ClabureDB: Classified Bug-Reports Database

Project: Linux Kernel

Showing error 1752

User:	Jiri Slaby
Error type:	Invalid Pointer Dereference
Error type description:	A pointer which is invalid is being dereferenced
File location:	fs/ext4/namei.c
Line in file:	1478
Project:	Linux Kernel
Project version:	2.6.28
Tools:	Smatch (1.59)
Entered:	2013-09-10 20:24:52 UTC
Source:

   1/*
   2 *  linux/fs/ext4/namei.c
   3 *
   4 * Copyright (C) 1992, 1993, 1994, 1995
   5 * Remy Card (card@masi.ibp.fr)
   6 * Laboratoire MASI - Institut Blaise Pascal
   7 * Universite Pierre et Marie Curie (Paris VI)
   8 *
   9 *  from
  10 *
  11 *  linux/fs/minix/namei.c
  12 *
  13 *  Copyright (C) 1991, 1992  Linus Torvalds
  14 *
  15 *  Big-endian to little-endian byte-swapping/bitmaps by
  16 *        David S. Miller (davem@caip.rutgers.edu), 1995
  17 *  Directory entry file type support and forward compatibility hooks
  18 *        for B-tree directories by Theodore Ts'o (tytso@mit.edu), 1998
  19 *  Hash Tree Directory indexing (c)
  20 *        Daniel Phillips, 2001
  21 *  Hash Tree Directory indexing porting
  22 *        Christopher Li, 2002
  23 *  Hash Tree Directory indexing cleanup
  24 *        Theodore Ts'o, 2002
  25 */
  26
  27#include <linux/fs.h>
  28#include <linux/pagemap.h>
  29#include <linux/jbd2.h>
  30#include <linux/time.h>
  31#include <linux/fcntl.h>
  32#include <linux/stat.h>
  33#include <linux/string.h>
  34#include <linux/quotaops.h>
  35#include <linux/buffer_head.h>
  36#include <linux/bio.h>
  37#include "ext4.h"
  38#include "ext4_jbd2.h"
  39
  40#include "namei.h"
  41#include "xattr.h"
  42#include "acl.h"
  43
  44/*
  45 * define how far ahead to read directories while searching them.
  46 */
  47#define NAMEI_RA_CHUNKS  2
  48#define NAMEI_RA_BLOCKS  4
  49#define NAMEI_RA_SIZE             (NAMEI_RA_CHUNKS * NAMEI_RA_BLOCKS)
  50#define NAMEI_RA_INDEX(c,b)  (((c) * NAMEI_RA_BLOCKS) + (b))
  51
  52static struct buffer_head *ext4_append(handle_t *handle,
  53                                        struct inode *inode,
  54                                        ext4_lblk_t *block, int *err)
  55{
  56        struct buffer_head *bh;
  57
  58        *block = inode->i_size >> inode->i_sb->s_blocksize_bits;
  59
  60        bh = ext4_bread(handle, inode, *block, 1, err);
  61        if (bh) {
  62                inode->i_size += inode->i_sb->s_blocksize;
  63                EXT4_I(inode)->i_disksize = inode->i_size;
  64                *err = ext4_journal_get_write_access(handle, bh);
  65                if (*err) {
  66                        brelse(bh);
  67                        bh = NULL;
  68                }
  69        }
  70        return bh;
  71}
  72
  73#ifndef assert
  74#define assert(test) J_ASSERT(test)
  75#endif
  76
  77#ifndef swap
  78#define swap(x, y) do { typeof(x) z = x; x = y; y = z; } while (0)
  79#endif
  80
  81#ifdef DX_DEBUG
  82#define dxtrace(command) command
  83#else
  84#define dxtrace(command)
  85#endif
  86
  87struct fake_dirent
  88{
  89        __le32 inode;
  90        __le16 rec_len;
  91        u8 name_len;
  92        u8 file_type;
  93};
  94
  95struct dx_countlimit
  96{
  97        __le16 limit;
  98        __le16 count;
  99};
 100
 101struct dx_entry
 102{
 103        __le32 hash;
 104        __le32 block;
 105};
 106
 107/*
 108 * dx_root_info is laid out so that if it should somehow get overlaid by a
 109 * dirent the two low bits of the hash version will be zero.  Therefore, the
 110 * hash version mod 4 should never be 0.  Sincerely, the paranoia department.
 111 */
 112
 113struct dx_root
 114{
 115        struct fake_dirent dot;
 116        char dot_name[4];
 117        struct fake_dirent dotdot;
 118        char dotdot_name[4];
 119        struct dx_root_info
 120        {
 121                __le32 reserved_zero;
 122                u8 hash_version;
 123                u8 info_length; /* 8 */
 124                u8 indirect_levels;
 125                u8 unused_flags;
 126        }
 127        info;
 128        struct dx_entry        entries[0];
 129};
 130
 131struct dx_node
 132{
 133        struct fake_dirent fake;
 134        struct dx_entry        entries[0];
 135};
 136
 137
 138struct dx_frame
 139{
 140        struct buffer_head *bh;
 141        struct dx_entry *entries;
 142        struct dx_entry *at;
 143};
 144
 145struct dx_map_entry
 146{
 147        u32 hash;
 148        u16 offs;
 149        u16 size;
 150};
 151
 152static inline ext4_lblk_t dx_get_block(struct dx_entry *entry);
 153static void dx_set_block(struct dx_entry *entry, ext4_lblk_t value);
 154static inline unsigned dx_get_hash(struct dx_entry *entry);
 155static void dx_set_hash(struct dx_entry *entry, unsigned value);
 156static unsigned dx_get_count(struct dx_entry *entries);
 157static unsigned dx_get_limit(struct dx_entry *entries);
 158static void dx_set_count(struct dx_entry *entries, unsigned value);
 159static void dx_set_limit(struct dx_entry *entries, unsigned value);
 160static unsigned dx_root_limit(struct inode *dir, unsigned infosize);
 161static unsigned dx_node_limit(struct inode *dir);
 162static struct dx_frame *dx_probe(const struct qstr *d_name,
 163                                 struct inode *dir,
 164                                 struct dx_hash_info *hinfo,
 165                                 struct dx_frame *frame,
 166                                 int *err);
 167static void dx_release(struct dx_frame *frames);
 168static int dx_make_map(struct ext4_dir_entry_2 *de, int size,
 169                       struct dx_hash_info *hinfo, struct dx_map_entry map[]);
 170static void dx_sort_map(struct dx_map_entry *map, unsigned count);
 171static struct ext4_dir_entry_2 *dx_move_dirents(char *from, char *to,
 172                struct dx_map_entry *offsets, int count);
 173static struct ext4_dir_entry_2* dx_pack_dirents(char *base, int size);
 174static void dx_insert_block(struct dx_frame *frame,
 175                                        u32 hash, ext4_lblk_t block);
 176static int ext4_htree_next_block(struct inode *dir, __u32 hash,
 177                                 struct dx_frame *frame,
 178                                 struct dx_frame *frames,
 179                                 __u32 *start_hash);
 180static struct buffer_head * ext4_dx_find_entry(struct inode *dir,
 181                const struct qstr *d_name,
 182                struct ext4_dir_entry_2 **res_dir,
 183                int *err);
 184static int ext4_dx_add_entry(handle_t *handle, struct dentry *dentry,
 185                             struct inode *inode);
 186
 187/*
 188 * p is at least 6 bytes before the end of page
 189 */
 190static inline struct ext4_dir_entry_2 *
 191ext4_next_entry(struct ext4_dir_entry_2 *p)
 192{
 193        return (struct ext4_dir_entry_2 *)((char *)p +
 194                ext4_rec_len_from_disk(p->rec_len));
 195}
 196
 197/*
 198 * Future: use high four bits of block for coalesce-on-delete flags
 199 * Mask them off for now.
 200 */
 201
 202static inline ext4_lblk_t dx_get_block(struct dx_entry *entry)
 203{
 204        return le32_to_cpu(entry->block) & 0x00ffffff;
 205}
 206
 207static inline void dx_set_block(struct dx_entry *entry, ext4_lblk_t value)
 208{
 209        entry->block = cpu_to_le32(value);
 210}
 211
 212static inline unsigned dx_get_hash(struct dx_entry *entry)
 213{
 214        return le32_to_cpu(entry->hash);
 215}
 216
 217static inline void dx_set_hash(struct dx_entry *entry, unsigned value)
 218{
 219        entry->hash = cpu_to_le32(value);
 220}
 221
 222static inline unsigned dx_get_count(struct dx_entry *entries)
 223{
 224        return le16_to_cpu(((struct dx_countlimit *) entries)->count);
 225}
 226
 227static inline unsigned dx_get_limit(struct dx_entry *entries)
 228{
 229        return le16_to_cpu(((struct dx_countlimit *) entries)->limit);
 230}
 231
 232static inline void dx_set_count(struct dx_entry *entries, unsigned value)
 233{
 234        ((struct dx_countlimit *) entries)->count = cpu_to_le16(value);
 235}
 236
 237static inline void dx_set_limit(struct dx_entry *entries, unsigned value)
 238{
 239        ((struct dx_countlimit *) entries)->limit = cpu_to_le16(value);
 240}
 241
 242static inline unsigned dx_root_limit(struct inode *dir, unsigned infosize)
 243{
 244        unsigned entry_space = dir->i_sb->s_blocksize - EXT4_DIR_REC_LEN(1) -
 245                EXT4_DIR_REC_LEN(2) - infosize;
 246        return entry_space / sizeof(struct dx_entry);
 247}
 248
 249static inline unsigned dx_node_limit(struct inode *dir)
 250{
 251        unsigned entry_space = dir->i_sb->s_blocksize - EXT4_DIR_REC_LEN(0);
 252        return entry_space / sizeof(struct dx_entry);
 253}
 254
 255/*
 256 * Debug
 257 */
 258#ifdef DX_DEBUG
 259static void dx_show_index(char * label, struct dx_entry *entries)
 260{
 261        int i, n = dx_get_count (entries);
 262        printk(KERN_DEBUG "%s index ", label);
 263        for (i = 0; i < n; i++) {
 264                printk("%x->%lu ", i ? dx_get_hash(entries + i) :
 265                                0, (unsigned long)dx_get_block(entries + i));
 266        }
 267        printk("\n");
 268}
 269
 270struct stats
 271{
 272        unsigned names;
 273        unsigned space;
 274        unsigned bcount;
 275};
 276
 277static struct stats dx_show_leaf(struct dx_hash_info *hinfo, struct ext4_dir_entry_2 *de,
 278                                 int size, int show_names)
 279{
 280        unsigned names = 0, space = 0;
 281        char *base = (char *) de;
 282        struct dx_hash_info h = *hinfo;
 283
 284        printk("names: ");
 285        while ((char *) de < base + size)
 286        {
 287                if (de->inode)
 288                {
 289                        if (show_names)
 290                        {
 291                                int len = de->name_len;
 292                                char *name = de->name;
 293                                while (len--) printk("%c", *name++);
 294                                ext4fs_dirhash(de->name, de->name_len, &h);
 295                                printk(":%x.%u ", h.hash,
 296                                       ((char *) de - base));
 297                        }
 298                        space += EXT4_DIR_REC_LEN(de->name_len);
 299                        names++;
 300                }
 301                de = ext4_next_entry(de);
 302        }
 303        printk("(%i)\n", names);
 304        return (struct stats) { names, space, 1 };
 305}
 306
 307struct stats dx_show_entries(struct dx_hash_info *hinfo, struct inode *dir,
 308                             struct dx_entry *entries, int levels)
 309{
 310        unsigned blocksize = dir->i_sb->s_blocksize;
 311        unsigned count = dx_get_count(entries), names = 0, space = 0, i;
 312        unsigned bcount = 0;
 313        struct buffer_head *bh;
 314        int err;
 315        printk("%i indexed blocks...\n", count);
 316        for (i = 0; i < count; i++, entries++)
 317        {
 318                ext4_lblk_t block = dx_get_block(entries);
 319                ext4_lblk_t hash  = i ? dx_get_hash(entries): 0;
 320                u32 range = i < count - 1? (dx_get_hash(entries + 1) - hash): ~hash;
 321                struct stats stats;
 322                printk("%s%3u:%03u hash %8x/%8x ",levels?"":"   ", i, block, hash, range);
 323                if (!(bh = ext4_bread (NULL,dir, block, 0,&err))) continue;
 324                stats = levels?
 325                   dx_show_entries(hinfo, dir, ((struct dx_node *) bh->b_data)->entries, levels - 1):
 326                   dx_show_leaf(hinfo, (struct ext4_dir_entry_2 *) bh->b_data, blocksize, 0);
 327                names += stats.names;
 328                space += stats.space;
 329                bcount += stats.bcount;
 330                brelse(bh);
 331        }
 332        if (bcount)
 333                printk(KERN_DEBUG "%snames %u, fullness %u (%u%%)\n", 
 334                       levels ? "" : "   ", names, space/bcount,
 335                       (space/bcount)*100/blocksize);
 336        return (struct stats) { names, space, bcount};
 337}
 338#endif /* DX_DEBUG */
 339
 340/*
 341 * Probe for a directory leaf block to search.
 342 *
 343 * dx_probe can return ERR_BAD_DX_DIR, which means there was a format
 344 * error in the directory index, and the caller should fall back to
 345 * searching the directory normally.  The callers of dx_probe **MUST**
 346 * check for this error code, and make sure it never gets reflected
 347 * back to userspace.
 348 */
 349static struct dx_frame *
 350dx_probe(const struct qstr *d_name, struct inode *dir,
 351         struct dx_hash_info *hinfo, struct dx_frame *frame_in, int *err)
 352{
 353        unsigned count, indirect;
 354        struct dx_entry *at, *entries, *p, *q, *m;
 355        struct dx_root *root;
 356        struct buffer_head *bh;
 357        struct dx_frame *frame = frame_in;
 358        u32 hash;
 359
 360        frame->bh = NULL;
 361        if (!(bh = ext4_bread (NULL,dir, 0, 0, err)))
 362                goto fail;
 363        root = (struct dx_root *) bh->b_data;
 364        if (root->info.hash_version != DX_HASH_TEA &&
 365            root->info.hash_version != DX_HASH_HALF_MD4 &&
 366            root->info.hash_version != DX_HASH_LEGACY) {
 367                ext4_warning(dir->i_sb, __func__,
 368                             "Unrecognised inode hash code %d",
 369                             root->info.hash_version);
 370                brelse(bh);
 371                *err = ERR_BAD_DX_DIR;
 372                goto fail;
 373        }
 374        hinfo->hash_version = root->info.hash_version;
 375        hinfo->seed = EXT4_SB(dir->i_sb)->s_hash_seed;
 376        if (d_name)
 377                ext4fs_dirhash(d_name->name, d_name->len, hinfo);
 378        hash = hinfo->hash;
 379
 380        if (root->info.unused_flags & 1) {
 381                ext4_warning(dir->i_sb, __func__,
 382                             "Unimplemented inode hash flags: %#06x",
 383                             root->info.unused_flags);
 384                brelse(bh);
 385                *err = ERR_BAD_DX_DIR;
 386                goto fail;
 387        }
 388
 389        if ((indirect = root->info.indirect_levels) > 1) {
 390                ext4_warning(dir->i_sb, __func__,
 391                             "Unimplemented inode hash depth: %#06x",
 392                             root->info.indirect_levels);
 393                brelse(bh);
 394                *err = ERR_BAD_DX_DIR;
 395                goto fail;
 396        }
 397
 398        entries = (struct dx_entry *) (((char *)&root->info) +
 399                                       root->info.info_length);
 400
 401        if (dx_get_limit(entries) != dx_root_limit(dir,
 402                                                   root->info.info_length)) {
 403                ext4_warning(dir->i_sb, __func__,
 404                             "dx entry: limit != root limit");
 405                brelse(bh);
 406                *err = ERR_BAD_DX_DIR;
 407                goto fail;
 408        }
 409
 410        dxtrace(printk("Look up %x", hash));
 411        while (1)
 412        {
 413                count = dx_get_count(entries);
 414                if (!count || count > dx_get_limit(entries)) {
 415                        ext4_warning(dir->i_sb, __func__,
 416                                     "dx entry: no count or count > limit");
 417                        brelse(bh);
 418                        *err = ERR_BAD_DX_DIR;
 419                        goto fail2;
 420                }
 421
 422                p = entries + 1;
 423                q = entries + count - 1;
 424                while (p <= q)
 425                {
 426                        m = p + (q - p)/2;
 427                        dxtrace(printk("."));
 428                        if (dx_get_hash(m) > hash)
 429                                q = m - 1;
 430                        else
 431                                p = m + 1;
 432                }
 433
 434                if (0) // linear search cross check
 435                {
 436                        unsigned n = count - 1;
 437                        at = entries;
 438                        while (n--)
 439                        {
 440                                dxtrace(printk(","));
 441                                if (dx_get_hash(++at) > hash)
 442                                {
 443                                        at--;
 444                                        break;
 445                                }
 446                        }
 447                        assert (at == p - 1);
 448                }
 449
 450                at = p - 1;
 451                dxtrace(printk(" %x->%u\n", at == entries? 0: dx_get_hash(at), dx_get_block(at)));
 452                frame->bh = bh;
 453                frame->entries = entries;
 454                frame->at = at;
 455                if (!indirect--) return frame;
 456                if (!(bh = ext4_bread (NULL,dir, dx_get_block(at), 0, err)))
 457                        goto fail2;
 458                at = entries = ((struct dx_node *) bh->b_data)->entries;
 459                if (dx_get_limit(entries) != dx_node_limit (dir)) {
 460                        ext4_warning(dir->i_sb, __func__,
 461                                     "dx entry: limit != node limit");
 462                        brelse(bh);
 463                        *err = ERR_BAD_DX_DIR;
 464                        goto fail2;
 465                }
 466                frame++;
 467                frame->bh = NULL;
 468        }
 469fail2:
 470        while (frame >= frame_in) {
 471                brelse(frame->bh);
 472                frame--;
 473        }
 474fail:
 475        if (*err == ERR_BAD_DX_DIR)
 476                ext4_warning(dir->i_sb, __func__,
 477                             "Corrupt dir inode %ld, running e2fsck is "
 478                             "recommended.", dir->i_ino);
 479        return NULL;
 480}
 481
 482static void dx_release (struct dx_frame *frames)
 483{
 484        if (frames[0].bh == NULL)
 485                return;
 486
 487        if (((struct dx_root *) frames[0].bh->b_data)->info.indirect_levels)
 488                brelse(frames[1].bh);
 489        brelse(frames[0].bh);
 490}
 491
 492/*
 493 * This function increments the frame pointer to search the next leaf
 494 * block, and reads in the necessary intervening nodes if the search
 495 * should be necessary.  Whether or not the search is necessary is
 496 * controlled by the hash parameter.  If the hash value is even, then
 497 * the search is only continued if the next block starts with that
 498 * hash value.  This is used if we are searching for a specific file.
 499 *
 500 * If the hash value is HASH_NB_ALWAYS, then always go to the next block.
 501 *
 502 * This function returns 1 if the caller should continue to search,
 503 * or 0 if it should not.  If there is an error reading one of the
 504 * index blocks, it will a negative error code.
 505 *
 506 * If start_hash is non-null, it will be filled in with the starting
 507 * hash of the next page.
 508 */
 509static int ext4_htree_next_block(struct inode *dir, __u32 hash,
 510                                 struct dx_frame *frame,
 511                                 struct dx_frame *frames,
 512                                 __u32 *start_hash)
 513{
 514        struct dx_frame *p;
 515        struct buffer_head *bh;
 516        int err, num_frames = 0;
 517        __u32 bhash;
 518
 519        p = frame;
 520        /*
 521         * Find the next leaf page by incrementing the frame pointer.
 522         * If we run out of entries in the interior node, loop around and
 523         * increment pointer in the parent node.  When we break out of
 524         * this loop, num_frames indicates the number of interior
 525         * nodes need to be read.
 526         */
 527        while (1) {
 528                if (++(p->at) < p->entries + dx_get_count(p->entries))
 529                        break;
 530                if (p == frames)
 531                        return 0;
 532                num_frames++;
 533                p--;
 534        }
 535
 536        /*
 537         * If the hash is 1, then continue only if the next page has a
 538         * continuation hash of any value.  This is used for readdir
 539         * handling.  Otherwise, check to see if the hash matches the
 540         * desired contiuation hash.  If it doesn't, return since
 541         * there's no point to read in the successive index pages.
 542         */
 543        bhash = dx_get_hash(p->at);
 544        if (start_hash)
 545                *start_hash = bhash;
 546        if ((hash & 1) == 0) {
 547                if ((bhash & ~1) != hash)
 548                        return 0;
 549        }
 550        /*
 551         * If the hash is HASH_NB_ALWAYS, we always go to the next
 552         * block so no check is necessary
 553         */
 554        while (num_frames--) {
 555                if (!(bh = ext4_bread(NULL, dir, dx_get_block(p->at),
 556                                      0, &err)))
 557                        return err; /* Failure */
 558                p++;
 559                brelse(p->bh);
 560                p->bh = bh;
 561                p->at = p->entries = ((struct dx_node *) bh->b_data)->entries;
 562        }
 563        return 1;
 564}
 565
 566
 567/*
 568 * This function fills a red-black tree with information from a
 569 * directory block.  It returns the number directory entries loaded
 570 * into the tree.  If there is an error it is returned in err.
 571 */
 572static int htree_dirblock_to_tree(struct file *dir_file,
 573                                  struct inode *dir, ext4_lblk_t block,
 574                                  struct dx_hash_info *hinfo,
 575                                  __u32 start_hash, __u32 start_minor_hash)
 576{
 577        struct buffer_head *bh;
 578        struct ext4_dir_entry_2 *de, *top;
 579        int err, count = 0;
 580
 581        dxtrace(printk(KERN_INFO "In htree dirblock_to_tree: block %lu\n",
 582                                                        (unsigned long)block));
 583        if (!(bh = ext4_bread (NULL, dir, block, 0, &err)))
 584                return err;
 585
 586        de = (struct ext4_dir_entry_2 *) bh->b_data;
 587        top = (struct ext4_dir_entry_2 *) ((char *) de +
 588                                           dir->i_sb->s_blocksize -
 589                                           EXT4_DIR_REC_LEN(0));
 590        for (; de < top; de = ext4_next_entry(de)) {
 591                if (!ext4_check_dir_entry("htree_dirblock_to_tree", dir, de, bh,
 592                                        (block<<EXT4_BLOCK_SIZE_BITS(dir->i_sb))
 593                                                +((char *)de - bh->b_data))) {
 594                        /* On error, skip the f_pos to the next block. */
 595                        dir_file->f_pos = (dir_file->f_pos |
 596                                        (dir->i_sb->s_blocksize - 1)) + 1;
 597                        brelse(bh);
 598                        return count;
 599                }
 600                ext4fs_dirhash(de->name, de->name_len, hinfo);
 601                if ((hinfo->hash < start_hash) ||
 602                    ((hinfo->hash == start_hash) &&
 603                     (hinfo->minor_hash < start_minor_hash)))
 604                        continue;
 605                if (de->inode == 0)
 606                        continue;
 607                if ((err = ext4_htree_store_dirent(dir_file,
 608                                   hinfo->hash, hinfo->minor_hash, de)) != 0) {
 609                        brelse(bh);
 610                        return err;
 611                }
 612                count++;
 613        }
 614        brelse(bh);
 615        return count;
 616}
 617
 618
 619/*
 620 * This function fills a red-black tree with information from a
 621 * directory.  We start scanning the directory in hash order, starting
 622 * at start_hash and start_minor_hash.
 623 *
 624 * This function returns the number of entries inserted into the tree,
 625 * or a negative error code.
 626 */
 627int ext4_htree_fill_tree(struct file *dir_file, __u32 start_hash,
 628                         __u32 start_minor_hash, __u32 *next_hash)
 629{
 630        struct dx_hash_info hinfo;
 631        struct ext4_dir_entry_2 *de;
 632        struct dx_frame frames[2], *frame;
 633        struct inode *dir;
 634        ext4_lblk_t block;
 635        int count = 0;
 636        int ret, err;
 637        __u32 hashval;
 638
 639        dxtrace(printk(KERN_DEBUG "In htree_fill_tree, start hash: %x:%x\n", 
 640                       start_hash, start_minor_hash));
 641        dir = dir_file->f_path.dentry->d_inode;
 642        if (!(EXT4_I(dir)->i_flags & EXT4_INDEX_FL)) {
 643                hinfo.hash_version = EXT4_SB(dir->i_sb)->s_def_hash_version;
 644                hinfo.seed = EXT4_SB(dir->i_sb)->s_hash_seed;
 645                count = htree_dirblock_to_tree(dir_file, dir, 0, &hinfo,
 646                                               start_hash, start_minor_hash);
 647                *next_hash = ~0;
 648                return count;
 649        }
 650        hinfo.hash = start_hash;
 651        hinfo.minor_hash = 0;
 652        frame = dx_probe(NULL, dir, &hinfo, frames, &err);
 653        if (!frame)
 654                return err;
 655
 656        /* Add '.' and '..' from the htree header */
 657        if (!start_hash && !start_minor_hash) {
 658                de = (struct ext4_dir_entry_2 *) frames[0].bh->b_data;
 659                if ((err = ext4_htree_store_dirent(dir_file, 0, 0, de)) != 0)
 660                        goto errout;
 661                count++;
 662        }
 663        if (start_hash < 2 || (start_hash ==2 && start_minor_hash==0)) {
 664                de = (struct ext4_dir_entry_2 *) frames[0].bh->b_data;
 665                de = ext4_next_entry(de);
 666                if ((err = ext4_htree_store_dirent(dir_file, 2, 0, de)) != 0)
 667                        goto errout;
 668                count++;
 669        }
 670
 671        while (1) {
 672                block = dx_get_block(frame->at);
 673                ret = htree_dirblock_to_tree(dir_file, dir, block, &hinfo,
 674                                             start_hash, start_minor_hash);
 675                if (ret < 0) {
 676                        err = ret;
 677                        goto errout;
 678                }
 679                count += ret;
 680                hashval = ~0;
 681                ret = ext4_htree_next_block(dir, HASH_NB_ALWAYS,
 682                                            frame, frames, &hashval);
 683                *next_hash = hashval;
 684                if (ret < 0) {
 685                        err = ret;
 686                        goto errout;
 687                }
 688                /*
 689                 * Stop if:  (a) there are no more entries, or
 690                 * (b) we have inserted at least one entry and the
 691                 * next hash value is not a continuation
 692                 */
 693                if ((ret == 0) ||
 694                    (count && ((hashval & 1) == 0)))
 695                        break;
 696        }
 697        dx_release(frames);
 698        dxtrace(printk(KERN_DEBUG "Fill tree: returned %d entries, "
 699                       "next hash: %x\n", count, *next_hash));
 700        return count;
 701errout:
 702        dx_release(frames);
 703        return (err);
 704}
 705
 706
 707/*
 708 * Directory block splitting, compacting
 709 */
 710
 711/*
 712 * Create map of hash values, offsets, and sizes, stored at end of block.
 713 * Returns number of entries mapped.
 714 */
 715static int dx_make_map (struct ext4_dir_entry_2 *de, int size,
 716                        struct dx_hash_info *hinfo, struct dx_map_entry *map_tail)
 717{
 718        int count = 0;
 719        char *base = (char *) de;
 720        struct dx_hash_info h = *hinfo;
 721
 722        while ((char *) de < base + size)
 723        {
 724                if (de->name_len && de->inode) {
 725                        ext4fs_dirhash(de->name, de->name_len, &h);
 726                        map_tail--;
 727                        map_tail->hash = h.hash;
 728                        map_tail->offs = (u16) ((char *) de - base);
 729                        map_tail->size = le16_to_cpu(de->rec_len);
 730                        count++;
 731                        cond_resched();
 732                }
 733                /* XXX: do we need to check rec_len == 0 case? -Chris */
 734                de = ext4_next_entry(de);
 735        }
 736        return count;
 737}
 738
 739/* Sort map by hash value */
 740static void dx_sort_map (struct dx_map_entry *map, unsigned count)
 741{
 742        struct dx_map_entry *p, *q, *top = map + count - 1;
 743        int more;
 744        /* Combsort until bubble sort doesn't suck */
 745        while (count > 2) {
 746                count = count*10/13;
 747                if (count - 9 < 2) /* 9, 10 -> 11 */
 748                        count = 11;
 749                for (p = top, q = p - count; q >= map; p--, q--)
 750                        if (p->hash < q->hash)
 751                                swap(*p, *q);
 752        }
 753        /* Garden variety bubble sort */
 754        do {
 755                more = 0;
 756                q = top;
 757                while (q-- > map) {
 758                        if (q[1].hash >= q[0].hash)
 759                                continue;
 760                        swap(*(q+1), *q);
 761                        more = 1;
 762                }
 763        } while(more);
 764}
 765
 766static void dx_insert_block(struct dx_frame *frame, u32 hash, ext4_lblk_t block)
 767{
 768        struct dx_entry *entries = frame->entries;
 769        struct dx_entry *old = frame->at, *new = old + 1;
 770        int count = dx_get_count(entries);
 771
 772        assert(count < dx_get_limit(entries));
 773        assert(old < entries + count);
 774        memmove(new + 1, new, (char *)(entries + count) - (char *)(new));
 775        dx_set_hash(new, hash);
 776        dx_set_block(new, block);
 777        dx_set_count(entries, count + 1);
 778}
 779
 780static void ext4_update_dx_flag(struct inode *inode)
 781{
 782        if (!EXT4_HAS_COMPAT_FEATURE(inode->i_sb,
 783                                     EXT4_FEATURE_COMPAT_DIR_INDEX))
 784                EXT4_I(inode)->i_flags &= ~EXT4_INDEX_FL;
 785}
 786
 787/*
 788 * NOTE! unlike strncmp, ext4_match returns 1 for success, 0 for failure.
 789 *
 790 * `len <= EXT4_NAME_LEN' is guaranteed by caller.
 791 * `de != NULL' is guaranteed by caller.
 792 */
 793static inline int ext4_match (int len, const char * const name,
 794                              struct ext4_dir_entry_2 * de)
 795{
 796        if (len != de->name_len)
 797                return 0;
 798        if (!de->inode)
 799                return 0;
 800        return !memcmp(name, de->name, len);
 801}
 802
 803/*
 804 * Returns 0 if not found, -1 on failure, and 1 on success
 805 */
 806static inline int search_dirblock(struct buffer_head *bh,
 807                                  struct inode *dir,
 808                                  const struct qstr *d_name,
 809                                  unsigned long offset,
 810                                  struct ext4_dir_entry_2 ** res_dir)
 811{
 812        struct ext4_dir_entry_2 * de;
 813        char * dlimit;
 814        int de_len;
 815        const char *name = d_name->name;
 816        int namelen = d_name->len;
 817
 818        de = (struct ext4_dir_entry_2 *) bh->b_data;
 819        dlimit = bh->b_data + dir->i_sb->s_blocksize;
 820        while ((char *) de < dlimit) {
 821                /* this code is executed quadratically often */
 822                /* do minimal checking `by hand' */
 823
 824                if ((char *) de + namelen <= dlimit &&
 825                    ext4_match (namelen, name, de)) {
 826                        /* found a match - just to be sure, do a full check */
 827                        if (!ext4_check_dir_entry("ext4_find_entry",
 828                                                  dir, de, bh, offset))
 829                                return -1;
 830                        *res_dir = de;
 831                        return 1;
 832                }
 833                /* prevent looping on a bad block */
 834                de_len = ext4_rec_len_from_disk(de->rec_len);
 835                if (de_len <= 0)
 836                        return -1;
 837                offset += de_len;
 838                de = (struct ext4_dir_entry_2 *) ((char *) de + de_len);
 839        }
 840        return 0;
 841}
 842
 843
 844/*
 845 *        ext4_find_entry()
 846 *
 847 * finds an entry in the specified directory with the wanted name. It
 848 * returns the cache buffer in which the entry was found, and the entry
 849 * itself (as a parameter - res_dir). It does NOT read the inode of the
 850 * entry - you'll have to do that yourself if you want to.
 851 *
 852 * The returned buffer_head has ->b_count elevated.  The caller is expected
 853 * to brelse() it when appropriate.
 854 */
 855static struct buffer_head * ext4_find_entry (struct inode *dir,
 856                                        const struct qstr *d_name,
 857                                        struct ext4_dir_entry_2 ** res_dir)
 858{
 859        struct super_block *sb;
 860        struct buffer_head *bh_use[NAMEI_RA_SIZE];
 861        struct buffer_head *bh, *ret = NULL;
 862        ext4_lblk_t start, block, b;
 863        int ra_max = 0;                /* Number of bh's in the readahead
 864                                   buffer, bh_use[] */
 865        int ra_ptr = 0;                /* Current index into readahead
 866                                   buffer */
 867        int num = 0;
 868        ext4_lblk_t  nblocks;
 869        int i, err;
 870        int namelen;
 871
 872        *res_dir = NULL;
 873        sb = dir->i_sb;
 874        namelen = d_name->len;
 875        if (namelen > EXT4_NAME_LEN)
 876                return NULL;
 877        if (is_dx(dir)) {
 878                bh = ext4_dx_find_entry(dir, d_name, res_dir, &err);
 879                /*
 880                 * On success, or if the error was file not found,
 881                 * return.  Otherwise, fall back to doing a search the
 882                 * old fashioned way.
 883                 */
 884                if (bh || (err != ERR_BAD_DX_DIR))
 885                        return bh;
 886                dxtrace(printk(KERN_DEBUG "ext4_find_entry: dx failed, "
 887                               "falling back\n"));
 888        }
 889        nblocks = dir->i_size >> EXT4_BLOCK_SIZE_BITS(sb);
 890        start = EXT4_I(dir)->i_dir_start_lookup;
 891        if (start >= nblocks)
 892                start = 0;
 893        block = start;
 894restart:
 895        do {
 896                /*
 897                 * We deal with the read-ahead logic here.
 898                 */
 899                if (ra_ptr >= ra_max) {
 900                        /* Refill the readahead buffer */
 901                        ra_ptr = 0;
 902                        b = block;
 903                        for (ra_max = 0; ra_max < NAMEI_RA_SIZE; ra_max++) {
 904                                /*
 905                                 * Terminate if we reach the end of the
 906                                 * directory and must wrap, or if our
 907                                 * search has finished at this block.
 908                                 */
 909                                if (b >= nblocks || (num && block == start)) {
 910                                        bh_use[ra_max] = NULL;
 911                                        break;
 912                                }
 913                                num++;
 914                                bh = ext4_getblk(NULL, dir, b++, 0, &err);
 915                                bh_use[ra_max] = bh;
 916                                if (bh)
 917                                        ll_rw_block(READ_META, 1, &bh);
 918                        }
 919                }
 920                if ((bh = bh_use[ra_ptr++]) == NULL)
 921                        goto next;
 922                wait_on_buffer(bh);
 923                if (!buffer_uptodate(bh)) {
 924                        /* read error, skip block & hope for the best */
 925                        ext4_error(sb, __func__, "reading directory #%lu "
 926                                   "offset %lu", dir->i_ino,
 927                                   (unsigned long)block);
 928                        brelse(bh);
 929                        goto next;
 930                }
 931                i = search_dirblock(bh, dir, d_name,
 932                            block << EXT4_BLOCK_SIZE_BITS(sb), res_dir);
 933                if (i == 1) {
 934                        EXT4_I(dir)->i_dir_start_lookup = block;
 935                        ret = bh;
 936                        goto cleanup_and_exit;
 937                } else {
 938                        brelse(bh);
 939                        if (i < 0)
 940                                goto cleanup_and_exit;
 941                }
 942        next:
 943                if (++block >= nblocks)
 944                        block = 0;
 945        } while (block != start);
 946
 947        /*
 948         * If the directory has grown while we were searching, then
 949         * search the last part of the directory before giving up.
 950         */
 951        block = nblocks;
 952        nblocks = dir->i_size >> EXT4_BLOCK_SIZE_BITS(sb);
 953        if (block < nblocks) {
 954                start = 0;
 955                goto restart;
 956        }
 957
 958cleanup_and_exit:
 959        /* Clean up the read-ahead blocks */
 960        for (; ra_ptr < ra_max; ra_ptr++)
 961                brelse(bh_use[ra_ptr]);
 962        return ret;
 963}
 964
 965static struct buffer_head * ext4_dx_find_entry(struct inode *dir, const struct qstr *d_name,
 966                       struct ext4_dir_entry_2 **res_dir, int *err)
 967{
 968        struct super_block * sb;
 969        struct dx_hash_info        hinfo;
 970        u32 hash;
 971        struct dx_frame frames[2], *frame;
 972        struct ext4_dir_entry_2 *de, *top;
 973        struct buffer_head *bh;
 974        ext4_lblk_t block;
 975        int retval;
 976        int namelen = d_name->len;
 977        const u8 *name = d_name->name;
 978
 979        sb = dir->i_sb;
 980        /* NFS may look up ".." - look at dx_root directory block */
 981        if (namelen > 2 || name[0] != '.'||(name[1] != '.' && name[1] != '\0')){
 982                if (!(frame = dx_probe(d_name, dir, &hinfo, frames, err)))
 983                        return NULL;
 984        } else {
 985                frame = frames;
 986                frame->bh = NULL;                        /* for dx_release() */
 987                frame->at = (struct dx_entry *)frames;        /* hack for zero entry*/
 988                dx_set_block(frame->at, 0);                /* dx_root block is 0 */
 989        }
 990        hash = hinfo.hash;
 991        do {
 992                block = dx_get_block(frame->at);
 993                if (!(bh = ext4_bread (NULL,dir, block, 0, err)))
 994                        goto errout;
 995                de = (struct ext4_dir_entry_2 *) bh->b_data;
 996                top = (struct ext4_dir_entry_2 *) ((char *) de + sb->s_blocksize -
 997                                       EXT4_DIR_REC_LEN(0));
 998                for (; de < top; de = ext4_next_entry(de)) {
 999                        int off = (block << EXT4_BLOCK_SIZE_BITS(sb))
1000                                  + ((char *) de - bh->b_data);
1001
1002                        if (!ext4_check_dir_entry(__func__, dir, de, bh, off)) {
1003                                brelse(bh);
1004                                *err = ERR_BAD_DX_DIR;
1005                                goto errout;
1006                        }
1007
1008                        if (ext4_match(namelen, name, de)) {
1009                                *res_dir = de;
1010                                dx_release(frames);
1011                                return bh;
1012                        }
1013                }
1014                brelse(bh);
1015                /* Check to see if we should continue to search */
1016                retval = ext4_htree_next_block(dir, hash, frame,
1017                                               frames, NULL);
1018                if (retval < 0) {
1019                        ext4_warning(sb, __func__,
1020                             "error reading index page in directory #%lu",
1021                             dir->i_ino);
1022                        *err = retval;
1023                        goto errout;
1024                }
1025        } while (retval == 1);
1026
1027        *err = -ENOENT;
1028errout:
1029        dxtrace(printk(KERN_DEBUG "%s not found\n", name));
1030        dx_release (frames);
1031        return NULL;
1032}
1033
1034static struct dentry *ext4_lookup(struct inode *dir, struct dentry *dentry, struct nameidata *nd)
1035{
1036        struct inode *inode;
1037        struct ext4_dir_entry_2 *de;
1038        struct buffer_head *bh;
1039
1040        if (dentry->d_name.len > EXT4_NAME_LEN)
1041                return ERR_PTR(-ENAMETOOLONG);
1042
1043        bh = ext4_find_entry(dir, &dentry->d_name, &de);
1044        inode = NULL;
1045        if (bh) {
1046                unsigned long ino = le32_to_cpu(de->inode);
1047                brelse(bh);
1048                if (!ext4_valid_inum(dir->i_sb, ino)) {
1049                        ext4_error(dir->i_sb, "ext4_lookup",
1050                                   "bad inode number: %lu", ino);
1051                        return ERR_PTR(-EIO);
1052                }
1053                inode = ext4_iget(dir->i_sb, ino);
1054                if (IS_ERR(inode))
1055                        return ERR_CAST(inode);
1056        }
1057        return d_splice_alias(inode, dentry);
1058}
1059
1060
1061struct dentry *ext4_get_parent(struct dentry *child)
1062{
1063        unsigned long ino;
1064        struct inode *inode;
1065        static const struct qstr dotdot = {
1066                .name = "..",
1067                .len = 2,
1068        };
1069        struct ext4_dir_entry_2 * de;
1070        struct buffer_head *bh;
1071
1072        bh = ext4_find_entry(child->d_inode, &dotdot, &de);
1073        inode = NULL;
1074        if (!bh)
1075                return ERR_PTR(-ENOENT);
1076        ino = le32_to_cpu(de->inode);
1077        brelse(bh);
1078
1079        if (!ext4_valid_inum(child->d_inode->i_sb, ino)) {
1080                ext4_error(child->d_inode->i_sb, "ext4_get_parent",
1081                           "bad inode number: %lu", ino);
1082                return ERR_PTR(-EIO);
1083        }
1084
1085        return d_obtain_alias(ext4_iget(child->d_inode->i_sb, ino));
1086}
1087
1088#define S_SHIFT 12
1089static unsigned char ext4_type_by_mode[S_IFMT >> S_SHIFT] = {
1090        [S_IFREG >> S_SHIFT]        = EXT4_FT_REG_FILE,
1091        [S_IFDIR >> S_SHIFT]        = EXT4_FT_DIR,
1092        [S_IFCHR >> S_SHIFT]        = EXT4_FT_CHRDEV,
1093        [S_IFBLK >> S_SHIFT]        = EXT4_FT_BLKDEV,
1094        [S_IFIFO >> S_SHIFT]        = EXT4_FT_FIFO,
1095        [S_IFSOCK >> S_SHIFT]        = EXT4_FT_SOCK,
1096        [S_IFLNK >> S_SHIFT]        = EXT4_FT_SYMLINK,
1097};
1098
1099static inline void ext4_set_de_type(struct super_block *sb,
1100                                struct ext4_dir_entry_2 *de,
1101                                umode_t mode) {
1102        if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_FILETYPE))
1103                de->file_type = ext4_type_by_mode[(mode & S_IFMT)>>S_SHIFT];
1104}
1105
1106/*
1107 * Move count entries from end of map between two memory locations.
1108 * Returns pointer to last entry moved.
1109 */
1110static struct ext4_dir_entry_2 *
1111dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count)
1112{
1113        unsigned rec_len = 0;
1114
1115        while (count--) {
1116                struct ext4_dir_entry_2 *de = (struct ext4_dir_entry_2 *) (from + map->offs);
1117                rec_len = EXT4_DIR_REC_LEN(de->name_len);
1118                memcpy (to, de, rec_len);
1119                ((struct ext4_dir_entry_2 *) to)->rec_len =
1120                                ext4_rec_len_to_disk(rec_len);
1121                de->inode = 0;
1122                map++;
1123                to += rec_len;
1124        }
1125        return (struct ext4_dir_entry_2 *) (to - rec_len);
1126}
1127
1128/*
1129 * Compact each dir entry in the range to the minimal rec_len.
1130 * Returns pointer to last entry in range.
1131 */
1132static struct ext4_dir_entry_2* dx_pack_dirents(char *base, int size)
1133{
1134        struct ext4_dir_entry_2 *next, *to, *prev, *de = (struct ext4_dir_entry_2 *) base;
1135        unsigned rec_len = 0;
1136
1137        prev = to = de;
1138        while ((char*)de < base + size) {
1139                next = ext4_next_entry(de);
1140                if (de->inode && de->name_len) {
1141                        rec_len = EXT4_DIR_REC_LEN(de->name_len);
1142                        if (de > to)
1143                                memmove(to, de, rec_len);
1144                        to->rec_len = ext4_rec_len_to_disk(rec_len);
1145                        prev = to;
1146                        to = (struct ext4_dir_entry_2 *) (((char *) to) + rec_len);
1147                }
1148                de = next;
1149        }
1150        return prev;
1151}
1152
1153/*
1154 * Split a full leaf block to make room for a new dir entry.
1155 * Allocate a new block, and move entries so that they are approx. equally full.
1156 * Returns pointer to de in block into which the new entry will be inserted.
1157 */
1158static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
1159                        struct buffer_head **bh,struct dx_frame *frame,
1160                        struct dx_hash_info *hinfo, int *error)
1161{
1162        unsigned blocksize = dir->i_sb->s_blocksize;
1163        unsigned count, continued;
1164        struct buffer_head *bh2;
1165        ext4_lblk_t newblock;
1166        u32 hash2;
1167        struct dx_map_entry *map;
1168        char *data1 = (*bh)->b_data, *data2;
1169        unsigned split, move, size, i;
1170        struct ext4_dir_entry_2 *de = NULL, *de2;
1171        int        err = 0;
1172
1173        bh2 = ext4_append (handle, dir, &newblock, &err);
1174        if (!(bh2)) {
1175                brelse(*bh);
1176                *bh = NULL;
1177                goto errout;
1178        }
1179
1180        BUFFER_TRACE(*bh, "get_write_access");
1181        err = ext4_journal_get_write_access(handle, *bh);
1182        if (err)
1183                goto journal_error;
1184
1185        BUFFER_TRACE(frame->bh, "get_write_access");
1186        err = ext4_journal_get_write_access(handle, frame->bh);
1187        if (err)
1188                goto journal_error;
1189
1190        data2 = bh2->b_data;
1191
1192        /* create map in the end of data2 block */
1193        map = (struct dx_map_entry *) (data2 + blocksize);
1194        count = dx_make_map((struct ext4_dir_entry_2 *) data1,
1195                             blocksize, hinfo, map);
1196        map -= count;
1197        dx_sort_map(map, count);
1198        /* Split the existing block in the middle, size-wise */
1199        size = 0;
1200        move = 0;
1201        for (i = count-1; i >= 0; i--) {
1202                /* is more than half of this entry in 2nd half of the block? */
1203                if (size + map[i].size/2 > blocksize/2)
1204                        break;
1205                size += map[i].size;
1206                move++;
1207        }
1208        /* map index at which we will split */
1209        split = count - move;
1210        hash2 = map[split].hash;
1211        continued = hash2 == map[split - 1].hash;
1212        dxtrace(printk(KERN_INFO "Split block %lu at %x, %i/%i\n",
1213                        (unsigned long)dx_get_block(frame->at),
1214                                        hash2, split, count-split));
1215
1216        /* Fancy dance to stay within two buffers */
1217        de2 = dx_move_dirents(data1, data2, map + split, count - split);
1218        de = dx_pack_dirents(data1, blocksize);
1219        de->rec_len = ext4_rec_len_to_disk(data1 + blocksize - (char *) de);
1220        de2->rec_len = ext4_rec_len_to_disk(data2 + blocksize - (char *) de2);
1221        dxtrace(dx_show_leaf (hinfo, (struct ext4_dir_entry_2 *) data1, blocksize, 1));
1222        dxtrace(dx_show_leaf (hinfo, (struct ext4_dir_entry_2 *) data2, blocksize, 1));
1223
1224        /* Which block gets the new entry? */
1225        if (hinfo->hash >= hash2)
1226        {
1227                swap(*bh, bh2);
1228                de = de2;
1229        }
1230        dx_insert_block(frame, hash2 + continued, newblock);
1231        err = ext4_journal_dirty_metadata(handle, bh2);
1232        if (err)
1233                goto journal_error;
1234        err = ext4_journal_dirty_metadata(handle, frame->bh);
1235        if (err)
1236                goto journal_error;
1237        brelse(bh2);
1238        dxtrace(dx_show_index("frame", frame->entries));
1239        return de;
1240
1241journal_error:
1242        brelse(*bh);
1243        brelse(bh2);
1244        *bh = NULL;
1245        ext4_std_error(dir->i_sb, err);
1246errout:
1247        *error = err;
1248        return NULL;
1249}
1250
1251/*
1252 * Add a new entry into a directory (leaf) block.  If de is non-NULL,
1253 * it points to a directory entry which is guaranteed to be large
1254 * enough for new directory entry.  If de is NULL, then
1255 * add_dirent_to_buf will attempt search the directory block for
1256 * space.  It will return -ENOSPC if no space is available, and -EIO
1257 * and -EEXIST if directory entry already exists.
1258 *
1259 * NOTE!  bh is NOT released in the case where ENOSPC is returned.  In
1260 * all other cases bh is released.
1261 */
1262static int add_dirent_to_buf(handle_t *handle, struct dentry *dentry,
1263                             struct inode *inode, struct ext4_dir_entry_2 *de,
1264                             struct buffer_head *bh)
1265{
1266        struct inode        *dir = dentry->d_parent->d_inode;
1267        const char        *name = dentry->d_name.name;
1268        int                namelen = dentry->d_name.len;
1269        unsigned long        offset = 0;
1270        unsigned short        reclen;
1271        int                nlen, rlen, err;
1272        char                *top;
1273
1274        reclen = EXT4_DIR_REC_LEN(namelen);
1275        if (!de) {
1276                de = (struct ext4_dir_entry_2 *)bh->b_data;
1277                top = bh->b_data + dir->i_sb->s_blocksize - reclen;
1278                while ((char *) de <= top) {
1279                        if (!ext4_check_dir_entry("ext4_add_entry", dir, de,
1280                                                  bh, offset)) {
1281                                brelse(bh);
1282                                return -EIO;
1283                        }
1284                        if (ext4_match(namelen, name, de)) {
1285                                brelse(bh);
1286                                return -EEXIST;
1287                        }
1288                        nlen = EXT4_DIR_REC_LEN(de->name_len);
1289                        rlen = ext4_rec_len_from_disk(de->rec_len);
1290                        if ((de->inode? rlen - nlen: rlen) >= reclen)
1291                                break;
1292                        de = (struct ext4_dir_entry_2 *)((char *)de + rlen);
1293                        offset += rlen;
1294                }
1295                if ((char *) de > top)
1296                        return -ENOSPC;
1297        }
1298        BUFFER_TRACE(bh, "get_write_access");
1299        err = ext4_journal_get_write_access(handle, bh);
1300        if (err) {
1301                ext4_std_error(dir->i_sb, err);
1302                brelse(bh);
1303                return err;
1304        }
1305
1306        /* By now the buffer is marked for journaling */
1307        nlen = EXT4_DIR_REC_LEN(de->name_len);
1308        rlen = ext4_rec_len_from_disk(de->rec_len);
1309        if (de->inode) {
1310                struct ext4_dir_entry_2 *de1 = (struct ext4_dir_entry_2 *)((char *)de + nlen);
1311                de1->rec_len = ext4_rec_len_to_disk(rlen - nlen);
1312                de->rec_len = ext4_rec_len_to_disk(nlen);
1313                de = de1;
1314        }
1315        de->file_type = EXT4_FT_UNKNOWN;
1316        if (inode) {
1317                de->inode = cpu_to_le32(inode->i_ino);
1318                ext4_set_de_type(dir->i_sb, de, inode->i_mode);
1319        } else
1320                de->inode = 0;
1321        de->name_len = namelen;
1322        memcpy(de->name, name, namelen);
1323        /*
1324         * XXX shouldn't update any times until successful
1325         * completion of syscall, but too many callers depend
1326         * on this.
1327         *
1328         * XXX similarly, too many callers depend on
1329         * ext4_new_inode() setting the times, but error
1330         * recovery deletes the inode, so the worst that can
1331         * happen is that the times are slightly out of date
1332         * and/or different from the directory change time.
1333         */
1334        dir->i_mtime = dir->i_ctime = ext4_current_time(dir);
1335        ext4_update_dx_flag(dir);
1336        dir->i_version++;
1337        ext4_mark_inode_dirty(handle, dir);
1338        BUFFER_TRACE(bh, "call ext4_journal_dirty_metadata");
1339        err = ext4_journal_dirty_metadata(handle, bh);
1340        if (err)
1341                ext4_std_error(dir->i_sb, err);
1342        brelse(bh);
1343        return 0;
1344}
1345
1346/*
1347 * This converts a one block unindexed directory to a 3 block indexed
1348 * directory, and adds the dentry to the indexed directory.
1349 */
1350static int make_indexed_dir(handle_t *handle, struct dentry *dentry,
1351                            struct inode *inode, struct buffer_head *bh)
1352{
1353        struct inode        *dir = dentry->d_parent->d_inode;
1354        const char        *name = dentry->d_name.name;
1355        int                namelen = dentry->d_name.len;
1356        struct buffer_head *bh2;
1357        struct dx_root        *root;
1358        struct dx_frame        frames[2], *frame;
1359        struct dx_entry *entries;
1360        struct ext4_dir_entry_2        *de, *de2;
1361        char                *data1, *top;
1362        unsigned        len;
1363        int                retval;
1364        unsigned        blocksize;
1365        struct dx_hash_info hinfo;
1366        ext4_lblk_t  block;
1367        struct fake_dirent *fde;
1368
1369        blocksize =  dir->i_sb->s_blocksize;
1370        dxtrace(printk(KERN_DEBUG "Creating index\n"));
1371        retval = ext4_journal_get_write_access(handle, bh);
1372        if (retval) {
1373                ext4_std_error(dir->i_sb, retval);
1374                brelse(bh);
1375                return retval;
1376        }
1377        root = (struct dx_root *) bh->b_data;
1378
1379        bh2 = ext4_append(handle, dir, &block, &retval);
1380        if (!(bh2)) {
1381                brelse(bh);
1382                return retval;
1383        }
1384        EXT4_I(dir)->i_flags |= EXT4_INDEX_FL;
1385        data1 = bh2->b_data;
1386
1387        /* The 0th block becomes the root, move the dirents out */
1388        fde = &root->dotdot;
1389        de = (struct ext4_dir_entry_2 *)((char *)fde +
1390                ext4_rec_len_from_disk(fde->rec_len));
1391        len = ((char *) root) + blocksize - (char *) de;
1392        memcpy (data1, de, len);
1393        de = (struct ext4_dir_entry_2 *) data1;
1394        top = data1 + len;
1395        while ((char *)(de2 = ext4_next_entry(de)) < top)
1396                de = de2;
1397        de->rec_len = ext4_rec_len_to_disk(data1 + blocksize - (char *) de);
1398        /* Initialize the root; the dot dirents already exist */
1399        de = (struct ext4_dir_entry_2 *) (&root->dotdot);
1400        de->rec_len = ext4_rec_len_to_disk(blocksize - EXT4_DIR_REC_LEN(2));
1401        memset (&root->info, 0, sizeof(root->info));
1402        root->info.info_length = sizeof(root->info);
1403        root->info.hash_version = EXT4_SB(dir->i_sb)->s_def_hash_version;
1404        entries = root->entries;
1405        dx_set_block(entries, 1);
1406        dx_set_count(entries, 1);
1407        dx_set_limit(entries, dx_root_limit(dir, sizeof(root->info)));
1408
1409        /* Initialize as for dx_probe */
1410        hinfo.hash_version = root->info.hash_version;
1411        hinfo.seed = EXT4_SB(dir->i_sb)->s_hash_seed;
1412        ext4fs_dirhash(name, namelen, &hinfo);
1413        frame = frames;
1414        frame->entries = entries;
1415        frame->at = entries;
1416        frame->bh = bh;
1417        bh = bh2;
1418        de = do_split(handle,dir, &bh, frame, &hinfo, &retval);
1419        dx_release (frames);
1420        if (!(de))
1421                return retval;
1422
1423        return add_dirent_to_buf(handle, dentry, inode, de, bh);
1424}
1425
1426/*
1427 *        ext4_add_entry()
1428 *
1429 * adds a file entry to the specified directory, using the same
1430 * semantics as ext4_find_entry(). It returns NULL if it failed.
1431 *
1432 * NOTE!! The inode part of 'de' is left at 0 - which means you
1433 * may not sleep between calling this and putting something into
1434 * the entry, as someone else might have used it while you slept.
1435 */
1436static int ext4_add_entry(handle_t *handle, struct dentry *dentry,
1437                          struct inode *inode)
1438{
1439        struct inode *dir = dentry->d_parent->d_inode;
1440        unsigned long offset;
1441        struct buffer_head *bh;
1442        struct ext4_dir_entry_2 *de;
1443        struct super_block *sb;
1444        int        retval;
1445        int        dx_fallback=0;
1446        unsigned blocksize;
1447        ext4_lblk_t block, blocks;
1448
1449        sb = dir->i_sb;
1450        blocksize = sb->s_blocksize;
1451        if (!dentry->d_name.len)
1452                return -EINVAL;
1453        if (is_dx(dir)) {
1454                retval = ext4_dx_add_entry(handle, dentry, inode);
1455                if (!retval || (retval != ERR_BAD_DX_DIR))
1456                        return retval;
1457                EXT4_I(dir)->i_flags &= ~EXT4_INDEX_FL;
1458                dx_fallback++;
1459                ext4_mark_inode_dirty(handle, dir);
1460        }
1461        blocks = dir->i_size >> sb->s_blocksize_bits;
1462        for (block = 0, offset = 0; block < blocks; block++) {
1463                bh = ext4_bread(handle, dir, block, 0, &retval);
1464                if(!bh)
1465                        return retval;
1466                retval = add_dirent_to_buf(handle, dentry, inode, NULL, bh);
1467                if (retval != -ENOSPC)
1468                        return retval;
1469
1470                if (blocks == 1 && !dx_fallback &&
1471                    EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_DIR_INDEX))
1472                        return make_indexed_dir(handle, dentry, inode, bh);
1473                brelse(bh);
1474        }
1475        bh = ext4_append(handle, dir, &block, &retval);
1476        if (!bh)
1477                return retval;
1478        de = (struct ext4_dir_entry_2 *) bh->b_data;
1479        de->inode = 0;
1480        de->rec_len = ext4_rec_len_to_disk(blocksize);
1481        return add_dirent_to_buf(handle, dentry, inode, de, bh);
1482}
1483
1484/*
1485 * Returns 0 for success, or a negative error value
1486 */
1487static int ext4_dx_add_entry(handle_t *handle, struct dentry *dentry,
1488                             struct inode *inode)
1489{
1490        struct dx_frame frames[2], *frame;
1491        struct dx_entry *entries, *at;
1492        struct dx_hash_info hinfo;
1493        struct buffer_head *bh;
1494        struct inode *dir = dentry->d_parent->d_inode;
1495        struct super_block *sb = dir->i_sb;
1496        struct ext4_dir_entry_2 *de;
1497        int err;
1498
1499        frame = dx_probe(&dentry->d_name, dir, &hinfo, frames, &err);
1500        if (!frame)
1501                return err;
1502        entries = frame->entries;
1503        at = frame->at;
1504
1505        if (!(bh = ext4_bread(handle,dir, dx_get_block(frame->at), 0, &err)))
1506                goto cleanup;
1507
1508        BUFFER_TRACE(bh, "get_write_access");
1509        err = ext4_journal_get_write_access(handle, bh);
1510        if (err)
1511                goto journal_error;
1512
1513        err = add_dirent_to_buf(handle, dentry, inode, NULL, bh);
1514        if (err != -ENOSPC) {
1515                bh = NULL;
1516                goto cleanup;
1517        }
1518
1519        /* Block full, should compress but for now just split */
1520        dxtrace(printk(KERN_DEBUG "using %u of %u node entries\n",
1521                       dx_get_count(entries), dx_get_limit(entries)));
1522        /* Need to split index? */
1523        if (dx_get_count(entries) == dx_get_limit(entries)) {
1524                ext4_lblk_t newblock;
1525                unsigned icount = dx_get_count(entries);
1526                int levels = frame - frames;
1527                struct dx_entry *entries2;
1528                struct dx_node *node2;
1529                struct buffer_head *bh2;
1530
1531                if (levels && (dx_get_count(frames->entries) ==
1532                               dx_get_limit(frames->entries))) {
1533                        ext4_warning(sb, __func__,
1534                                     "Directory index full!");
1535                        err = -ENOSPC;
1536                        goto cleanup;
1537                }
1538                bh2 = ext4_append (handle, dir, &newblock, &err);
1539                if (!(bh2))
1540                        goto cleanup;
1541                node2 = (struct dx_node *)(bh2->b_data);
1542                entries2 = node2->entries;
1543                node2->fake.rec_len = ext4_rec_len_to_disk(sb->s_blocksize);
1544                node2->fake.inode = 0;
1545                BUFFER_TRACE(frame->bh, "get_write_access");
1546                err = ext4_journal_get_write_access(handle, frame->bh);
1547                if (err)
1548                        goto journal_error;
1549                if (levels) {
1550                        unsigned icount1 = icount/2, icount2 = icount - icount1;
1551                        unsigned hash2 = dx_get_hash(entries + icount1);
1552                        dxtrace(printk(KERN_DEBUG "Split index %i/%i\n",
1553                                       icount1, icount2));
1554
1555                        BUFFER_TRACE(frame->bh, "get_write_access"); /* index root */
1556                        err = ext4_journal_get_write_access(handle,
1557                                                             frames[0].bh);
1558                        if (err)
1559                                goto journal_error;
1560
1561                        memcpy((char *) entries2, (char *) (entries + icount1),
1562                               icount2 * sizeof(struct dx_entry));
1563                        dx_set_count(entries, icount1);
1564                        dx_set_count(entries2, icount2);
1565                        dx_set_limit(entries2, dx_node_limit(dir));
1566
1567                        /* Which index block gets the new entry? */
1568                        if (at - entries >= icount1) {
1569                                frame->at = at = at - entries - icount1 + entries2;
1570                                frame->entries = entries = entries2;
1571                                swap(frame->bh, bh2);
1572                        }
1573                        dx_insert_block(frames + 0, hash2, newblock);
1574                        dxtrace(dx_show_index("node", frames[1].entries));
1575                        dxtrace(dx_show_index("node",
1576                               ((struct dx_node *) bh2->b_data)->entries));
1577                        err = ext4_journal_dirty_metadata(handle, bh2);
1578                        if (err)
1579                                goto journal_error;
1580                        brelse (bh2);
1581                } else {
1582                        dxtrace(printk(KERN_DEBUG
1583                                       "Creating second level index...\n"));
1584                        memcpy((char *) entries2, (char *) entries,
1585                               icount * sizeof(struct dx_entry));
1586                        dx_set_limit(entries2, dx_node_limit(dir));
1587
1588                        /* Set up root */
1589                        dx_set_count(entries, 1);
1590                        dx_set_block(entries + 0, newblock);
1591                        ((struct dx_root *) frames[0].bh->b_data)->info.indirect_levels = 1;
1592
1593                        /* Add new access path frame */
1594                        frame = frames + 1;
1595                        frame->at = at = at - entries + entries2;
1596                        frame->entries = entries = entries2;
1597                        frame->bh = bh2;
1598                        err = ext4_journal_get_write_access(handle,
1599                                                             frame->bh);
1600                        if (err)
1601                                goto journal_error;
1602                }
1603                ext4_journal_dirty_metadata(handle, frames[0].bh);
1604        }
1605        de = do_split(handle, dir, &bh, frame, &hinfo, &err);
1606        if (!de)
1607                goto cleanup;
1608        err = add_dirent_to_buf(handle, dentry, inode, de, bh);
1609        bh = NULL;
1610        goto cleanup;
1611
1612journal_error:
1613        ext4_std_error(dir->i_sb, err);
1614cleanup:
1615        if (bh)
1616                brelse(bh);
1617        dx_release(frames);
1618        return err;
1619}
1620
1621/*
1622 * ext4_delete_entry deletes a directory entry by merging it with the
1623 * previous entry
1624 */
1625static int ext4_delete_entry(handle_t *handle,
1626                             struct inode *dir,
1627                             struct ext4_dir_entry_2 *de_del,
1628                             struct buffer_head *bh)
1629{
1630        struct ext4_dir_entry_2 *de, *pde;
1631        int i;
1632
1633        i = 0;
1634        pde = NULL;
1635        de = (struct ext4_dir_entry_2 *) bh->b_data;
1636        while (i < bh->b_size) {
1637                if (!ext4_check_dir_entry("ext4_delete_entry", dir, de, bh, i))
1638                        return -EIO;
1639                if (de == de_del)  {
1640                        BUFFER_TRACE(bh, "get_write_access");
1641                        ext4_journal_get_write_access(handle, bh);
1642                        if (pde)
1643                                pde->rec_len = ext4_rec_len_to_disk(
1644                                        ext4_rec_len_from_disk(pde->rec_len) +
1645                                        ext4_rec_len_from_disk(de->rec_len));
1646                        else
1647                                de->inode = 0;
1648                        dir->i_version++;
1649                        BUFFER_TRACE(bh, "call ext4_journal_dirty_metadata");
1650                        ext4_journal_dirty_metadata(handle, bh);
1651                        return 0;
1652                }
1653                i += ext4_rec_len_from_disk(de->rec_len);
1654                pde = de;
1655                de = ext4_next_entry(de);
1656        }
1657        return -ENOENT;
1658}
1659
1660/*
1661 * DIR_NLINK feature is set if 1) nlinks > EXT4_LINK_MAX or 2) nlinks == 2,
1662 * since this indicates that nlinks count was previously 1.
1663 */
1664static void ext4_inc_count(handle_t *handle, struct inode *inode)
1665{
1666        inc_nlink(inode);
1667        if (is_dx(inode) && inode->i_nlink > 1) {
1668                /* limit is 16-bit i_links_count */
1669                if (inode->i_nlink >= EXT4_LINK_MAX || inode->i_nlink == 2) {
1670                        inode->i_nlink = 1;
1671                        EXT4_SET_RO_COMPAT_FEATURE(inode->i_sb,
1672                                              EXT4_FEATURE_RO_COMPAT_DIR_NLINK);
1673                }
1674        }
1675}
1676
1677/*
1678 * If a directory had nlink == 1, then we should let it be 1. This indicates
1679 * directory has >EXT4_LINK_MAX subdirs.
1680 */
1681static void ext4_dec_count(handle_t *handle, struct inode *inode)
1682{
1683        drop_nlink(inode);
1684        if (S_ISDIR(inode->i_mode) && inode->i_nlink == 0)
1685                inc_nlink(inode);
1686}
1687
1688
1689static int ext4_add_nondir(handle_t *handle,
1690                struct dentry *dentry, struct inode *inode)
1691{
1692        int err = ext4_add_entry(handle, dentry, inode);
1693        if (!err) {
1694                ext4_mark_inode_dirty(handle, inode);
1695                d_instantiate(dentry, inode);
1696                return 0;
1697        }
1698        drop_nlink(inode);
1699        iput(inode);
1700        return err;
1701}
1702
1703/*
1704 * By the time this is called, we already have created
1705 * the directory cache entry for the new file, but it
1706 * is so far negative - it has no inode.
1707 *
1708 * If the create succeeds, we fill in the inode information
1709 * with d_instantiate().
1710 */
1711static int ext4_create(struct inode *dir, struct dentry *dentry, int mode,
1712                       struct nameidata *nd)
1713{
1714        handle_t *handle;
1715        struct inode *inode;
1716        int err, retries = 0;
1717
1718retry:
1719        handle = ext4_journal_start(dir, EXT4_DATA_TRANS_BLOCKS(dir->i_sb) +
1720                                        EXT4_INDEX_EXTRA_TRANS_BLOCKS + 3 +
1721                                        2*EXT4_QUOTA_INIT_BLOCKS(dir->i_sb));
1722        if (IS_ERR(handle))
1723                return PTR_ERR(handle);
1724
1725        if (IS_DIRSYNC(dir))
1726                handle->h_sync = 1;
1727
1728        inode = ext4_new_inode (handle, dir, mode);
1729        err = PTR_ERR(inode);
1730        if (!IS_ERR(inode)) {
1731                inode->i_op = &ext4_file_inode_operations;
1732                inode->i_fop = &ext4_file_operations;
1733                ext4_set_aops(inode);
1734                err = ext4_add_nondir(handle, dentry, inode);
1735        }
1736        ext4_journal_stop(handle);
1737        if (err == -ENOSPC && ext4_should_retry_alloc(dir->i_sb, &retries))
1738                goto retry;
1739        return err;
1740}
1741
1742static int ext4_mknod(struct inode *dir, struct dentry *dentry,
1743                      int mode, dev_t rdev)
1744{
1745        handle_t *handle;
1746        struct inode *inode;
1747        int err, retries = 0;
1748
1749        if (!new_valid_dev(rdev))
1750                return -EINVAL;
1751
1752retry:
1753        handle = ext4_journal_start(dir, EXT4_DATA_TRANS_BLOCKS(dir->i_sb) +
1754                                        EXT4_INDEX_EXTRA_TRANS_BLOCKS + 3 +
1755                                        2*EXT4_QUOTA_INIT_BLOCKS(dir->i_sb));
1756        if (IS_ERR(handle))
1757                return PTR_ERR(handle);
1758
1759        if (IS_DIRSYNC(dir))
1760                handle->h_sync = 1;
1761
1762        inode = ext4_new_inode(handle, dir, mode);
1763        err = PTR_ERR(inode);
1764        if (!IS_ERR(inode)) {
1765                init_special_inode(inode, inode->i_mode, rdev);
1766#ifdef CONFIG_EXT4_FS_XATTR
1767                inode->i_op = &ext4_special_inode_operations;
1768#endif
1769                err = ext4_add_nondir(handle, dentry, inode);
1770        }
1771        ext4_journal_stop(handle);
1772        if (err == -ENOSPC && ext4_should_retry_alloc(dir->i_sb, &retries))
1773                goto retry;
1774        return err;
1775}
1776
1777static int ext4_mkdir(struct inode *dir, struct dentry *dentry, int mode)
1778{
1779        handle_t *handle;
1780        struct inode *inode;
1781        struct buffer_head *dir_block;
1782        struct ext4_dir_entry_2 *de;
1783        int err, retries = 0;
1784
1785        if (EXT4_DIR_LINK_MAX(dir))
1786                return -EMLINK;
1787
1788retry:
1789        handle = ext4_journal_start(dir, EXT4_DATA_TRANS_BLOCKS(dir->i_sb) +
1790                                        EXT4_INDEX_EXTRA_TRANS_BLOCKS + 3 +
1791                                        2*EXT4_QUOTA_INIT_BLOCKS(dir->i_sb));
1792        if (IS_ERR(handle))
1793                return PTR_ERR(handle);
1794
1795        if (IS_DIRSYNC(dir))
1796                handle->h_sync = 1;
1797
1798        inode = ext4_new_inode(handle, dir, S_IFDIR | mode);
1799        err = PTR_ERR(inode);
1800        if (IS_ERR(inode))
1801                goto out_stop;
1802
1803        inode->i_op = &ext4_dir_inode_operations;
1804        inode->i_fop = &ext4_dir_operations;
1805        inode->i_size = EXT4_I(inode)->i_disksize = inode->i_sb->s_blocksize;
1806        dir_block = ext4_bread(handle, inode, 0, 1, &err);
1807        if (!dir_block)
1808                goto out_clear_inode;
1809        BUFFER_TRACE(dir_block, "get_write_access");
1810        ext4_journal_get_write_access(handle, dir_block);
1811        de = (struct ext4_dir_entry_2 *) dir_block->b_data;
1812        de->inode = cpu_to_le32(inode->i_ino);
1813        de->name_len = 1;
1814        de->rec_len = ext4_rec_len_to_disk(EXT4_DIR_REC_LEN(de->name_len));
1815        strcpy(de->name, ".");
1816        ext4_set_de_type(dir->i_sb, de, S_IFDIR);
1817        de = ext4_next_entry(de);
1818        de->inode = cpu_to_le32(dir->i_ino);
1819        de->rec_len = ext4_rec_len_to_disk(inode->i_sb->s_blocksize -
1820                                                EXT4_DIR_REC_LEN(1));
1821        de->name_len = 2;
1822        strcpy(de->name, "..");
1823        ext4_set_de_type(dir->i_sb, de, S_IFDIR);
1824        inode->i_nlink = 2;
1825        BUFFER_TRACE(dir_block, "call ext4_journal_dirty_metadata");
1826        ext4_journal_dirty_metadata(handle, dir_block);
1827        brelse(dir_block);
1828        ext4_mark_inode_dirty(handle, inode);
1829        err = ext4_add_entry(handle, dentry, inode);
1830        if (err) {
1831out_clear_inode:
1832                clear_nlink(inode);
1833                ext4_mark_inode_dirty(handle, inode);
1834                iput(inode);
1835                goto out_stop;
1836        }
1837        ext4_inc_count(handle, dir);
1838        ext4_update_dx_flag(dir);
1839        ext4_mark_inode_dirty(handle, dir);
1840        d_instantiate(dentry, inode);
1841out_stop:
1842        ext4_journal_stop(handle);
1843        if (err == -ENOSPC && ext4_should_retry_alloc(dir->i_sb, &retries))
1844                goto retry;
1845        return err;
1846}
1847
1848/*
1849 * routine to check that the specified directory is empty (for rmdir)
1850 */
1851static int empty_dir(struct inode *inode)
1852{
1853        unsigned long offset;
1854        struct buffer_head *bh;
1855        struct ext4_dir_entry_2 *de, *de1;
1856        struct super_block *sb;
1857        int err = 0;
1858
1859        sb = inode->i_sb;
1860        if (inode->i_size < EXT4_DIR_REC_LEN(1) + EXT4_DIR_REC_LEN(2) ||
1861            !(bh = ext4_bread(NULL, inode, 0, 0, &err))) {
1862                if (err)
1863                        ext4_error(inode->i_sb, __func__,
1864                                   "error %d reading directory #%lu offset 0",
1865                                   err, inode->i_ino);
1866                else
1867                        ext4_warning(inode->i_sb, __func__,
1868                                     "bad directory (dir #%lu) - no data block",
1869                                     inode->i_ino);
1870                return 1;
1871        }
1872        de = (struct ext4_dir_entry_2 *) bh->b_data;
1873        de1 = ext4_next_entry(de);
1874        if (le32_to_cpu(de->inode) != inode->i_ino ||
1875                        !le32_to_cpu(de1->inode) ||
1876                        strcmp(".", de->name) ||
1877                        strcmp("..", de1->name)) {
1878                ext4_warning(inode->i_sb, "empty_dir",
1879                             "bad directory (dir #%lu) - no `.' or `..'",
1880                             inode->i_ino);
1881                brelse(bh);
1882                return 1;
1883        }
1884        offset = ext4_rec_len_from_disk(de->rec_len) +
1885                 ext4_rec_len_from_disk(de1->rec_len);
1886        de = ext4_next_entry(de1);
1887        while (offset < inode->i_size) {
1888                if (!bh ||
1889                        (void *) de >= (void *) (bh->b_data+sb->s_blocksize)) {
1890                        err = 0;
1891                        brelse(bh);
1892                        bh = ext4_bread(NULL, inode,
1893                                offset >> EXT4_BLOCK_SIZE_BITS(sb), 0, &err);
1894                        if (!bh) {
1895                                if (err)
1896                                        ext4_error(sb, __func__,
1897                                                   "error %d reading directory"
1898                                                   " #%lu offset %lu",
1899                                                   err, inode->i_ino, offset);
1900                                offset += sb->s_blocksize;
1901                                continue;
1902                        }
1903                        de = (struct ext4_dir_entry_2 *) bh->b_data;
1904                }
1905                if (!ext4_check_dir_entry("empty_dir", inode, de, bh, offset)) {
1906                        de = (struct ext4_dir_entry_2 *)(bh->b_data +
1907                                                         sb->s_blocksize);
1908                        offset = (offset | (sb->s_blocksize - 1)) + 1;
1909                        continue;
1910                }
1911                if (le32_to_cpu(de->inode)) {
1912                        brelse(bh);
1913                        return 0;
1914                }
1915                offset += ext4_rec_len_from_disk(de->rec_len);
1916                de = ext4_next_entry(de);
1917        }
1918        brelse(bh);
1919        return 1;
1920}
1921
1922/* ext4_orphan_add() links an unlinked or truncated inode into a list of
1923 * such inodes, starting at the superblock, in case we crash before the
1924 * file is closed/deleted, or in case the inode truncate spans multiple
1925 * transactions and the last transaction is not recovered after a crash.
1926 *
1927 * At filesystem recovery time, we walk this list deleting unlinked
1928 * inodes and truncating linked inodes in ext4_orphan_cleanup().
1929 */
1930int ext4_orphan_add(handle_t *handle, struct inode *inode)
1931{
1932        struct super_block *sb = inode->i_sb;
1933        struct ext4_iloc iloc;
1934        int err = 0, rc;
1935
1936        lock_super(sb);
1937        if (!list_empty(&EXT4_I(inode)->i_orphan))
1938                goto out_unlock;
1939
1940        /* Orphan handling is only valid for files with data blocks
1941         * being truncated, or files being unlinked. */
1942
1943        /* @@@ FIXME: Observation from aviro:
1944         * I think I can trigger J_ASSERT in ext4_orphan_add().  We block
1945         * here (on lock_super()), so race with ext4_link() which might bump
1946         * ->i_nlink. For, say it, character device. Not a regular file,
1947         * not a directory, not a symlink and ->i_nlink > 0.
1948         */
1949        J_ASSERT((S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode) ||
1950                  S_ISLNK(inode->i_mode)) || inode->i_nlink == 0);
1951
1952        BUFFER_TRACE(EXT4_SB(sb)->s_sbh, "get_write_access");
1953        err = ext4_journal_get_write_access(handle, EXT4_SB(sb)->s_sbh);
1954        if (err)
1955                goto out_unlock;
1956
1957        err = ext4_reserve_inode_write(handle, inode, &iloc);
1958        if (err)
1959                goto out_unlock;
1960
1961        /* Insert this inode at the head of the on-disk orphan list... */
1962        NEXT_ORPHAN(inode) = le32_to_cpu(EXT4_SB(sb)->s_es->s_last_orphan);
1963        EXT4_SB(sb)->s_es->s_last_orphan = cpu_to_le32(inode->i_ino);
1964        err = ext4_journal_dirty_metadata(handle, EXT4_SB(sb)->s_sbh);
1965        rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
1966        if (!err)
1967                err = rc;
1968
1969        /* Only add to the head of the in-memory list if all the
1970         * previous operations succeeded.  If the orphan_add is going to
1971         * fail (possibly taking the journal offline), we can't risk
1972         * leaving the inode on the orphan list: stray orphan-list
1973         * entries can cause panics at unmount time.
1974         *
1975         * This is safe: on error we're going to ignore the orphan list
1976         * anyway on the next recovery. */
1977        if (!err)
1978                list_add(&EXT4_I(inode)->i_orphan, &EXT4_SB(sb)->s_orphan);
1979
1980        jbd_debug(4, "superblock will point to %lu\n", inode->i_ino);
1981        jbd_debug(4, "orphan inode %lu will point to %d\n",
1982                        inode->i_ino, NEXT_ORPHAN(inode));
1983out_unlock:
1984        unlock_super(sb);
1985        ext4_std_error(inode->i_sb, err);
1986        return err;
1987}
1988
1989/*
1990 * ext4_orphan_del() removes an unlinked or truncated inode from the list
1991 * of such inodes stored on disk, because it is finally being cleaned up.
1992 */
1993int ext4_orphan_del(handle_t *handle, struct inode *inode)
1994{
1995        struct list_head *prev;
1996        struct ext4_inode_info *ei = EXT4_I(inode);
1997        struct ext4_sb_info *sbi;
1998        unsigned long ino_next;
1999        struct ext4_iloc iloc;
2000        int err = 0;
2001
2002        lock_super(inode->i_sb);
2003        if (list_empty(&ei->i_orphan)) {
2004                unlock_super(inode->i_sb);
2005                return 0;
2006        }
2007
2008        ino_next = NEXT_ORPHAN(inode);
2009        prev = ei->i_orphan.prev;
2010        sbi = EXT4_SB(inode->i_sb);
2011
2012        jbd_debug(4, "remove inode %lu from orphan list\n", inode->i_ino);
2013
2014        list_del_init(&ei->i_orphan);
2015
2016        /* If we're on an error path, we may not have a valid
2017         * transaction handle with which to update the orphan list on
2018         * disk, but we still need to remove the inode from the linked
2019         * list in memory. */
2020        if (!handle)
2021                goto out;
2022
2023        err = ext4_reserve_inode_write(handle, inode, &iloc);
2024        if (err)
2025                goto out_err;
2026
2027        if (prev == &sbi->s_orphan) {
2028                jbd_debug(4, "superblock will point to %lu\n", ino_next);
2029                BUFFER_TRACE(sbi->s_sbh, "get_write_access");
2030                err = ext4_journal_get_write_access(handle, sbi->s_sbh);
2031                if (err)
2032                        goto out_brelse;
2033                sbi->s_es->s_last_orphan = cpu_to_le32(ino_next);
2034                err = ext4_journal_dirty_metadata(handle, sbi->s_sbh);
2035        } else {
2036                struct ext4_iloc iloc2;
2037                struct inode *i_prev =
2038                        &list_entry(prev, struct ext4_inode_info, i_orphan)->vfs_inode;
2039
2040                jbd_debug(4, "orphan inode %lu will point to %lu\n",
2041                          i_prev->i_ino, ino_next);
2042                err = ext4_reserve_inode_write(handle, i_prev, &iloc2);
2043                if (err)
2044                        goto out_brelse;
2045                NEXT_ORPHAN(i_prev) = ino_next;
2046                err = ext4_mark_iloc_dirty(handle, i_prev, &iloc2);
2047        }
2048        if (err)
2049                goto out_brelse;
2050        NEXT_ORPHAN(inode) = 0;
2051        err = ext4_mark_iloc_dirty(handle, inode, &iloc);
2052
2053out_err:
2054        ext4_std_error(inode->i_sb, err);
2055out:
2056        unlock_super(inode->i_sb);
2057        return err;
2058
2059out_brelse:
2060        brelse(iloc.bh);
2061        goto out_err;
2062}
2063
2064static int ext4_rmdir(struct inode *dir, struct dentry *dentry)
2065{
2066        int retval;
2067        struct inode *inode;
2068        struct buffer_head *bh;
2069        struct ext4_dir_entry_2 *de;
2070        handle_t *handle;
2071
2072        /* Initialize quotas before so that eventual writes go in
2073         * separate transaction */
2074        DQUOT_INIT(dentry->d_inode);
2075        handle = ext4_journal_start(dir, EXT4_DELETE_TRANS_BLOCKS(dir->i_sb));
2076        if (IS_ERR(handle))
2077                return PTR_ERR(handle);
2078
2079        retval = -ENOENT;
2080        bh = ext4_find_entry(dir, &dentry->d_name, &de);
2081        if (!bh)
2082                goto end_rmdir;
2083
2084        if (IS_DIRSYNC(dir))
2085                handle->h_sync = 1;
2086
2087        inode = dentry->d_inode;
2088
2089        retval = -EIO;
2090        if (le32_to_cpu(de->inode) != inode->i_ino)
2091                goto end_rmdir;
2092
2093        retval = -ENOTEMPTY;
2094        if (!empty_dir(inode))
2095                goto end_rmdir;
2096
2097        retval = ext4_delete_entry(handle, dir, de, bh);
2098        if (retval)
2099                goto end_rmdir;
2100        if (!EXT4_DIR_LINK_EMPTY(inode))
2101                ext4_warning(inode->i_sb, "ext4_rmdir",
2102                             "empty directory has too many links (%d)",
2103                             inode->i_nlink);
2104        inode->i_version++;
2105        clear_nlink(inode);
2106        /* There's no need to set i_disksize: the fact that i_nlink is
2107         * zero will ensure that the right thing happens during any
2108         * recovery. */
2109        inode->i_size = 0;
2110        ext4_orphan_add(handle, inode);
2111        inode->i_ctime = dir->i_ctime = dir->i_mtime = ext4_current_time(inode);
2112        ext4_mark_inode_dirty(handle, inode);
2113        ext4_dec_count(handle, dir);
2114        ext4_update_dx_flag(dir);
2115        ext4_mark_inode_dirty(handle, dir);
2116
2117end_rmdir:
2118        ext4_journal_stop(handle);
2119        brelse(bh);
2120        return retval;
2121}
2122
2123static int ext4_unlink(struct inode *dir, struct dentry *dentry)
2124{
2125        int retval;
2126        struct inode *inode;
2127        struct buffer_head *bh;
2128        struct ext4_dir_entry_2 *de;
2129        handle_t *handle;
2130
2131        /* Initialize quotas before so that eventual writes go
2132         * in separate transaction */
2133        DQUOT_INIT(dentry->d_inode);
2134        handle = ext4_journal_start(dir, EXT4_DELETE_TRANS_BLOCKS(dir->i_sb));
2135        if (IS_ERR(handle))
2136                return PTR_ERR(handle);
2137
2138        if (IS_DIRSYNC(dir))
2139                handle->h_sync = 1;
2140
2141        retval = -ENOENT;
2142        bh = ext4_find_entry(dir, &dentry->d_name, &de);
2143        if (!bh)
2144                goto end_unlink;
2145
2146        inode = dentry->d_inode;
2147
2148        retval = -EIO;
2149        if (le32_to_cpu(de->inode) != inode->i_ino)
2150                goto end_unlink;
2151
2152        if (!inode->i_nlink) {
2153                ext4_warning(inode->i_sb, "ext4_unlink",
2154                             "Deleting nonexistent file (%lu), %d",
2155                             inode->i_ino, inode->i_nlink);
2156                inode->i_nlink = 1;
2157        }
2158        retval = ext4_delete_entry(handle, dir, de, bh);
2159        if (retval)
2160                goto end_unlink;
2161        dir->i_ctime = dir->i_mtime = ext4_current_time(dir);
2162        ext4_update_dx_flag(dir);
2163        ext4_mark_inode_dirty(handle, dir);
2164        drop_nlink(inode);
2165        if (!inode->i_nlink)
2166                ext4_orphan_add(handle, inode);
2167        inode->i_ctime = ext4_current_time(inode);
2168        ext4_mark_inode_dirty(handle, inode);
2169        retval = 0;
2170
2171end_unlink:
2172        ext4_journal_stop(handle);
2173        brelse(bh);
2174        return retval;
2175}
2176
2177static int ext4_symlink(struct inode *dir,
2178                        struct dentry *dentry, const char *symname)
2179{
2180        handle_t *handle;
2181        struct inode *inode;
2182        int l, err, retries = 0;
2183
2184        l = strlen(symname)+1;
2185        if (l > dir->i_sb->s_blocksize)
2186                return -ENAMETOOLONG;
2187
2188retry:
2189        handle = ext4_journal_start(dir, EXT4_DATA_TRANS_BLOCKS(dir->i_sb) +
2190                                        EXT4_INDEX_EXTRA_TRANS_BLOCKS + 5 +
2191                                        2*EXT4_QUOTA_INIT_BLOCKS(dir->i_sb));
2192        if (IS_ERR(handle))
2193                return PTR_ERR(handle);
2194
2195        if (IS_DIRSYNC(dir))
2196                handle->h_sync = 1;
2197
2198        inode = ext4_new_inode(handle, dir, S_IFLNK|S_IRWXUGO);
2199        err = PTR_ERR(inode);
2200        if (IS_ERR(inode))
2201                goto out_stop;
2202
2203        if (l > sizeof(EXT4_I(inode)->i_data)) {
2204                inode->i_op = &ext4_symlink_inode_operations;
2205                ext4_set_aops(inode);
2206                /*
2207                 * page_symlink() calls into ext4_prepare/commit_write.
2208                 * We have a transaction open.  All is sweetness.  It also sets
2209                 * i_size in generic_commit_write().
2210                 */
2211                err = __page_symlink(inode, symname, l,
2212                                mapping_gfp_mask(inode->i_mapping) & ~__GFP_FS);
2213                if (err) {
2214                        clear_nlink(inode);
2215                        ext4_mark_inode_dirty(handle, inode);
2216                        iput(inode);
2217                        goto out_stop;
2218                }
2219        } else {
2220                /* clear the extent format for fast symlink */
2221                EXT4_I(inode)->i_flags &= ~EXT4_EXTENTS_FL;
2222                inode->i_op = &ext4_fast_symlink_inode_operations;
2223                memcpy((char *)&EXT4_I(inode)->i_data, symname, l);
2224                inode->i_size = l-1;
2225        }
2226        EXT4_I(inode)->i_disksize = inode->i_size;
2227        err = ext4_add_nondir(handle, dentry, inode);
2228out_stop:
2229        ext4_journal_stop(handle);
2230        if (err == -ENOSPC && ext4_should_retry_alloc(dir->i_sb, &retries))
2231                goto retry;
2232        return err;
2233}
2234
2235static int ext4_link(struct dentry *old_dentry,
2236                     struct inode *dir, struct dentry *dentry)
2237{
2238        handle_t *handle;
2239        struct inode *inode = old_dentry->d_inode;
2240        int err, retries = 0;
2241
2242        if (EXT4_DIR_LINK_MAX(inode))
2243                return -EMLINK;
2244
2245        /*
2246         * Return -ENOENT if we've raced with unlink and i_nlink is 0.  Doing
2247         * otherwise has the potential to corrupt the orphan inode list.
2248         */
2249        if (inode->i_nlink == 0)
2250                return -ENOENT;
2251
2252retry:
2253        handle = ext4_journal_start(dir, EXT4_DATA_TRANS_BLOCKS(dir->i_sb) +
2254                                        EXT4_INDEX_EXTRA_TRANS_BLOCKS);
2255        if (IS_ERR(handle))
2256                return PTR_ERR(handle);
2257
2258        if (IS_DIRSYNC(dir))
2259                handle->h_sync = 1;
2260
2261        inode->i_ctime = ext4_current_time(inode);
2262        ext4_inc_count(handle, inode);
2263        atomic_inc(&inode->i_count);
2264
2265        err = ext4_add_nondir(handle, dentry, inode);
2266        ext4_journal_stop(handle);
2267        if (err == -ENOSPC && ext4_should_retry_alloc(dir->i_sb, &retries))
2268                goto retry;
2269        return err;
2270}
2271
2272#define PARENT_INO(buffer) \
2273        (ext4_next_entry((struct ext4_dir_entry_2 *)(buffer))->inode)
2274
2275/*
2276 * Anybody can rename anything with this: the permission checks are left to the
2277 * higher-level routines.
2278 */
2279static int ext4_rename(struct inode *old_dir, struct dentry *old_dentry,
2280                       struct inode *new_dir, struct dentry *new_dentry)
2281{
2282        handle_t *handle;
2283        struct inode *old_inode, *new_inode;
2284        struct buffer_head *old_bh, *new_bh, *dir_bh;
2285        struct ext4_dir_entry_2 *old_de, *new_de;
2286        int retval;
2287
2288        old_bh = new_bh = dir_bh = NULL;
2289
2290        /* Initialize quotas before so that eventual writes go
2291         * in separate transaction */
2292        if (new_dentry->d_inode)
2293                DQUOT_INIT(new_dentry->d_inode);
2294        handle = ext4_journal_start(old_dir, 2 *
2295                                        EXT4_DATA_TRANS_BLOCKS(old_dir->i_sb) +
2296                                        EXT4_INDEX_EXTRA_TRANS_BLOCKS + 2);
2297        if (IS_ERR(handle))
2298                return PTR_ERR(handle);
2299
2300        if (IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir))
2301                handle->h_sync = 1;
2302
2303        old_bh = ext4_find_entry(old_dir, &old_dentry->d_name, &old_de);
2304        /*
2305         *  Check for inode number is _not_ due to possible IO errors.
2306         *  We might rmdir the source, keep it as pwd of some process
2307         *  and merrily kill the link to whatever was created under the
2308         *  same name. Goodbye sticky bit ;-<
2309         */
2310        old_inode = old_dentry->d_inode;
2311        retval = -ENOENT;
2312        if (!old_bh || le32_to_cpu(old_de->inode) != old_inode->i_ino)
2313                goto end_rename;
2314
2315        new_inode = new_dentry->d_inode;
2316        new_bh = ext4_find_entry(new_dir, &new_dentry->d_name, &new_de);
2317        if (new_bh) {
2318                if (!new_inode) {
2319                        brelse(new_bh);
2320                        new_bh = NULL;
2321                }
2322        }
2323        if (S_ISDIR(old_inode->i_mode)) {
2324                if (new_inode) {
2325                        retval = -ENOTEMPTY;
2326                        if (!empty_dir(new_inode))
2327                                goto end_rename;
2328                }
2329                retval = -EIO;
2330                dir_bh = ext4_bread(handle, old_inode, 0, 0, &retval);
2331                if (!dir_bh)
2332                        goto end_rename;
2333                if (le32_to_cpu(PARENT_INO(dir_bh->b_data)) != old_dir->i_ino)
2334                        goto end_rename;
2335                retval = -EMLINK;
2336                if (!new_inode && new_dir != old_dir &&
2337                                new_dir->i_nlink >= EXT4_LINK_MAX)
2338                        goto end_rename;
2339        }
2340        if (!new_bh) {
2341                retval = ext4_add_entry(handle, new_dentry, old_inode);
2342                if (retval)
2343                        goto end_rename;
2344        } else {
2345                BUFFER_TRACE(new_bh, "get write access");
2346                ext4_journal_get_write_access(handle, new_bh);
2347                new_de->inode = cpu_to_le32(old_inode->i_ino);
2348                if (EXT4_HAS_INCOMPAT_FEATURE(new_dir->i_sb,
2349                                              EXT4_FEATURE_INCOMPAT_FILETYPE))
2350                        new_de->file_type = old_de->file_type;
2351                new_dir->i_version++;
2352                new_dir->i_ctime = new_dir->i_mtime =
2353                                        ext4_current_time(new_dir);
2354                ext4_mark_inode_dirty(handle, new_dir);
2355                BUFFER_TRACE(new_bh, "call ext4_journal_dirty_metadata");
2356                ext4_journal_dirty_metadata(handle, new_bh);
2357                brelse(new_bh);
2358                new_bh = NULL;
2359        }
2360
2361        /*
2362         * Like most other Unix systems, set the ctime for inodes on a
2363         * rename.
2364         */
2365        old_inode->i_ctime = ext4_current_time(old_inode);
2366        ext4_mark_inode_dirty(handle, old_inode);
2367
2368        /*
2369         * ok, that's it
2370         */
2371        if (le32_to_cpu(old_de->inode) != old_inode->i_ino ||
2372            old_de->name_len != old_dentry->d_name.len ||
2373            strncmp(old_de->name, old_dentry->d_name.name, old_de->name_len) ||
2374            (retval = ext4_delete_entry(handle, old_dir,
2375                                        old_de, old_bh)) == -ENOENT) {
2376                /* old_de could have moved from under us during htree split, so
2377                 * make sure that we are deleting the right entry.  We might
2378                 * also be pointing to a stale entry in the unused part of
2379                 * old_bh so just checking inum and the name isn't enough. */
2380                struct buffer_head *old_bh2;
2381                struct ext4_dir_entry_2 *old_de2;
2382
2383                old_bh2 = ext4_find_entry(old_dir, &old_dentry->d_name, &old_de2);
2384                if (old_bh2) {
2385                        retval = ext4_delete_entry(handle, old_dir,
2386                                                   old_de2, old_bh2);
2387                        brelse(old_bh2);
2388                }
2389        }
2390        if (retval) {
2391                ext4_warning(old_dir->i_sb, "ext4_rename",
2392                                "Deleting old file (%lu), %d, error=%d",
2393                                old_dir->i_ino, old_dir->i_nlink, retval);
2394        }
2395
2396        if (new_inode) {
2397                ext4_dec_count(handle, new_inode);
2398                new_inode->i_ctime = ext4_current_time(new_inode);
2399        }
2400        old_dir->i_ctime = old_dir->i_mtime = ext4_current_time(old_dir);
2401        ext4_update_dx_flag(old_dir);
2402        if (dir_bh) {
2403                BUFFER_TRACE(dir_bh, "get_write_access");
2404                ext4_journal_get_write_access(handle, dir_bh);
2405                PARENT_INO(dir_bh->b_data) = cpu_to_le32(new_dir->i_ino);
2406                BUFFER_TRACE(dir_bh, "call ext4_journal_dirty_metadata");
2407                ext4_journal_dirty_metadata(handle, dir_bh);
2408                ext4_dec_count(handle, old_dir);
2409                if (new_inode) {
2410                        /* checked empty_dir above, can't have another parent,
2411                         * ext4_dec_count() won't work for many-linked dirs */
2412                        new_inode->i_nlink = 0;
2413                } else {
2414                        ext4_inc_count(handle, new_dir);
2415                        ext4_update_dx_flag(new_dir);
2416                        ext4_mark_inode_dirty(handle, new_dir);
2417                }
2418        }
2419        ext4_mark_inode_dirty(handle, old_dir);
2420        if (new_inode) {
2421                ext4_mark_inode_dirty(handle, new_inode);
2422                if (!new_inode->i_nlink)
2423                        ext4_orphan_add(handle, new_inode);
2424        }
2425        retval = 0;
2426
2427end_rename:
2428        brelse(dir_bh);
2429        brelse(old_bh);
2430        brelse(new_bh);
2431        ext4_journal_stop(handle);
2432        return retval;
2433}
2434
2435/*
2436 * directories can handle most operations...
2437 */
2438const struct inode_operations ext4_dir_inode_operations = {
2439        .create                = ext4_create,
2440        .lookup                = ext4_lookup,
2441        .link                = ext4_link,
2442        .unlink                = ext4_unlink,
2443        .symlink        = ext4_symlink,
2444        .mkdir                = ext4_mkdir,
2445        .rmdir                = ext4_rmdir,
2446        .mknod                = ext4_mknod,
2447        .rename                = ext4_rename,
2448        .setattr        = ext4_setattr,
2449#ifdef CONFIG_EXT4_FS_XATTR
2450        .setxattr        = generic_setxattr,
2451        .getxattr        = generic_getxattr,
2452        .listxattr        = ext4_listxattr,
2453        .removexattr        = generic_removexattr,
2454#endif
2455        .permission        = ext4_permission,
2456};
2457
2458const struct inode_operations ext4_special_inode_operations = {
2459        .setattr        = ext4_setattr,
2460#ifdef CONFIG_EXT4_FS_XATTR
2461        .setxattr        = generic_setxattr,
2462        .getxattr        = generic_getxattr,
2463        .listxattr        = ext4_listxattr,
2464        .removexattr        = generic_removexattr,
2465#endif
2466        .permission        = ext4_permission,
2467};