Module Name: src
Committed By: dholland
Date: Sun Sep 13 07:53:37 UTC 2015
Modified Files:
src/sys/ufs/lfs: lfs_alloc.c
Log Message:
Fix wrong code in lfs_valloc_fixed(). It was overwriting the inode
number it was supposed to be allocating with the head of the inode
freelist, then applying the wrong test to that result. Net result:
unless the freelist was empty (in which case it would always fail),
it would in general drop a bunch of entries from the freelist.
This code seems to have been broken when the first version of lfsv2
was imported onto the perseant-lfsv2 branch in -r1.47.2.1, and
remained broken since, in spite of having been moved to lfs_rfw.c and
back and rearranged quite a bit in the meantime.
Sigh.
Found by Coverity in a rather confusing way as CID 1316545.
To generate a diff of this commit:
cvs rdiff -u -r1.129 -r1.130 src/sys/ufs/lfs/lfs_alloc.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/ufs/lfs/lfs_alloc.c
diff -u src/sys/ufs/lfs/lfs_alloc.c:1.129 src/sys/ufs/lfs/lfs_alloc.c:1.130
--- src/sys/ufs/lfs/lfs_alloc.c:1.129 Tue Sep 1 06:08:37 2015
+++ src/sys/ufs/lfs/lfs_alloc.c Sun Sep 13 07:53:37 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: lfs_alloc.c,v 1.129 2015/09/01 06:08:37 dholland Exp $ */
+/* $NetBSD: lfs_alloc.c,v 1.130 2015/09/13 07:53:37 dholland Exp $ */
/*-
* Copyright (c) 1999, 2000, 2001, 2002, 2003, 2007 The NetBSD Foundation, Inc.
@@ -60,7 +60,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: lfs_alloc.c,v 1.129 2015/09/01 06:08:37 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: lfs_alloc.c,v 1.130 2015/09/13 07:53:37 dholland Exp $");
#if defined(_KERNEL_OPT)
#include "opt_quota.h"
@@ -274,7 +274,7 @@ lfs_valloc_fixed(struct lfs *fs, ino_t i
{
IFILE *ifp;
struct buf *bp, *cbp;
- ino_t tino, oldnext;
+ ino_t headino, thisino, oldnext;
CLEANERINFO *cip;
/* If the Ifile is too short to contain this inum, extend it */
@@ -289,20 +289,20 @@ lfs_valloc_fixed(struct lfs *fs, ino_t i
lfs_if_setversion(fs, ifp, vers);
brelse(bp, 0);
- LFS_GET_HEADFREE(fs, cip, cbp, &ino);
- if (ino) {
+ LFS_GET_HEADFREE(fs, cip, cbp, &headino);
+ if (headino == ino) {
LFS_PUT_HEADFREE(fs, cip, cbp, oldnext);
} else {
ino_t nextfree;
- tino = ino;
+ thisino = headino;
while (1) {
- LFS_IENTRY(ifp, fs, tino, bp);
+ LFS_IENTRY(ifp, fs, thisino, bp);
nextfree = lfs_if_getnextfree(fs, ifp);
if (nextfree == ino ||
nextfree == LFS_UNUSED_INUM)
break;
- tino = nextfree;
+ thisino = nextfree;
brelse(bp, 0);
}
if (nextfree == LFS_UNUSED_INUM) {
