@@ -608,18 +608,41 @@ int btrfs_mkdir(struct btrfs_trans_handle *trans, struct btrfs_root *root,
char *name, int namelen, u64 parent_ino, u64 *ino, int mode)
{
struct btrfs_dir_item *dir_item;
- struct btrfs_path *path;
+ struct btrfs_path path = { 0 };
+ struct btrfs_key key;
+ struct btrfs_inode_item *iitem;
u64 ret_ino = 0;
int ret = 0;
- path = btrfs_alloc_path();
- if (!path)
- return -ENOMEM;
-
if (ino && *ino)
ret_ino = *ino;
- dir_item = btrfs_lookup_dir_item(NULL, root, path, parent_ino,
+ /* Make sure the parent inode exists and is a directory. */
+ key.objectid = parent_ino;
+ key.type = BTRFS_INODE_ITEM_KEY;
+ key.offset = 0;
+ ret = btrfs_lookup_inode(NULL, root, &path, &key, 0);
+ if (ret > 0) {
+ ret = -ENOENT;
+ /* Fallthrough */
+ }
+ if (ret < 0) {
+ errno = -ret;
+ error("failed to lookup inode %llu in root %lld: %m",
+ parent_ino, root->root_key.objectid);
+ goto out;
+ }
+ iitem = btrfs_item_ptr(path.nodes[0], path.slots[0], struct btrfs_inode_item);
+ if (!S_ISDIR(btrfs_inode_mode(path.nodes[0], iitem))) {
+ ret = -EUCLEAN;
+ errno = -ret;
+ error("inode %llu in root %lld is not a directory", parent_ino,
+ root->root_key.objectid);
+ goto out;
+ }
+ btrfs_release_path(&path);
+
+ dir_item = btrfs_lookup_dir_item(NULL, root, &path, parent_ino,
name, namelen, 0);
if (IS_ERR(dir_item)) {
ret = PTR_ERR(dir_item);
@@ -633,23 +656,19 @@ int btrfs_mkdir(struct btrfs_trans_handle *trans, struct btrfs_root *root,
* Already have conflicting name, check if it is a dir.
* Either way, no need to continue.
*/
- btrfs_dir_item_key_to_cpu(path->nodes[0], dir_item, &found_key);
+ btrfs_dir_item_key_to_cpu(path.nodes[0], dir_item, &found_key);
ret_ino = found_key.objectid;
- if (btrfs_dir_ftype(path->nodes[0], dir_item) != BTRFS_FT_DIR)
+ if (btrfs_dir_ftype(path.nodes[0], dir_item) != BTRFS_FT_DIR)
ret = -EEXIST;
goto out;
}
- if (!ret_ino)
- /*
- * This is *UNSAFE* if some leaf is corrupted,
- * only used as a fallback method. Caller should either
- * ensure the fs is OK or pass ino with unused inode number.
- */
+ if (!ret_ino) {
ret = btrfs_find_free_objectid(NULL, root, parent_ino,
&ret_ino);
- if (ret)
- goto out;
+ if (ret)
+ goto out;
+ }
ret = btrfs_new_inode(trans, root, ret_ino, mode | S_IFDIR);
if (ret)
goto out;
@@ -658,7 +677,7 @@ int btrfs_mkdir(struct btrfs_trans_handle *trans, struct btrfs_root *root,
if (ret)
goto out;
out:
- btrfs_free_path(path);
+ btrfs_release_path(&path);
if (ret == 0 && ino)
*ino = ret_ino;
return ret;
The function btrfs_mkdir() is currently only utilized by btrfs check, to create the lost+found directory. However we're going to add extra callers for this function, to create directories (and subvolumes) for the incoming "mkfs.btrfs --subvolume" option. Thus here we want extra checks for the @parent_ino: - Make sure the parent inode exists - Make sure the parent inode is indeed a directory And since we're here, also convert the @path to a on-stack one to prevent memory leakage. Signed-off-by: Qu Wenruo <wqu@suse.com> --- kernel-shared/inode.c | 53 +++++++++++++++++++++++++++++-------------- 1 file changed, 36 insertions(+), 17 deletions(-)