Commit 87acb4ef authored by David Woodhouse's avatar David Woodhouse Committed by Chris Mason

Simplify btrfs_get_parent(), fix use-after-free bug

Date: Mon, 18 Aug 2008 22:50:22 +0100
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
parent 32d48fa1
...@@ -147,7 +147,6 @@ static struct dentry *btrfs_get_parent(struct dentry *child) ...@@ -147,7 +147,6 @@ static struct dentry *btrfs_get_parent(struct dentry *child)
struct btrfs_key key; struct btrfs_key key;
struct btrfs_path *path; struct btrfs_path *path;
struct extent_buffer *leaf; struct extent_buffer *leaf;
u32 nritems;
int slot; int slot;
u64 objectid; u64 objectid;
int ret; int ret;
...@@ -156,27 +155,24 @@ static struct dentry *btrfs_get_parent(struct dentry *child) ...@@ -156,27 +155,24 @@ static struct dentry *btrfs_get_parent(struct dentry *child)
key.objectid = dir->i_ino; key.objectid = dir->i_ino;
btrfs_set_key_type(&key, BTRFS_INODE_REF_KEY); btrfs_set_key_type(&key, BTRFS_INODE_REF_KEY);
key.offset = 0; key.offset = (u64)-1;
ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
BUG_ON(ret == 0);
ret = 0;
ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
leaf = path->nodes[0]; leaf = path->nodes[0];
slot = path->slots[0]; slot = path->slots[0];
nritems = btrfs_header_nritems(leaf); if (ret < 0 || slot == 0) {
if (slot >= nritems) {
ret = btrfs_next_leaf(root, path);
if (ret) {
btrfs_free_path(path); btrfs_free_path(path);
goto out; goto out;
} }
leaf = path->nodes[0]; /* btrfs_search_slot() returns the slot where we'd want to insert
slot = path->slots[0]; an INODE_REF_KEY for parent inode #0xFFFFFFFFFFFFFFFF. The _real_
} one, telling us what the parent inode _actually_ is, will be in
the slot _before_ the one that btrfs_search_slot() returns. */
slot--;
btrfs_item_key_to_cpu(leaf, &key, slot);
btrfs_free_path(path); btrfs_free_path(path);
btrfs_item_key_to_cpu(leaf, &key, slot);
if (key.objectid != dir->i_ino || key.type != BTRFS_INODE_REF_KEY) if (key.objectid != dir->i_ino || key.type != BTRFS_INODE_REF_KEY)
goto out; goto out;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment