[PATCH 2/3] ubifs: protect assertion of xattr value size by ui_mutex during xattr get
Hou Tao
houtao1 at huawei.com
Tue Jun 30 09:04:37 EDT 2020
ubifs_xattr_get() may race with change_xattr() which will
update inode->i_size and ui->data_len accordingly, and
it will fail the assertion: inode->i_size == ui->data_len,
so protect the assertion by ui_mutex.
For assertion: host_ui->xattr_size > ui->data_len, it can not been
ensured even both host_ui->ui_mutex and ui->ui_mutex are acquired,
because the xattr value may has been removed by remove_xattr() and
xattr_size has already been decreased, so just remove it.
Signed-off-by: Hou Tao <houtao1 at huawei.com>
---
fs/ubifs/xattr.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c
index 5591b9fa1d86..82be2c2d2db5 100644
--- a/fs/ubifs/xattr.c
+++ b/fs/ubifs/xattr.c
@@ -356,10 +356,9 @@ ssize_t ubifs_xattr_get(struct inode *host, const char *name, void *buf,
}
ui = ubifs_inode(inode);
- ubifs_assert(c, inode->i_size == ui->data_len);
- ubifs_assert(c, ubifs_inode(host)->xattr_size > ui->data_len);
mutex_lock(&ui->ui_mutex);
+ ubifs_assert(c, inode->i_size == ui->data_len);
if (buf) {
/* If @buf is %NULL we are supposed to return the length */
if (ui->data_len > size) {
--
2.25.0.4.g0ad7144999
More information about the linux-mtd
mailing list