Showing error 1747

User: Jiri Slaby
Error type: Invalid Pointer Dereference
Error type description: A pointer which is invalid is being dereferenced
File location: fs/affs/file.c
Line in file: 893
Project: Linux Kernel
Project version: 2.6.28
Confirmation: Fixed by 0e45b67d5aeb3dcfb6b149cf61c30b9a8e503f74
Tools: Smatch (1.59)
Entered: 2013-09-10 20:24:52 UTC

Source: 

  1/*
  2 *  linux/fs/affs/file.c
  3 *
  4 *  (c) 1996  Hans-Joachim Widmaier - Rewritten
  5 *
  6 *  (C) 1993  Ray Burr - Modified for Amiga FFS filesystem.
  7 *
  8 *  (C) 1992  Eric Youngdale Modified for ISO 9660 filesystem.
  9 *
 10 *  (C) 1991  Linus Torvalds - minix filesystem
 11 *
 12 *  affs regular file handling primitives
 13 */
 14
 15#include "affs.h"
 16
 17#if PAGE_SIZE < 4096
 18#error PAGE_SIZE must be at least 4096
 19#endif
 20
 21static int affs_grow_extcache(struct inode *inode, u32 lc_idx);
 22static struct buffer_head *affs_alloc_extblock(struct inode *inode, struct buffer_head *bh, u32 ext);
 23static inline struct buffer_head *affs_get_extblock(struct inode *inode, u32 ext);
 24static struct buffer_head *affs_get_extblock_slow(struct inode *inode, u32 ext);
 25static int affs_file_open(struct inode *inode, struct file *filp);
 26static int affs_file_release(struct inode *inode, struct file *filp);
 27
 28const struct file_operations affs_file_operations = {
 29        .llseek                = generic_file_llseek,
 30        .read                = do_sync_read,
 31        .aio_read        = generic_file_aio_read,
 32        .write                = do_sync_write,
 33        .aio_write        = generic_file_aio_write,
 34        .mmap                = generic_file_mmap,
 35        .open                = affs_file_open,
 36        .release        = affs_file_release,
 37        .fsync                = file_fsync,
 38        .splice_read        = generic_file_splice_read,
 39};
 40
 41const struct inode_operations affs_file_inode_operations = {
 42        .truncate        = affs_truncate,
 43        .setattr        = affs_notify_change,
 44};
 45
 46static int
 47affs_file_open(struct inode *inode, struct file *filp)
 48{
 49        pr_debug("AFFS: open(%lu,%d)\n",
 50                 inode->i_ino, atomic_read(&AFFS_I(inode)->i_opencnt));
 51        atomic_inc(&AFFS_I(inode)->i_opencnt);
 52        return 0;
 53}
 54
 55static int
 56affs_file_release(struct inode *inode, struct file *filp)
 57{
 58        pr_debug("AFFS: release(%lu, %d)\n",
 59                 inode->i_ino, atomic_read(&AFFS_I(inode)->i_opencnt));
 60
 61        if (atomic_dec_and_test(&AFFS_I(inode)->i_opencnt)) {
 62                mutex_lock(&inode->i_mutex);
 63                if (inode->i_size != AFFS_I(inode)->mmu_private)
 64                        affs_truncate(inode);
 65                affs_free_prealloc(inode);
 66                mutex_unlock(&inode->i_mutex);
 67        }
 68
 69        return 0;
 70}
 71
 72static int
 73affs_grow_extcache(struct inode *inode, u32 lc_idx)
 74{
 75        struct super_block        *sb = inode->i_sb;
 76        struct buffer_head        *bh;
 77        u32 lc_max;
 78        int i, j, key;
 79
 80        if (!AFFS_I(inode)->i_lc) {
 81                char *ptr = (char *)get_zeroed_page(GFP_NOFS);
 82                if (!ptr)
 83                        return -ENOMEM;
 84                AFFS_I(inode)->i_lc = (u32 *)ptr;
 85                AFFS_I(inode)->i_ac = (struct affs_ext_key *)(ptr + AFFS_CACHE_SIZE / 2);
 86        }
 87
 88        lc_max = AFFS_LC_SIZE << AFFS_I(inode)->i_lc_shift;
 89
 90        if (AFFS_I(inode)->i_extcnt > lc_max) {
 91                u32 lc_shift, lc_mask, tmp, off;
 92
 93                /* need to recalculate linear cache, start from old size */
 94                lc_shift = AFFS_I(inode)->i_lc_shift;
 95                tmp = (AFFS_I(inode)->i_extcnt / AFFS_LC_SIZE) >> lc_shift;
 96                for (; tmp; tmp >>= 1)
 97                        lc_shift++;
 98                lc_mask = (1 << lc_shift) - 1;
 99
100                /* fix idx and old size to new shift */
101                lc_idx >>= (lc_shift - AFFS_I(inode)->i_lc_shift);
102                AFFS_I(inode)->i_lc_size >>= (lc_shift - AFFS_I(inode)->i_lc_shift);
103
104                /* first shrink old cache to make more space */
105                off = 1 << (lc_shift - AFFS_I(inode)->i_lc_shift);
106                for (i = 1, j = off; j < AFFS_LC_SIZE; i++, j += off)
107                        AFFS_I(inode)->i_ac[i] = AFFS_I(inode)->i_ac[j];
108
109                AFFS_I(inode)->i_lc_shift = lc_shift;
110                AFFS_I(inode)->i_lc_mask = lc_mask;
111        }
112
113        /* fill cache to the needed index */
114        i = AFFS_I(inode)->i_lc_size;
115        AFFS_I(inode)->i_lc_size = lc_idx + 1;
116        for (; i <= lc_idx; i++) {
117                if (!i) {
118                        AFFS_I(inode)->i_lc[0] = inode->i_ino;
119                        continue;
120                }
121                key = AFFS_I(inode)->i_lc[i - 1];
122                j = AFFS_I(inode)->i_lc_mask + 1;
123                // unlock cache
124                for (; j > 0; j--) {
125                        bh = affs_bread(sb, key);
126                        if (!bh)
127                                goto err;
128                        key = be32_to_cpu(AFFS_TAIL(sb, bh)->extension);
129                        affs_brelse(bh);
130                }
131                // lock cache
132                AFFS_I(inode)->i_lc[i] = key;
133        }
134
135        return 0;
136
137err:
138        // lock cache
139        return -EIO;
140}
141
142static struct buffer_head *
143affs_alloc_extblock(struct inode *inode, struct buffer_head *bh, u32 ext)
144{
145        struct super_block *sb = inode->i_sb;
146        struct buffer_head *new_bh;
147        u32 blocknr, tmp;
148
149        blocknr = affs_alloc_block(inode, bh->b_blocknr);
150        if (!blocknr)
151                return ERR_PTR(-ENOSPC);
152
153        new_bh = affs_getzeroblk(sb, blocknr);
154        if (!new_bh) {
155                affs_free_block(sb, blocknr);
156                return ERR_PTR(-EIO);
157        }
158
159        AFFS_HEAD(new_bh)->ptype = cpu_to_be32(T_LIST);
160        AFFS_HEAD(new_bh)->key = cpu_to_be32(blocknr);
161        AFFS_TAIL(sb, new_bh)->stype = cpu_to_be32(ST_FILE);
162        AFFS_TAIL(sb, new_bh)->parent = cpu_to_be32(inode->i_ino);
163        affs_fix_checksum(sb, new_bh);
164
165        mark_buffer_dirty_inode(new_bh, inode);
166
167        tmp = be32_to_cpu(AFFS_TAIL(sb, bh)->extension);
168        if (tmp)
169                affs_warning(sb, "alloc_ext", "previous extension set (%x)", tmp);
170        AFFS_TAIL(sb, bh)->extension = cpu_to_be32(blocknr);
171        affs_adjust_checksum(bh, blocknr - tmp);
172        mark_buffer_dirty_inode(bh, inode);
173
174        AFFS_I(inode)->i_extcnt++;
175        mark_inode_dirty(inode);
176
177        return new_bh;
178}
179
180static inline struct buffer_head *
181affs_get_extblock(struct inode *inode, u32 ext)
182{
183        /* inline the simplest case: same extended block as last time */
184        struct buffer_head *bh = AFFS_I(inode)->i_ext_bh;
185        if (ext == AFFS_I(inode)->i_ext_last)
186                get_bh(bh);
187        else
188                /* we have to do more (not inlined) */
189                bh = affs_get_extblock_slow(inode, ext);
190
191        return bh;
192}
193
194static struct buffer_head *
195affs_get_extblock_slow(struct inode *inode, u32 ext)
196{
197        struct super_block *sb = inode->i_sb;
198        struct buffer_head *bh;
199        u32 ext_key;
200        u32 lc_idx, lc_off, ac_idx;
201        u32 tmp, idx;
202
203        if (ext == AFFS_I(inode)->i_ext_last + 1) {
204                /* read the next extended block from the current one */
205                bh = AFFS_I(inode)->i_ext_bh;
206                ext_key = be32_to_cpu(AFFS_TAIL(sb, bh)->extension);
207                if (ext < AFFS_I(inode)->i_extcnt)
208                        goto read_ext;
209                if (ext > AFFS_I(inode)->i_extcnt)
210                        BUG();
211                bh = affs_alloc_extblock(inode, bh, ext);
212                if (IS_ERR(bh))
213                        return bh;
214                goto store_ext;
215        }
216
217        if (ext == 0) {
218                /* we seek back to the file header block */
219                ext_key = inode->i_ino;
220                goto read_ext;
221        }
222
223        if (ext >= AFFS_I(inode)->i_extcnt) {
224                struct buffer_head *prev_bh;
225
226                /* allocate a new extended block */
227                if (ext > AFFS_I(inode)->i_extcnt)
228                        BUG();
229
230                /* get previous extended block */
231                prev_bh = affs_get_extblock(inode, ext - 1);
232                if (IS_ERR(prev_bh))
233                        return prev_bh;
234                bh = affs_alloc_extblock(inode, prev_bh, ext);
235                affs_brelse(prev_bh);
236                if (IS_ERR(bh))
237                        return bh;
238                goto store_ext;
239        }
240
241again:
242        /* check if there is an extended cache and whether it's large enough */
243        lc_idx = ext >> AFFS_I(inode)->i_lc_shift;
244        lc_off = ext & AFFS_I(inode)->i_lc_mask;
245
246        if (lc_idx >= AFFS_I(inode)->i_lc_size) {
247                int err;
248
249                err = affs_grow_extcache(inode, lc_idx);
250                if (err)
251                        return ERR_PTR(err);
252                goto again;
253        }
254
255        /* every n'th key we find in the linear cache */
256        if (!lc_off) {
257                ext_key = AFFS_I(inode)->i_lc[lc_idx];
258                goto read_ext;
259        }
260
261        /* maybe it's still in the associative cache */
262        ac_idx = (ext - lc_idx - 1) & AFFS_AC_MASK;
263        if (AFFS_I(inode)->i_ac[ac_idx].ext == ext) {
264                ext_key = AFFS_I(inode)->i_ac[ac_idx].key;
265                goto read_ext;
266        }
267
268        /* try to find one of the previous extended blocks */
269        tmp = ext;
270        idx = ac_idx;
271        while (--tmp, --lc_off > 0) {
272                idx = (idx - 1) & AFFS_AC_MASK;
273                if (AFFS_I(inode)->i_ac[idx].ext == tmp) {
274                        ext_key = AFFS_I(inode)->i_ac[idx].key;
275                        goto find_ext;
276                }
277        }
278
279        /* fall back to the linear cache */
280        ext_key = AFFS_I(inode)->i_lc[lc_idx];
281find_ext:
282        /* read all extended blocks until we find the one we need */
283        //unlock cache
284        do {
285                bh = affs_bread(sb, ext_key);
286                if (!bh)
287                        goto err_bread;
288                ext_key = be32_to_cpu(AFFS_TAIL(sb, bh)->extension);
289                affs_brelse(bh);
290                tmp++;
291        } while (tmp < ext);
292        //lock cache
293
294        /* store it in the associative cache */
295        // recalculate ac_idx?
296        AFFS_I(inode)->i_ac[ac_idx].ext = ext;
297        AFFS_I(inode)->i_ac[ac_idx].key = ext_key;
298
299read_ext:
300        /* finally read the right extended block */
301        //unlock cache
302        bh = affs_bread(sb, ext_key);
303        if (!bh)
304                goto err_bread;
305        //lock cache
306
307store_ext:
308        /* release old cached extended block and store the new one */
309        affs_brelse(AFFS_I(inode)->i_ext_bh);
310        AFFS_I(inode)->i_ext_last = ext;
311        AFFS_I(inode)->i_ext_bh = bh;
312        get_bh(bh);
313
314        return bh;
315
316err_bread:
317        affs_brelse(bh);
318        return ERR_PTR(-EIO);
319}
320
321static int
322affs_get_block(struct inode *inode, sector_t block, struct buffer_head *bh_result, int create)
323{
324        struct super_block        *sb = inode->i_sb;
325        struct buffer_head        *ext_bh;
326        u32                         ext;
327
328        pr_debug("AFFS: get_block(%u, %lu)\n", (u32)inode->i_ino, (unsigned long)block);
329
330        BUG_ON(block > (sector_t)0x7fffffffUL);
331
332        if (block >= AFFS_I(inode)->i_blkcnt) {
333                if (block > AFFS_I(inode)->i_blkcnt || !create)
334                        goto err_big;
335        } else
336                create = 0;
337
338        //lock cache
339        affs_lock_ext(inode);
340
341        ext = (u32)block / AFFS_SB(sb)->s_hashsize;
342        block -= ext * AFFS_SB(sb)->s_hashsize;
343        ext_bh = affs_get_extblock(inode, ext);
344        if (IS_ERR(ext_bh))
345                goto err_ext;
346        map_bh(bh_result, sb, (sector_t)be32_to_cpu(AFFS_BLOCK(sb, ext_bh, block)));
347
348        if (create) {
349                u32 blocknr = affs_alloc_block(inode, ext_bh->b_blocknr);
350                if (!blocknr)
351                        goto err_alloc;
352                set_buffer_new(bh_result);
353                AFFS_I(inode)->mmu_private += AFFS_SB(sb)->s_data_blksize;
354                AFFS_I(inode)->i_blkcnt++;
355
356                /* store new block */
357                if (bh_result->b_blocknr)
358                        affs_warning(sb, "get_block", "block already set (%x)", bh_result->b_blocknr);
359                AFFS_BLOCK(sb, ext_bh, block) = cpu_to_be32(blocknr);
360                AFFS_HEAD(ext_bh)->block_count = cpu_to_be32(block + 1);
361                affs_adjust_checksum(ext_bh, blocknr - bh_result->b_blocknr + 1);
362                bh_result->b_blocknr = blocknr;
363
364                if (!block) {
365                        /* insert first block into header block */
366                        u32 tmp = be32_to_cpu(AFFS_HEAD(ext_bh)->first_data);
367                        if (tmp)
368                                affs_warning(sb, "get_block", "first block already set (%d)", tmp);
369                        AFFS_HEAD(ext_bh)->first_data = cpu_to_be32(blocknr);
370                        affs_adjust_checksum(ext_bh, blocknr - tmp);
371                }
372        }
373
374        affs_brelse(ext_bh);
375        //unlock cache
376        affs_unlock_ext(inode);
377        return 0;
378
379err_big:
380        affs_error(inode->i_sb,"get_block","strange block request %d", block);
381        return -EIO;
382err_ext:
383        // unlock cache
384        affs_unlock_ext(inode);
385        return PTR_ERR(ext_bh);
386err_alloc:
387        brelse(ext_bh);
388        clear_buffer_mapped(bh_result);
389        bh_result->b_bdev = NULL;
390        // unlock cache
391        affs_unlock_ext(inode);
392        return -ENOSPC;
393}
394
395static int affs_writepage(struct page *page, struct writeback_control *wbc)
396{
397        return block_write_full_page(page, affs_get_block, wbc);
398}
399
400static int affs_readpage(struct file *file, struct page *page)
401{
402        return block_read_full_page(page, affs_get_block);
403}
404
405static int affs_write_begin(struct file *file, struct address_space *mapping,
406                        loff_t pos, unsigned len, unsigned flags,
407                        struct page **pagep, void **fsdata)
408{
409        *pagep = NULL;
410        return cont_write_begin(file, mapping, pos, len, flags, pagep, fsdata,
411                                affs_get_block,
412                                &AFFS_I(mapping->host)->mmu_private);
413}
414
415static sector_t _affs_bmap(struct address_space *mapping, sector_t block)
416{
417        return generic_block_bmap(mapping,block,affs_get_block);
418}
419
420const struct address_space_operations affs_aops = {
421        .readpage = affs_readpage,
422        .writepage = affs_writepage,
423        .sync_page = block_sync_page,
424        .write_begin = affs_write_begin,
425        .write_end = generic_write_end,
426        .bmap = _affs_bmap
427};
428
429static inline struct buffer_head *
430affs_bread_ino(struct inode *inode, int block, int create)
431{
432        struct buffer_head *bh, tmp_bh;
433        int err;
434
435        tmp_bh.b_state = 0;
436        err = affs_get_block(inode, block, &tmp_bh, create);
437        if (!err) {
438                bh = affs_bread(inode->i_sb, tmp_bh.b_blocknr);
439                if (bh) {
440                        bh->b_state |= tmp_bh.b_state;
441                        return bh;
442                }
443                err = -EIO;
444        }
445        return ERR_PTR(err);
446}
447
448static inline struct buffer_head *
449affs_getzeroblk_ino(struct inode *inode, int block)
450{
451        struct buffer_head *bh, tmp_bh;
452        int err;
453
454        tmp_bh.b_state = 0;
455        err = affs_get_block(inode, block, &tmp_bh, 1);
456        if (!err) {
457                bh = affs_getzeroblk(inode->i_sb, tmp_bh.b_blocknr);
458                if (bh) {
459                        bh->b_state |= tmp_bh.b_state;
460                        return bh;
461                }
462                err = -EIO;
463        }
464        return ERR_PTR(err);
465}
466
467static inline struct buffer_head *
468affs_getemptyblk_ino(struct inode *inode, int block)
469{
470        struct buffer_head *bh, tmp_bh;
471        int err;
472
473        tmp_bh.b_state = 0;
474        err = affs_get_block(inode, block, &tmp_bh, 1);
475        if (!err) {
476                bh = affs_getemptyblk(inode->i_sb, tmp_bh.b_blocknr);
477                if (bh) {
478                        bh->b_state |= tmp_bh.b_state;
479                        return bh;
480                }
481                err = -EIO;
482        }
483        return ERR_PTR(err);
484}
485
486static int
487affs_do_readpage_ofs(struct file *file, struct page *page, unsigned from, unsigned to)
488{
489        struct inode *inode = page->mapping->host;
490        struct super_block *sb = inode->i_sb;
491        struct buffer_head *bh;
492        char *data;
493        u32 bidx, boff, bsize;
494        u32 tmp;
495
496        pr_debug("AFFS: read_page(%u, %ld, %d, %d)\n", (u32)inode->i_ino, page->index, from, to);
497        BUG_ON(from > to || to > PAGE_CACHE_SIZE);
498        kmap(page);
499        data = page_address(page);
500        bsize = AFFS_SB(sb)->s_data_blksize;
501        tmp = (page->index << PAGE_CACHE_SHIFT) + from;
502        bidx = tmp / bsize;
503        boff = tmp % bsize;
504
505        while (from < to) {
506                bh = affs_bread_ino(inode, bidx, 0);
507                if (IS_ERR(bh))
508                        return PTR_ERR(bh);
509                tmp = min(bsize - boff, to - from);
510                BUG_ON(from + tmp > to || tmp > bsize);
511                memcpy(data + from, AFFS_DATA(bh) + boff, tmp);
512                affs_brelse(bh);
513                bidx++;
514                from += tmp;
515                boff = 0;
516        }
517        flush_dcache_page(page);
518        kunmap(page);
519        return 0;
520}
521
522static int
523affs_extent_file_ofs(struct inode *inode, u32 newsize)
524{
525        struct super_block *sb = inode->i_sb;
526        struct buffer_head *bh, *prev_bh;
527        u32 bidx, boff;
528        u32 size, bsize;
529        u32 tmp;
530
531        pr_debug("AFFS: extent_file(%u, %d)\n", (u32)inode->i_ino, newsize);
532        bsize = AFFS_SB(sb)->s_data_blksize;
533        bh = NULL;
534        size = AFFS_I(inode)->mmu_private;
535        bidx = size / bsize;
536        boff = size % bsize;
537        if (boff) {
538                bh = affs_bread_ino(inode, bidx, 0);
539                if (IS_ERR(bh))
540                        return PTR_ERR(bh);
541                tmp = min(bsize - boff, newsize - size);
542                BUG_ON(boff + tmp > bsize || tmp > bsize);
543                memset(AFFS_DATA(bh) + boff, 0, tmp);
544                be32_add_cpu(&AFFS_DATA_HEAD(bh)->size, tmp);
545                affs_fix_checksum(sb, bh);
546                mark_buffer_dirty_inode(bh, inode);
547                size += tmp;
548                bidx++;
549        } else if (bidx) {
550                bh = affs_bread_ino(inode, bidx - 1, 0);
551                if (IS_ERR(bh))
552                        return PTR_ERR(bh);
553        }
554
555        while (size < newsize) {
556                prev_bh = bh;
557                bh = affs_getzeroblk_ino(inode, bidx);
558                if (IS_ERR(bh))
559                        goto out;
560                tmp = min(bsize, newsize - size);
561                BUG_ON(tmp > bsize);
562                AFFS_DATA_HEAD(bh)->ptype = cpu_to_be32(T_DATA);
563                AFFS_DATA_HEAD(bh)->key = cpu_to_be32(inode->i_ino);
564                AFFS_DATA_HEAD(bh)->sequence = cpu_to_be32(bidx);
565                AFFS_DATA_HEAD(bh)->size = cpu_to_be32(tmp);
566                affs_fix_checksum(sb, bh);
567                bh->b_state &= ~(1UL << BH_New);
568                mark_buffer_dirty_inode(bh, inode);
569                if (prev_bh) {
570                        u32 tmp = be32_to_cpu(AFFS_DATA_HEAD(prev_bh)->next);
571                        if (tmp)
572                                affs_warning(sb, "extent_file_ofs", "next block already set for %d (%d)", bidx, tmp);
573                        AFFS_DATA_HEAD(prev_bh)->next = cpu_to_be32(bh->b_blocknr);
574                        affs_adjust_checksum(prev_bh, bh->b_blocknr - tmp);
575                        mark_buffer_dirty_inode(prev_bh, inode);
576                        affs_brelse(prev_bh);
577                }
578                size += bsize;
579                bidx++;
580        }
581        affs_brelse(bh);
582        inode->i_size = AFFS_I(inode)->mmu_private = newsize;
583        return 0;
584
585out:
586        inode->i_size = AFFS_I(inode)->mmu_private = newsize;
587        return PTR_ERR(bh);
588}
589
590static int
591affs_readpage_ofs(struct file *file, struct page *page)
592{
593        struct inode *inode = page->mapping->host;
594        u32 to;
595        int err;
596
597        pr_debug("AFFS: read_page(%u, %ld)\n", (u32)inode->i_ino, page->index);
598        to = PAGE_CACHE_SIZE;
599        if (((page->index + 1) << PAGE_CACHE_SHIFT) > inode->i_size) {
600                to = inode->i_size & ~PAGE_CACHE_MASK;
601                memset(page_address(page) + to, 0, PAGE_CACHE_SIZE - to);
602        }
603
604        err = affs_do_readpage_ofs(file, page, 0, to);
605        if (!err)
606                SetPageUptodate(page);
607        unlock_page(page);
608        return err;
609}
610
611static int affs_write_begin_ofs(struct file *file, struct address_space *mapping,
612                                loff_t pos, unsigned len, unsigned flags,
613                                struct page **pagep, void **fsdata)
614{
615        struct inode *inode = mapping->host;
616        struct page *page;
617        pgoff_t index;
618        int err = 0;
619
620        pr_debug("AFFS: write_begin(%u, %llu, %llu)\n", (u32)inode->i_ino, (unsigned long long)pos, (unsigned long long)pos + len);
621        if (pos > AFFS_I(inode)->mmu_private) {
622                /* XXX: this probably leaves a too-big i_size in case of
623                 * failure. Should really be updating i_size at write_end time
624                 */
625                err = affs_extent_file_ofs(inode, pos);
626                if (err)
627                        return err;
628        }
629
630        index = pos >> PAGE_CACHE_SHIFT;
631        page = __grab_cache_page(mapping, index);
632        if (!page)
633                return -ENOMEM;
634        *pagep = page;
635
636        if (PageUptodate(page))
637                return 0;
638
639        /* XXX: inefficient but safe in the face of short writes */
640        err = affs_do_readpage_ofs(file, page, 0, PAGE_CACHE_SIZE);
641        if (err) {
642                unlock_page(page);
643                page_cache_release(page);
644        }
645        return err;
646}
647
648static int affs_write_end_ofs(struct file *file, struct address_space *mapping,
649                                loff_t pos, unsigned len, unsigned copied,
650                                struct page *page, void *fsdata)
651{
652        struct inode *inode = mapping->host;
653        struct super_block *sb = inode->i_sb;
654        struct buffer_head *bh, *prev_bh;
655        char *data;
656        u32 bidx, boff, bsize;
657        unsigned from, to;
658        u32 tmp;
659        int written;
660
661        from = pos & (PAGE_CACHE_SIZE - 1);
662        to = pos + len;
663        /*
664         * XXX: not sure if this can handle short copies (len < copied), but
665         * we don't have to, because the page should always be uptodate here,
666         * due to write_begin.
667         */
668
669        pr_debug("AFFS: write_begin(%u, %llu, %llu)\n", (u32)inode->i_ino, (unsigned long long)pos, (unsigned long long)pos + len);
670        bsize = AFFS_SB(sb)->s_data_blksize;
671        data = page_address(page);
672
673        bh = NULL;
674        written = 0;
675        tmp = (page->index << PAGE_CACHE_SHIFT) + from;
676        bidx = tmp / bsize;
677        boff = tmp % bsize;
678        if (boff) {
679                bh = affs_bread_ino(inode, bidx, 0);
680                if (IS_ERR(bh))
681                        return PTR_ERR(bh);
682                tmp = min(bsize - boff, to - from);
683                BUG_ON(boff + tmp > bsize || tmp > bsize);
684                memcpy(AFFS_DATA(bh) + boff, data + from, tmp);
685                be32_add_cpu(&AFFS_DATA_HEAD(bh)->size, tmp);
686                affs_fix_checksum(sb, bh);
687                mark_buffer_dirty_inode(bh, inode);
688                written += tmp;
689                from += tmp;
690                bidx++;
691        } else if (bidx) {
692                bh = affs_bread_ino(inode, bidx - 1, 0);
693                if (IS_ERR(bh))
694                        return PTR_ERR(bh);
695        }
696        while (from + bsize <= to) {
697                prev_bh = bh;
698                bh = affs_getemptyblk_ino(inode, bidx);
699                if (IS_ERR(bh))
700                        goto out;
701                memcpy(AFFS_DATA(bh), data + from, bsize);
702                if (buffer_new(bh)) {
703                        AFFS_DATA_HEAD(bh)->ptype = cpu_to_be32(T_DATA);
704                        AFFS_DATA_HEAD(bh)->key = cpu_to_be32(inode->i_ino);
705                        AFFS_DATA_HEAD(bh)->sequence = cpu_to_be32(bidx);
706                        AFFS_DATA_HEAD(bh)->size = cpu_to_be32(bsize);
707                        AFFS_DATA_HEAD(bh)->next = 0;
708                        bh->b_state &= ~(1UL << BH_New);
709                        if (prev_bh) {
710                                u32 tmp = be32_to_cpu(AFFS_DATA_HEAD(prev_bh)->next);
711                                if (tmp)
712                                        affs_warning(sb, "commit_write_ofs", "next block already set for %d (%d)", bidx, tmp);
713                                AFFS_DATA_HEAD(prev_bh)->next = cpu_to_be32(bh->b_blocknr);
714                                affs_adjust_checksum(prev_bh, bh->b_blocknr - tmp);
715                                mark_buffer_dirty_inode(prev_bh, inode);
716                        }
717                }
718                affs_brelse(prev_bh);
719                affs_fix_checksum(sb, bh);
720                mark_buffer_dirty_inode(bh, inode);
721                written += bsize;
722                from += bsize;
723                bidx++;
724        }
725        if (from < to) {
726                prev_bh = bh;
727                bh = affs_bread_ino(inode, bidx, 1);
728                if (IS_ERR(bh))
729                        goto out;
730                tmp = min(bsize, to - from);
731                BUG_ON(tmp > bsize);
732                memcpy(AFFS_DATA(bh), data + from, tmp);
733                if (buffer_new(bh)) {
734                        AFFS_DATA_HEAD(bh)->ptype = cpu_to_be32(T_DATA);
735                        AFFS_DATA_HEAD(bh)->key = cpu_to_be32(inode->i_ino);
736                        AFFS_DATA_HEAD(bh)->sequence = cpu_to_be32(bidx);
737                        AFFS_DATA_HEAD(bh)->size = cpu_to_be32(tmp);
738                        AFFS_DATA_HEAD(bh)->next = 0;
739                        bh->b_state &= ~(1UL << BH_New);
740                        if (prev_bh) {
741                                u32 tmp = be32_to_cpu(AFFS_DATA_HEAD(prev_bh)->next);
742                                if (tmp)
743                                        affs_warning(sb, "commit_write_ofs", "next block already set for %d (%d)", bidx, tmp);
744                                AFFS_DATA_HEAD(prev_bh)->next = cpu_to_be32(bh->b_blocknr);
745                                affs_adjust_checksum(prev_bh, bh->b_blocknr - tmp);
746                                mark_buffer_dirty_inode(prev_bh, inode);
747                        }
748                } else if (be32_to_cpu(AFFS_DATA_HEAD(bh)->size) < tmp)
749                        AFFS_DATA_HEAD(bh)->size = cpu_to_be32(tmp);
750                affs_brelse(prev_bh);
751                affs_fix_checksum(sb, bh);
752                mark_buffer_dirty_inode(bh, inode);
753                written += tmp;
754                from += tmp;
755                bidx++;
756        }
757        SetPageUptodate(page);
758
759done:
760        affs_brelse(bh);
761        tmp = (page->index << PAGE_CACHE_SHIFT) + from;
762        if (tmp > inode->i_size)
763                inode->i_size = AFFS_I(inode)->mmu_private = tmp;
764
765        unlock_page(page);
766        page_cache_release(page);
767
768        return written;
769
770out:
771        bh = prev_bh;
772        if (!written)
773                written = PTR_ERR(bh);
774        goto done;
775}
776
777const struct address_space_operations affs_aops_ofs = {
778        .readpage = affs_readpage_ofs,
779        //.writepage = affs_writepage_ofs,
780        //.sync_page = affs_sync_page_ofs,
781        .write_begin = affs_write_begin_ofs,
782        .write_end = affs_write_end_ofs
783};
784
785/* Free any preallocated blocks. */
786
787void
788affs_free_prealloc(struct inode *inode)
789{
790        struct super_block *sb = inode->i_sb;
791
792        pr_debug("AFFS: free_prealloc(ino=%lu)\n", inode->i_ino);
793
794        while (AFFS_I(inode)->i_pa_cnt) {
795                AFFS_I(inode)->i_pa_cnt--;
796                affs_free_block(sb, ++AFFS_I(inode)->i_lastalloc);
797        }
798}
799
800/* Truncate (or enlarge) a file to the requested size. */
801
802void
803affs_truncate(struct inode *inode)
804{
805        struct super_block *sb = inode->i_sb;
806        u32 ext, ext_key;
807        u32 last_blk, blkcnt, blk;
808        u32 size;
809        struct buffer_head *ext_bh;
810        int i;
811
812        pr_debug("AFFS: truncate(inode=%d, oldsize=%u, newsize=%u)\n",
813                 (u32)inode->i_ino, (u32)AFFS_I(inode)->mmu_private, (u32)inode->i_size);
814
815        last_blk = 0;
816        ext = 0;
817        if (inode->i_size) {
818                last_blk = ((u32)inode->i_size - 1) / AFFS_SB(sb)->s_data_blksize;
819                ext = last_blk / AFFS_SB(sb)->s_hashsize;
820        }
821
822        if (inode->i_size > AFFS_I(inode)->mmu_private) {
823                struct address_space *mapping = inode->i_mapping;
824                struct page *page;
825                void *fsdata;
826                u32 size = inode->i_size;
827                int res;
828
829                res = mapping->a_ops->write_begin(NULL, mapping, size, 0, 0, &page, &fsdata);
830                if (!res)
831                        res = mapping->a_ops->write_end(NULL, mapping, size, 0, 0, page, fsdata);
832                else
833                        inode->i_size = AFFS_I(inode)->mmu_private;
834                mark_inode_dirty(inode);
835                return;
836        } else if (inode->i_size == AFFS_I(inode)->mmu_private)
837                return;
838
839        // lock cache
840        ext_bh = affs_get_extblock(inode, ext);
841        if (IS_ERR(ext_bh)) {
842                affs_warning(sb, "truncate", "unexpected read error for ext block %u (%d)",
843                             ext, PTR_ERR(ext_bh));
844                return;
845        }
846        if (AFFS_I(inode)->i_lc) {
847                /* clear linear cache */
848                i = (ext + 1) >> AFFS_I(inode)->i_lc_shift;
849                if (AFFS_I(inode)->i_lc_size > i) {
850                        AFFS_I(inode)->i_lc_size = i;
851                        for (; i < AFFS_LC_SIZE; i++)
852                                AFFS_I(inode)->i_lc[i] = 0;
853                }
854                /* clear associative cache */
855                for (i = 0; i < AFFS_AC_SIZE; i++)
856                        if (AFFS_I(inode)->i_ac[i].ext >= ext)
857                                AFFS_I(inode)->i_ac[i].ext = 0;
858        }
859        ext_key = be32_to_cpu(AFFS_TAIL(sb, ext_bh)->extension);
860
861        blkcnt = AFFS_I(inode)->i_blkcnt;
862        i = 0;
863        blk = last_blk;
864        if (inode->i_size) {
865                i = last_blk % AFFS_SB(sb)->s_hashsize + 1;
866                blk++;
867        } else
868                AFFS_HEAD(ext_bh)->first_data = 0;
869        AFFS_HEAD(ext_bh)->block_count = cpu_to_be32(i);
870        size = AFFS_SB(sb)->s_hashsize;
871        if (size > blkcnt - blk + i)
872                size = blkcnt - blk + i;
873        for (; i < size; i++, blk++) {
874                affs_free_block(sb, be32_to_cpu(AFFS_BLOCK(sb, ext_bh, i)));
875                AFFS_BLOCK(sb, ext_bh, i) = 0;
876        }
877        AFFS_TAIL(sb, ext_bh)->extension = 0;
878        affs_fix_checksum(sb, ext_bh);
879        mark_buffer_dirty_inode(ext_bh, inode);
880        affs_brelse(ext_bh);
881
882        if (inode->i_size) {
883                AFFS_I(inode)->i_blkcnt = last_blk + 1;
884                AFFS_I(inode)->i_extcnt = ext + 1;
885                if (AFFS_SB(sb)->s_flags & SF_OFS) {
886                        struct buffer_head *bh = affs_bread_ino(inode, last_blk, 0);
887                        u32 tmp;
888                        if (IS_ERR(ext_bh)) {
889                                affs_warning(sb, "truncate", "unexpected read error for last block %u (%d)",
890                                             ext, PTR_ERR(ext_bh));
891                                return;
892                        }
893                        tmp = be32_to_cpu(AFFS_DATA_HEAD(bh)->next);
894                        AFFS_DATA_HEAD(bh)->next = 0;
895                        affs_adjust_checksum(bh, -tmp);
896                        affs_brelse(bh);
897                }
898        } else {
899                AFFS_I(inode)->i_blkcnt = 0;
900                AFFS_I(inode)->i_extcnt = 1;
901        }
902        AFFS_I(inode)->mmu_private = inode->i_size;
903        // unlock cache
904
905        while (ext_key) {
906                ext_bh = affs_bread(sb, ext_key);
907                size = AFFS_SB(sb)->s_hashsize;
908                if (size > blkcnt - blk)
909                        size = blkcnt - blk;
910                for (i = 0; i < size; i++, blk++)
911                        affs_free_block(sb, be32_to_cpu(AFFS_BLOCK(sb, ext_bh, i)));
912                affs_free_block(sb, ext_key);
913                ext_key = be32_to_cpu(AFFS_TAIL(sb, ext_bh)->extension);
914                affs_brelse(ext_bh);
915        }
916        affs_free_prealloc(inode);
917}