summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fs/xfs/xfs_dfrag.c71
1 files changed, 40 insertions, 31 deletions
diff --git a/fs/xfs/xfs_dfrag.c b/fs/xfs/xfs_dfrag.c
index 681be5c93af..8dd7a3923f6 100644
--- a/fs/xfs/xfs_dfrag.c
+++ b/fs/xfs/xfs_dfrag.c
@@ -65,9 +65,9 @@
*/
int
xfs_swapext(
- xfs_swapext_t __user *sxp)
+ xfs_swapext_t __user *sxu)
{
- xfs_swapext_t sx;
+ xfs_swapext_t *sxp;
xfs_inode_t *ip=NULL, *tip=NULL, *ips[2];
xfs_trans_t *tp;
xfs_mount_t *mp;
@@ -76,20 +76,29 @@ xfs_swapext(
vnode_t *vp, *tvp;
bhv_desc_t *bdp, *tbdp;
vn_bhv_head_t *bhp, *tbhp;
- uint lock_flags=0;
+ static uint lock_flags = XFS_ILOCK_EXCL | XFS_IOLOCK_EXCL;
int ilf_fields, tilf_fields;
int error = 0;
- xfs_ifork_t tempif, *ifp, *tifp;
+ xfs_ifork_t *tempifp, *ifp, *tifp;
__uint64_t tmp;
int aforkblks = 0;
int taforkblks = 0;
- int locked = 0;
+ char locked = 0;
- if (copy_from_user(&sx, sxp, sizeof(sx)))
- return XFS_ERROR(EFAULT);
+ sxp = kmem_alloc(sizeof(xfs_swapext_t), KM_MAYFAIL);
+ tempifp = kmem_alloc(sizeof(xfs_ifork_t), KM_MAYFAIL);
+ if (!sxp || !tempifp) {
+ error = XFS_ERROR(ENOMEM);
+ goto error0;
+ }
+
+ if (copy_from_user(sxp, sxu, sizeof(xfs_swapext_t))) {
+ error = XFS_ERROR(EFAULT);
+ goto error0;
+ }
/* Pull information for the target fd */
- if (((fp = fget((int)sx.sx_fdtarget)) == NULL) ||
+ if (((fp = fget((int)sxp->sx_fdtarget)) == NULL) ||
((vp = LINVFS_GET_VP(fp->f_dentry->d_inode)) == NULL)) {
error = XFS_ERROR(EINVAL);
goto error0;
@@ -104,7 +113,7 @@ xfs_swapext(
ip = XFS_BHVTOI(bdp);
}
- if (((tfp = fget((int)sx.sx_fdtmp)) == NULL) ||
+ if (((tfp = fget((int)sxp->sx_fdtmp)) == NULL) ||
((tvp = LINVFS_GET_VP(tfp->f_dentry->d_inode)) == NULL)) {
error = XFS_ERROR(EINVAL);
goto error0;
@@ -131,7 +140,7 @@ xfs_swapext(
mp = ip->i_mount;
- sbp = &sx.sx_stat;
+ sbp = &sxp->sx_stat;
if (XFS_FORCED_SHUTDOWN(mp)) {
error = XFS_ERROR(EIO);
@@ -148,7 +157,7 @@ xfs_swapext(
ips[0] = tip;
ips[1] = ip;
}
- lock_flags = XFS_ILOCK_EXCL | XFS_IOLOCK_EXCL;
+
xfs_lock_inodes(ips, 2, 0, lock_flags);
/* Check permissions */
@@ -192,9 +201,9 @@ xfs_swapext(
}
/* Verify all data are being swapped */
- if (sx.sx_offset != 0 ||
- sx.sx_length != ip->i_d.di_size ||
- sx.sx_length != tip->i_d.di_size) {
+ if (sxp->sx_offset != 0 ||
+ sxp->sx_length != ip->i_d.di_size ||
+ sxp->sx_length != tip->i_d.di_size) {
error = XFS_ERROR(EFAULT);
goto error0;
}
@@ -255,7 +264,8 @@ xfs_swapext(
xfs_iunlock(ip, XFS_IOLOCK_EXCL);
xfs_iunlock(tip, XFS_IOLOCK_EXCL);
xfs_trans_cancel(tp, 0);
- return error;
+ locked = 0;
+ goto error0;
}
xfs_lock_inodes(ips, 2, 0, XFS_ILOCK_EXCL);
@@ -266,10 +276,8 @@ xfs_swapext(
(ip->i_d.di_aformat != XFS_DINODE_FMT_LOCAL)) {
error = xfs_bmap_count_blocks(tp, ip, XFS_ATTR_FORK, &aforkblks);
if (error) {
- xfs_iunlock(ip, lock_flags);
- xfs_iunlock(tip, lock_flags);
xfs_trans_cancel(tp, 0);
- return error;
+ goto error0;
}
}
if ( ((XFS_IFORK_Q(tip) != 0) && (tip->i_d.di_anextents > 0)) &&
@@ -277,10 +285,8 @@ xfs_swapext(
error = xfs_bmap_count_blocks(tp, tip, XFS_ATTR_FORK,
&taforkblks);
if (error) {
- xfs_iunlock(ip, lock_flags);
- xfs_iunlock(tip, lock_flags);
xfs_trans_cancel(tp, 0);
- return error;
+ goto error0;
}
}
@@ -289,9 +295,9 @@ xfs_swapext(
*/
ifp = &ip->i_df;
tifp = &tip->i_df;
- tempif = *ifp; /* struct copy */
- *ifp = *tifp; /* struct copy */
- *tifp = tempif; /* struct copy */
+ *tempifp = *ifp; /* struct copy */
+ *ifp = *tifp; /* struct copy */
+ *tifp = *tempifp; /* struct copy */
/*
* Fix the on-disk inode values
@@ -369,11 +375,7 @@ xfs_swapext(
}
error = xfs_trans_commit(tp, XFS_TRANS_SWAPEXT, NULL);
-
- fput(fp);
- fput(tfp);
-
- return error;
+ locked = 0;
error0:
if (locked) {
@@ -381,8 +383,15 @@ xfs_swapext(
xfs_iunlock(tip, lock_flags);
}
- if (fp != NULL) fput(fp);
- if (tfp != NULL) fput(tfp);
+ if (fp != NULL)
+ fput(fp);
+ if (tfp != NULL)
+ fput(tfp);
+
+ if (sxp != NULL)
+ kmem_free(sxp, sizeof(xfs_swapext_t));
+ if (tempifp != NULL)
+ kmem_free(tempifp, sizeof(xfs_ifork_t));
return error;
}