[v2] jffs2: fix invocations of dbg_xattr() for dead jffs2_xattr_ref

Message ID 20181215132547.27405-1-houtao1@huawei.com
State New
Delegated to: Richard Weinberger
Headers show
Series
  • [v2] jffs2: fix invocations of dbg_xattr() for dead jffs2_xattr_ref
Related show

Commit Message

Hou Tao Dec. 15, 2018, 1:25 p.m.
When jffs2_xattr_ref is dead, xref->ic or xref->xd will be invalid
because these fields will be reused as xref->ino or xref->xid,
so access xref->ic->ino or xref->xd->xid will lead to oops.

Fix the problem by using two new helper functions to get ino or xid
in xref and checking whether the xref is dead or not in these helpers.

Signed-off-by: Hou Tao <houtao1@huawei.com>
---
v2:
  * fix the alignment during line wrapping
  * add two new helper functions to access ino or xid in xref
---
 fs/jffs2/xattr.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

Patch

diff --git a/fs/jffs2/xattr.c b/fs/jffs2/xattr.c
index da3e18503c65..e21a1677ad75 100644
--- a/fs/jffs2/xattr.c
+++ b/fs/jffs2/xattr.c
@@ -25,6 +25,17 @@ 
 #include <linux/posix_acl_xattr.h>
 #include <linux/mtd/mtd.h>
 #include "nodelist.h"
+
+static inline uint32_t xattr_ref_ino(struct jffs2_xattr_ref *ref)
+{
+	return is_xattr_ref_dead(ref) ? ref->ino : ref->ic->ino;
+}
+
+static inline uint32_t xattr_ref_xid(struct jffs2_xattr_ref *ref)
+{
+	return is_xattr_ref_dead(ref) ? ref->xid : ref->xd->xid;
+}
+
 /* -------- xdatum related functions ----------------
  * xattr_datum_hashkey(xprefix, xname, xvalue, xsize)
  *   is used to calcurate xdatum hashkey. The reminder of hashkey into XATTRINDEX_HASHSIZE is
@@ -542,7 +553,8 @@  static int save_xattr_ref(struct jffs2_sb_info *c, struct jffs2_xattr_ref *ref)
 	ref->xseqno = xseqno;
 	jffs2_add_physical_node_ref(c, phys_ofs | REF_PRISTINE, PAD(sizeof(rr)), (void *)ref);
 
-	dbg_xattr("success on saving xref (ino=%u, xid=%u)\n", ref->ic->ino, ref->xd->xid);
+	dbg_xattr("success on saving xref (ino=%u, xid=%u)\n",
+		  xattr_ref_ino(ref), xattr_ref_xid(ref));
 
 	return 0;
 }
@@ -1278,7 +1290,8 @@  int jffs2_garbage_collect_xattr_ref(struct jffs2_sb_info *c, struct jffs2_xattr_
 	rc = save_xattr_ref(c, ref);
 	if (!rc)
 		dbg_xattr("xref (ino=%u, xid=%u) GC'ed from %#08x to %08x\n",
-			  ref->ic->ino, ref->xd->xid, old_ofs, ref_offset(ref->node));
+			  xattr_ref_ino(ref), xattr_ref_xid(ref),
+			  old_ofs, ref_offset(ref->node));
  out:
 	if (!rc)
 		jffs2_mark_node_obsolete(c, raw);