Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ab92a20b authored by Dongsheng Yang's avatar Dongsheng Yang Committed by Richard Weinberger
Browse files

ubifs: make ubifs_[get|set]xattr atomic 



This commit make the ubifs_[get|set]xattr protected by ui_mutex.

Originally, there is a possibility that ubifs_getxattr to get
a wrong value.

  P1                                  P2
----------                  	----------
ubifs_getxattr                      ubifs_setxattr
					- kfree()
- memcpy()
					- kmemdup()

Then ubifs_getxattr() would get a non-sense data. To solve this
problem, this commit make the xattr of ubifs_inode updated in
atomic.

Signed-off-by: default avatarDongsheng Yang <yangds.fnst@cn.fujitsu.com>
Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
parent 54bcfdf1

fs/ubifs/xattr.c

+9 −3
Original line number Diff line number Diff line
@@ -200,6 +200,7 @@ static int change_xattr(struct ubifs_info *c, struct inode *host, 
	int err;

	struct ubifs_inode *host_ui = ubifs_inode(host);

	struct ubifs_inode *ui = ubifs_inode(inode);

	void *buf = NULL;

	struct ubifs_budget_req req = { .dirtied_ino = 2,

		.dirtied_ino_d = ALIGN(size, 8) + ALIGN(host_ui->data_len, 8) };
@@ -208,14 +209,17 @@ static int change_xattr(struct ubifs_info *c, struct inode *host, 
	if (err)

		return err;



	kfree(ui->data);

	ui->data = kmemdup(value, size, GFP_NOFS);

	if (!ui->data) {

	buf = kmemdup(value, size, GFP_NOFS);

	if (!buf) {

		err = -ENOMEM;

		goto out_free;

	}

	mutex_lock(&ui->ui_mutex);

	kfree(ui->data);

	ui->data = buf;

	inode->i_size = ui->ui_size = size;

	ui->data_len = size;

	mutex_unlock(&ui->ui_mutex);



	mutex_lock(&host_ui->ui_mutex);

	host->i_ctime = ubifs_current_time(host);
@@ -409,6 +413,7 @@ ssize_t ubifs_getxattr(struct dentry *dentry, const char *name, void *buf, 
	ubifs_assert(inode->i_size == ui->data_len);

	ubifs_assert(ubifs_inode(host)->xattr_size > ui->data_len);



	mutex_lock(&ui->ui_mutex);

	if (buf) {

		/* If @buf is %NULL we are supposed to return the length */

		if (ui->data_len > size) {
@@ -423,6 +428,7 @@ ssize_t ubifs_getxattr(struct dentry *dentry, const char *name, void *buf, 
	err = ui->data_len;



out_iput:

	mutex_unlock(&ui->ui_mutex);

	iput(inode);

out_unlock:

	kfree(xent);