diff mbox series

[2/3] ubifs: protect assertion of xattr value size by ui_mutex during xattr get

Message ID 20200630130438.141649-3-houtao1@huawei.com
State New
Headers show
Series fixes for ubifs xattr operations | expand

Commit Message

Hou Tao June 30, 2020, 1:04 p.m. UTC
ubifs_xattr_get() may race with change_xattr() which will
update inode->i_size and ui->data_len accordingly, and
it will fail the assertion: inode->i_size == ui->data_len,
so protect the assertion by ui_mutex.

For assertion: host_ui->xattr_size > ui->data_len, it can not been
ensured even both host_ui->ui_mutex and ui->ui_mutex are acquired,
because the xattr value may has been removed by remove_xattr() and
xattr_size has already been decreased, so just remove it.

Signed-off-by: Hou Tao <houtao1@huawei.com>
---
 fs/ubifs/xattr.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c
index 5591b9fa1d86..82be2c2d2db5 100644
--- a/fs/ubifs/xattr.c
+++ b/fs/ubifs/xattr.c
@@ -356,10 +356,9 @@  ssize_t ubifs_xattr_get(struct inode *host, const char *name, void *buf,
 	}
 
 	ui = ubifs_inode(inode);
-	ubifs_assert(c, inode->i_size == ui->data_len);
-	ubifs_assert(c, ubifs_inode(host)->xattr_size > ui->data_len);
 
 	mutex_lock(&ui->ui_mutex);
+	ubifs_assert(c, inode->i_size == ui->data_len);
 	if (buf) {
 		/* If @buf is %NULL we are supposed to return the length */
 		if (ui->data_len > size) {