Linux-mtd Archive on lore.kernel.org
 help / color / Atom feed
From: Hou Tao <houtao1@huawei.com>
To: Richard Weinberger <richard@nod.at>, <linux-mtd@lists.infradead.org>
Cc: houtao1@huawei.com
Subject: [PATCH 2/3] ubifs: protect assertion of xattr value size by ui_mutex during xattr get
Date: Tue, 30 Jun 2020 21:04:37 +0800
Message-ID: <20200630130438.141649-3-houtao1@huawei.com> (raw)
In-Reply-To: <20200630130438.141649-1-houtao1@huawei.com>

ubifs_xattr_get() may race with change_xattr() which will
update inode->i_size and ui->data_len accordingly, and
it will fail the assertion: inode->i_size == ui->data_len,
so protect the assertion by ui_mutex.

For assertion: host_ui->xattr_size > ui->data_len, it can not been
ensured even both host_ui->ui_mutex and ui->ui_mutex are acquired,
because the xattr value may has been removed by remove_xattr() and
xattr_size has already been decreased, so just remove it.

Signed-off-by: Hou Tao <houtao1@huawei.com>
---
 fs/ubifs/xattr.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c
index 5591b9fa1d86..82be2c2d2db5 100644
--- a/fs/ubifs/xattr.c
+++ b/fs/ubifs/xattr.c
@@ -356,10 +356,9 @@ ssize_t ubifs_xattr_get(struct inode *host, const char *name, void *buf,
 	}
 
 	ui = ubifs_inode(inode);
-	ubifs_assert(c, inode->i_size == ui->data_len);
-	ubifs_assert(c, ubifs_inode(host)->xattr_size > ui->data_len);
 
 	mutex_lock(&ui->ui_mutex);
+	ubifs_assert(c, inode->i_size == ui->data_len);
 	if (buf) {
 		/* If @buf is %NULL we are supposed to return the length */
 		if (ui->data_len > size) {
-- 
2.25.0.4.g0ad7144999


______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/

  parent reply index

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-30 13:04 [PATCH 0/3] fixes for ubifs xattr operations Hou Tao
2020-06-30 13:04 ` [PATCH 1/3] ubifs: check the remaining name buffer during xattr list Hou Tao
2020-06-30 13:04 ` Hou Tao [this message]
2020-06-30 13:04 ` [PATCH 3/3] ubifs: ensure only one in-memory xattr inode is created Hou Tao
2020-06-30 13:15 ` [PATCH 0/3] fixes for ubifs xattr operations Richard Weinberger
2020-07-01  1:11   ` Hou Tao

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200630130438.141649-3-houtao1@huawei.com \
    --to=houtao1@huawei.com \
    --cc=linux-mtd@lists.infradead.org \
    --cc=richard@nod.at \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-mtd Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-mtd/0 linux-mtd/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-mtd linux-mtd/ https://lore.kernel.org/linux-mtd \
		linux-mtd@lists.infradead.org
	public-inbox-index linux-mtd

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.infradead.lists.linux-mtd


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git