Skip to content

Commit e1d33a5

Browse files
committed
Merge tag 'for-linus-v3.6-rc4' of git://oss.sgi.com/xfs/xfs
Pull xfs bugfixes from Ben Myers: - fix uninitialised variable in xfs_rtbuf_get() - unlock the AGI buffer when looping in xfs_dialloc - check for possible overflow in xfs_ioc_trim * tag 'for-linus-v3.6-rc4' of git://oss.sgi.com/xfs/xfs: xfs: check for possible overflow in xfs_ioc_trim xfs: unlock the AGI buffer when looping in xfs_dialloc xfs: fix uninitialised variable in xfs_rtbuf_get()
2 parents 2432cbe + a672e1b commit e1d33a5

File tree

3 files changed

+14
-11
lines changed

3 files changed

+14
-11
lines changed

fs/xfs/xfs_discard.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -179,12 +179,14 @@ xfs_ioc_trim(
179179
* used by the fstrim application. In the end it really doesn't
180180
* matter as trimming blocks is an advisory interface.
181181
*/
182+
if (range.start >= XFS_FSB_TO_B(mp, mp->m_sb.sb_dblocks) ||
183+
range.minlen > XFS_FSB_TO_B(mp, XFS_ALLOC_AG_MAX_USABLE(mp)))
184+
return -XFS_ERROR(EINVAL);
185+
182186
start = BTOBB(range.start);
183187
end = start + BTOBBT(range.len) - 1;
184188
minlen = BTOBB(max_t(u64, granularity, range.minlen));
185189

186-
if (XFS_BB_TO_FSB(mp, start) >= mp->m_sb.sb_dblocks)
187-
return -XFS_ERROR(EINVAL);
188190
if (end > XFS_FSB_TO_BB(mp, mp->m_sb.sb_dblocks) - 1)
189191
end = XFS_FSB_TO_BB(mp, mp->m_sb.sb_dblocks)- 1;
190192

fs/xfs/xfs_ialloc.c

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -962,23 +962,22 @@ xfs_dialloc(
962962
if (!pag->pagi_freecount && !okalloc)
963963
goto nextag;
964964

965+
/*
966+
* Then read in the AGI buffer and recheck with the AGI buffer
967+
* lock held.
968+
*/
965969
error = xfs_ialloc_read_agi(mp, tp, agno, &agbp);
966970
if (error)
967971
goto out_error;
968972

969-
/*
970-
* Once the AGI has been read in we have to recheck
971-
* pagi_freecount with the AGI buffer lock held.
972-
*/
973973
if (pag->pagi_freecount) {
974974
xfs_perag_put(pag);
975975
goto out_alloc;
976976
}
977977

978-
if (!okalloc) {
979-
xfs_trans_brelse(tp, agbp);
980-
goto nextag;
981-
}
978+
if (!okalloc)
979+
goto nextag_relse_buffer;
980+
982981

983982
error = xfs_ialloc_ag_alloc(tp, agbp, &ialloced);
984983
if (error) {
@@ -1007,6 +1006,8 @@ xfs_dialloc(
10071006
return 0;
10081007
}
10091008

1009+
nextag_relse_buffer:
1010+
xfs_trans_brelse(tp, agbp);
10101011
nextag:
10111012
xfs_perag_put(pag);
10121013
if (++agno == mp->m_sb.sb_agcount)

fs/xfs/xfs_rtalloc.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -857,7 +857,7 @@ xfs_rtbuf_get(
857857
xfs_buf_t *bp; /* block buffer, result */
858858
xfs_inode_t *ip; /* bitmap or summary inode */
859859
xfs_bmbt_irec_t map;
860-
int nmap;
860+
int nmap = 1;
861861
int error; /* error value */
862862

863863
ip = issum ? mp->m_rsumip : mp->m_rbmip;

0 commit comments

Comments
 (0)