
		1197	clunk_dfid:
		1198	v9fs_fid_clunk(v9ses, dfid);
1171		1199
		1200	error:
1172	return err;	1201	return err;
1173		1202
1174	}	1203	}
@@ -1209,26 +1238,29 @@ v9fs_vfs_link(struct dentry old_dentry, struct inode dir,
1209	struct dentry *dentry)	1238	struct dentry *dentry)
1210	{	1239	{
1211	int retval;	1240	int retval;
		1241	struct v9fs_session_info *v9ses = v9fs_inode2v9ses(dir);
1212	struct v9fs_fid *oldfid;	1242	struct v9fs_fid *oldfid;
1213	char *name;	1243	char *name;
1214		1244
1215	dprintk(DEBUG_VFS, " %lu,%s,%s\n", dir->i_ino, dentry->d_name.name,	1245	dprintk(DEBUG_VFS, " %lu,%s,%s\n", dir->i_ino, dentry->d_name.name,
1216	old_dentry->d_name.name);	1246	old_dentry->d_name.name);
1217		1247
1218	oldfid = v9fs_fid_lookup(old_dentry);	1248	oldfid = v9fs_fid_clone(old_dentry);
1219	if (!oldfid) {	1249	if(IS_ERR(oldfid))
1220	dprintk(DEBUG_ERROR, "can't find oldfid\n");	1250	return PTR_ERR(oldfid);
1221	return -EPERM;
1222	}
1223		1251
1224	name = __getname();	1252	name = __getname();
1225	if (unlikely(!name))	1253	if (unlikely(!name)) {
1226	return -ENOMEM;	1254	retval = -ENOMEM;
		1255	goto clunk_fid;
		1256	}
1227		1257
1228	sprintf(name, "%d\n", oldfid->fid);	1258	sprintf(name, "%d\n", oldfid->fid);
1229	retval = v9fs_vfs_mkspecial(dir, dentry, V9FS_DMLINK, name);	1259	retval = v9fs_vfs_mkspecial(dir, dentry, V9FS_DMLINK, name);
1230	__putname(name);	1260	__putname(name);
1231		1261
		1262	clunk_fid:
		1263	v9fs_fid_clunk(v9ses, oldfid);
1232	return retval;	1264	return retval;
1233	}	1265	}
1234		1266