Re: isofs oops - d_splice_alias+0x1f (2.6.24-rc5-mm1)

[Al Viro]

On Fri, Jan 04, 2008 at 07:13:57PM +0800, Dave Young wrote:
> > 	iget-stop-isofs-from-using-read_inode-fix*
> > 
> > Callers in fs/isofs/namei.c are missed.
> 
> Yes, some isofs_iget return value should be handled, it is missed.
> 
> Maybe this:

Not enough.  isofs_iget() still can return NULL; that needs to be converted to
ERR_PTR().

BTW, ERR_CAST is there for purpose...

Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
---
diff -urN foo1/fs/isofs/export.c foo2/fs/isofs/export.c
--- foo1/fs/isofs/export.c	2008-01-04 06:23:10.000000000 -0500
+++ foo2/fs/isofs/export.c	2008-01-04 06:18:52.000000000 -0500
@@ -26,11 +26,9 @@
 	if (block == 0)
 		return ERR_PTR(-ESTALE);
 	inode = isofs_iget(sb, block, offset);
-	if (inode == NULL)
-		return ERR_PTR(-ENOMEM);
-	if (is_bad_inode(inode)
-	    || (generation && inode->i_generation != generation))
-	{
+	if (ERR_PTR(inode))
+		return ERR_CAST(inode);
+	if (generation && inode->i_generation != generation) {
 		iput(inode);
 		return ERR_PTR(-ESTALE);
 	}
@@ -110,7 +108,7 @@
 	parent_inode = isofs_iget(child_inode->i_sb,
 				  parent_block,
 				  parent_offset);
-	if (parent_inode == NULL) {
+	if (ERR_PTR(parent_inode)) {
 		rv = ERR_PTR(-EACCES);
 		goto out;
 	}
diff -urN foo1/fs/isofs/inode.c foo2/fs/isofs/inode.c
--- foo1/fs/isofs/inode.c	2008-01-04 06:23:33.000000000 -0500
+++ foo2/fs/isofs/inode.c	2008-01-04 06:15:43.000000000 -0500
@@ -1408,7 +1408,7 @@
 	long ret;
 
 	if (offset >= 1ul << sb->s_blocksize_bits)
-		return NULL;
+		return ERR_PTR(-EINVAL);
 
 	data.block = block;
 	data.offset = offset;
@@ -1418,7 +1418,10 @@
 	inode = iget5_locked(sb, hashval, &isofs_iget5_test,
 				&isofs_iget5_set, &data);
 
-	if (inode && (inode->i_state & I_NEW)) {
+	if (!inode)
+		return ERR_PTR(-ENOMEM);
+
+	if (inode->i_state & I_NEW) {
 		ret = isofs_read_inode(inode);
 		if (ret < 0) {
 			iget_failed(inode);
diff -urN foo1/fs/isofs/namei.c foo2/fs/isofs/namei.c
--- foo1/fs/isofs/namei.c	2008-01-04 06:23:10.000000000 -0500
+++ foo2/fs/isofs/namei.c	2008-01-04 06:19:20.000000000 -0500
@@ -179,9 +179,9 @@
 	inode = NULL;
 	if (found) {
 		inode = isofs_iget(dir->i_sb, block, offset);
-		if (!inode) {
+		if (ERR_PTR(inode)) {
 			unlock_kernel();
-			return ERR_PTR(-EACCES);
+			return ERR_CAST(inode);
 		}
 	}
 	unlock_kernel();
diff -urN foo1/fs/isofs/rock.c foo2/fs/isofs/rock.c
--- foo1/fs/isofs/rock.c	2008-01-04 06:23:10.000000000 -0500
+++ foo2/fs/isofs/rock.c	2008-01-04 06:20:41.000000000 -0500
@@ -474,7 +474,7 @@
 			    isofs_iget(inode->i_sb,
 				       ISOFS_I(inode)->i_first_extent,
 				       0);
-			if (!reloc)
+			if (ERR_PTR(reloc))
 				goto out;
 			inode->i_mode = reloc->i_mode;
 			inode->i_nlink = reloc->i_nlink;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/