fs/compat_ioctl: fix build when !BLOCK

[safe/jmp/linux-2.6] / fs / bfs / inode.c

diff --git a/fs/bfs/inode.c b/fs/bfs/inode.c
index a64a71d..cc4062d 100644 (file)
--- a/fs/bfs/inode.c
+++ b/fs/bfs/inode.c
@@ -32,17 +32,22 @@ MODULE_LICENSE("GPL");
 
 void dump_imap(const char *prefix, struct super_block *s);
 
-static void bfs_read_inode(struct inode *inode)
+struct inode *bfs_iget(struct super_block *sb, unsigned long ino)
 {
-       unsigned long ino = inode->i_ino;
        struct bfs_inode *di;
+       struct inode *inode;
        struct buffer_head *bh;
        int block, off;
 
+       inode = iget_locked(sb, ino);
+       if (IS_ERR(inode))
+               return ERR_PTR(-ENOMEM);
+       if (!(inode->i_state & I_NEW))
+               return inode;
+
        if ((ino < BFS_ROOT_INO) || (ino > BFS_SB(inode->i_sb)->si_lasti)) {
                printf("Bad inode number %s:%08lx\n", inode->i_sb->s_id, ino);
-               make_bad_inode(inode);
-               return;
+               goto error;
        }
 
        block = (ino - BFS_ROOT_INO) / BFS_INODES_PER_BLOCK + 1;
@@ -50,8 +55,7 @@ static void bfs_read_inode(struct inode *inode)
        if (!bh) {
                printf("Unable to read inode %s:%08lx\n", inode->i_sb->s_id,
                                                                        ino);
-               make_bad_inode(inode);
-               return;
+               goto error;
        }
 
        off = (ino - BFS_ROOT_INO) % BFS_INODES_PER_BLOCK;
@@ -85,6 +89,12 @@ static void bfs_read_inode(struct inode *inode)
        inode->i_ctime.tv_nsec = 0;
 
        brelse(bh);
+       unlock_new_inode(inode);
+       return inode;
+
+error:
+       iget_failed(inode);
+       return ERR_PTR(-EIO);
 }
 
 static int bfs_write_inode(struct inode *inode, int unused)
@@ -94,6 +104,7 @@ static int bfs_write_inode(struct inode *inode, int unused)
        struct bfs_inode *di;
        struct buffer_head *bh;
        int block, off;
+       struct bfs_sb_info *info = BFS_SB(inode->i_sb);
 
         dprintf("ino=%08x\n", ino);
 
@@ -102,13 +113,13 @@ static int bfs_write_inode(struct inode *inode, int unused)
                return -EIO;
        }
 
-       lock_kernel();
+       mutex_lock(&info->bfs_lock);
        block = (ino - BFS_ROOT_INO) / BFS_INODES_PER_BLOCK + 1;
        bh = sb_bread(inode->i_sb, block);
        if (!bh) {
                printf("Unable to read inode %s:%08x\n",
                                inode->i_sb->s_id, ino);
-               unlock_kernel();
+               mutex_unlock(&info->bfs_lock);
                return -EIO;
        }
 
@@ -135,7 +146,7 @@ static int bfs_write_inode(struct inode *inode, int unused)
 
        mark_buffer_dirty(bh);
        brelse(bh);
-       unlock_kernel();
+       mutex_unlock(&info->bfs_lock);
        return 0;
 }
 
@@ -160,7 +171,7 @@ static void bfs_delete_inode(struct inode *inode)
        
        inode->i_size = 0;
        inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME_SEC;
-       lock_kernel();
+       mutex_lock(&info->bfs_lock);
        mark_inode_dirty(inode);
 
        block = (ino - BFS_ROOT_INO) / BFS_INODES_PER_BLOCK + 1;
@@ -168,7 +179,7 @@ static void bfs_delete_inode(struct inode *inode)
        if (!bh) {
                printf("Unable to read inode %s:%08lx\n",
                                        inode->i_sb->s_id, ino);
-               unlock_kernel();
+               mutex_unlock(&info->bfs_lock);
                return;
        }
        off = (ino - BFS_ROOT_INO) % BFS_INODES_PER_BLOCK;
@@ -194,14 +205,19 @@ static void bfs_delete_inode(struct inode *inode)
                info->si_lf_eblk = bi->i_sblock - 1;
                mark_buffer_dirty(info->si_sbh);
        }
-       unlock_kernel();
+       mutex_unlock(&info->bfs_lock);
        clear_inode(inode);
 }
 
 static void bfs_put_super(struct super_block *s)
 {
        struct bfs_sb_info *info = BFS_SB(s);
+
+       if (!info)
+               return;
+
        brelse(info->si_sbh);
+       mutex_destroy(&info->bfs_lock);
        kfree(info->si_imap);
        kfree(info);
        s->s_fs_info = NULL;
@@ -226,11 +242,13 @@ static int bfs_statfs(struct dentry *dentry, struct kstatfs *buf)
 
 static void bfs_write_super(struct super_block *s)
 {
-       lock_kernel();
+       struct bfs_sb_info *info = BFS_SB(s);
+
+       mutex_lock(&info->bfs_lock);
        if (!(s->s_flags & MS_RDONLY))
-               mark_buffer_dirty(BFS_SB(s)->si_sbh);
+               mark_buffer_dirty(info->si_sbh);
        s->s_dirt = 0;
-       unlock_kernel();
+       mutex_unlock(&info->bfs_lock);
 }
 
 static struct kmem_cache *bfs_inode_cachep;
@@ -249,7 +267,7 @@ static void bfs_destroy_inode(struct inode *inode)
        kmem_cache_free(bfs_inode_cachep, BFS_I(inode));
 }
 
-static void init_once(struct kmem_cache *cachep, void *foo)
+static void init_once(void *foo)
 {
        struct bfs_inode_info *bi = foo;
 
@@ -276,7 +294,6 @@ static void destroy_inodecache(void)
 static const struct super_operations bfs_sops = {
        .alloc_inode    = bfs_alloc_inode,
        .destroy_inode  = bfs_destroy_inode,
-       .read_inode     = bfs_read_inode,
        .write_inode    = bfs_write_inode,
        .delete_inode   = bfs_delete_inode,
        .put_super      = bfs_put_super,
@@ -312,6 +329,8 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
        struct inode *inode;
        unsigned i, imap_len;
        struct bfs_sb_info *info;
+       long ret = -EINVAL;
+       unsigned long i_sblock, i_eblock, i_eoff, s_size;
 
        info = kzalloc(sizeof(*info), GFP_KERNEL);
        if (!info)
@@ -335,6 +354,12 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
 
        s->s_magic = BFS_MAGIC;
        info->si_sbh = bh;
+
+       if (le32_to_cpu(bfs_sb->s_start) > le32_to_cpu(bfs_sb->s_end)) {
+               printf("Superblock is corrupted\n");
+               goto out;
+       }
+
        info->si_lasti = (le32_to_cpu(bfs_sb->s_start) - BFS_BSIZE) /
                                        sizeof(struct bfs_inode)
                                        + BFS_ROOT_INO - 1;
@@ -346,14 +371,16 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
                set_bit(i, info->si_imap);
 
        s->s_op = &bfs_sops;
-       inode = iget(s, BFS_ROOT_INO);
-       if (!inode) {
+       inode = bfs_iget(s, BFS_ROOT_INO);
+       if (IS_ERR(inode)) {
+               ret = PTR_ERR(inode);
                kfree(info->si_imap);
                goto out;
        }
        s->s_root = d_alloc_root(inode);
        if (!s->s_root) {
                iput(inode);
+               ret = -ENOMEM;
                kfree(info->si_imap);
                goto out;
        }
@@ -363,12 +390,24 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
                        - le32_to_cpu(bfs_sb->s_start)) >> BFS_BSIZE_BITS;
        info->si_freei = 0;
        info->si_lf_eblk = 0;
+
+       /* can we read the last block? */
+       bh = sb_bread(s, info->si_blocks - 1);
+       if (!bh) {
+               printf("Last block not available: %lu\n", info->si_blocks - 1);
+               iput(inode);
+               ret = -EIO;
+               kfree(info->si_imap);
+               goto out;
+       }
+       brelse(bh);
+
        bh = NULL;
        for (i = BFS_ROOT_INO; i <= info->si_lasti; i++) {
                struct bfs_inode *di;
                int block = (i - BFS_ROOT_INO) / BFS_INODES_PER_BLOCK + 1;
                int off = (i - BFS_ROOT_INO) % BFS_INODES_PER_BLOCK;
-               unsigned long sblock, eblock;
+               unsigned long eblock;
 
                if (!off) {
                        brelse(bh);
@@ -380,6 +419,29 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
 
                di = (struct bfs_inode *)bh->b_data + off;
 
+               /* test if filesystem is not corrupted */
+
+               i_eoff = le32_to_cpu(di->i_eoffset);
+               i_sblock = le32_to_cpu(di->i_sblock);
+               i_eblock = le32_to_cpu(di->i_eblock);
+               s_size = le32_to_cpu(bfs_sb->s_end);
+
+               if (i_sblock > info->si_blocks ||
+                       i_eblock > info->si_blocks ||
+                       i_sblock > i_eblock ||
+                       i_eoff > s_size ||
+                       i_sblock * BFS_BSIZE > i_eoff) {
+
+                       printf("Inode 0x%08x corrupted\n", i);
+
+                       brelse(bh);
+                       s->s_root = NULL;
+                       kfree(info->si_imap);
+                       kfree(info);
+                       s->s_fs_info = NULL;
+                       return -EIO;
+               }
+
                if (!di->i_ino) {
                        info->si_freei++;
                        continue;
@@ -387,7 +449,6 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
                set_bit(i, info->si_imap);
                info->si_freeb -= BFS_FILEBLOCKS(di);
 
-               sblock =  le32_to_cpu(di->i_sblock);
                eblock =  le32_to_cpu(di->i_eblock);
                if (eblock > info->si_lf_eblk)
                        info->si_lf_eblk = eblock;
@@ -398,13 +459,14 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
                s->s_dirt = 1;
        } 
        dump_imap("read_super", s);
+       mutex_init(&info->bfs_lock);
        return 0;
 
 out:
        brelse(bh);
        kfree(info);
        s->s_fs_info = NULL;
-       return -EINVAL;
+       return ret;
 }
 
 static int bfs_get_sb(struct file_system_type *fs_type,