summaryrefslogtreecommitdiffstats
path: root/fs/ubifs/ubifs.h
diff options
context:
space:
mode:
authorZhihao Cheng <chengzhihao1@huawei.com>2021-05-31 14:52:09 +0200
committerRichard Weinberger <richard@nod.at>2021-06-18 22:04:47 +0200
commitf4e3634a3b642225a530c292fdb1e8a4007507f5 (patch)
tree3aeb9658f4ab13f138415ee881d66af842cfec32 /fs/ubifs/ubifs.h
parentubifs: fix snprintf() checking (diff)
downloadlinux-f4e3634a3b642225a530c292fdb1e8a4007507f5.tar.xz
linux-f4e3634a3b642225a530c292fdb1e8a4007507f5.zip
ubifs: Fix races between xattr_{set|get} and listxattr operations
UBIFS may occur some problems with concurrent xattr_{set|get} and listxattr operations, such as assertion failure, memory corruption, stale xattr value[1]. Fix it by importing a new rw-lock in @ubifs_inode to serilize write operations on xattr, concurrent read operations are still effective, just like ext4. [1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com Fixes: 1e51764a3c2ac05a23 ("UBIFS: add new flash file system") Cc: stable@vger.kernel.org # v2.6+ Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Reviewed-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
Diffstat (limited to 'fs/ubifs/ubifs.h')
-rw-r--r--fs/ubifs/ubifs.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h
index b65c599a386a..7e978f421430 100644
--- a/fs/ubifs/ubifs.h
+++ b/fs/ubifs/ubifs.h
@@ -356,6 +356,7 @@ struct ubifs_gced_idx_leb {
* @ui_mutex: serializes inode write-back with the rest of VFS operations,
* serializes "clean <-> dirty" state changes, serializes bulk-read,
* protects @dirty, @bulk_read, @ui_size, and @xattr_size
+ * @xattr_sem: serilizes write operations (remove|set|create) on xattr
* @ui_lock: protects @synced_i_size
* @synced_i_size: synchronized size of inode, i.e. the value of inode size
* currently stored on the flash; used only for regular file
@@ -409,6 +410,7 @@ struct ubifs_inode {
unsigned int bulk_read:1;
unsigned int compr_type:2;
struct mutex ui_mutex;
+ struct rw_semaphore xattr_sem;
spinlock_t ui_lock;
loff_t synced_i_size;
loff_t ui_size;