Skip to content

Commit 11a6fc3

Browse files
richardweinbergerrichardweinberger
committed
ubifs: xattr: Don't operate on deleted inodes
xattr operations can race with unlink and the following assert triggers: UBIFS assert failed in ubifs_jnl_change_xattr at 1606 (pid 6256) Fix this by checking i_nlink before working on the host inode. Cc: <[email protected]> Fixes: 1e51764 ("UBIFS: add new flash file system") Signed-off-by: Richard Weinberger <[email protected]>
1 parent 312c39b commit 11a6fc3

File tree

1 file changed

+24
-0
lines changed

1 file changed

+24
-0
lines changed

fs/ubifs/xattr.c

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -152,6 +152,12 @@ static int create_xattr(struct ubifs_info *c, struct inode *host,
152152
ui->data_len = size;
153153

154154
mutex_lock(&host_ui->ui_mutex);
155+
156+
if (!host->i_nlink) {
157+
err = -ENOENT;
158+
goto out_noent;
159+
}
160+
155161
host->i_ctime = current_time(host);
156162
host_ui->xattr_cnt += 1;
157163
host_ui->xattr_size += CALC_DENT_SIZE(fname_len(nm));
@@ -184,6 +190,7 @@ static int create_xattr(struct ubifs_info *c, struct inode *host,
184190
host_ui->xattr_size -= CALC_XATTR_BYTES(size);
185191
host_ui->xattr_names -= fname_len(nm);
186192
host_ui->flags &= ~UBIFS_CRYPT_FL;
193+
out_noent:
187194
mutex_unlock(&host_ui->ui_mutex);
188195
out_free:
189196
make_bad_inode(inode);
@@ -235,6 +242,12 @@ static int change_xattr(struct ubifs_info *c, struct inode *host,
235242
mutex_unlock(&ui->ui_mutex);
236243

237244
mutex_lock(&host_ui->ui_mutex);
245+
246+
if (!host->i_nlink) {
247+
err = -ENOENT;
248+
goto out_noent;
249+
}
250+
238251
host->i_ctime = current_time(host);
239252
host_ui->xattr_size -= CALC_XATTR_BYTES(old_size);
240253
host_ui->xattr_size += CALC_XATTR_BYTES(size);
@@ -256,6 +269,7 @@ static int change_xattr(struct ubifs_info *c, struct inode *host,
256269
out_cancel:
257270
host_ui->xattr_size -= CALC_XATTR_BYTES(size);
258271
host_ui->xattr_size += CALC_XATTR_BYTES(old_size);
272+
out_noent:
259273
mutex_unlock(&host_ui->ui_mutex);
260274
make_bad_inode(inode);
261275
out_free:
@@ -482,6 +496,12 @@ static int remove_xattr(struct ubifs_info *c, struct inode *host,
482496
return err;
483497

484498
mutex_lock(&host_ui->ui_mutex);
499+
500+
if (!host->i_nlink) {
501+
err = -ENOENT;
502+
goto out_noent;
503+
}
504+
485505
host->i_ctime = current_time(host);
486506
host_ui->xattr_cnt -= 1;
487507
host_ui->xattr_size -= CALC_DENT_SIZE(fname_len(nm));
@@ -501,6 +521,7 @@ static int remove_xattr(struct ubifs_info *c, struct inode *host,
501521
host_ui->xattr_size += CALC_DENT_SIZE(fname_len(nm));
502522
host_ui->xattr_size += CALC_XATTR_BYTES(ui->data_len);
503523
host_ui->xattr_names += fname_len(nm);
524+
out_noent:
504525
mutex_unlock(&host_ui->ui_mutex);
505526
ubifs_release_budget(c, &req);
506527
make_bad_inode(inode);
@@ -540,6 +561,9 @@ static int ubifs_xattr_remove(struct inode *host, const char *name)
540561

541562
ubifs_assert(inode_is_locked(host));
542563

564+
if (!host->i_nlink)
565+
return -ENOENT;
566+
543567
if (fname_len(&nm) > UBIFS_MAX_NLEN)
544568
return -ENAMETOOLONG;
545569

0 commit comments

Comments
 (0)