ocfs2: Wrap inode block reads in a dedicated function.
The ocfs2 code currently reads inodes off disk with a simple ocfs2_read_block() call. Each place that does this has a different set of sanity checks it performs. Some check only the signature. A couple validate the block number (the block read vs di->i_blkno). A couple others check for VALID_FL. Only one place validates i_fs_generation. A couple check nothing. Even when an error is found, they don't all do the same thing. We wrap inode reading into ocfs2_read_inode_block(). This will validate all the above fields, going readonly if they are invalid (they never should be). ocfs2_read_inode_block_full() is provided for the places that want to pass read_block flags. Every caller is passing a struct inode with a valid ip_blkno, so we don't need a separate blkno argument either. We will remove the validation checks from the rest of the code in a later commit, as they are no longer necessary. Signed-off-by: Joel Becker <joel.becker@oracle.com> Signed-off-by: Mark Fasheh <mfasheh@suse.com>
This commit is contained in:
Joel Becker
Mark Fasheh
136
fs/ocfs2/inode.c
136
fs/ocfs2/inode.c
@@ -214,12 +214,11 @@ static int ocfs2_init_locked_inode(struct inode *inode, void *opaque)
|
||||
return 0;
|
||||
}
|
||||
|
||||
int ocfs2_populate_inode(struct inode *inode, struct ocfs2_dinode *fe,
|
||||
int create_ino)
|
||||
void ocfs2_populate_inode(struct inode *inode, struct ocfs2_dinode *fe,
|
||||
int create_ino)
|
||||
{
|
||||
struct super_block *sb;
|
||||
struct ocfs2_super *osb;
|
||||
int status = -EINVAL;
|
||||
int use_plocks = 1;
|
||||
|
||||
mlog_entry("(0x%p, size:%llu)\n", inode,
|
||||
@@ -232,25 +231,17 @@ int ocfs2_populate_inode(struct inode *inode, struct ocfs2_dinode *fe,
|
||||
ocfs2_mount_local(osb) || !ocfs2_stack_supports_plocks())
|
||||
use_plocks = 0;
|
||||
|
||||
/* this means that read_inode cannot create a superblock inode
|
||||
* today. change if needed. */
|
||||
if (!OCFS2_IS_VALID_DINODE(fe) ||
|
||||
!(fe->i_flags & cpu_to_le32(OCFS2_VALID_FL))) {
|
||||
mlog(0, "Invalid dinode: i_ino=%lu, i_blkno=%llu, "
|
||||
"signature = %.*s, flags = 0x%x\n",
|
||||
inode->i_ino,
|
||||
(unsigned long long)le64_to_cpu(fe->i_blkno), 7,
|
||||
fe->i_signature, le32_to_cpu(fe->i_flags));
|
||||
goto bail;
|
||||
}
|
||||
/*
|
||||
* These have all been checked by ocfs2_read_inode_block() or set
|
||||
* by ocfs2_mknod_locked(), so a failure is a code bug.
|
||||
*/
|
||||
BUG_ON(!OCFS2_IS_VALID_DINODE(fe)); /* This means that read_inode
|
||||
cannot create a superblock
|
||||
inode today. change if
|
||||
that is needed. */
|
||||
BUG_ON(!(fe->i_flags & cpu_to_le32(OCFS2_VALID_FL)));
|
||||
BUG_ON(le32_to_cpu(fe->i_fs_generation) != osb->fs_generation);
|
||||
|
||||
if (le32_to_cpu(fe->i_fs_generation) != osb->fs_generation) {
|
||||
mlog(ML_ERROR, "file entry generation does not match "
|
||||
"superblock! osb->fs_generation=%x, "
|
||||
"fe->i_fs_generation=%x\n",
|
||||
osb->fs_generation, le32_to_cpu(fe->i_fs_generation));
|
||||
goto bail;
|
||||
}
|
||||
|
||||
OCFS2_I(inode)->ip_clusters = le32_to_cpu(fe->i_clusters);
|
||||
OCFS2_I(inode)->ip_attr = le32_to_cpu(fe->i_attr);
|
||||
@@ -354,10 +345,7 @@ int ocfs2_populate_inode(struct inode *inode, struct ocfs2_dinode *fe,
|
||||
|
||||
ocfs2_set_inode_flags(inode);
|
||||
|
||||
status = 0;
|
||||
bail:
|
||||
mlog_exit(status);
|
||||
return status;
|
||||
mlog_exit_void();
|
||||
}
|
||||
|
||||
static int ocfs2_read_locked_inode(struct inode *inode,
|
||||
@@ -460,11 +448,14 @@ static int ocfs2_read_locked_inode(struct inode *inode,
|
||||
}
|
||||
}
|
||||
|
||||
if (can_lock)
|
||||
status = ocfs2_read_blocks(inode, args->fi_blkno, 1, &bh,
|
||||
OCFS2_BH_IGNORE_CACHE);
|
||||
else
|
||||
if (can_lock) {
|
||||
status = ocfs2_read_inode_block_full(inode, &bh,
|
||||
OCFS2_BH_IGNORE_CACHE);
|
||||
} else {
|
||||
status = ocfs2_read_blocks_sync(osb, args->fi_blkno, 1, &bh);
|
||||
if (!status)
|
||||
status = ocfs2_validate_inode_block(osb->sb, bh);
|
||||
}
|
||||
if (status < 0) {
|
||||
mlog_errno(status);
|
||||
goto bail;
|
||||
@@ -472,12 +463,6 @@ static int ocfs2_read_locked_inode(struct inode *inode,
|
||||
|
||||
status = -EINVAL;
|
||||
fe = (struct ocfs2_dinode *) bh->b_data;
|
||||
if (!OCFS2_IS_VALID_DINODE(fe)) {
|
||||
mlog(0, "Invalid dinode #%llu: signature = %.*s\n",
|
||||
(unsigned long long)args->fi_blkno, 7,
|
||||
fe->i_signature);
|
||||
goto bail;
|
||||
}
|
||||
|
||||
/*
|
||||
* This is a code bug. Right now the caller needs to
|
||||
@@ -491,10 +476,9 @@ static int ocfs2_read_locked_inode(struct inode *inode,
|
||||
|
||||
if (S_ISCHR(le16_to_cpu(fe->i_mode)) ||
|
||||
S_ISBLK(le16_to_cpu(fe->i_mode)))
|
||||
inode->i_rdev = huge_decode_dev(le64_to_cpu(fe->id1.dev1.i_rdev));
|
||||
inode->i_rdev = huge_decode_dev(le64_to_cpu(fe->id1.dev1.i_rdev));
|
||||
|
||||
if (ocfs2_populate_inode(inode, fe, 0) < 0)
|
||||
goto bail;
|
||||
ocfs2_populate_inode(inode, fe, 0);
|
||||
|
||||
BUG_ON(args->fi_blkno != le64_to_cpu(fe->i_blkno));
|
||||
|
||||
@@ -1264,3 +1248,79 @@ void ocfs2_refresh_inode(struct inode *inode,
|
||||
|
||||
spin_unlock(&OCFS2_I(inode)->ip_lock);
|
||||
}
|
||||
|
||||
int ocfs2_validate_inode_block(struct super_block *sb,
|
||||
struct buffer_head *bh)
|
||||
{
|
||||
int rc = -EINVAL;
|
||||
struct ocfs2_dinode *di = (struct ocfs2_dinode *)bh->b_data;
|
||||
|
||||
BUG_ON(!buffer_uptodate(bh));
|
||||
|
||||
if (!OCFS2_IS_VALID_DINODE(di)) {
|
||||
ocfs2_error(sb, "Invalid dinode #%llu: signature = %.*s\n",
|
||||
(unsigned long long)bh->b_blocknr, 7,
|
||||
di->i_signature);
|
||||
goto bail;
|
||||
}
|
||||
|
||||
if (le64_to_cpu(di->i_blkno) != bh->b_blocknr) {
|
||||
ocfs2_error(sb, "Invalid dinode #%llu: i_blkno is %llu\n",
|
||||
(unsigned long long)bh->b_blocknr,
|
||||
(unsigned long long)le64_to_cpu(di->i_blkno));
|
||||
goto bail;
|
||||
}
|
||||
|
||||
if (!(di->i_flags & cpu_to_le32(OCFS2_VALID_FL))) {
|
||||
ocfs2_error(sb,
|
||||
"Invalid dinode #%llu: OCFS2_VALID_FL not set\n",
|
||||
(unsigned long long)bh->b_blocknr);
|
||||
goto bail;
|
||||
}
|
||||
|
||||
if (le32_to_cpu(di->i_fs_generation) !=
|
||||
OCFS2_SB(sb)->fs_generation) {
|
||||
ocfs2_error(sb,
|
||||
"Invalid dinode #%llu: fs_generation is %u\n",
|
||||
(unsigned long long)bh->b_blocknr,
|
||||
le32_to_cpu(di->i_fs_generation));
|
||||
goto bail;
|
||||
}
|
||||
|
||||
rc = 0;
|
||||
|
||||
bail:
|
||||
return rc;
|
||||
}
|
||||
|
||||
int ocfs2_read_inode_block_full(struct inode *inode, struct buffer_head **bh,
|
||||
int flags)
|
||||
{
|
||||
int rc;
|
||||
struct buffer_head *tmp = *bh;
|
||||
|
||||
rc = ocfs2_read_blocks(inode, OCFS2_I(inode)->ip_blkno, 1, &tmp,
|
||||
flags);
|
||||
if (rc)
|
||||
goto out;
|
||||
|
||||
if (!(flags & OCFS2_BH_READAHEAD)) {
|
||||
rc = ocfs2_validate_inode_block(inode->i_sb, tmp);
|
||||
if (rc) {
|
||||
brelse(tmp);
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
/* If ocfs2_read_blocks() got us a new bh, pass it up. */
|
||||
if (!*bh)
|
||||
*bh = tmp;
|
||||
|
||||
out:
|
||||
return rc;
|
||||
}
|
||||
|
||||
int ocfs2_read_inode_block(struct inode *inode, struct buffer_head **bh)
|
||||
{
|
||||
return ocfs2_read_inode_block_full(inode, bh, 0);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user