nfsd race fixes: reiserfs

... and the same for reiserfs. The difference here is that we need insert_inode_locked4() to match iget5_locked(). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

nfsd race fixes: reiserfs
... and the same for reiserfs. The difference here is that we need insert_inode_locked4() to match iget5_locked(). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro
1 parent 6b38e842bb
Showing 2 changed files with 18 additions and 5 deletions Side-by-side Diff
fs/reiserfs/inode.c
fs/reiserfs/namei.c
@@ -1753,6 +1753,7 @@
 		       struct inode *inode)
 {
 	struct super_block *sb;
+	struct reiserfs_iget_args args;
 	INITIALIZE_PATH(path_to_key);
 	struct cpu_key key;
 	struct item_head ih;
@@ -1780,6 +1781,14 @@
 		err = -ENOMEM;
 		goto out_bad_inode;
 	}
+	args.objectid = inode->i_ino = le32_to_cpu(ih.ih_key.k_objectid);
+	memcpy(INODE_PKEY(inode), &(ih.ih_key), KEY_SIZE);
+	args.dirid = le32_to_cpu(ih.ih_key.k_dir_id);
+	if (insert_inode_locked4(inode, args.objectid,
+			     reiserfs_find_actor, &args) < 0) {
+		err = -EINVAL;
+		goto out_bad_inode;
+	}
 	if (old_format_only(sb))
 		/* not a perfect generation count, as object ids can be reused, but 
 		 ** this is as good as reiserfs can do right now.
  
@@ -1859,13 +1868,9 @@
 	} else {
 		inode2sd(&sd, inode, inode->i_size);
 	}
-	// these do not go to on-disk stat data
-	inode->i_ino = le32_to_cpu(ih.ih_key.k_objectid);
-
 	// store in in-core inode the key of stat data and version all
 	// object items will have (directory items will have old offset
 	// format, other new objects will consist of new items)
-	memcpy(INODE_PKEY(inode), &(ih.ih_key), KEY_SIZE);
 	if (old_format_only(sb) || S_ISDIR(mode) || S_ISLNK(mode))
 		set_inode_item_key_version(inode, KEY_FORMAT_3_5);
 	else
@@ -1929,7 +1934,6 @@
 		reiserfs_mark_inode_private(inode);
 	}
  
-	insert_inode_hash(inode);
 	reiserfs_update_sd(th, inode);
 	reiserfs_check_path(&path_to_key);
  
@@ -1956,6 +1960,7 @@
       out_inserted_sd:
 	inode->i_nlink = 0;
 	th->t_trans_id = 0;	/* so the caller can't use this handle later */
+	unlock_new_inode(inode); /* OK to do even if we hadn't locked it */
  
 	/* If we were inheriting an ACL, we need to release the lock so that
 	 * iput doesn't deadlock in reiserfs_delete_xattrs. The locking
@@ -646,6 +646,7 @@
 		err = journal_end(&th, dir->i_sb, jbegin_count);
 		if (err)
 			retval = err;
+		unlock_new_inode(inode);
 		iput(inode);
 		goto out_failed;
 	}
@@ -653,6 +654,7 @@
 	reiserfs_update_inode_transaction(dir);
  
 	d_instantiate(dentry, inode);
+	unlock_new_inode(inode);
 	retval = journal_end(&th, dir->i_sb, jbegin_count);
  
       out_failed:
  
@@ -727,11 +729,13 @@
 		err = journal_end(&th, dir->i_sb, jbegin_count);
 		if (err)
 			retval = err;
+		unlock_new_inode(inode);
 		iput(inode);
 		goto out_failed;
 	}
  
 	d_instantiate(dentry, inode);
+	unlock_new_inode(inode);
 	retval = journal_end(&th, dir->i_sb, jbegin_count);
  
       out_failed:
@@ -812,6 +816,7 @@
 		err = journal_end(&th, dir->i_sb, jbegin_count);
 		if (err)
 			retval = err;
+		unlock_new_inode(inode);
 		iput(inode);
 		goto out_failed;
 	}
@@ -819,6 +824,7 @@
 	reiserfs_update_sd(&th, dir);
  
 	d_instantiate(dentry, inode);
+	unlock_new_inode(inode);
 	retval = journal_end(&th, dir->i_sb, jbegin_count);
       out_failed:
 	if (locked)
  
@@ -1096,11 +1102,13 @@
 		err = journal_end(&th, parent_dir->i_sb, jbegin_count);
 		if (err)
 			retval = err;
+		unlock_new_inode(inode);
 		iput(inode);
 		goto out_failed;
 	}
  
 	d_instantiate(dentry, inode);
+	unlock_new_inode(inode);
 	retval = journal_end(&th, parent_dir->i_sb, jbegin_count);
       out_failed:
 	reiserfs_write_unlock(parent_dir->i_sb);
...	...	@@ -1753,6 +1753,7 @@
1753	1753	struct inode *inode)
1754	1754	{
1755	1755	struct super_block *sb;
	1756	+ struct reiserfs_iget_args args;
1756	1757	INITIALIZE_PATH(path_to_key);
1757	1758	struct cpu_key key;
1758	1759	struct item_head ih;
...	...	@@ -1780,6 +1781,14 @@
1780	1781	err = -ENOMEM;
1781	1782	goto out_bad_inode;
1782	1783	}
	1784	+ args.objectid = inode->i_ino = le32_to_cpu(ih.ih_key.k_objectid);
	1785	+ memcpy(INODE_PKEY(inode), &(ih.ih_key), KEY_SIZE);
	1786	+ args.dirid = le32_to_cpu(ih.ih_key.k_dir_id);
	1787	+ if (insert_inode_locked4(inode, args.objectid,
	1788	+ reiserfs_find_actor, &args) < 0) {
	1789	+ err = -EINVAL;
	1790	+ goto out_bad_inode;
	1791	+ }
1783	1792	if (old_format_only(sb))
1784	1793	/* not a perfect generation count, as object ids can be reused, but
1785	1794	** this is as good as reiserfs can do right now.
1786	1795
...	...	@@ -1859,13 +1868,9 @@
1859	1868	} else {
1860	1869	inode2sd(&sd, inode, inode->i_size);
1861	1870	}
1862		- // these do not go to on-disk stat data
1863		- inode->i_ino = le32_to_cpu(ih.ih_key.k_objectid);
1864		-
1865	1871	// store in in-core inode the key of stat data and version all
1866	1872	// object items will have (directory items will have old offset
1867	1873	// format, other new objects will consist of new items)
1868		- memcpy(INODE_PKEY(inode), &(ih.ih_key), KEY_SIZE);
1869	1874	if (old_format_only(sb) \|\| S_ISDIR(mode) \|\| S_ISLNK(mode))
1870	1875	set_inode_item_key_version(inode, KEY_FORMAT_3_5);
1871	1876	else
...	...	@@ -1929,7 +1934,6 @@
1929	1934	reiserfs_mark_inode_private(inode);
1930	1935	}
1931	1936
1932		- insert_inode_hash(inode);
1933	1937	reiserfs_update_sd(th, inode);
1934	1938	reiserfs_check_path(&path_to_key);
1935	1939
...	...	@@ -1956,6 +1960,7 @@
1956	1960	out_inserted_sd:
1957	1961	inode->i_nlink = 0;
1958	1962	th->t_trans_id = 0; /* so the caller can't use this handle later */
	1963	+ unlock_new_inode(inode); /* OK to do even if we hadn't locked it */
1959	1964
1960	1965	/* If we were inheriting an ACL, we need to release the lock so that
1961	1966	* iput doesn't deadlock in reiserfs_delete_xattrs. The locking
...	...	@@ -646,6 +646,7 @@
646	646	err = journal_end(&th, dir->i_sb, jbegin_count);
647	647	if (err)
648	648	retval = err;
	649	+ unlock_new_inode(inode);
649	650	iput(inode);
650	651	goto out_failed;
651	652	}
...	...	@@ -653,6 +654,7 @@
653	654	reiserfs_update_inode_transaction(dir);
654	655
655	656	d_instantiate(dentry, inode);
	657	+ unlock_new_inode(inode);
656	658	retval = journal_end(&th, dir->i_sb, jbegin_count);
657	659
658	660	out_failed:
659	661
...	...	@@ -727,11 +729,13 @@
727	729	err = journal_end(&th, dir->i_sb, jbegin_count);
728	730	if (err)
729	731	retval = err;
	732	+ unlock_new_inode(inode);
730	733	iput(inode);
731	734	goto out_failed;
732	735	}
733	736
734	737	d_instantiate(dentry, inode);
	738	+ unlock_new_inode(inode);
735	739	retval = journal_end(&th, dir->i_sb, jbegin_count);
736	740
737	741	out_failed:
...	...	@@ -812,6 +816,7 @@
812	816	err = journal_end(&th, dir->i_sb, jbegin_count);
813	817	if (err)
814	818	retval = err;
	819	+ unlock_new_inode(inode);
815	820	iput(inode);
816	821	goto out_failed;
817	822	}
...	...	@@ -819,6 +824,7 @@
819	824	reiserfs_update_sd(&th, dir);
820	825
821	826	d_instantiate(dentry, inode);
	827	+ unlock_new_inode(inode);
822	828	retval = journal_end(&th, dir->i_sb, jbegin_count);
823	829	out_failed:
824	830	if (locked)
825	831
...	...	@@ -1096,11 +1102,13 @@
1096	1102	err = journal_end(&th, parent_dir->i_sb, jbegin_count);
1097	1103	if (err)
1098	1104	retval = err;
	1105	+ unlock_new_inode(inode);
1099	1106	iput(inode);
1100	1107	goto out_failed;
1101	1108	}
1102	1109
1103	1110	d_instantiate(dentry, inode);
	1111	+ unlock_new_inode(inode);
1104	1112	retval = journal_end(&th, parent_dir->i_sb, jbegin_count);
1105	1113	out_failed:
1106	1114	reiserfs_write_unlock(parent_dir->i_sb);