[JFFS2] Fix race in garbage collector

Mon, 11 Jul 2005 12:19:28 -0700 

tree 66884a832e912decd06a8441db05fd78ec8e3e6e
parent abc37e6771ec92bb4c531d218ad572afbef6aa21
author Artem B. Bityuckiy <[EMAIL PROTECTED]> Sat, 09 Apr 2005 11:47:03 +0100
committer Thomas Gleixner <[EMAIL PROTECTED]> Mon, 23 May 2005 13:16:47 +0200

[JFFS2] Fix race in garbage collector

Fix the race problem described here:
http://lists.infradead.org/pipermail/linux-mtd/2005-April/012361.html

Signed-off-by: Artem B. Bityuckiy <[EMAIL PROTECTED]>
Signed-off-by: Thomas Gleixner <[EMAIL PROTECTED]>

 fs/jffs2/gc.c       |   30 ++++++++++++++++++++++++------
 fs/jffs2/nodelist.h |   14 +++++++++++++-
 2 files changed, 37 insertions(+), 7 deletions(-)

diff --git a/fs/jffs2/gc.c b/fs/jffs2/gc.c
--- a/fs/jffs2/gc.c
+++ b/fs/jffs2/gc.c
@@ -7,7 +7,7 @@
  *
  * For licensing information, see the file 'LICENCE' in this directory.
  *
- * $Id: gc.c,v 1.147 2005/03/20 21:43:22 dedekind Exp $
+ * $Id: gc.c,v 1.148 2005/04/09 10:47:00 dedekind Exp $
  *
  */
 
@@ -669,9 +669,10 @@ static int jffs2_garbage_collect_metadat
 {
        struct jffs2_full_dnode *new_fn;
        struct jffs2_raw_inode ri;
+       struct jffs2_node_frag *last_frag;
        jint16_t dev;
        char *mdata = NULL, mdatalen = 0;
-       uint32_t alloclen, phys_ofs;
+       uint32_t alloclen, phys_ofs, ilen;
        int ret;
 
        if (S_ISBLK(JFFS2_F_I_MODE(f)) ||
@@ -707,6 +708,14 @@ static int jffs2_garbage_collect_metadat
                goto out;
        }
        
+       last_frag = frag_last(&f->fragtree);
+       if (last_frag)
+               /* Fetch the inode length from the fragtree rather then
+                * from i_size since i_size may have not been updated yet */
+               ilen = last_frag->ofs + last_frag->size;
+       else
+               ilen = JFFS2_F_I_SIZE(f);
+       
        memset(&ri, 0, sizeof(ri));
        ri.magic = cpu_to_je16(JFFS2_MAGIC_BITMASK);
        ri.nodetype = cpu_to_je16(JFFS2_NODETYPE_INODE);
@@ -718,7 +727,7 @@ static int jffs2_garbage_collect_metadat
        ri.mode = cpu_to_jemode(JFFS2_F_I_MODE(f));
        ri.uid = cpu_to_je16(JFFS2_F_I_UID(f));
        ri.gid = cpu_to_je16(JFFS2_F_I_GID(f));
-       ri.isize = cpu_to_je32(JFFS2_F_I_SIZE(f));
+       ri.isize = cpu_to_je32(ilen);
        ri.atime = cpu_to_je32(JFFS2_F_I_ATIME(f));
        ri.ctime = cpu_to_je32(JFFS2_F_I_CTIME(f));
        ri.mtime = cpu_to_je32(JFFS2_F_I_MTIME(f));
@@ -898,7 +907,7 @@ static int jffs2_garbage_collect_hole(st
        struct jffs2_raw_inode ri;
        struct jffs2_node_frag *frag;
        struct jffs2_full_dnode *new_fn;
-       uint32_t alloclen, phys_ofs;
+       uint32_t alloclen, phys_ofs, ilen;
        int ret;
 
        D1(printk(KERN_DEBUG "Writing replacement hole node for ino #%u from 
offset 0x%x to 0x%x\n",
@@ -958,10 +967,19 @@ static int jffs2_garbage_collect_hole(st
                ri.csize = cpu_to_je32(0);
                ri.compr = JFFS2_COMPR_ZERO;
        }
+       
+       frag = frag_last(&f->fragtree);
+       if (frag)
+               /* Fetch the inode length from the fragtree rather then
+                * from i_size since i_size may have not been updated yet */
+               ilen = frag->ofs + frag->size;
+       else
+               ilen = JFFS2_F_I_SIZE(f);
+
        ri.mode = cpu_to_jemode(JFFS2_F_I_MODE(f));
        ri.uid = cpu_to_je16(JFFS2_F_I_UID(f));
        ri.gid = cpu_to_je16(JFFS2_F_I_GID(f));
-       ri.isize = cpu_to_je32(JFFS2_F_I_SIZE(f));
+       ri.isize = cpu_to_je32(ilen);
        ri.atime = cpu_to_je32(JFFS2_F_I_ATIME(f));
        ri.ctime = cpu_to_je32(JFFS2_F_I_CTIME(f));
        ri.mtime = cpu_to_je32(JFFS2_F_I_MTIME(f));
@@ -1168,7 +1186,7 @@ static int jffs2_garbage_collect_dnode(s
                D1(printk(KERN_DEBUG "Expanded dnode to write from (0x%x-0x%x) 
to (0x%x-0x%x)\n", 
                          orig_start, orig_end, start, end));
 
-               BUG_ON(end > JFFS2_F_I_SIZE(f));
+               D1(BUG_ON(end > frag_last(&f->fragtree)->ofs + 
frag_last(&f->fragtree)->size));
                BUG_ON(end < orig_end);
                BUG_ON(start > orig_start);
        }
diff --git a/fs/jffs2/nodelist.h b/fs/jffs2/nodelist.h
--- a/fs/jffs2/nodelist.h
+++ b/fs/jffs2/nodelist.h
@@ -7,7 +7,7 @@
  *
  * For licensing information, see the file 'LICENCE' in this directory.
  *
- * $Id: nodelist.h,v 1.128 2005/02/27 23:01:32 dwmw2 Exp $
+ * $Id: nodelist.h,v 1.130 2005/04/09 10:46:59 dedekind Exp $
  *
  */
 
@@ -363,6 +363,18 @@ static inline struct jffs2_node_frag *fr
                node = node->rb_left;
        return rb_entry(node, struct jffs2_node_frag, rb);
 }
+
+static inline struct jffs2_node_frag *frag_last(struct rb_root *root)
+{
+       struct rb_node *node = root->rb_node;
+
+       if (!node)
+               return NULL;
+       while(node->rb_right)
+               node = node->rb_right;
+       return rb_entry(node, struct jffs2_node_frag, rb);
+}
+
 #define rb_parent(rb) ((rb)->rb_parent)
 #define frag_next(frag) rb_entry(rb_next(&(frag)->rb), struct jffs2_node_frag, 
rb)
 #define frag_prev(frag) rb_entry(rb_prev(&(frag)->rb), struct jffs2_node_frag, 
rb)
-
To unsubscribe from this list: send the line "unsubscribe bk-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to