--- /dev/null
+Index: linux-2.6.9-42.0.10.EL_lustre.1.4.10/fs/ext3/extents.c
+===================================================================
+--- linux-2.6.9-42.0.10.EL_lustre.1.4.10.orig/fs/ext3/extents.c 2007-06-14 11:42:34.000000000 +0200
++++ linux-2.6.9-42.0.10.EL_lustre.1.4.10/fs/ext3/extents.c 2007-06-14 13:59:49.000000000 +0200
+@@ -44,26 +44,49 @@
+ #include <asm/uaccess.h>
+
+
+-static inline int ext3_ext_check_header(struct ext3_extent_header *eh)
+-{
+- if (eh->eh_magic != EXT3_EXT_MAGIC) {
+- printk(KERN_ERR "EXT3-fs: invalid magic = 0x%x\n",
+- (unsigned)eh->eh_magic);
+- return -EIO;
+- }
+- if (eh->eh_max == 0) {
+- printk(KERN_ERR "EXT3-fs: invalid eh_max = %u\n",
+- (unsigned)eh->eh_max);
+- return -EIO;
+- }
+- if (eh->eh_entries > eh->eh_max) {
+- printk(KERN_ERR "EXT3-fs: invalid eh_entries = %u\n",
+- (unsigned)eh->eh_entries);
+- return -EIO;
++static int __ext3_ext_check_header(const char *function, struct inode *inode,
++ struct ext3_extent_header *eh, int depth,
++ int max)
++{
++ const char *error_msg = NULL;
++
++ if (unlikely(eh->eh_magic != EXT3_EXT_MAGIC)) {
++ error_msg = "invalid magic";
++ goto corrupted;
++ }
++ if (unlikely(eh->eh_depth != depth)) {
++ error_msg = "unexpected eh_depth";
++ goto corrupted;
++ }
++ if (unlikely(eh->eh_max == 0)) {
++ error_msg = "too small eh_max";
++ goto corrupted;
++ }
++ if (unlikely(eh->eh_max > max)) {
++ error_msg = "too large eh_max";
++ goto corrupted;
++ }
++ if (unlikely(eh->eh_entries > eh->eh_max)) {
++ error_msg = "invalid eh_entries";
++ goto corrupted;
+ }
+ return 0;
++
++corrupted:
++ ext3_error(inode->i_sb, function,
++ "bad header in inode #%lu: %s - magic %x, "
++ "entries %u, max %u(%u), depth %u(%u)",
++ inode->i_ino, error_msg, eh->eh_magic,
++ eh->eh_entries, eh->eh_max, max,
++ eh->eh_depth, depth);
++
++ return -EIO;
+ }
+
++#define ext3_ext_check_header(inode,eh,depth,max) \
++ __ext3_ext_check_header(__FUNCTION__,inode,eh,depth,max)
++
++
+ static handle_t *ext3_ext_journal_restart(handle_t *handle, int needed)
+ {
+ int err;
+@@ -227,6 +250,26 @@ static inline int ext3_ext_space_root_id
+ return size;
+ }
+
++static inline int
++ext3_ext_max_entries(struct ext3_extents_tree *tree, int root, int depth)
++{
++ int max;
++
++ if (root) {
++ if (depth == 0)
++ max = ext3_ext_space_root(tree);
++ else
++ max = ext3_ext_space_root_idx(tree);
++ } else {
++ if (depth == 0)
++ max = ext3_ext_space_block(tree);
++ else
++ max = ext3_ext_space_block_idx(tree);
++ }
++
++ return max;
++}
++
+ static void ext3_ext_show_path(struct ext3_extents_tree *tree,
+ struct ext3_ext_path *path)
+ {
+@@ -297,10 +340,6 @@ ext3_ext_binsearch_idx(struct ext3_exten
+ struct ext3_extent_idx *ix;
+ int l = 0, k, r;
+
+- EXT_ASSERT(eh->eh_magic == EXT3_EXT_MAGIC);
+- EXT_ASSERT(eh->eh_entries <= eh->eh_max);
+- EXT_ASSERT(eh->eh_entries > 0);
+-
+ ext_debug(tree, "binsearch for %d(idx): ", block);
+
+ path->p_idx = ix = EXT_FIRST_INDEX(eh);
+@@ -360,9 +399,6 @@ ext3_ext_binsearch(struct ext3_extents_t
+ struct ext3_extent *ex;
+ int l = 0, k, r;
+
+- EXT_ASSERT(eh->eh_magic == EXT3_EXT_MAGIC);
+- EXT_ASSERT(eh->eh_entries <= eh->eh_max);
+-
+ if (eh->eh_entries == 0) {
+ /*
+ * this leaf is empty yet:
+@@ -437,6 +473,7 @@ ext3_ext_find_extent(struct ext3_extents
+ struct ext3_extent_header *eh;
+ struct buffer_head *bh;
+ int depth, i, ppos = 0;
++ int max;
+
+ EXT_ASSERT(tree);
+ EXT_ASSERT(tree->inode);
+@@ -444,17 +481,15 @@ ext3_ext_find_extent(struct ext3_extents
+
+ eh = EXT_ROOT_HDR(tree);
+ EXT_ASSERT(eh);
+- if (ext3_ext_check_header(eh)) {
++ i = depth = EXT_DEPTH(tree);
++ max = ext3_ext_max_entries(tree, 1, i);
++ if (ext3_ext_check_header(tree->inode, eh, i, max)) {
+ /* don't free previously allocated path
+ * -- caller should take care */
+ path = NULL;
+ goto err;
+ }
+
+- i = depth = EXT_DEPTH(tree);
+- EXT_ASSERT(eh->eh_max);
+- EXT_ASSERT(eh->eh_magic == EXT3_EXT_MAGIC);
+-
+ /* account possible depth increase */
+ if (!path) {
+ path = kmalloc(sizeof(struct ext3_ext_path) * (depth + 2),
+@@ -485,7 +520,8 @@ ext3_ext_find_extent(struct ext3_extents
+ path[ppos].p_hdr = eh;
+ i--;
+
+- if (ext3_ext_check_header(eh))
++ max = ext3_ext_max_entries(tree, 0, i);
++ if (ext3_ext_check_header(tree->inode, eh, i, max))
+ goto err;
+ }
+
+@@ -494,9 +530,6 @@ ext3_ext_find_extent(struct ext3_extents
+ path[ppos].p_ext = NULL;
+ path[ppos].p_idx = NULL;
+
+- if (ext3_ext_check_header(eh))
+- goto err;
+-
+ /* find extent */
+ ext3_ext_binsearch(tree, path + ppos, block);
+
+@@ -993,7 +1026,7 @@ ext3_ext_search_right(struct ext3_extent
+ struct ext3_extent_idx *ix;
+ struct ext3_extent *ex;
+ unsigned long block;
+- int depth;
++ int depth, max;
+
+ BUG_ON(path == NULL);
+ depth = path->p_depth;
+@@ -1051,7 +1084,8 @@ ext3_ext_search_right(struct ext3_extent
+ if (bh == NULL)
+ return -EIO;
+ eh = EXT_BLOCK_HDR(bh);
+- if (ext3_ext_check_header(eh)) {
++ max = ext3_ext_max_entries(tree, 0, depth);
++ if (ext3_ext_check_header(tree->inode, eh, depth, max)) {
+ brelse(bh);
+ return -EIO;
+ }
+@@ -1064,7 +1098,8 @@ ext3_ext_search_right(struct ext3_extent
+ if (bh == NULL)
+ return -EIO;
+ eh = EXT_BLOCK_HDR(bh);
+- if (ext3_ext_check_header(eh)) {
++ max = ext3_ext_max_entries(tree, 0, depth);
++ if (ext3_ext_check_header(tree->inode, eh, depth, max)) {
+ brelse(bh);
+ return -EIO;
+ }
+@@ -1694,6 +1729,8 @@ ext3_ext_rm_leaf(handle_t *handle, struc
+ ext_debug(tree, "remove [%lu:%lu] in leaf\n", start, end);
+ if (!path[depth].p_hdr)
+ path[depth].p_hdr = EXT_BLOCK_HDR(path[depth].p_bh);
++
++ /* the header must be checked already in ext3_ext_remove_space() */
+ eh = path[depth].p_hdr;
+ EXT_ASSERT(eh);
+ EXT_ASSERT(eh->eh_entries <= eh->eh_max);
+@@ -1856,7 +1893,7 @@ int ext3_ext_remove_space(struct ext3_ex
+ int depth = EXT_DEPTH(tree);
+ struct ext3_ext_path *path;
+ handle_t *handle;
+- int i = 0, err = 0;
++ int i = 0, err = 0, max;
+
+ ext_debug(tree, "space to be removed: %lu:%lu\n", start, end);
+
+@@ -1879,7 +1916,13 @@ int ext3_ext_remove_space(struct ext3_ex
+ }
+ memset(path, 0, sizeof(struct ext3_ext_path) * (depth + 1));
+ path[i].p_hdr = EXT_ROOT_HDR(tree);
+-
++
++ max = ext3_ext_max_entries(tree, 1, depth);
++ if (ext3_ext_check_header(inode, path[i].p_hdr, depth, max)) {
++ err = -EIO;
++ goto out;
++ }
++
+ while (i >= 0 && err == 0) {
+ if (i == depth) {
+ /* this is leaf block */
+@@ -1889,16 +1932,13 @@ int ext3_ext_remove_space(struct ext3_ex
+ i--;
+ continue;
+ }
+-
++
+ /* this is index block */
+ if (!path[i].p_hdr) {
+ ext_debug(tree, "initialize header\n");
+ path[i].p_hdr = EXT_BLOCK_HDR(path[i].p_bh);
+ }
+
+- EXT_ASSERT(path[i].p_hdr->eh_entries <= path[i].p_hdr->eh_max);
+- EXT_ASSERT(path[i].p_hdr->eh_magic == EXT3_EXT_MAGIC);
+-
+ if (!path[i].p_idx) {
+ /* this level hasn't touched yet */
+ path[i].p_idx =
+@@ -1925,6 +1965,14 @@ int ext3_ext_remove_space(struct ext3_ex
+ err = -EIO;
+ break;
+ }
++ BUG_ON(i + 1 > depth);
++ max = ext3_ext_max_entries(tree, 0, depth - i - 1);
++ if (ext3_ext_check_header(inode,
++ EXT_BLOCK_HDR(path[i+1].p_bh),
++ depth - i - 1, max)) {
++ err = -EIO;
++ break;
++ }
+ /* put actual number of indexes to know is this
+ * number got changed at the next iteration */
+ path[i].p_block = path[i].p_hdr->eh_entries;
+@@ -1945,7 +1993,7 @@ int ext3_ext_remove_space(struct ext3_ex
+ }
+
+ /* TODO: flexible tree reduction should be here */
+- if (path->p_hdr->eh_entries == 0) {
++ if (err == 0 && path->p_hdr->eh_entries == 0) {
+ /*
+ * truncate to zero freed all the tree
+ * so, we need to correct eh_depth
+@@ -1959,6 +2007,7 @@ int ext3_ext_remove_space(struct ext3_ex
+ }
+ ext3_ext_tree_changed(tree);
+
++out:
+ kfree(path);
+ ext3_journal_stop(handle);
+
-Index: linux-2.6.9-full/include/linux/ext3_fs_sb.h
+Index: linux-2.6.9-42.0.10.EL_lustre.1.4.10/include/linux/ext3_fs_sb.h
===================================================================
---- linux-2.6.9-full.orig/include/linux/ext3_fs_sb.h 2006-05-18 23:57:04.000000000 +0400
-+++ linux-2.6.9-full/include/linux/ext3_fs_sb.h 2007-03-28 15:42:16.000000000 +0400
+--- linux-2.6.9-42.0.10.EL_lustre.1.4.10.orig/include/linux/ext3_fs_sb.h 2007-06-14 13:59:04.000000000 +0200
++++ linux-2.6.9-42.0.10.EL_lustre.1.4.10/include/linux/ext3_fs_sb.h 2007-06-14 14:16:57.000000000 +0200
@@ -81,6 +81,61 @@ struct ext3_sb_info {
char *s_qf_names[MAXQUOTAS]; /* Names of quota files with journalled quota */
int s_jquota_fmt; /* Format of quota to use */
+ [(group) & (EXT3_DESC_PER_BLOCK(sb) - 1)]
+
#endif /* _LINUX_EXT3_FS_SB */
-Index: linux-2.6.9-full/include/linux/ext3_fs.h
+Index: linux-2.6.9-42.0.10.EL_lustre.1.4.10/include/linux/ext3_fs.h
===================================================================
---- linux-2.6.9-full.orig/include/linux/ext3_fs.h 2007-03-28 01:29:39.000000000 +0400
-+++ linux-2.6.9-full/include/linux/ext3_fs.h 2007-03-28 15:45:07.000000000 +0400
+--- linux-2.6.9-42.0.10.EL_lustre.1.4.10.orig/include/linux/ext3_fs.h 2007-06-14 13:59:04.000000000 +0200
++++ linux-2.6.9-42.0.10.EL_lustre.1.4.10/include/linux/ext3_fs.h 2007-06-14 14:16:57.000000000 +0200
@@ -57,6 +57,30 @@ struct statfs;
#define ext3_debug(f, a...) do {} while (0)
#endif
/*
* Special inodes numbers
*/
-@@ -404,6 +413,14 @@
+@@ -387,6 +411,14 @@ struct ext3_inode {
#define ext3_find_first_zero_bit ext2_find_first_zero_bit
#define ext3_find_next_zero_bit ext2_find_next_zero_bit
/*
* Maximal mount counts between two filesystem checks
*/
-@@ -763,6 +787,20 @@ extern unsigned long ext3_count_dirs (st
+@@ -763,6 +795,20 @@ extern unsigned long ext3_count_dirs (st
extern void ext3_check_inodes_bitmap (struct super_block *);
extern unsigned long ext3_count_free (struct buffer_head *, unsigned);
/* inode.c */
extern int ext3_block_truncate_page(handle_t *, struct page *,
-Index: linux-2.6.9-full/fs/ext3/super.c
+Index: linux-2.6.9-42.0.10.EL_lustre.1.4.10/fs/ext3/super.c
===================================================================
---- linux-2.6.9-full.orig/fs/ext3/super.c 2007-03-28 01:29:38.000000000 +0400
-+++ linux-2.6.9-full/fs/ext3/super.c 2007-03-28 15:42:16.000000000 +0400
+--- linux-2.6.9-42.0.10.EL_lustre.1.4.10.orig/fs/ext3/super.c 2007-06-14 13:59:04.000000000 +0200
++++ linux-2.6.9-42.0.10.EL_lustre.1.4.10/fs/ext3/super.c 2007-06-14 14:16:57.000000000 +0200
@@ -394,6 +394,7 @@ void ext3_put_super (struct super_block
struct ext3_super_block *es = sbi->s_es;
int i;
return &ei->vfs_inode;
}
-@@ -2433,7 +2436,13 @@ static struct file_system_type ext3_fs_t
+@@ -2576,7 +2579,13 @@ static struct file_system_type ext3_fs_t
static int __init init_ext3_fs(void)
{
if (err)
return err;
err = init_inodecache();
-@@ -2455,6 +2464,7 @@ static void __exit exit_ext3_fs(void)
+@@ -2598,6 +2607,7 @@ static void __exit exit_ext3_fs(void)
unregister_filesystem(&ext3_fs_type);
destroy_inodecache();
exit_ext3_xattr();
}
int ext3_prep_san_write(struct inode *inode, long *blocks,
-Index: linux-2.6.9-full/fs/ext3/mballoc.c
+Index: linux-2.6.9-42.0.10.EL_lustre.1.4.10/fs/ext3/mballoc.c
===================================================================
---- linux-2.6.9-full.orig/fs/ext3/mballoc.c 2007-02-13 18:39:59.640066087 +0300
-+++ linux-2.6.9-full/fs/ext3/mballoc.c 2007-03-29 00:28:40.000000000 +0400
-@@ -0,0 +1,4342 @@
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.9-42.0.10.EL_lustre.1.4.10/fs/ext3/mballoc.c 2007-06-14 14:19:27.000000000 +0200
+@@ -0,0 +1,4369 @@
+/*
+ * Copyright (c) 2003-2006, Cluster File Systems, Inc, info@clusterfs.com
+ * Written by Alex Tomas <alex@clusterfs.com>
+}
+
+#ifdef DOUBLE_CHECK
-+void mb_free_blocks_double(struct ext3_buddy *e3b, int first, int count)
++void mb_free_blocks_double(struct inode *inode, struct ext3_buddy *e3b,
++ int first, int count)
+{
+ int i;
++ struct super_block *sb = e3b->bd_sb;
++
+ if (unlikely(e3b->bd_info->bb_bitmap == NULL))
+ return;
-+ BUG_ON(!ext3_is_group_locked(e3b->bd_sb, e3b->bd_group));
++ BUG_ON(!ext3_is_group_locked(sb, e3b->bd_group));
+ for (i = 0; i < count; i++) {
-+ BUG_ON(!mb_test_bit(first + i, e3b->bd_info->bb_bitmap));
++ if (!mb_test_bit(first + i, e3b->bd_info->bb_bitmap)) {
++ unsigned long blocknr;
++ blocknr = e3b->bd_group * EXT3_BLOCKS_PER_GROUP(sb);
++ blocknr += first + i;
++ blocknr +=
++ le32_to_cpu(EXT3_SB(sb)->s_es->s_first_data_block);
++
++ ext3_error(sb, __FUNCTION__, "double-free of inode"
++ " %lu's block %lu(bit %u in group %u)\n",
++ inode ? inode->i_ino : 0, blocknr,
++ first + i, e3b->bd_group);
++ }
+ mb_clear_bit(first + i, e3b->bd_info->bb_bitmap);
+ }
+}
+}
+
+#else
-+#define mb_free_blocks_double(a,b,c)
++#define mb_free_blocks_double(a,b,c,d)
+#define mb_mark_used_double(a,b,c)
+#define mb_cmp_bitmaps(a,b)
+#endif
+ }
+}
+
-+static int mb_free_blocks(struct ext3_buddy *e3b, int first, int count)
++static int mb_free_blocks(struct inode *inode, struct ext3_buddy *e3b,
++ int first, int count)
+{
+ int block = 0, max = 0, order;
+ void *buddy, *buddy2;
++ struct super_block *sb = e3b->bd_sb;
+
-+ BUG_ON(first + count > (e3b->bd_sb->s_blocksize << 3));
-+ BUG_ON(!ext3_is_group_locked(e3b->bd_sb, e3b->bd_group));
++ BUG_ON(first + count > (sb->s_blocksize << 3));
++ BUG_ON(!ext3_is_group_locked(sb, e3b->bd_group));
+ mb_check_buddy(e3b);
-+ mb_free_blocks_double(e3b, first, count);
++ mb_free_blocks_double(inode, e3b, first, count);
+
+ e3b->bd_info->bb_free += count;
+ if (first < e3b->bd_info->bb_first_free)
+ /* let's maintain fragments counter */
+ if (first != 0)
+ block = !mb_test_bit(first - 1, EXT3_MB_BITMAP(e3b));
-+ if (first + count < EXT3_SB(e3b->bd_sb)->s_mb_maxs[0])
++ if (first + count < EXT3_SB(sb)->s_mb_maxs[0])
+ max = !mb_test_bit(first + count, EXT3_MB_BITMAP(e3b));
+ if (block && max)
+ e3b->bd_info->bb_fragments--;
+ block = first++;
+ order = 0;
+
-+ BUG_ON(!mb_test_bit(block, EXT3_MB_BITMAP(e3b)));
++ if (!mb_test_bit(block, EXT3_MB_BITMAP(e3b))) {
++ unsigned long blocknr;
++ blocknr = e3b->bd_group * EXT3_BLOCKS_PER_GROUP(sb);
++ blocknr += block;
++ blocknr +=
++ le32_to_cpu(EXT3_SB(sb)->s_es->s_first_data_block);
++
++ ext3_error(sb, __FUNCTION__, "double-free of inode"
++ " %lu's block %lu(bit %u in group %u)\n",
++ inode ? inode->i_ino : 0, blocknr, block,
++ e3b->bd_group);
++ }
+ mb_clear_bit(block, EXT3_MB_BITMAP(e3b));
+ e3b->bd_info->bb_counters[order]++;
+
+ ext3_lock_group(sb, md->group);
+ for (i = 0; i < md->num; i++) {
+ mb_debug(" %u", md->blocks[i]);
-+ err = mb_free_blocks(&e3b, md->blocks[i], 1);
++ err = mb_free_blocks(NULL, &e3b, md->blocks[i], 1);
+ BUG_ON(err != 0);
+ }
+ mb_debug("\n");
+ ac.ac_b_ex.fe_logical = 0;
+ ext3_mb_store_history(&ac);
+
-+ mb_free_blocks(e3b, bit, next - bit);
++ mb_free_blocks(pa->pa_inode, e3b, bit, next - bit);
+ bit = next + 1;
+ }
+ if (free != pa->pa_free) {
+ BUG_ON(pa->pa_deleted == 0);
+ ext3_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit);
+ BUG_ON(group != e3b->bd_group);
-+ mb_free_blocks(e3b, bit, pa->pa_len);
++ mb_free_blocks(pa->pa_inode, e3b, bit, pa->pa_len);
+ atomic_add(pa->pa_len, &EXT3_SB(sb)->s_mb_discarded);
+
+ ac.ac_sb = sb;
+ ext3_mb_free_metadata(handle, &e3b, block_group, bit, count);
+ } else {
+ ext3_lock_group(sb, block_group);
-+ err = mb_free_blocks(&e3b, bit, count);
++ err = mb_free_blocks(inode, &e3b, bit, count);
+ ext3_mb_return_to_preallocation(inode, &e3b, block, count);
+ ext3_unlock_group(sb, block_group);
+ BUG_ON(err != 0);
git://git.whamcloud.com / fs / lustre-release.git / commitdiff