[PATCH 07/35] UBI: Fastmap: Fix races in ubi_wl_get_peb()
Artem Bityutskiy
dedekind1 at gmail.com
Wed Nov 5 07:51:47 PST 2014
On Wed, 2014-10-29 at 13:45 +0100, Richard Weinberger wrote:
> ubi_wl_get_peb() has two problems, it reads the pool
> size and usage counters without any protection.
> While reading one value would be perfectly fine it reads multiple
> values and compares them. This is racy and can lead to incorrect
> pool handling.
> Furthermore ubi_update_fastmap() is called without wl_lock held,
> before incrementing the used counter it needs to be checked again.
> It could happen that another thread consumed all PEBs from the
> pool and the counter goes beyond ->size.
So wl_lock protects the 'pool->*' variables? Could you please add this
information to ubi.h. Namely, in the huge comment above 'struct device'
we document each lock, and we list the variables the lock protects.
> - if (!pool->size || !wl_pool->size || pool->used == pool->size ||
> - wl_pool->used == wl_pool->size)
> +again:
> + spin_lock(&ubi->wl_lock);
Is it possible to add a little comment here which translates the
condition below into English?
> + if (!pool->size || !wl_pool->size || pool->used >= pool->size ||
> + wl_pool->used >= wl_pool->size) {
> + spin_unlock(&ubi->wl_lock);
> ubi_update_fastmap(ubi);
> -
More information about the linux-mtd
mailing list