[src/trunk]: src/sys/ufs/lfs Fix wrong code in lfs_valloc_fixed(). It was ove...

[dholland <dholland%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/8824fcb296b8
branches:  trunk
changeset: 340565:8824fcb296b8
user:      dholland <dholland%NetBSD.org@localhost>
date:      Sun Sep 13 07:53:37 2015 +0000

description:
Fix wrong code in lfs_valloc_fixed(). It was overwriting the inode
number it was supposed to be allocating with the head of the inode
freelist, then applying the wrong test to that result. Net result:
unless the freelist was empty (in which case it would always fail),
it would in general drop a bunch of entries from the freelist.

This code seems to have been broken when the first version of lfsv2
was imported onto the perseant-lfsv2 branch in -r1.47.2.1, and
remained broken since, in spite of having been moved to lfs_rfw.c and
back and rearranged quite a bit in the meantime.

Sigh.

Found by Coverity in a rather confusing way as CID 1316545.

diffstat:

 sys/ufs/lfs/lfs_alloc.c |  16 ++++++++--------
 1 files changed, 8 insertions(+), 8 deletions(-)

diffs (53 lines):

diff -r 9882456f6ff9 -r 8824fcb296b8 sys/ufs/lfs/lfs_alloc.c
--- a/sys/ufs/lfs/lfs_alloc.c   Sat Sep 12 20:23:27 2015 +0000
+++ b/sys/ufs/lfs/lfs_alloc.c   Sun Sep 13 07:53:37 2015 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: lfs_alloc.c,v 1.129 2015/09/01 06:08:37 dholland Exp $ */
+/*     $NetBSD: lfs_alloc.c,v 1.130 2015/09/13 07:53:37 dholland Exp $ */
 
 /*-
  * Copyright (c) 1999, 2000, 2001, 2002, 2003, 2007 The NetBSD Foundation, Inc.
@@ -60,7 +60,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: lfs_alloc.c,v 1.129 2015/09/01 06:08:37 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: lfs_alloc.c,v 1.130 2015/09/13 07:53:37 dholland Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_quota.h"
@@ -274,7 +274,7 @@
 {
        IFILE *ifp;
        struct buf *bp, *cbp;
-       ino_t tino, oldnext;
+       ino_t headino, thisino, oldnext;
        CLEANERINFO *cip;
 
        /* If the Ifile is too short to contain this inum, extend it */
@@ -289,20 +289,20 @@
        lfs_if_setversion(fs, ifp, vers);
        brelse(bp, 0);
 
-       LFS_GET_HEADFREE(fs, cip, cbp, &ino);
-       if (ino) {
+       LFS_GET_HEADFREE(fs, cip, cbp, &headino);
+       if (headino == ino) {
                LFS_PUT_HEADFREE(fs, cip, cbp, oldnext);
        } else {
                ino_t nextfree;
 
-               tino = ino;
+               thisino = headino;
                while (1) {
-                       LFS_IENTRY(ifp, fs, tino, bp);
+                       LFS_IENTRY(ifp, fs, thisino, bp);
                        nextfree = lfs_if_getnextfree(fs, ifp);
                        if (nextfree == ino ||
                            nextfree == LFS_UNUSED_INUM)
                                break;
-                       tino = nextfree;
+                       thisino = nextfree;
                        brelse(bp, 0);
                }
                if (nextfree == LFS_UNUSED_INUM) {