tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'for-linus-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs
Pull UBIFS updates from Richard Weinberger:
- Fix for a race xattr list and modification
- Various minor fixes (spelling, return codes, ...)
* tag 'for-linus-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs:
ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
ubifs: Fix spelling mistakes
ubifs: Remove ui_mutex in ubifs_xattr_get and change_xattr
ubifs: Fix races between xattr_{set|get} and listxattr operations
ubifs: fix snprintf() checking
ubifs: journal: Fix error return code in ubifs_jnl_write_inode()
+52
-23
+1
-1
drivers/mtd/ubi/debug.c
+1
-1
drivers/mtd/ubi/debug.c
+1
-1
fs/ubifs/debug.c
+1
-1
fs/ubifs/debug.c
+7
fs/ubifs/dir.c
+7
fs/ubifs/dir.c
···
1337
1337
goto out_release;
1338
1338
}
1339
1339
1340
+
spin_lock(&whiteout->i_lock);
1340
1341
whiteout->i_state |= I_LINKABLE;
1342
+
spin_unlock(&whiteout->i_lock);
1343
+
1341
1344
whiteout_ui = ubifs_inode(whiteout);
1342
1345
whiteout_ui->data = dev;
1343
1346
whiteout_ui->data_len = ubifs_encode_dev(dev, MKDEV(0, 0));
···
1433
1430
1434
1431
inc_nlink(whiteout);
1435
1432
mark_inode_dirty(whiteout);
1433
+
1434
+
spin_lock(&whiteout->i_lock);
1436
1435
whiteout->i_state &= ~I_LINKABLE;
1436
+
spin_unlock(&whiteout->i_lock);
1437
+
1437
1438
iput(whiteout);
1438
1439
}
1439
1440
+2
-1
fs/ubifs/journal.c
+2
-1
fs/ubifs/journal.c
···
882
882
struct ubifs_dent_node *xent, *pxent = NULL;
883
883
884
884
if (ui->xattr_cnt > ubifs_xattr_max_cnt(c)) {
885
+
err = -EPERM;
885
886
ubifs_err(c, "Cannot delete inode, it has too much xattrs!");
886
887
goto out_release;
887
888
}
···
1432
1431
/**
1433
1432
* truncate_data_node - re-compress/encrypt a truncated data node.
1434
1433
* @c: UBIFS file-system description object
1435
-
* @inode: inode which referes to the data node
1434
+
* @inode: inode which refers to the data node
1436
1435
* @block: data block number
1437
1436
* @dn: data node to re-compress
1438
1437
* @new_len: new length
+1
-1
fs/ubifs/master.c
+1
-1
fs/ubifs/master.c
+1
-1
fs/ubifs/replay.c
+1
-1
fs/ubifs/replay.c
···
296
296
* @b: second replay entry
297
297
*
298
298
* This is a comparios function for 'list_sort()' which compares 2 replay
299
-
* entries @a and @b by comparing their sequence numer. Returns %1 if @a has
299
+
* entries @a and @b by comparing their sequence number. Returns %1 if @a has
300
300
* greater sequence number and %-1 otherwise.
301
301
*/
302
302
static int replay_entries_cmp(void *priv, const struct list_head *a,
+2
-1
fs/ubifs/super.c
+2
-1
fs/ubifs/super.c
···
275
275
memset((void *)ui + sizeof(struct inode), 0,
276
276
sizeof(struct ubifs_inode) - sizeof(struct inode));
277
277
mutex_init(&ui->ui_mutex);
278
+
init_rwsem(&ui->xattr_sem);
278
279
spin_lock_init(&ui->ui_lock);
279
280
return &ui->vfs_inode;
280
281
};
···
2061
2060
* @mode: UBI volume open mode
2062
2061
*
2063
2062
* The primary method of mounting UBIFS is by specifying the UBI volume
2064
-
* character device node path. However, UBIFS may also be mounted withoug any
2063
+
* character device node path. However, UBIFS may also be mounted without any
2065
2064
* character device node using one of the following methods:
2066
2065
*
2067
2066
* o ubiX_Y - mount UBI device number X, volume Y;
+1
-1
fs/ubifs/tnc_commit.c
+1
-1
fs/ubifs/tnc_commit.c
···
930
930
* flag cleared before %COW_ZNODE. Specifically, it matters in
931
931
* the 'dirty_cow_znode()' function. This is the reason for the
932
932
* first barrier. Also, we want the bit changes to be seen to
933
-
* other threads ASAP, to avoid unnecesarry copying, which is
933
+
* other threads ASAP, to avoid unnecessary copying, which is
934
934
* the reason for the second barrier.
935
935
*/
936
936
clear_bit(DIRTY_ZNODE, &znode->flags);
+3
-1
fs/ubifs/ubifs.h
+3
-1
fs/ubifs/ubifs.h
···
356
356
* @ui_mutex: serializes inode write-back with the rest of VFS operations,
357
357
* serializes "clean <-> dirty" state changes, serializes bulk-read,
358
358
* protects @dirty, @bulk_read, @ui_size, and @xattr_size
359
+
* @xattr_sem: serilizes write operations (remove|set|create) on xattr
359
360
* @ui_lock: protects @synced_i_size
360
361
* @synced_i_size: synchronized size of inode, i.e. the value of inode size
361
362
* currently stored on the flash; used only for regular file
···
410
409
unsigned int bulk_read:1;
411
410
unsigned int compr_type:2;
412
411
struct mutex ui_mutex;
412
+
struct rw_semaphore xattr_sem;
413
413
spinlock_t ui_lock;
414
414
loff_t synced_i_size;
415
415
loff_t ui_size;
···
914
912
* @rb: rb-tree node of rb-tree of orphans sorted by inode number
915
913
* @list: list head of list of orphans in order added
916
914
* @new_list: list head of list of orphans added since the last commit
917
-
* @child_list: list of xattr childs if this orphan hosts xattrs, list head
915
+
* @child_list: list of xattr children if this orphan hosts xattrs, list head
918
916
* if this orphan is a xattr, not used otherwise.
919
917
* @cnext: next orphan to commit
920
918
* @dnext: next orphan to delete
+33
-15
fs/ubifs/xattr.c
+33
-15
fs/ubifs/xattr.c
···
208
208
err = -ENOMEM;
209
209
goto out_free;
210
210
}
211
-
mutex_lock(&ui->ui_mutex);
212
211
kfree(ui->data);
213
212
ui->data = buf;
214
213
inode->i_size = ui->ui_size = size;
215
214
old_size = ui->data_len;
216
215
ui->data_len = size;
217
-
mutex_unlock(&ui->ui_mutex);
218
216
219
217
mutex_lock(&host_ui->ui_mutex);
220
218
host->i_ctime = current_time(host);
···
283
285
if (!xent)
284
286
return -ENOMEM;
285
287
288
+
down_write(&ubifs_inode(host)->xattr_sem);
286
289
/*
287
290
* The extended attribute entries are stored in LNC, so multiple
288
291
* look-ups do not involve reading the flash.
···
318
319
iput(inode);
319
320
320
321
out_free:
322
+
up_write(&ubifs_inode(host)->xattr_sem);
321
323
kfree(xent);
322
324
return err;
323
325
}
···
341
341
if (!xent)
342
342
return -ENOMEM;
343
343
344
+
down_read(&ubifs_inode(host)->xattr_sem);
344
345
xent_key_init(c, &key, host->i_ino, &nm);
345
346
err = ubifs_tnc_lookup_nm(c, &key, xent, &nm);
346
347
if (err) {
347
348
if (err == -ENOENT)
348
349
err = -ENODATA;
349
-
goto out_unlock;
350
+
goto out_cleanup;
350
351
}
351
352
352
353
inode = iget_xattr(c, le64_to_cpu(xent->inum));
353
354
if (IS_ERR(inode)) {
354
355
err = PTR_ERR(inode);
355
-
goto out_unlock;
356
+
goto out_cleanup;
356
357
}
357
358
358
359
ui = ubifs_inode(inode);
359
360
ubifs_assert(c, inode->i_size == ui->data_len);
360
361
ubifs_assert(c, ubifs_inode(host)->xattr_size > ui->data_len);
361
362
362
-
mutex_lock(&ui->ui_mutex);
363
363
if (buf) {
364
364
/* If @buf is %NULL we are supposed to return the length */
365
365
if (ui->data_len > size) {
···
372
372
err = ui->data_len;
373
373
374
374
out_iput:
375
-
mutex_unlock(&ui->ui_mutex);
376
375
iput(inode);
377
-
out_unlock:
376
+
out_cleanup:
377
+
up_read(&ubifs_inode(host)->xattr_sem);
378
378
kfree(xent);
379
379
return err;
380
380
}
···
406
406
dbg_gen("ino %lu ('%pd'), buffer size %zd", host->i_ino,
407
407
dentry, size);
408
408
409
+
down_read(&host_ui->xattr_sem);
409
410
len = host_ui->xattr_names + host_ui->xattr_cnt;
410
-
if (!buffer)
411
+
if (!buffer) {
411
412
/*
412
413
* We should return the minimum buffer size which will fit a
413
414
* null-terminated list of all the extended attribute names.
414
415
*/
415
-
return len;
416
+
err = len;
417
+
goto out_err;
418
+
}
416
419
417
-
if (len > size)
418
-
return -ERANGE;
420
+
if (len > size) {
421
+
err = -ERANGE;
422
+
goto out_err;
423
+
}
419
424
420
425
lowest_xent_key(c, &key, host->i_ino);
421
426
while (1) {
···
442
437
pxent = xent;
443
438
key_read(c, &xent->key, &key);
444
439
}
445
-
446
440
kfree(pxent);
441
+
up_read(&host_ui->xattr_sem);
442
+
447
443
if (err != -ENOENT) {
448
444
ubifs_err(c, "cannot find next direntry, error %d", err);
449
445
return err;
···
452
446
453
447
ubifs_assert(c, written <= size);
454
448
return written;
449
+
450
+
out_err:
451
+
up_read(&host_ui->xattr_sem);
452
+
return err;
455
453
}
456
454
457
455
static int remove_xattr(struct ubifs_info *c, struct inode *host,
···
514
504
ubifs_warn(c, "inode %lu has too many xattrs, doing a non-atomic deletion",
515
505
host->i_ino);
516
506
507
+
down_write(&ubifs_inode(host)->xattr_sem);
517
508
lowest_xent_key(c, &key, host->i_ino);
518
509
while (1) {
519
510
xent = ubifs_tnc_next_ent(c, &key, &nm);
···
534
523
ubifs_ro_mode(c, err);
535
524
kfree(pxent);
536
525
kfree(xent);
537
-
return err;
526
+
goto out_err;
538
527
}
539
528
540
529
ubifs_assert(c, ubifs_inode(xino)->xattr);
···
546
535
kfree(xent);
547
536
iput(xino);
548
537
ubifs_err(c, "cannot remove xattr, error %d", err);
549
-
return err;
538
+
goto out_err;
550
539
}
551
540
552
541
iput(xino);
···
555
544
pxent = xent;
556
545
key_read(c, &xent->key, &key);
557
546
}
558
-
559
547
kfree(pxent);
548
+
up_write(&ubifs_inode(host)->xattr_sem);
549
+
560
550
if (err != -ENOENT) {
561
551
ubifs_err(c, "cannot find next direntry, error %d", err);
562
552
return err;
563
553
}
564
554
565
555
return 0;
556
+
557
+
out_err:
558
+
up_write(&ubifs_inode(host)->xattr_sem);
559
+
return err;
566
560
}
567
561
568
562
/**
···
610
594
if (!xent)
611
595
return -ENOMEM;
612
596
597
+
down_write(&ubifs_inode(host)->xattr_sem);
613
598
xent_key_init(c, &key, host->i_ino, &nm);
614
599
err = ubifs_tnc_lookup_nm(c, &key, xent, &nm);
615
600
if (err) {
···
635
618
iput(inode);
636
619
637
620
out_free:
621
+
up_write(&ubifs_inode(host)->xattr_sem);
638
622
kfree(xent);
639
623
return err;
640
624
}