korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-09-21 20:22:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
c07a4dab24
linux/fs/ubifs
History
Zhihao Cheng c07a4dab24 ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under @c->lp_mutex 
The checking of @c->nroot->flags and @c->dirty_[n|p]n_cnt in function
nothing_to_commit() is not atomic, which could be raced with modifying
of lpt, for example:
       P1        P2        P3
run_gc
 ubifs_garbage_collect
              do_commit
 ubifs_return_leb
  ubifs_lpt_lookup_dirty
   dirty_cow_nnode
                       do_commit
			nothing_to_commit
			 if (test_bit(DIRTY_CNODE, &c->nroot->flags)
			 // false
   test_and_set_bit(DIRTY_CNODE, &nnode->flags)
   c->dirty_nn_cnt += 1
                         ubifs_assert(c, c->dirty_nn_cnt == 0)
			 // false !

Fetch a reproducer in Link:
 UBIFS error (ubi0:0 pid 2747): ubifs_assert_failed
 UBIFS assert failed: c->dirty_pn_cnt == 0, in fs/ubifs/commit.c
 Call Trace:
  ubifs_ro_mode+0x58/0x70 [ubifs]
  ubifs_assert_failed+0x6a/0x90 [ubifs]
  do_commit+0x5b7/0x930 [ubifs]
  ubifs_run_commit+0xc6/0x1a0 [ubifs]
  ubifs_sync_fs+0xd8/0x110 [ubifs]
  sync_filesystem+0xb4/0x120
  do_syscall_64+0x6f/0x140

Fix it by checking @c->dirty_[n|p]n_cnt and @c->nroot state with
@c->lp_mutex locked.

Fixes: 944fdef52c ("UBIFS: do not start the commit if there is nothing to commit")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=218162
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
2024-01-05 17:03:41 +01:00
..
auth.c ubifs: auth.c: fix kernel-doc function prototype warning 2024-01-05 16:34:39 +01:00
budget.c ubifs: Reserve one leb for each journal head while doing budget 2023-02-02 21:13:40 +01:00
commit.c ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under @c->lp_mutex 2024-01-05 17:03:41 +01:00
compress.c ubifs: Remove return in compr_exit() 2023-04-21 22:31:03 +02:00
crypto.c fscrypt: make the bounce page pool opt-in instead of opt-out 2023-09-24 23:03:09 -07:00
debug.c ubifs: convert to new timestamp accessors 2023-10-18 14:08:28 +02:00
debug.h
dir.c This pull request contains updates for UBI and UBIFS 2023-11-05 08:28:32 -10:00
file.c This pull request contains updates for UBI and UBIFS 2023-11-05 08:28:32 -10:00
find.c
gc.c ubifs: read-only if LEB may always be taken in ubifs_garbage_collect 2021-12-23 22:30:38 +01:00
io.c ubifs: Fix kernel-doc 2023-02-02 21:13:53 +01:00
ioctl.c ubifs: convert to ctime accessor functions 2023-07-24 10:30:05 +02:00
journal.c This pull request contains updates for UBI and UBIFS 2023-11-05 08:28:32 -10:00
Kconfig
key.h
log.c
lprops.c
lpt_commit.c treewide: use get_random_u32_below() instead of deprecated function 2022-11-18 02:15:15 +01:00
lpt.c
Makefile ubifs: Export filesystem error counters 2021-12-23 20:23:42 +01:00
master.c
misc.c
misc.h
orphan.c
recovery.c
replay.c ubifs: describe function parameters 2024-01-05 16:35:25 +01:00
sb.c
scan.c
shrinker.c
super.c This pull request contains updates for UBI and UBIFS 2023-11-05 08:28:32 -10:00
sysfs.c ubifs: make kobj_type structures constant 2023-02-13 22:29:54 +01:00
tnc_commit.c treewide: use get_random_u32_below() instead of deprecated function 2022-11-18 02:15:15 +01:00
tnc_misc.c
tnc.c ubifs: fix possible dereference after free 2023-10-28 23:18:12 +02:00
ubifs-media.h
ubifs.h This update includes the following changes: 2023-11-02 16:15:30 -10:00
xattr.c ubifs: move ubifs_xattr_handlers to .rodata 2023-10-10 13:49:20 +02:00