[PATCH 1/2] UBIFS: prepare to fix a horrid bug
Joakim Tjernlund
joakim.tjernlund at transmode.se
Fri Jun 28 08:27:58 EDT 2013
"linux-mtd" <linux-mtd-bounces at lists.infradead.org> wrote on 2013/06/28
13:15:14:
>
> From: Artem Bityutskiy <artem.bityutskiy at linux.intel.com>
>
> Al Viro pointed me to the fact that '->readdir()' and '->llseek()' have
no
> mutual exclusion, which means the 'ubifs_dir_llseek()' can be run while
we are
> in the middle of 'ubifs_readdir()'.
>
> First of all, this means that 'file->private_data' can be freed while
> 'ubifs_readdir()' uses it. But this particular patch does not fix the
problem.
> This patch is only a preparation, and the fix will follow next.
>
> In this patch we make 'ubifs_readdir()' stop using 'file->f_pos'
directly,
> because 'file->f_pos' can be changed by '->llseek()' at any point. This
may
> lead 'ubifs_readdir()' to returning inconsistent data: directory entry
names
> may correspond to incorrect file positions.
>
> So here we introduce a local variable 'pos', read 'file->f_pose' once at
very
> the beginning, and then stick to 'pos'. The result of this is that when
> 'ubifs_dir_llseek()' changes 'file->f_pos' while we are in the middle of
> 'ubifs_readdir()', the latter "wins".
Ouch, I hope JFFS2 doesn't have the same bug?
Jcoe
More information about the linux-mtd
mailing list