diff options
| author | Joel Becker <joel.becker@oracle.com> | 2008-11-13 17:49:12 -0500 |
|---|---|---|
| committer | Mark Fasheh <mfasheh@suse.com> | 2009-01-05 11:36:52 -0500 |
| commit | 10995aa2451afa20b721cc7de856cae1a13dba57 (patch) | |
| tree | 63129e7d752fb018dc76aa42de136baa4a8a4232 /fs/ocfs2/alloc.c | |
| parent | b657c95c11088d77fc1bfc9c84d940f778bf9d12 (diff) | |
ocfs2: Morph the haphazard OCFS2_IS_VALID_DINODE() checks.
Random places in the code would check a dinode bh to see if it was
valid. Not only did they do different levels of validation, they
handled errors in different ways.
The previous commit unified inode block reads, validating all block
reads in the same place. Thus, these haphazard checks are no longer
necessary. Rather than eliminate them, however, we change them to
BUG_ON() checks. This ensures the assumptions remain true. All of the
code paths to these checks have been audited to ensure they come from a
validated inode read.
Signed-off-by: Joel Becker <joel.becker@oracle.com>
Signed-off-by: Mark Fasheh <mfasheh@suse.com>
Diffstat (limited to 'fs/ocfs2/alloc.c')
| -rw-r--r-- | fs/ocfs2/alloc.c | 50 |
1 files changed, 21 insertions, 29 deletions
diff --git a/fs/ocfs2/alloc.c b/fs/ocfs2/alloc.c index 9c598adc9475..320545b9fe12 100644 --- a/fs/ocfs2/alloc.c +++ b/fs/ocfs2/alloc.c | |||
| @@ -187,20 +187,12 @@ static int ocfs2_dinode_insert_check(struct inode *inode, | |||
| 187 | static int ocfs2_dinode_sanity_check(struct inode *inode, | 187 | static int ocfs2_dinode_sanity_check(struct inode *inode, |
| 188 | struct ocfs2_extent_tree *et) | 188 | struct ocfs2_extent_tree *et) |
| 189 | { | 189 | { |
| 190 | int ret = 0; | 190 | struct ocfs2_dinode *di = et->et_object; |
| 191 | struct ocfs2_dinode *di; | ||
| 192 | 191 | ||
| 193 | BUG_ON(et->et_ops != &ocfs2_dinode_et_ops); | 192 | BUG_ON(et->et_ops != &ocfs2_dinode_et_ops); |
| 193 | BUG_ON(!OCFS2_IS_VALID_DINODE(di)); | ||
| 194 | 194 | ||
| 195 | di = et->et_object; | 195 | return 0; |
| 196 | if (!OCFS2_IS_VALID_DINODE(di)) { | ||
| 197 | ret = -EIO; | ||
| 198 | ocfs2_error(inode->i_sb, | ||
| 199 | "Inode %llu has invalid path root", | ||
| 200 | (unsigned long long)OCFS2_I(inode)->ip_blkno); | ||
| 201 | } | ||
| 202 | |||
| 203 | return ret; | ||
| 204 | } | 196 | } |
| 205 | 197 | ||
| 206 | static void ocfs2_dinode_fill_root_el(struct ocfs2_extent_tree *et) | 198 | static void ocfs2_dinode_fill_root_el(struct ocfs2_extent_tree *et) |
| @@ -5380,13 +5372,13 @@ int ocfs2_truncate_log_append(struct ocfs2_super *osb, | |||
| 5380 | start_cluster = ocfs2_blocks_to_clusters(osb->sb, start_blk); | 5372 | start_cluster = ocfs2_blocks_to_clusters(osb->sb, start_blk); |
| 5381 | 5373 | ||
| 5382 | di = (struct ocfs2_dinode *) tl_bh->b_data; | 5374 | di = (struct ocfs2_dinode *) tl_bh->b_data; |
| 5383 | tl = &di->id2.i_dealloc; | ||
| 5384 | if (!OCFS2_IS_VALID_DINODE(di)) { | ||
| 5385 | OCFS2_RO_ON_INVALID_DINODE(osb->sb, di); | ||
| 5386 | status = -EIO; | ||
| 5387 | goto bail; | ||
| 5388 | } | ||
| 5389 | 5375 | ||
| 5376 | /* tl_bh is loaded from ocfs2_truncate_log_init(). It's validated | ||
| 5377 | * by the underlying call to ocfs2_read_inode_block(), so any | ||
| 5378 | * corruption is a code bug */ | ||
| 5379 | BUG_ON(!OCFS2_IS_VALID_DINODE(di)); | ||
| 5380 | |||
| 5381 | tl = &di->id2.i_dealloc; | ||
| 5390 | tl_count = le16_to_cpu(tl->tl_count); | 5382 | tl_count = le16_to_cpu(tl->tl_count); |
| 5391 | mlog_bug_on_msg(tl_count > ocfs2_truncate_recs_per_inode(osb->sb) || | 5383 | mlog_bug_on_msg(tl_count > ocfs2_truncate_recs_per_inode(osb->sb) || |
| 5392 | tl_count == 0, | 5384 | tl_count == 0, |
| @@ -5536,13 +5528,13 @@ int __ocfs2_flush_truncate_log(struct ocfs2_super *osb) | |||
| 5536 | BUG_ON(mutex_trylock(&tl_inode->i_mutex)); | 5528 | BUG_ON(mutex_trylock(&tl_inode->i_mutex)); |
| 5537 | 5529 | ||
| 5538 | di = (struct ocfs2_dinode *) tl_bh->b_data; | 5530 | di = (struct ocfs2_dinode *) tl_bh->b_data; |
| 5539 | tl = &di->id2.i_dealloc; | ||
| 5540 | if (!OCFS2_IS_VALID_DINODE(di)) { | ||
| 5541 | OCFS2_RO_ON_INVALID_DINODE(osb->sb, di); | ||
| 5542 | status = -EIO; | ||
| 5543 | goto out; | ||
| 5544 | } | ||
| 5545 | 5531 | ||
| 5532 | /* tl_bh is loaded from ocfs2_truncate_log_init(). It's validated | ||
| 5533 | * by the underlying call to ocfs2_read_inode_block(), so any | ||
| 5534 | * corruption is a code bug */ | ||
| 5535 | BUG_ON(!OCFS2_IS_VALID_DINODE(di)); | ||
| 5536 | |||
| 5537 | tl = &di->id2.i_dealloc; | ||
| 5546 | num_to_flush = le16_to_cpu(tl->tl_used); | 5538 | num_to_flush = le16_to_cpu(tl->tl_used); |
| 5547 | mlog(0, "Flush %u records from truncate log #%llu\n", | 5539 | mlog(0, "Flush %u records from truncate log #%llu\n", |
| 5548 | num_to_flush, (unsigned long long)OCFS2_I(tl_inode)->ip_blkno); | 5540 | num_to_flush, (unsigned long long)OCFS2_I(tl_inode)->ip_blkno); |
| @@ -5697,13 +5689,13 @@ int ocfs2_begin_truncate_log_recovery(struct ocfs2_super *osb, | |||
| 5697 | } | 5689 | } |
| 5698 | 5690 | ||
| 5699 | di = (struct ocfs2_dinode *) tl_bh->b_data; | 5691 | di = (struct ocfs2_dinode *) tl_bh->b_data; |
| 5700 | tl = &di->id2.i_dealloc; | ||
| 5701 | if (!OCFS2_IS_VALID_DINODE(di)) { | ||
| 5702 | OCFS2_RO_ON_INVALID_DINODE(tl_inode->i_sb, di); | ||
| 5703 | status = -EIO; | ||
| 5704 | goto bail; | ||
| 5705 | } | ||
| 5706 | 5692 | ||
| 5693 | /* tl_bh is loaded from ocfs2_get_truncate_log_info(). It's | ||
| 5694 | * validated by the underlying call to ocfs2_read_inode_block(), | ||
| 5695 | * so any corruption is a code bug */ | ||
| 5696 | BUG_ON(!OCFS2_IS_VALID_DINODE(di)); | ||
| 5697 | |||
| 5698 | tl = &di->id2.i_dealloc; | ||
| 5707 | if (le16_to_cpu(tl->tl_used)) { | 5699 | if (le16_to_cpu(tl->tl_used)) { |
| 5708 | mlog(0, "We'll have %u logs to recover\n", | 5700 | mlog(0, "We'll have %u logs to recover\n", |
| 5709 | le16_to_cpu(tl->tl_used)); | 5701 | le16_to_cpu(tl->tl_used)); |