Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7aaea760 authored by Brian Norris's avatar Brian Norris
Browse files

jffs2: fix unbalanced locking 



Li Zefan reported an unbalanced locking issue, found by his
internal debugging feature on runtime. The particular case he was
looking at doesn't lead to a deadlock, as the structure that this lock
is embedded in is freed on error. But we should straighten out the error
handling.

Because several callers of jffs2_do_read_inode_internal() /
jffs2_do_read_inode() already handle the locking/unlocking and inode
clearing at their own level, let's just push any unlocks/clearing down
to the caller. This consistency is much easier to verify.

Reported-by: default avatarLi Zefan <lizefan@huawei.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
parent 3094fe12

fs/jffs2/fs.c

+2 −5
Original line number Diff line number Diff line
@@ -272,12 +272,9 @@ struct inode *jffs2_iget(struct super_block *sb, unsigned long ino) 
	mutex_lock(&f->sem);



	ret = jffs2_do_read_inode(c, f, inode->i_ino, &latest_node);

	if (ret)

		goto error;



	if (ret) {

		mutex_unlock(&f->sem);

		iget_failed(inode);

		return ERR_PTR(ret);

	}

	inode->i_mode = jemode_to_cpu(latest_node.mode);

	i_uid_write(inode, je16_to_cpu(latest_node.uid));

	i_gid_write(inode, je16_to_cpu(latest_node.gid));

fs/jffs2/readinode.c

+4 −23
Original line number Diff line number Diff line
@@ -1203,8 +1203,6 @@ static int jffs2_do_read_inode_internal(struct jffs2_sb_info *c, 
		JFFS2_ERROR("failed to read from flash: error %d, %zd of %zd bytes read\n",

			ret, retlen, sizeof(*latest_node));

		/* FIXME: If this fails, there seems to be a memory leak. Find it. */

		mutex_unlock(&f->sem);

		jffs2_do_clear_inode(c, f);

		return ret ? ret : -EIO;

	}
@@ -1212,8 +1210,6 @@ static int jffs2_do_read_inode_internal(struct jffs2_sb_info *c, 
	if (crc != je32_to_cpu(latest_node->node_crc)) {

		JFFS2_ERROR("CRC failed for read_inode of inode %u at physical location 0x%x\n",

			f->inocache->ino, ref_offset(rii.latest_ref));

		mutex_unlock(&f->sem);

		jffs2_do_clear_inode(c, f);

		return -EIO;

	}
@@ -1250,16 +1246,11 @@ static int jffs2_do_read_inode_internal(struct jffs2_sb_info *c, 
			 * keep in RAM to facilitate quick follow symlink

			 * operation. */

			uint32_t csize = je32_to_cpu(latest_node->csize);

			if (csize > JFFS2_MAX_NAME_LEN) {

				mutex_unlock(&f->sem);

				jffs2_do_clear_inode(c, f);

			if (csize > JFFS2_MAX_NAME_LEN)

				return -ENAMETOOLONG;

			}

			f->target = kmalloc(csize + 1, GFP_KERNEL);

			if (!f->target) {

				JFFS2_ERROR("can't allocate %u bytes of memory for the symlink target path cache\n", csize);

				mutex_unlock(&f->sem);

				jffs2_do_clear_inode(c, f);

				return -ENOMEM;

			}
@@ -1271,8 +1262,6 @@ static int jffs2_do_read_inode_internal(struct jffs2_sb_info *c, 
					ret = -EIO;

				kfree(f->target);

				f->target = NULL;

				mutex_unlock(&f->sem);

				jffs2_do_clear_inode(c, f);

				return ret;

			}
@@ -1289,15 +1278,11 @@ static int jffs2_do_read_inode_internal(struct jffs2_sb_info *c, 
		if (f->metadata) {

			JFFS2_ERROR("Argh. Special inode #%u with mode 0%o had metadata node\n",

			       f->inocache->ino, jemode_to_cpu(latest_node->mode));

			mutex_unlock(&f->sem);

			jffs2_do_clear_inode(c, f);

			return -EIO;

		}

		if (!frag_first(&f->fragtree)) {

			JFFS2_ERROR("Argh. Special inode #%u with mode 0%o has no fragments\n",

			       f->inocache->ino, jemode_to_cpu(latest_node->mode));

			mutex_unlock(&f->sem);

			jffs2_do_clear_inode(c, f);

			return -EIO;

		}

		/* ASSERT: f->fraglist != NULL */
@@ -1305,8 +1290,6 @@ static int jffs2_do_read_inode_internal(struct jffs2_sb_info *c, 
			JFFS2_ERROR("Argh. Special inode #%u with mode 0x%x had more than one node\n",

			       f->inocache->ino, jemode_to_cpu(latest_node->mode));

			/* FIXME: Deal with it - check crc32, check for duplicate node, check times and discard the older one */

			mutex_unlock(&f->sem);

			jffs2_do_clear_inode(c, f);

			return -EIO;

		}

		/* OK. We're happy */
@@ -1400,10 +1383,8 @@ int jffs2_do_crccheck_inode(struct jffs2_sb_info *c, struct jffs2_inode_cache *i 
	f->inocache = ic;



	ret = jffs2_do_read_inode_internal(c, f, &n);

	if (!ret) {

	mutex_unlock(&f->sem);

	jffs2_do_clear_inode(c, f);

	}

	jffs2_xattr_do_crccheck_inode(c, ic);

	kfree (f);

	return ret;