Re: [PATCH] NFS support for btrfs - v2

public inbox for linux-btrfs@vger.kernel.org
 help / color / mirror / Atom feed

From: David Woodhouse <dwmw2@infradead.org>
To: Chris Mason <chris.mason@oracle.com>
Cc: Balaji Rao <balajirrao@gmail.com>, linux-btrfs@vger.kernel.org
Subject: Re: [PATCH] NFS support for btrfs - v2
Date: Tue, 19 Aug 2008 22:34:43 +0100	[thread overview]
Message-ID: <1219181683.2988.16.camel@pmac.infradead.org> (raw)
In-Reply-To: <1219157352.3184.481.camel@pmac.infradead.org>

On Tue, 2008-08-19 at 15:49 +0100, David Woodhouse wrote:
> On Tue, 2008-08-19 at 07:54 -0400, Chris Mason wrote:
> > 
> > > What if the parent inode actually _is_ inode #0xffffffffffffffff? Can
> > > that happen? In that case it would return zero, and I shouldn't subtract
> > > 1 from the slot number -- I've actually found what I'm looking for?
> > > 
> > 
> > The max inode will be 2^64 - 1
> 
> Which is what we're searching for -- so it's _possible_, albeit
> vanishingly unlikely, that btrfs_search_slot() will actually return
> zero, having found precisely what we wanted?
> 
> And in that case, path->slots[0] being zero is fine. And we shouldn't be
> subtracting one from it to find the slot we want?

Subject: [PATCH] Clean up btrfs_get_parent() a little more, fix a free-after-free bug

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
---
 export.c |   33 +++++++++++++++++++--------------
 1 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/export.c b/export.c
index 36cbc68..5c75cbd 100644
--- a/export.c
+++ b/export.c
@@ -165,23 +165,32 @@ static struct dentry *btrfs_get_parent(struct dentry *child)
 	key.offset = (u64)-1;
 
 	ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
-	leaf = path->nodes[0];
-	slot = path->slots[0];
-	if (ret < 0 || slot == 0) {
+	if (ret < 0) {
+		/* Error */
 		btrfs_free_path(path);
-		goto out;
+		return ERR_PTR(ret);
+	}
+	if (ret) {
+		leaf = path->nodes[0];
+		slot = path->slots[0];
+		/* btrfs_search_slot() returns the slot where we'd want to
+		   insert a backref for parent inode #0xFFFFFFFFFFFFFFFF.
+		   The _real_ backref, telling us what the parent inode
+		   _actually_ is, will be in the slot _before_ the one
+		   that btrfs_search_slot() returns. */
+		if (!slot) {
+			/* Unless there is _no_ key in the tree before... */
+			btrfs_free_path(path);
+			return ERR_PTR(-EIO);
+		}
+		slot--;
 	}
-	/* btrfs_search_slot() returns the slot where we'd want to insert
-	   an INODE_REF_KEY for parent inode #0xFFFFFFFFFFFFFFFF. The _real_
-	   one, telling us what the parent inode _actually_ is, will be in
-	   the slot _before_ the one that btrfs_search_slot() returns. */
-	slot--;
 
 	btrfs_item_key_to_cpu(leaf, &key, slot);
 	btrfs_free_path(path);
 
 	if (key.objectid != dir->i_ino || key.type != BTRFS_INODE_REF_KEY)
-		goto out;
+		return ERR_PTR(-EINVAL);
 
 	objectid = key.offset;
 
@@ -201,10 +210,6 @@ static struct dentry *btrfs_get_parent(struct dentry *child)
 		parent = ERR_PTR(-ENOMEM);
 
 	return parent;
-
-out:
-	btrfs_free_path(path);
-	return ERR_PTR(-EINVAL);
 }
 
 const struct export_operations btrfs_export_ops = {
-- 
1.5.5.1


-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse@intel.com                              Intel Corporation

next prev parent reply	other threads:[~2008-08-19 21:34 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-07-20 20:31 [PATCH] NFS support for btrfs - v2 Balaji Rao
2008-08-17 11:53 ` David Woodhouse
2008-08-17 12:51   ` Balaji Rao
2008-08-17 12:56     ` David Woodhouse
2008-08-17 13:24       ` Balaji Rao
2008-08-17 13:30         ` David Woodhouse
2008-08-17 14:17           ` David Woodhouse
2008-08-17 16:10             ` [PATCH] rewrite btrfs_readdir() David Woodhouse
2008-08-18 18:46               ` Chris Mason
2008-08-18 19:08                 ` David Woodhouse
2008-08-18 19:24                   ` Chris Mason
2008-08-18 19:32                     ` David Woodhouse
2008-08-17 13:40         ` [PATCH] NFS support for btrfs - v2 David Woodhouse
2008-08-18 19:23           ` Chris Mason
2008-08-18 19:33             ` David Woodhouse
2008-08-18 19:47               ` Chris Mason
2008-08-18 20:20                 ` David Woodhouse
2008-08-18 20:32                   ` Chris Mason
2008-08-18 21:52                     ` David Woodhouse
2008-08-19 11:54                       ` Chris Mason
2008-08-19 14:49                         ` David Woodhouse
2008-08-19 21:34                           ` David Woodhouse [this message]
2008-08-19  0:16                   ` Christoph Hellwig
2008-08-19  0:21                     ` David Woodhouse
2008-08-18 11:51     ` David Woodhouse
2008-08-18 12:10       ` David Woodhouse
2008-08-18 19:15         ` Chris Mason

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:36cbc68 dfblob:5c75cbd )
 OR (
bs:"Clean up btrfs_get_parent() a little more, fix a free-after-free bug" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1219181683.2988.16.camel@pmac.infradead.org \
    --to=dwmw2@infradead.org \
    --cc=balajirrao@gmail.com \
    --cc=chris.mason@oracle.com \
    --cc=linux-btrfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox