From 70d9e384aa7df681cfffd65947af72b22e86690e Mon Sep 17 00:00:00 2001 From: Davidlohr Bueso Date: Tue, 6 Jul 2010 00:50:58 -0400 Subject: omfs: fix memory leak In the error path of omfs_fill_super(), the FS super block info (sbi) is not being freed. Correct this. Signed-off-by: Davidlohr Bueso Signed-off-by: Bob Copeland --- fs/omfs/inode.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'fs/omfs') diff --git a/fs/omfs/inode.c b/fs/omfs/inode.c index 089839a6cc64..b5d6380e03fb 100644 --- a/fs/omfs/inode.c +++ b/fs/omfs/inode.c @@ -529,6 +529,8 @@ out_brelse_bh2: out_brelse_bh: brelse(bh); end: + if (ret) + kfree(sbi); return ret; } -- cgit v1.2.2 From f068272cb2f134a194b93e94a8e0672bfce48cd8 Mon Sep 17 00:00:00 2001 From: Bob Copeland Date: Sat, 6 Sep 2008 17:51:53 -0400 Subject: omfs: check bounds on block numbers before passing to sb_bread In case of filesystem corruption, passing unchecked block numbers into sb_bread can result in an infinite loop in __getblk(). Introduce a wrapper function omfs_sbread() to check the block numbers and to also perform the clus_to_blk() scaling. Signed-off-by: Bob Copeland --- fs/omfs/dir.c | 22 ++++++++-------------- fs/omfs/file.c | 8 ++++---- fs/omfs/inode.c | 27 ++++++++++++++++----------- fs/omfs/omfs.h | 1 + 4 files changed, 29 insertions(+), 29 deletions(-) (limited to 'fs/omfs') diff --git a/fs/omfs/dir.c b/fs/omfs/dir.c index b42d62419034..393f3f659da7 100644 --- a/fs/omfs/dir.c +++ b/fs/omfs/dir.c @@ -25,11 +25,10 @@ static struct buffer_head *omfs_get_bucket(struct inode *dir, const char *name, int namelen, int *ofs) { int nbuckets = (dir->i_size - OMFS_DIR_START)/8; - int block = clus_to_blk(OMFS_SB(dir->i_sb), dir->i_ino); int bucket = omfs_hash(name, namelen, nbuckets); *ofs = OMFS_DIR_START + bucket * 8; - return sb_bread(dir->i_sb, block); + return omfs_bread(dir->i_sb, dir->i_ino); } static struct buffer_head *omfs_scan_list(struct inode *dir, u64 block, @@ -42,8 +41,7 @@ static struct buffer_head *omfs_scan_list(struct inode *dir, u64 block, *prev_block = ~0; while (block != ~0) { - bh = sb_bread(dir->i_sb, - clus_to_blk(OMFS_SB(dir->i_sb), block)); + bh = omfs_bread(dir->i_sb, block); if (!bh) { err = -EIO; goto err; @@ -86,11 +84,10 @@ static struct buffer_head *omfs_find_entry(struct inode *dir, int omfs_make_empty(struct inode *inode, struct super_block *sb) { struct omfs_sb_info *sbi = OMFS_SB(sb); - int block = clus_to_blk(sbi, inode->i_ino); struct buffer_head *bh; struct omfs_inode *oi; - bh = sb_bread(sb, block); + bh = omfs_bread(sb, inode->i_ino); if (!bh) return -ENOMEM; @@ -134,7 +131,7 @@ static int omfs_add_link(struct dentry *dentry, struct inode *inode) brelse(bh); /* now set the sibling and parent pointers on the new inode */ - bh = sb_bread(dir->i_sb, clus_to_blk(OMFS_SB(dir->i_sb), inode->i_ino)); + bh = omfs_bread(dir->i_sb, inode->i_ino); if (!bh) goto out; @@ -190,8 +187,7 @@ static int omfs_delete_entry(struct dentry *dentry) if (prev != ~0) { /* found in middle of list, get list ptr */ brelse(bh); - bh = sb_bread(dir->i_sb, - clus_to_blk(OMFS_SB(dir->i_sb), prev)); + bh = omfs_bread(dir->i_sb, prev); if (!bh) goto out; @@ -224,8 +220,7 @@ static int omfs_dir_is_empty(struct inode *inode) u64 *ptr; int i; - bh = sb_bread(inode->i_sb, clus_to_blk(OMFS_SB(inode->i_sb), - inode->i_ino)); + bh = omfs_bread(inode->i_sb, inode->i_ino); if (!bh) return 0; @@ -353,8 +348,7 @@ static int omfs_fill_chain(struct file *filp, void *dirent, filldir_t filldir, /* follow chain in this bucket */ while (fsblock != ~0) { - bh = sb_bread(dir->i_sb, clus_to_blk(OMFS_SB(dir->i_sb), - fsblock)); + bh = omfs_bread(dir->i_sb, fsblock); if (!bh) goto out; @@ -466,7 +460,7 @@ static int omfs_readdir(struct file *filp, void *dirent, filldir_t filldir) hchain = (filp->f_pos >> 20) - 1; hindex = filp->f_pos & 0xfffff; - bh = sb_bread(dir->i_sb, clus_to_blk(OMFS_SB(dir->i_sb), dir->i_ino)); + bh = omfs_bread(dir->i_sb, dir->i_ino); if (!bh) goto out; diff --git a/fs/omfs/file.c b/fs/omfs/file.c index 6e7a3291bbe8..76bc21b91a8a 100644 --- a/fs/omfs/file.c +++ b/fs/omfs/file.c @@ -50,7 +50,7 @@ int omfs_shrink_inode(struct inode *inode) if (inode->i_size != 0) goto out; - bh = sb_bread(inode->i_sb, clus_to_blk(sbi, next)); + bh = omfs_bread(inode->i_sb, next); if (!bh) goto out; @@ -90,7 +90,7 @@ int omfs_shrink_inode(struct inode *inode) if (next == ~0) break; - bh = sb_bread(inode->i_sb, clus_to_blk(sbi, next)); + bh = omfs_bread(inode->i_sb, next); if (!bh) goto out; oe = (struct omfs_extent *) (&bh->b_data[OMFS_EXTENT_CONT]); @@ -232,7 +232,7 @@ static int omfs_get_block(struct inode *inode, sector_t block, int remain; ret = -EIO; - bh = sb_bread(inode->i_sb, clus_to_blk(sbi, inode->i_ino)); + bh = omfs_bread(inode->i_sb, inode->i_ino); if (!bh) goto out; @@ -265,7 +265,7 @@ static int omfs_get_block(struct inode *inode, sector_t block, break; brelse(bh); - bh = sb_bread(inode->i_sb, clus_to_blk(sbi, next)); + bh = omfs_bread(inode->i_sb, next); if (!bh) goto out; oe = (struct omfs_extent *) (&bh->b_data[OMFS_EXTENT_CONT]); diff --git a/fs/omfs/inode.c b/fs/omfs/inode.c index b5d6380e03fb..bd4bf753a63b 100644 --- a/fs/omfs/inode.c +++ b/fs/omfs/inode.c @@ -19,6 +19,15 @@ MODULE_AUTHOR("Bob Copeland "); MODULE_DESCRIPTION("OMFS (ReplayTV/Karma) Filesystem for Linux"); MODULE_LICENSE("GPL"); +struct buffer_head *omfs_bread(struct super_block *sb, sector_t block) +{ + struct omfs_sb_info *sbi = OMFS_SB(sb); + if (block >= sbi->s_num_blocks) + return NULL; + + return sb_bread(sb, clus_to_blk(sbi, block)); +} + struct inode *omfs_new_inode(struct inode *dir, int mode) { struct inode *inode; @@ -93,15 +102,13 @@ static int __omfs_write_inode(struct inode *inode, int wait) struct omfs_inode *oi; struct omfs_sb_info *sbi = OMFS_SB(inode->i_sb); struct buffer_head *bh, *bh2; - unsigned int block; u64 ctime; int i; int ret = -EIO; int sync_failed = 0; /* get current inode since we may have written sibling ptrs etc. */ - block = clus_to_blk(sbi, inode->i_ino); - bh = sb_bread(inode->i_sb, block); + bh = omfs_bread(inode->i_sb, inode->i_ino); if (!bh) goto out; @@ -140,8 +147,7 @@ static int __omfs_write_inode(struct inode *inode, int wait) /* if mirroring writes, copy to next fsblock */ for (i = 1; i < sbi->s_mirrors; i++) { - bh2 = sb_bread(inode->i_sb, block + i * - (sbi->s_blocksize / sbi->s_sys_blocksize)); + bh2 = omfs_bread(inode->i_sb, inode->i_ino + i); if (!bh2) goto out_brelse; @@ -193,7 +199,6 @@ struct inode *omfs_iget(struct super_block *sb, ino_t ino) struct omfs_sb_info *sbi = OMFS_SB(sb); struct omfs_inode *oi; struct buffer_head *bh; - unsigned int block; u64 ctime; unsigned long nsecs; struct inode *inode; @@ -204,8 +209,7 @@ struct inode *omfs_iget(struct super_block *sb, ino_t ino) if (!(inode->i_state & I_NEW)) return inode; - block = clus_to_blk(sbi, ino); - bh = sb_bread(inode->i_sb, block); + bh = omfs_bread(inode->i_sb, ino); if (!bh) goto iget_failed; @@ -319,6 +323,9 @@ static int omfs_get_imap(struct super_block *sb) goto nomem; block = clus_to_blk(sbi, sbi->s_bitmap_ino); + if (block >= sbi->s_num_blocks) + goto nomem; + ptr = sbi->s_imap; for (count = bitmap_size; count > 0; count -= sb->s_blocksize) { bh = sb_bread(sb, block++); @@ -417,7 +424,6 @@ static int omfs_fill_super(struct super_block *sb, void *data, int silent) struct omfs_root_block *omfs_rb; struct omfs_sb_info *sbi; struct inode *root; - sector_t start; int ret = -EINVAL; save_mount_options(sb, (char *) data); @@ -486,8 +492,7 @@ static int omfs_fill_super(struct super_block *sb, void *data, int silent) sbi->s_block_shift = get_bitmask_order(sbi->s_blocksize) - get_bitmask_order(sbi->s_sys_blocksize); - start = clus_to_blk(sbi, be64_to_cpu(omfs_sb->s_root_block)); - bh2 = sb_bread(sb, start); + bh2 = omfs_bread(sb, be64_to_cpu(omfs_sb->s_root_block)); if (!bh2) goto out_brelse_bh; diff --git a/fs/omfs/omfs.h b/fs/omfs/omfs.h index ebe2fdbe535e..7d414fef501a 100644 --- a/fs/omfs/omfs.h +++ b/fs/omfs/omfs.h @@ -58,6 +58,7 @@ extern void omfs_make_empty_table(struct buffer_head *bh, int offset); extern int omfs_shrink_inode(struct inode *inode); /* inode.c */ +extern struct buffer_head *omfs_bread(struct super_block *sb, sector_t block); extern struct inode *omfs_iget(struct super_block *sb, ino_t inode); extern struct inode *omfs_new_inode(struct inode *dir, int mode); extern int omfs_reserve_block(struct super_block *sb, sector_t block); -- cgit v1.2.2 From 9442e54f433eff9b6fbd0836611df4c1919df370 Mon Sep 17 00:00:00 2001 From: Bob Copeland Date: Thu, 14 Aug 2008 18:43:59 -0400 Subject: omfs: refuse to mount if bitmap pointer is obviously wrong If the free space bitmap pointer is corrupted such that it lies outside of the number of blocks in the filesystem, print a message and fail the mount so the user can fix it offline. Signed-off-by: Bob Copeland --- fs/omfs/inode.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'fs/omfs') diff --git a/fs/omfs/inode.c b/fs/omfs/inode.c index bd4bf753a63b..0af5d0af9f32 100644 --- a/fs/omfs/inode.c +++ b/fs/omfs/inode.c @@ -509,6 +509,15 @@ static int omfs_fill_super(struct super_block *sb, void *data, int silent) goto out_brelse_bh2; } + if (sbi->s_bitmap_ino != ~0ULL && + sbi->s_bitmap_ino > sbi->s_num_blocks) { + printk(KERN_ERR "omfs: free space bitmap location is corrupt " + "(%llx, total blocks %llx)\n", + (unsigned long long) sbi->s_bitmap_ino, + (unsigned long long) sbi->s_num_blocks); + goto out_brelse_bh2; + } + ret = omfs_get_imap(sb); if (ret) goto out_brelse_bh2; -- cgit v1.2.2 From 8800a044c71a128633cf3febaf4780531a991334 Mon Sep 17 00:00:00 2001 From: Bob Copeland Date: Tue, 6 Jul 2010 11:16:46 -0400 Subject: omfs: sanity check cluster size A corrupt filesystem could have a bad cluster size; this could result in the filesystem allocating too much space for files if too large, or getting stuck in omfs_allocate_block if too small. The proper range is 1-8 blocks. Reported-by: Eric Sesterhenn Signed-off-by: Bob Copeland --- fs/omfs/inode.c | 6 ++++++ fs/omfs/omfs_fs.h | 1 + 2 files changed, 7 insertions(+) (limited to 'fs/omfs') diff --git a/fs/omfs/inode.c b/fs/omfs/inode.c index 0af5d0af9f32..579d33fedddd 100644 --- a/fs/omfs/inode.c +++ b/fs/omfs/inode.c @@ -517,6 +517,12 @@ static int omfs_fill_super(struct super_block *sb, void *data, int silent) (unsigned long long) sbi->s_num_blocks); goto out_brelse_bh2; } + if (sbi->s_clustersize < 1 || + sbi->s_clustersize > OMFS_MAX_CLUSTER_SIZE) { + printk(KERN_ERR "omfs: cluster size out of range (%d)", + sbi->s_clustersize); + goto out_brelse_bh2; + } ret = omfs_get_imap(sb); if (ret) diff --git a/fs/omfs/omfs_fs.h b/fs/omfs/omfs_fs.h index 12cca245d6e8..ee5e4327de92 100644 --- a/fs/omfs/omfs_fs.h +++ b/fs/omfs/omfs_fs.h @@ -17,6 +17,7 @@ #define OMFS_EXTENT_CONT 0x40 #define OMFS_XOR_COUNT 19 #define OMFS_MAX_BLOCK_SIZE 8192 +#define OMFS_MAX_CLUSTER_SIZE 8 struct omfs_super_block { char s_fill1[256]; -- cgit v1.2.2 From ffc18879903e55487bc5ac3c774b99a07de06029 Mon Sep 17 00:00:00 2001 From: Bill Pemberton Date: Tue, 3 Aug 2010 15:19:30 -0400 Subject: omfs: fix uninitialized variable warning quiet the warning: fs/omfs/file.c: In function 'omfs_get_block': fs/omfs/file.c:225: warning: 'new_block' may be used uninitialized in this function new_block is used properly by the call to omfs_grow_extent() Signed-off-by: Bill Pemberton Signed-off-by: Bob Copeland --- fs/omfs/file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'fs/omfs') diff --git a/fs/omfs/file.c b/fs/omfs/file.c index 76bc21b91a8a..d821d468e5a2 100644 --- a/fs/omfs/file.c +++ b/fs/omfs/file.c @@ -222,7 +222,7 @@ static int omfs_get_block(struct inode *inode, sector_t block, struct buffer_head *bh; sector_t next, offset; int ret; - u64 new_block; + u64 uninitialized_var(new_block); u32 max_extents; int extent_count; struct omfs_extent *oe; -- cgit v1.2.2 From 155130a4f7848b1aac439cab6bda1a175507c71c Mon Sep 17 00:00:00 2001 From: Christoph Hellwig Date: Fri, 4 Jun 2010 11:29:58 +0200 Subject: get rid of block_write_begin_newtrunc Move the call to vmtruncate to get rid of accessive blocks to the callers in preparation of the new truncate sequence and rename the non-truncating version to block_write_begin. While we're at it also remove several unused arguments to block_write_begin. Signed-off-by: Christoph Hellwig Signed-off-by: Al Viro --- fs/omfs/file.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'fs/omfs') diff --git a/fs/omfs/file.c b/fs/omfs/file.c index 6e7a3291bbe8..810cff346468 100644 --- a/fs/omfs/file.c +++ b/fs/omfs/file.c @@ -312,9 +312,17 @@ static int omfs_write_begin(struct file *file, struct address_space *mapping, loff_t pos, unsigned len, unsigned flags, struct page **pagep, void **fsdata) { - *pagep = NULL; - return block_write_begin(file, mapping, pos, len, flags, - pagep, fsdata, omfs_get_block); + int ret; + + ret = block_write_begin(mapping, pos, len, flags, pagep, + omfs_get_block); + if (unlikely(ret)) { + loff_t isize = mapping->host->i_size; + if (pos + len > isize) + vmtruncate(mapping->host, isize); + } + + return ret; } static sector_t omfs_bmap(struct address_space *mapping, sector_t block) -- cgit v1.2.2 From d39aae9ec447dda84d9a2850743a78a535a71c90 Mon Sep 17 00:00:00 2001 From: Christoph Hellwig Date: Fri, 4 Jun 2010 11:29:59 +0200 Subject: add missing setattr methods For the new truncate sequence every filesystem that wants to truncate on-disk state needs a seattr method. Convert the remaining filesystems that implement the truncate inode operation to have its own setattr method. Signed-off-by: Christoph Hellwig Signed-off-by: Al Viro --- fs/omfs/file.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'fs/omfs') diff --git a/fs/omfs/file.c b/fs/omfs/file.c index 810cff346468..78c9f0c1a2f3 100644 --- a/fs/omfs/file.c +++ b/fs/omfs/file.c @@ -341,7 +341,19 @@ const struct file_operations omfs_file_operations = { .splice_read = generic_file_splice_read, }; +static int omfs_setattr(struct dentry *dentry, struct iattr *attr) +{ + struct inode *inode = dentry->d_inode; + int error; + + error = inode_change_ok(inode, attr); + if (error) + return error; + return inode_setattr(inode, attr); +} + const struct inode_operations omfs_file_inops = { + .setattr = omfs_setattr, .truncate = omfs_truncate }; -- cgit v1.2.2 From 1025774ce411f2bd4b059ad7b53f0003569b74fa Mon Sep 17 00:00:00 2001 From: Christoph Hellwig Date: Fri, 4 Jun 2010 11:30:02 +0200 Subject: remove inode_setattr Replace inode_setattr with opencoded variants of it in all callers. This moves the remaining call to vmtruncate into the filesystem methods where it can be replaced with the proper truncate sequence. In a few cases it was obvious that we would never end up calling vmtruncate so it was left out in the opencoded variant: spufs: explicitly checks for ATTR_SIZE earlier btrfs,hugetlbfs,logfs,dlmfs: explicitly clears ATTR_SIZE earlier ufs: contains an opencoded simple_seattr + truncate that sets the filesize just above In addition to that ncpfs called inode_setattr with handcrafted iattrs, which allowed to trim down the opencoded variant. Signed-off-by: Christoph Hellwig Signed-off-by: Al Viro --- fs/omfs/file.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'fs/omfs') diff --git a/fs/omfs/file.c b/fs/omfs/file.c index 78c9f0c1a2f3..5542c284dc1c 100644 --- a/fs/omfs/file.c +++ b/fs/omfs/file.c @@ -349,7 +349,17 @@ static int omfs_setattr(struct dentry *dentry, struct iattr *attr) error = inode_change_ok(inode, attr); if (error) return error; - return inode_setattr(inode, attr); + + if ((attr->ia_valid & ATTR_SIZE) && + attr->ia_size != i_size_read(inode)) { + error = vmtruncate(inode, attr->ia_size); + if (error) + return error; + } + + setattr_copy(inode, attr); + mark_inode_dirty(inode); + return 0; } const struct inode_operations omfs_file_inops = { -- cgit v1.2.2 From 69c9e750176b409559b2361fbb28fa7bbf3c5461 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sun, 6 Jun 2010 10:12:01 -0400 Subject: switch omfs to ->evict_inode() Signed-off-by: Al Viro --- fs/omfs/inode.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'fs/omfs') diff --git a/fs/omfs/inode.c b/fs/omfs/inode.c index 089839a6cc64..56121debc22b 100644 --- a/fs/omfs/inode.c +++ b/fs/omfs/inode.c @@ -175,9 +175,13 @@ int omfs_sync_inode(struct inode *inode) * called when an entry is deleted, need to clear the bits in the * bitmaps. */ -static void omfs_delete_inode(struct inode *inode) +static void omfs_evict_inode(struct inode *inode) { truncate_inode_pages(&inode->i_data, 0); + end_writeback(inode); + + if (inode->i_nlink) + return; if (S_ISREG(inode->i_mode)) { inode->i_size = 0; @@ -185,7 +189,6 @@ static void omfs_delete_inode(struct inode *inode) } omfs_clear_range(inode->i_sb, inode->i_ino, 2); - clear_inode(inode); } struct inode *omfs_iget(struct super_block *sb, ino_t ino) @@ -284,7 +287,7 @@ static int omfs_statfs(struct dentry *dentry, struct kstatfs *buf) static const struct super_operations omfs_sops = { .write_inode = omfs_write_inode, - .delete_inode = omfs_delete_inode, + .evict_inode = omfs_evict_inode, .put_super = omfs_put_super, .statfs = omfs_statfs, .show_options = generic_show_options, -- cgit v1.2.2