xfs: use ->t_dfops for rmap extent swap operations

xfs_swap_extent_rmap() uses a local dfops instance with a
transaction from the caller. Since there is only one caller, pull
the dfops structure into the caller and attach it to the
transaction. This avoids the need to clear ->t_dfops to prevent
invalid stack memory access.

Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
This commit is contained in:
Brian Foster 2018-07-11 22:26:17 -07:00 committed by Darrick J. Wong
parent ed7ef8e55c
commit 7a7943c7e0

View File

@ -1571,6 +1571,8 @@ xfs_swap_extent_rmap(
struct xfs_inode *ip,
struct xfs_inode *tip)
{
struct xfs_trans *tp = *tpp;
struct xfs_mount *mp = tp->t_mountp;
struct xfs_bmbt_irec irec;
struct xfs_bmbt_irec uirec;
struct xfs_bmbt_irec tirec;
@ -1578,7 +1580,6 @@ xfs_swap_extent_rmap(
xfs_fileoff_t end_fsb;
xfs_filblks_t count_fsb;
xfs_fsblock_t firstfsb;
struct xfs_defer_ops dfops;
int error;
xfs_filblks_t ilen;
xfs_filblks_t rlen;
@ -1614,7 +1615,7 @@ xfs_swap_extent_rmap(
/* Unmap the old blocks in the source file. */
while (tirec.br_blockcount) {
xfs_defer_init(&dfops, &firstfsb);
xfs_defer_init(tp->t_dfops, &firstfsb);
trace_xfs_swap_extent_rmap_remap_piece(tip, &tirec);
/* Read extent from the source file */
@ -1636,31 +1637,32 @@ xfs_swap_extent_rmap(
trace_xfs_swap_extent_rmap_remap_piece(tip, &uirec);
/* Remove the mapping from the donor file. */
error = xfs_bmap_unmap_extent((*tpp)->t_mountp, &dfops,
tip, &uirec);
error = xfs_bmap_unmap_extent(mp, tp->t_dfops, tip,
&uirec);
if (error)
goto out_defer;
/* Remove the mapping from the source file. */
error = xfs_bmap_unmap_extent((*tpp)->t_mountp, &dfops,
ip, &irec);
error = xfs_bmap_unmap_extent(mp, tp->t_dfops, ip,
&irec);
if (error)
goto out_defer;
/* Map the donor file's blocks into the source file. */
error = xfs_bmap_map_extent((*tpp)->t_mountp, &dfops,
ip, &uirec);
error = xfs_bmap_map_extent(mp, tp->t_dfops, ip,
&uirec);
if (error)
goto out_defer;
/* Map the source file's blocks into the donor file. */
error = xfs_bmap_map_extent((*tpp)->t_mountp, &dfops,
tip, &irec);
error = xfs_bmap_map_extent(mp, tp->t_dfops, tip,
&irec);
if (error)
goto out_defer;
xfs_defer_ijoin(&dfops, ip);
error = xfs_defer_finish(tpp, &dfops);
xfs_defer_ijoin(tp->t_dfops, ip);
error = xfs_defer_finish(tpp, tp->t_dfops);
tp = *tpp;
if (error)
goto out_defer;
@ -1680,7 +1682,7 @@ xfs_swap_extent_rmap(
return 0;
out_defer:
xfs_defer_cancel(&dfops);
xfs_defer_cancel(tp->t_dfops);
out:
trace_xfs_swap_extent_rmap_error(ip, error, _RET_IP_);
tip->i_d.di_flags2 = tip_flags2;
@ -1847,6 +1849,7 @@ xfs_swap_extents(
{
struct xfs_mount *mp = ip->i_mount;
struct xfs_trans *tp;
struct xfs_defer_ops dfops;
struct xfs_bstat *sbp = &sxp->sx_stat;
int src_log_flags, target_log_flags;
int error = 0;
@ -1854,6 +1857,7 @@ xfs_swap_extents(
struct xfs_ifork *cowfp;
uint64_t f;
int resblks = 0;
xfs_fsblock_t firstfsb;
/*
* Lock the inodes against other IO, page faults and truncate to
@ -1916,6 +1920,8 @@ xfs_swap_extents(
error = xfs_trans_alloc(mp, &M_RES(mp)->tr_write, resblks, 0, 0, &tp);
if (error)
goto out_unlock;
xfs_defer_init(&dfops, &firstfsb);
tp->t_dfops = &dfops;
/*
* Lock and join the inodes to the tansaction so that transaction commit