JFS: [CHECKER] if txCommit fails, don't call d_instantiate

In several functions, d_instantiate is called before the transaction is committed. Under the rare condition that txCommit fails, the new inode is released, but the dentry continues to point to it. This can lead to a seg fault. The fix is to call d_instantiate after txCommit has run successfully.

JFS: [CHECKER] if txCommit fails, don't call d_instantiate
In several functions, d_instantiate is called before the transaction is committed. Under the rare condition that txCommit fails, the new inode is released, but the dentry continues to point to it. This can lead to a seg fault. The fix is to call d_instantiate after txCommit has run successfully.
21776fa3 · Dave Kleikamp · 70e17f40 · 21776fa3
Commit 21776fa3 authored May 20, 2004 by Dave Kleikamp
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 9 deletions

fs/jfs/namei.c fs/jfs/namei.c +11 -9

No files found.
--- a/fs/jfs/namei.c
+++ b/fs/jfs/namei.c
@@ -135,7 +135,6 @@ static int jfs_create(struct inode *dip, struct dentry *dentry, int mode,

 	insert_inode_hash(ip);
 	mark_inode_dirty(ip);
-	d_instantiate(dentry, ip);

 	dip->i_ctime = dip->i_mtime = CURRENT_TIME;

@@ -150,7 +149,8 @@ static int jfs_create(struct inode *dip, struct dentry *dentry, int mode,
 	if (rc) {
 		ip->i_nlink = 0;
 		iput(ip);
-	}
+	} else
+		d_instantiate(dentry, ip);

      out2:
 	free_UCSname(&dname);
@@ -265,7 +265,6 @@ static int jfs_mkdir(struct inode *dip, struct dentry *dentry, int mode)

 	insert_inode_hash(ip);
 	mark_inode_dirty(ip);
-	d_instantiate(dentry, ip);

 	/* update parent directory inode */
 	dip->i_nlink++;		/* for '..' from child directory */
@@ -281,7 +280,8 @@ static int jfs_mkdir(struct inode *dip, struct dentry *dentry, int mode)
 	if (rc) {
 		ip->i_nlink = 0;
 		iput(ip);
-	}
+	} else
+		d_instantiate(dentry, ip);

      out2:
 	free_UCSname(&dname);
@@ -806,12 +806,14 @@ static int jfs_link(struct dentry *old_dentry,
 	ip->i_ctime = CURRENT_TIME;
 	mark_inode_dirty(dir);
 	atomic_inc(&ip->i_count);
-	d_instantiate(dentry, ip);

 	iplist[0] = ip;
 	iplist[1] = dir;
 	rc = txCommit(tid, 2, &iplist[0], 0);

+	if (!rc)
+		d_instantiate(dentry, ip);
+
      free_dname:
 	free_UCSname(&dname);

@@ -999,7 +1001,6 @@ static int jfs_symlink(struct inode *dip, struct dentry *dentry,

 	insert_inode_hash(ip);
 	mark_inode_dirty(ip);
-	d_instantiate(dentry, ip);

 	/*
 	 * commit update of parent directory and link object
@@ -1028,7 +1029,8 @@ static int jfs_symlink(struct inode *dip, struct dentry *dentry,
 	if (rc) {
 		ip->i_nlink = 0;
 		iput(ip);
-	}
+	} else
+		d_instantiate(dentry, ip);

      out2:
 	free_UCSname(&dname);
@@ -1368,7 +1370,6 @@ static int jfs_mknod(struct inode *dir, struct dentry *dentry,

 	insert_inode_hash(ip);
 	mark_inode_dirty(ip);
-	d_instantiate(dentry, ip);

 	dir->i_ctime = dir->i_mtime = CURRENT_TIME;

@@ -1385,7 +1386,8 @@ static int jfs_mknod(struct inode *dir, struct dentry *dentry,
 	if (rc) {
 		ip->i_nlink = 0;
 		iput(ip);
-	}
+	} else
+		d_instantiate(dentry, ip);

      out1:
 	free_UCSname(&dname);