diff options
-rw-r--r-- | fs/xfs/xfs_dfrag.c | 71 |
1 files changed, 40 insertions, 31 deletions
diff --git a/fs/xfs/xfs_dfrag.c b/fs/xfs/xfs_dfrag.c index 681be5c93af..8dd7a3923f6 100644 --- a/fs/xfs/xfs_dfrag.c +++ b/fs/xfs/xfs_dfrag.c @@ -65,9 +65,9 @@ */ int xfs_swapext( - xfs_swapext_t __user *sxp) + xfs_swapext_t __user *sxu) { - xfs_swapext_t sx; + xfs_swapext_t *sxp; xfs_inode_t *ip=NULL, *tip=NULL, *ips[2]; xfs_trans_t *tp; xfs_mount_t *mp; @@ -76,20 +76,29 @@ xfs_swapext( vnode_t *vp, *tvp; bhv_desc_t *bdp, *tbdp; vn_bhv_head_t *bhp, *tbhp; - uint lock_flags=0; + static uint lock_flags = XFS_ILOCK_EXCL | XFS_IOLOCK_EXCL; int ilf_fields, tilf_fields; int error = 0; - xfs_ifork_t tempif, *ifp, *tifp; + xfs_ifork_t *tempifp, *ifp, *tifp; __uint64_t tmp; int aforkblks = 0; int taforkblks = 0; - int locked = 0; + char locked = 0; - if (copy_from_user(&sx, sxp, sizeof(sx))) - return XFS_ERROR(EFAULT); + sxp = kmem_alloc(sizeof(xfs_swapext_t), KM_MAYFAIL); + tempifp = kmem_alloc(sizeof(xfs_ifork_t), KM_MAYFAIL); + if (!sxp || !tempifp) { + error = XFS_ERROR(ENOMEM); + goto error0; + } + + if (copy_from_user(sxp, sxu, sizeof(xfs_swapext_t))) { + error = XFS_ERROR(EFAULT); + goto error0; + } /* Pull information for the target fd */ - if (((fp = fget((int)sx.sx_fdtarget)) == NULL) || + if (((fp = fget((int)sxp->sx_fdtarget)) == NULL) || ((vp = LINVFS_GET_VP(fp->f_dentry->d_inode)) == NULL)) { error = XFS_ERROR(EINVAL); goto error0; @@ -104,7 +113,7 @@ xfs_swapext( ip = XFS_BHVTOI(bdp); } - if (((tfp = fget((int)sx.sx_fdtmp)) == NULL) || + if (((tfp = fget((int)sxp->sx_fdtmp)) == NULL) || ((tvp = LINVFS_GET_VP(tfp->f_dentry->d_inode)) == NULL)) { error = XFS_ERROR(EINVAL); goto error0; @@ -131,7 +140,7 @@ xfs_swapext( mp = ip->i_mount; - sbp = &sx.sx_stat; + sbp = &sxp->sx_stat; if (XFS_FORCED_SHUTDOWN(mp)) { error = XFS_ERROR(EIO); @@ -148,7 +157,7 @@ xfs_swapext( ips[0] = tip; ips[1] = ip; } - lock_flags = XFS_ILOCK_EXCL | XFS_IOLOCK_EXCL; + xfs_lock_inodes(ips, 2, 0, lock_flags); /* Check permissions */ @@ -192,9 +201,9 @@ xfs_swapext( } /* Verify all data are being swapped */ - if (sx.sx_offset != 0 || - sx.sx_length != ip->i_d.di_size || - sx.sx_length != tip->i_d.di_size) { + if (sxp->sx_offset != 0 || + sxp->sx_length != ip->i_d.di_size || + sxp->sx_length != tip->i_d.di_size) { error = XFS_ERROR(EFAULT); goto error0; } @@ -255,7 +264,8 @@ xfs_swapext( xfs_iunlock(ip, XFS_IOLOCK_EXCL); xfs_iunlock(tip, XFS_IOLOCK_EXCL); xfs_trans_cancel(tp, 0); - return error; + locked = 0; + goto error0; } xfs_lock_inodes(ips, 2, 0, XFS_ILOCK_EXCL); @@ -266,10 +276,8 @@ xfs_swapext( (ip->i_d.di_aformat != XFS_DINODE_FMT_LOCAL)) { error = xfs_bmap_count_blocks(tp, ip, XFS_ATTR_FORK, &aforkblks); if (error) { - xfs_iunlock(ip, lock_flags); - xfs_iunlock(tip, lock_flags); xfs_trans_cancel(tp, 0); - return error; + goto error0; } } if ( ((XFS_IFORK_Q(tip) != 0) && (tip->i_d.di_anextents > 0)) && @@ -277,10 +285,8 @@ xfs_swapext( error = xfs_bmap_count_blocks(tp, tip, XFS_ATTR_FORK, &taforkblks); if (error) { - xfs_iunlock(ip, lock_flags); - xfs_iunlock(tip, lock_flags); xfs_trans_cancel(tp, 0); - return error; + goto error0; } } @@ -289,9 +295,9 @@ xfs_swapext( */ ifp = &ip->i_df; tifp = &tip->i_df; - tempif = *ifp; /* struct copy */ - *ifp = *tifp; /* struct copy */ - *tifp = tempif; /* struct copy */ + *tempifp = *ifp; /* struct copy */ + *ifp = *tifp; /* struct copy */ + *tifp = *tempifp; /* struct copy */ /* * Fix the on-disk inode values @@ -369,11 +375,7 @@ xfs_swapext( } error = xfs_trans_commit(tp, XFS_TRANS_SWAPEXT, NULL); - - fput(fp); - fput(tfp); - - return error; + locked = 0; error0: if (locked) { @@ -381,8 +383,15 @@ xfs_swapext( xfs_iunlock(tip, lock_flags); } - if (fp != NULL) fput(fp); - if (tfp != NULL) fput(tfp); + if (fp != NULL) + fput(fp); + if (tfp != NULL) + fput(tfp); + + if (sxp != NULL) + kmem_free(sxp, sizeof(xfs_swapext_t)); + if (tempifp != NULL) + kmem_free(tempifp, sizeof(xfs_ifork_t)); return error; } |