tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'upstream-5.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs

Pull UBI/UBIFS/JFFS2 updates from Richard Weinberger:
"This pull request contains mostly fixes for UBI, UBIFS and JFFS2:

UBI:

- Fix a regression around producing a anchor PEB for fastmap.

Due to a change in our locking fastmap was unable to produce fresh
anchors an re-used the existing one a way to often.

UBIFS:

- Fixes for endianness. A few places blindly assumed little endian.

- Fix for a memory leak in the orphan code.

- Fix for a possible crash during a commit.

- Revert a wrong bugfix.

JFFS2:

- Revert a bad bugfix (false positive from a code checking tool)"

* tag 'upstream-5.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs:
Revert "jffs2: Fix possible null-pointer dereferences in jffs2_add_frag_to_fragtree()"
ubi: Fix producing anchor PEBs
ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps
ubifs: do_kill_orphans: Fix a memory leak bug
Revert "ubifs: Fix memory leak bug in alloc_ubifs_info() error path"
ubifs: Fix type of sup->hash_algo
ubifs: Fixed missed le64_to_cpu() in journal
ubifs: Force prandom result to __le32
ubifs: Remove obsolete TODO from dfs_file_write()
ubi: Fix warning static is not at beginning of declaration
ubi: Print skip_check in ubi_dump_vol_info()

Linus Torvalds e3a251e3 97eeb4d9

+85 -77
+1
drivers/mtd/ubi/debug.c
··· 107 107 pr_err("\tlast_eb_bytes %d\n", vol->last_eb_bytes); 108 108 pr_err("\tcorrupted %d\n", vol->corrupted); 109 109 pr_err("\tupd_marker %d\n", vol->upd_marker); 110 + pr_err("\tskip_check %d\n", vol->skip_check); 110 111 111 112 if (vol->name_len <= UBI_VOL_NAME_MAX && 112 113 strnlen(vol->name, vol->name_len + 1) == vol->name_len) {
+18 -13
drivers/mtd/ubi/fastmap-wl.c
··· 57 57 } 58 58 } 59 59 60 - static int anchor_pebs_available(struct rb_root *root) 61 - { 62 - struct rb_node *p; 63 - struct ubi_wl_entry *e; 64 - 65 - ubi_rb_for_each_entry(p, e, root, u.rb) 66 - if (e->pnum < UBI_FM_MAX_START) 67 - return 1; 68 - 69 - return 0; 70 - } 71 - 72 60 /** 73 61 * ubi_wl_get_fm_peb - find a physical erase block with a given maximal number. 74 62 * @ubi: UBI device description object ··· 265 277 int ubi_ensure_anchor_pebs(struct ubi_device *ubi) 266 278 { 267 279 struct ubi_work *wrk; 280 + struct ubi_wl_entry *anchor; 268 281 269 282 spin_lock(&ubi->wl_lock); 283 + 284 + /* Do we already have an anchor? */ 285 + if (ubi->fm_anchor) { 286 + spin_unlock(&ubi->wl_lock); 287 + return 0; 288 + } 289 + 290 + /* See if we can find an anchor PEB on the list of free PEBs */ 291 + anchor = ubi_wl_get_fm_peb(ubi, 1); 292 + if (anchor) { 293 + ubi->fm_anchor = anchor; 294 + spin_unlock(&ubi->wl_lock); 295 + return 0; 296 + } 297 + 298 + /* No luck, trigger wear leveling to produce a new anchor PEB */ 299 + ubi->fm_do_produce_anchor = 1; 270 300 if (ubi->wl_scheduled) { 271 301 spin_unlock(&ubi->wl_lock); 272 302 return 0; ··· 300 294 return -ENOMEM; 301 295 } 302 296 303 - wrk->anchor = 1; 304 297 wrk->func = &wear_leveling_worker; 305 298 __schedule_ubi_work(ubi, wrk); 306 299 return 0;
+5 -9
drivers/mtd/ubi/fastmap.c
··· 1540 1540 return 0; 1541 1541 } 1542 1542 1543 - ret = ubi_ensure_anchor_pebs(ubi); 1544 - if (ret) { 1545 - up_write(&ubi->fm_eba_sem); 1546 - up_write(&ubi->work_sem); 1547 - up_write(&ubi->fm_protect); 1548 - return ret; 1549 - } 1550 - 1551 1543 new_fm = kzalloc(sizeof(*new_fm), GFP_KERNEL); 1552 1544 if (!new_fm) { 1553 1545 up_write(&ubi->fm_eba_sem); ··· 1610 1618 } 1611 1619 1612 1620 spin_lock(&ubi->wl_lock); 1613 - tmp_e = ubi_wl_get_fm_peb(ubi, 1); 1621 + tmp_e = ubi->fm_anchor; 1622 + ubi->fm_anchor = NULL; 1614 1623 spin_unlock(&ubi->wl_lock); 1615 1624 1616 1625 if (old_fm) { ··· 1663 1670 up_write(&ubi->work_sem); 1664 1671 up_write(&ubi->fm_protect); 1665 1672 kfree(old_fm); 1673 + 1674 + ubi_ensure_anchor_pebs(ubi); 1675 + 1666 1676 return ret; 1667 1677 1668 1678 err:
+5 -3
drivers/mtd/ubi/ubi.h
··· 491 491 * @fm_work: fastmap work queue 492 492 * @fm_work_scheduled: non-zero if fastmap work was scheduled 493 493 * @fast_attach: non-zero if UBI was attached by fastmap 494 + * @fm_anchor: The next anchor PEB to use for fastmap 495 + * @fm_do_produce_anchor: If true produce an anchor PEB in wl 494 496 * 495 497 * @used: RB-tree of used physical eraseblocks 496 498 * @erroneous: RB-tree of erroneous used physical eraseblocks ··· 601 599 struct work_struct fm_work; 602 600 int fm_work_scheduled; 603 601 int fast_attach; 602 + struct ubi_wl_entry *fm_anchor; 603 + int fm_do_produce_anchor; 604 604 605 605 /* Wear-leveling sub-system's stuff */ 606 606 struct rb_root used; ··· 793 789 * @vol_id: the volume ID on which this erasure is being performed 794 790 * @lnum: the logical eraseblock number 795 791 * @torture: if the physical eraseblock has to be tortured 796 - * @anchor: produce a anchor PEB to by used by fastmap 797 792 * 798 793 * The @func pointer points to the worker function. If the @shutdown argument is 799 794 * not zero, the worker has to free the resources and exit immediately as the ··· 808 805 int vol_id; 809 806 int lnum; 810 807 int torture; 811 - int anchor; 812 808 }; 813 809 814 810 #include "debug.h" ··· 970 968 void ubi_fastmap_destroy_checkmap(struct ubi_volume *vol); 971 969 #else 972 970 static inline int ubi_update_fastmap(struct ubi_device *ubi) { return 0; } 973 - int static inline ubi_fastmap_init_checkmap(struct ubi_volume *vol, int leb_count) { return 0; } 971 + static inline int ubi_fastmap_init_checkmap(struct ubi_volume *vol, int leb_count) { return 0; } 974 972 static inline void ubi_fastmap_destroy_checkmap(struct ubi_volume *vol) {} 975 973 #endif 976 974
+14 -18
drivers/mtd/ubi/wl.c
··· 339 339 } 340 340 } 341 341 342 - /* If no fastmap has been written and this WL entry can be used 343 - * as anchor PEB, hold it back and return the second best WL entry 344 - * such that fastmap can use the anchor PEB later. */ 345 - if (prev_e && !ubi->fm_disabled && 346 - !ubi->fm && e->pnum < UBI_FM_MAX_START) 347 - return prev_e; 348 - 349 342 return e; 350 343 } 351 344 ··· 649 656 { 650 657 int err, scrubbing = 0, torture = 0, protect = 0, erroneous = 0; 651 658 int erase = 0, keep = 0, vol_id = -1, lnum = -1; 652 - #ifdef CONFIG_MTD_UBI_FASTMAP 653 - int anchor = wrk->anchor; 654 - #endif 655 659 struct ubi_wl_entry *e1, *e2; 656 660 struct ubi_vid_io_buf *vidb; 657 661 struct ubi_vid_hdr *vid_hdr; ··· 688 698 } 689 699 690 700 #ifdef CONFIG_MTD_UBI_FASTMAP 691 - /* Check whether we need to produce an anchor PEB */ 692 - if (!anchor) 693 - anchor = !anchor_pebs_available(&ubi->free); 694 - 695 - if (anchor) { 701 + if (ubi->fm_do_produce_anchor) { 696 702 e1 = find_anchor_wl_entry(&ubi->used); 697 703 if (!e1) 698 704 goto out_cancel; ··· 705 719 self_check_in_wl_tree(ubi, e1, &ubi->used); 706 720 rb_erase(&e1->u.rb, &ubi->used); 707 721 dbg_wl("anchor-move PEB %d to PEB %d", e1->pnum, e2->pnum); 722 + ubi->fm_do_produce_anchor = 0; 708 723 } else if (!ubi->scrub.rb_node) { 709 724 #else 710 725 if (!ubi->scrub.rb_node) { ··· 1038 1051 goto out_cancel; 1039 1052 } 1040 1053 1041 - wrk->anchor = 0; 1042 1054 wrk->func = &wear_leveling_worker; 1043 1055 if (nested) 1044 1056 __schedule_ubi_work(ubi, wrk); ··· 1079 1093 err = sync_erase(ubi, e, wl_wrk->torture); 1080 1094 if (!err) { 1081 1095 spin_lock(&ubi->wl_lock); 1082 - wl_tree_add(e, &ubi->free); 1083 - ubi->free_count++; 1096 + 1097 + if (!ubi->fm_anchor && e->pnum < UBI_FM_MAX_START) { 1098 + ubi->fm_anchor = e; 1099 + ubi->fm_do_produce_anchor = 0; 1100 + } else { 1101 + wl_tree_add(e, &ubi->free); 1102 + ubi->free_count++; 1103 + } 1104 + 1084 1105 spin_unlock(&ubi->wl_lock); 1085 1106 1086 1107 /* ··· 1875 1882 if (err) 1876 1883 goto out_free; 1877 1884 1885 + #ifdef CONFIG_MTD_UBI_FASTMAP 1886 + ubi_ensure_anchor_pebs(ubi); 1887 + #endif 1878 1888 return 0; 1879 1889 1880 1890 out_free:
-1
drivers/mtd/ubi/wl.h
··· 2 2 #ifndef UBI_WL_H 3 3 #define UBI_WL_H 4 4 #ifdef CONFIG_MTD_UBI_FASTMAP 5 - static int anchor_pebs_available(struct rb_root *root); 6 5 static void update_fastmap_work_fn(struct work_struct *wrk); 7 6 static struct ubi_wl_entry *find_anchor_wl_entry(struct rb_root *root); 8 7 static struct ubi_wl_entry *get_peb_for_wl(struct ubi_device *ubi);
+1 -1
fs/jffs2/nodelist.c
··· 226 226 lastend = this->ofs + this->size; 227 227 } else { 228 228 dbg_fragtree2("lookup gave no frag\n"); 229 - return -EINVAL; 229 + lastend = 0; 230 230 } 231 231 232 232 /* See if we ran off the end of the fragtree */
-12
fs/ubifs/debug.c
··· 2737 2737 struct dentry *dent = file->f_path.dentry; 2738 2738 int val; 2739 2739 2740 - /* 2741 - * TODO: this is racy - the file-system might have already been 2742 - * unmounted and we'd oops in this case. The plan is to fix it with 2743 - * help of 'iterate_supers_type()' which we should have in v3.0: when 2744 - * a debugfs opened, we rember FS's UUID in file->private_data. Then 2745 - * whenever we access the FS via a debugfs file, we iterate all UBIFS 2746 - * superblocks and fine the one with the same UUID, and take the 2747 - * locking right. 2748 - * 2749 - * The other way to go suggested by Al Viro is to create a separate 2750 - * 'ubifs-debug' file-system instead. 2751 - */ 2752 2740 if (file->f_path.dentry == d->dfs_dump_lprops) { 2753 2741 ubifs_dump_lprops(c); 2754 2742 return count;
+2 -2
fs/ubifs/journal.c
··· 503 503 static void set_dent_cookie(struct ubifs_info *c, struct ubifs_dent_node *dent) 504 504 { 505 505 if (c->double_hash) 506 - dent->cookie = prandom_u32(); 506 + dent->cookie = (__force __le32) prandom_u32(); 507 507 else 508 508 dent->cookie = 0; 509 509 } ··· 899 899 fname_name(&nm) = xent->name; 900 900 fname_len(&nm) = le16_to_cpu(xent->nlen); 901 901 902 - xino = ubifs_iget(c->vfs_sb, xent->inum); 902 + xino = ubifs_iget(c->vfs_sb, le64_to_cpu(xent->inum)); 903 903 if (IS_ERR(xino)) { 904 904 err = PTR_ERR(xino); 905 905 ubifs_err(c, "dead directory entry '%s', error %d",
+10 -7
fs/ubifs/orphan.c
··· 631 631 ino_t inum; 632 632 int i, n, err, first = 1; 633 633 634 + ino = kmalloc(UBIFS_MAX_INO_NODE_SZ, GFP_NOFS); 635 + if (!ino) 636 + return -ENOMEM; 637 + 634 638 list_for_each_entry(snod, &sleb->nodes, list) { 635 639 if (snod->type != UBIFS_ORPH_NODE) { 636 640 ubifs_err(c, "invalid node type %d in orphan area at %d:%d", 637 641 snod->type, sleb->lnum, snod->offs); 638 642 ubifs_dump_node(c, snod->node); 639 - return -EINVAL; 643 + err = -EINVAL; 644 + goto out_free; 640 645 } 641 646 642 647 orph = snod->node; ··· 668 663 ubifs_err(c, "out of order commit number %llu in orphan node at %d:%d", 669 664 cmt_no, sleb->lnum, snod->offs); 670 665 ubifs_dump_node(c, snod->node); 671 - return -EINVAL; 666 + err = -EINVAL; 667 + goto out_free; 672 668 } 673 669 dbg_rcvry("out of date LEB %d", sleb->lnum); 674 670 *outofdate = 1; 675 - return 0; 671 + err = 0; 672 + goto out_free; 676 673 } 677 674 678 675 if (first) 679 676 first = 0; 680 - 681 - ino = kmalloc(UBIFS_MAX_INO_NODE_SZ, GFP_NOFS); 682 - if (!ino) 683 - return -ENOMEM; 684 677 685 678 n = (le32_to_cpu(orph->ch.len) - UBIFS_ORPH_NODE_SZ) >> 3; 686 679 for (i = 0; i < n; i++) {
+1 -1
fs/ubifs/sb.c
··· 184 184 if (err) 185 185 goto out; 186 186 } else { 187 - sup->hash_algo = 0xffff; 187 + sup->hash_algo = cpu_to_le16(0xffff); 188 188 } 189 189 190 190 sup->ch.node_type = UBIFS_SB_NODE;
+1 -3
fs/ubifs/super.c
··· 2267 2267 } 2268 2268 } else { 2269 2269 err = ubifs_fill_super(sb, data, flags & SB_SILENT ? 1 : 0); 2270 - if (err) { 2271 - kfree(c); 2270 + if (err) 2272 2271 goto out_deact; 2273 - } 2274 2272 /* We do not support atime */ 2275 2273 sb->s_flags |= SB_ACTIVE; 2276 2274 if (IS_ENABLED(CONFIG_UBIFS_ATIME_SUPPORT))
+27 -7
fs/ubifs/tnc_commit.c
··· 212 212 /** 213 213 * layout_leb_in_gaps - layout index nodes using in-the-gaps method. 214 214 * @c: UBIFS file-system description object 215 - * @p: return LEB number here 215 + * @p: return LEB number in @c->gap_lebs[p] 216 216 * 217 217 * This function lays out new index nodes for dirty znodes using in-the-gaps 218 218 * method of TNC commit. ··· 221 221 * This function returns the number of index nodes written into the gaps, or a 222 222 * negative error code on failure. 223 223 */ 224 - static int layout_leb_in_gaps(struct ubifs_info *c, int *p) 224 + static int layout_leb_in_gaps(struct ubifs_info *c, int p) 225 225 { 226 226 struct ubifs_scan_leb *sleb; 227 227 struct ubifs_scan_node *snod; ··· 236 236 * filled, however we do not check there at present. 237 237 */ 238 238 return lnum; /* Error code */ 239 - *p = lnum; 239 + c->gap_lebs[p] = lnum; 240 240 dbg_gc("LEB %d", lnum); 241 241 /* 242 242 * Scan the index LEB. We use the generic scan for this even though ··· 355 355 */ 356 356 static int layout_in_gaps(struct ubifs_info *c, int cnt) 357 357 { 358 - int err, leb_needed_cnt, written, *p; 358 + int err, leb_needed_cnt, written, p = 0, old_idx_lebs, *gap_lebs; 359 359 360 360 dbg_gc("%d znodes to write", cnt); 361 361 ··· 364 364 if (!c->gap_lebs) 365 365 return -ENOMEM; 366 366 367 - p = c->gap_lebs; 367 + old_idx_lebs = c->lst.idx_lebs; 368 368 do { 369 - ubifs_assert(c, p < c->gap_lebs + c->lst.idx_lebs); 369 + ubifs_assert(c, p < c->lst.idx_lebs); 370 370 written = layout_leb_in_gaps(c, p); 371 371 if (written < 0) { 372 372 err = written; ··· 392 392 leb_needed_cnt = get_leb_cnt(c, cnt); 393 393 dbg_gc("%d znodes remaining, need %d LEBs, have %d", cnt, 394 394 leb_needed_cnt, c->ileb_cnt); 395 + /* 396 + * Dynamically change the size of @c->gap_lebs to prevent 397 + * oob, because @c->lst.idx_lebs could be increased by 398 + * function @get_idx_gc_leb (called by layout_leb_in_gaps-> 399 + * ubifs_find_dirty_idx_leb) during loop. Only enlarge 400 + * @c->gap_lebs when needed. 401 + * 402 + */ 403 + if (leb_needed_cnt > c->ileb_cnt && p >= old_idx_lebs && 404 + old_idx_lebs < c->lst.idx_lebs) { 405 + old_idx_lebs = c->lst.idx_lebs; 406 + gap_lebs = krealloc(c->gap_lebs, sizeof(int) * 407 + (old_idx_lebs + 1), GFP_NOFS); 408 + if (!gap_lebs) { 409 + kfree(c->gap_lebs); 410 + c->gap_lebs = NULL; 411 + return -ENOMEM; 412 + } 413 + c->gap_lebs = gap_lebs; 414 + } 395 415 } while (leb_needed_cnt > c->ileb_cnt); 396 416 397 - *p = -1; 417 + c->gap_lebs[p] = -1; 398 418 return 0; 399 419 } 400 420