[PATCH] minix_clear_inode fix

The patch below fixes two flaws in minix_clear_inode. The first is that it tests bh which is never initialized. (&bh is a parameter of minix_V1_raw_inode, but that routine can fail and return before it has set bh) The second is that generic_delete_inode() goes BUG() in case inode->i_state != I_CLEAR. Clearly, it is expected that inode->i_sb->s_op->delete_inode does a clear_inode() at some point. But minix_delete_inode() calls minix_free_inode() and that routine can print an error and return early, before calling clear_inode(). Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] minix_clear_inode fix
The patch below fixes two flaws in minix_clear_inode. The first is that it tests bh which is never initialized. (&bh is a parameter of minix_V1_raw_inode, but that routine can fail and return before it has set bh) The second is that generic_delete_inode() goes BUG() in case inode->i_state != I_CLEAR. Clearly, it is expected that inode->i_sb->s_op->delete_inode does a clear_inode() at some point. But minix_delete_inode() calls minix_free_inode() and that routine can print an error and return early, before calling clear_inode(). Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
0e879ae6 · Andries E. Brouwer · Linus Torvalds · a03142fb · 0e879ae6
Commit 0e879ae6 authored Nov 07, 2004 by Andries E. Brouwer Committed by Linus Torvalds Nov 07, 2004
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 10 deletions

fs/minix/bitmap.c fs/minix/bitmap.c +13 -10

No files found.
--- a/fs/minix/bitmap.c
+++ b/fs/minix/bitmap.c
@@ -160,7 +160,8 @@ minix_V2_raw_inode(struct super_block *sb, ino_t ino, struct buffer_head **bh)
 static void minix_clear_inode(struct inode *inode)
 {
-	struct buffer_head *bh;
+	struct buffer_head *bh = NULL;
 	if (INODE_VERSION(inode) == MINIX_V1) {
 		struct minix_inode *raw_inode;
 		raw_inode = minix_V1_raw_inode(inode->i_sb, inode->i_ino, &bh);
@@ -188,24 +189,26 @@ void minix_free_inode(struct inode * inode)
 	struct buffer_head * bh;
 	unsigned long ino;
-	if (inode->i_ino < 1 || inode->i_ino > sbi->s_ninodes) {
-		printk("free_inode: inode 0 or nonexistent inode\n");
-		return;
-	}
 	ino = inode->i_ino;
+	if (ino < 1 || ino > sbi->s_ninodes) {
+		printk("minix_free_inode: inode 0 or nonexistent inode\n");
+		goto out;
+	}
 	if ((ino >> 13) >= sbi->s_imap_blocks) {
-		printk("free_inode: nonexistent imap in superblock\n");
+		printk("minix_free_inode: nonexistent imap in superblock\n");
-		return;
+		goto out;
 	}
+	minix_clear_inode(inode);	/* clear on-disk copy */
 	bh = sbi->s_imap[ino >> 13];
-	minix_clear_inode(inode);
-	clear_inode(inode);
 	lock_kernel();
 	if (!minix_test_and_clear_bit(ino & 8191, bh->b_data))
-		printk("free_inode: bit %lu already cleared.\n",ino);
+		printk("minix_free_inode: bit %lu already cleared.\n", ino);
 	unlock_kernel();
 	mark_buffer_dirty(bh);
+ out:
+	clear_inode(inode);		/* clear in-memory copy */
 }
 struct inode * minix_new_inode(const struct inode * dir, int * error)