Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix wrong code in lfs_valloc_fixed(). It was overwriting the inode 

number it was supposed to be allocating with the head of the inode
freelist, then applying the wrong test to that result. Net result:
unless the freelist was empty (in which case it would always fail),
it would in general drop a bunch of entries from the freelist.

This code seems to have been broken when the first version of lfsv2
was imported onto the perseant-lfsv2 branch in -r1.47.2.1, and
remained broken since, in spite of having been moved to lfs_rfw.c and
back and rearranged quite a bit in the meantime.

Sigh.

Found by Coverity in a rather confusing way as CID 1316545.
This commit is contained in:
dholland 2015-09-13 07:53:37 +00:00
parent c39756ad10
commit 8f73830c5d
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
sys/ufs/lfs/lfs_alloc.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: lfs_alloc.c,v 1.129 2015/09/01 06:08:37 dholland Exp $ */
/* $NetBSD: lfs_alloc.c,v 1.130 2015/09/13 07:53:37 dholland Exp $ */
/*-
* Copyright (c) 1999, 2000, 2001, 2002, 2003, 2007 The NetBSD Foundation, Inc.
@ -60,7 +60,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: lfs_alloc.c,v 1.129 2015/09/01 06:08:37 dholland Exp $");
__KERNEL_RCSID(0, "$NetBSD: lfs_alloc.c,v 1.130 2015/09/13 07:53:37 dholland Exp $");
#if defined(_KERNEL_OPT)
#include "opt_quota.h"
@ -274,7 +274,7 @@ lfs_valloc_fixed(struct lfs *fs, ino_t ino, int vers)
{
IFILE *ifp;
struct buf *bp, *cbp;
ino_t tino, oldnext;
ino_t headino, thisino, oldnext;
CLEANERINFO *cip;
/* If the Ifile is too short to contain this inum, extend it */
@ -289,20 +289,20 @@ lfs_valloc_fixed(struct lfs *fs, ino_t ino, int vers)
lfs_if_setversion(fs, ifp, vers);
brelse(bp, 0);
LFS_GET_HEADFREE(fs, cip, cbp, &ino);
if (ino) {
LFS_GET_HEADFREE(fs, cip, cbp, &headino);
if (headino == ino) {
LFS_PUT_HEADFREE(fs, cip, cbp, oldnext);
} else {
ino_t nextfree;
tino = ino;
thisino = headino;
while (1) {
LFS_IENTRY(ifp, fs, tino, bp);
LFS_IENTRY(ifp, fs, thisino, bp);
nextfree = lfs_if_getnextfree(fs, ifp);
if (nextfree == ino ||
nextfree == LFS_UNUSED_INUM)
break;
tino = nextfree;
thisino = nextfree;
brelse(bp, 0);
}
if (nextfree == LFS_UNUSED_INUM) {