| Message ID | 20200630130438.141649-3-houtao1@huawei.com |
|---|---|
| State | Changes Requested |
| Delegated to: | Richard Weinberger |
| Headers | show |
| Series | fixes for ubifs xattr operations | expand |
diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c index 5591b9fa1d86..82be2c2d2db5 100644 --- a/fs/ubifs/xattr.c +++ b/fs/ubifs/xattr.c @@ -356,10 +356,9 @@ ssize_t ubifs_xattr_get(struct inode *host, const char *name, void *buf, } ui = ubifs_inode(inode); - ubifs_assert(c, inode->i_size == ui->data_len); - ubifs_assert(c, ubifs_inode(host)->xattr_size > ui->data_len); mutex_lock(&ui->ui_mutex); + ubifs_assert(c, inode->i_size == ui->data_len); if (buf) { /* If @buf is %NULL we are supposed to return the length */ if (ui->data_len > size) {
ubifs_xattr_get() may race with change_xattr() which will update inode->i_size and ui->data_len accordingly, and it will fail the assertion: inode->i_size == ui->data_len, so protect the assertion by ui_mutex. For assertion: host_ui->xattr_size > ui->data_len, it can not been ensured even both host_ui->ui_mutex and ui->ui_mutex are acquired, because the xattr value may has been removed by remove_xattr() and xattr_size has already been decreased, so just remove it. Signed-off-by: Hou Tao <houtao1@huawei.com> --- fs/ubifs/xattr.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)