I think I found a bug in fs/minix/namei.c:minix_create(). Have a look at this:
-----------------------------------------
int minix_create(struct inode * dir, struct dentry *dentry, int mode)
{
int error;
struct inode * inode;
struct buffer_head * bh;
struct minix_dir_entry * de;
inode = minix_new_inode(dir, &error);
if (error)
return error;
------------------------------------------
so, 'error' is uninitialized and the address of it is passed to minix_new_inode().
On return from minix_new_inode() in minix_create() we check if error != 0 before
checking 'inode'. Let us now look at the beginning of minix_new_inode():
---------------------------------------------
struct inode * minix_new_inode(const struct inode * dir, int * error)
{
struct super_block * sb;
struct inode * inode;
struct buffer_head * bh;
int i,j;
if (!dir || !(inode = get_empty_inode()))
return NULL;
---------------------------------------------
so, if the above 'if' is true then we return inode=NULL leaving 'error' at its
uninitialized value thus making minix_create() return incorrect error value.
Checking the similar thing in ext2 shows that it does NOT have this problem, i.e.
there is no code path in ext2_new_inode() that would leave error uninitialized.
The suggested fix is to fs/minix/bitmap.c
regards,
Tigran.
PS. Here is my suggested fix (to fs/minix/bitmap.c of 2.3.23)
--- bitmap.c.0 Sun Oct 24 17:41:46 1999
+++ bitmap.c Sun Oct 24 17:44:07 1999
@@ -251,8 +251,16 @@
struct buffer_head * bh;
int i,j;
- if (!dir || !(inode = get_empty_inode()))
+ if (!dir || !dir->i_nlink) {
+ *error = -EPERM;
return NULL;
+ }
+ inode = get_empty_inode();
+ if (!inode) {
+ *error = -ENOMEM;
+ return NULL;
+ }
+ *error = -ENOSPC;
sb = dir->i_sb;
inode->i_sb = sb;
inode->i_flags = 0;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/