LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH] jffs2: Fix race condition in jffs2_lzo_compress()
@ 2008-11-03 16:17 Geert Uytterhoeven
2008-11-04 15:57 ` Richard Purdie
0 siblings, 1 reply; 2+ messages in thread
From: Geert Uytterhoeven @ 2008-11-03 16:17 UTC (permalink / raw)
To: David Woodhouse, Richard Purdie; +Cc: linux-mtd, Linux Kernel Development
[-- Attachment #1: Type: TEXT/PLAIN, Size: 1902 bytes --]
deflate_mutex protects the globals lzo_mem and lzo_compress_buf. However,
jffs2_lzo_compress() unlocks deflate_mutex _before_ it has copied out the
compressed data from lzo_compress_buf. Correct this by moving the mutex unlock
after the copy.
In addition, document what deflate_mutex actually protects.
Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
---
Just noticed this when looking at the code.
The patch is untested, except for a quick compile test.
fs/jffs2/compr_lzo.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
--- a/fs/jffs2/compr_lzo.c
+++ b/fs/jffs2/compr_lzo.c
@@ -19,7 +19,7 @@
static void *lzo_mem;
static void *lzo_compress_buf;
-static DEFINE_MUTEX(deflate_mutex);
+static DEFINE_MUTEX(deflate_mutex); /* for lzo_mem and lzo_compress_buf */
static void free_workspace(void)
{
@@ -49,18 +49,21 @@ static int jffs2_lzo_compress(unsigned c
mutex_lock(&deflate_mutex);
ret = lzo1x_1_compress(data_in, *sourcelen, lzo_compress_buf, &compress_size, lzo_mem);
- mutex_unlock(&deflate_mutex);
-
if (ret != LZO_E_OK)
- return -1;
+ goto fail;
if (compress_size > *dstlen)
- return -1;
+ goto fail;
memcpy(cpage_out, lzo_compress_buf, compress_size);
- *dstlen = compress_size;
+ mutex_unlock(&deflate_mutex);
+ *dstlen = compress_size;
return 0;
+
+ fail:
+ mutex_unlock(&deflate_mutex);
+ return -1;
}
static int jffs2_lzo_decompress(unsigned char *data_in, unsigned char *cpage_out,
With kind regards,
Geert Uytterhoeven
Software Architect
Sony Techsoft Centre Europe
The Corporate Village · Da Vincilaan 7-D1 · B-1935 Zaventem · Belgium
Phone: +32 (0)2 700 8453
Fax: +32 (0)2 700 8622
E-mail: Geert.Uytterhoeven@sonycom.com
Internet: http://www.sony-europe.com/
A division of Sony Europe (Belgium) N.V.
VAT BE 0413.825.160 · RPR Brussels
Fortis · BIC GEBABEBB · IBAN BE41293037680010
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] jffs2: Fix race condition in jffs2_lzo_compress()
2008-11-03 16:17 [PATCH] jffs2: Fix race condition in jffs2_lzo_compress() Geert Uytterhoeven
@ 2008-11-04 15:57 ` Richard Purdie
0 siblings, 0 replies; 2+ messages in thread
From: Richard Purdie @ 2008-11-04 15:57 UTC (permalink / raw)
To: Geert Uytterhoeven; +Cc: David Woodhouse, linux-mtd, Linux Kernel Development
On Mon, 2008-11-03 at 17:17 +0100, Geert Uytterhoeven wrote:
> deflate_mutex protects the globals lzo_mem and lzo_compress_buf. However,
> jffs2_lzo_compress() unlocks deflate_mutex _before_ it has copied out the
> compressed data from lzo_compress_buf. Correct this by moving the mutex unlock
> after the copy.
> In addition, document what deflate_mutex actually protects.
>
> Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
Acked-by: Richard Purdie <rpurdie@linux.intel.com>
This should probably be queued as a bugfix for the current -rc series.
> ---
> Just noticed this when looking at the code.
> The patch is untested, except for a quick compile test.
>
> fs/jffs2/compr_lzo.c | 15 +++++++++------
> 1 file changed, 9 insertions(+), 6 deletions(-)
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-11-04 15:58 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-11-03 16:17 [PATCH] jffs2: Fix race condition in jffs2_lzo_compress() Geert Uytterhoeven
2008-11-04 15:57 ` Richard Purdie
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).