From 4afb9996a254a8ec33801f4b33992d45670164b2 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 13 Jun 2017 16:47:55 -0700 Subject: ubifs: require key for truncate(2) of encrypted file Currently, filesystems allow truncate(2) on an encrypted file without the encryption key. However, it's impossible to correctly handle the case where the size being truncated to is not a multiple of the filesystem block size, because that would require decrypting the final block, zeroing the part beyond i_size, then encrypting the block. As other modifications to encrypted file contents are prohibited without the key, just prohibit truncate(2) as well, making it fail with ENOKEY. Signed-off-by: Eric Biggers Signed-off-by: Richard Weinberger --- fs/ubifs/file.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c index 2cda3d67e2d0..ee3ff4c6bf4a 100644 --- a/fs/ubifs/file.c +++ b/fs/ubifs/file.c @@ -1284,6 +1284,14 @@ int ubifs_setattr(struct dentry *dentry, struct iattr *attr) if (err) return err; + if (ubifs_crypt_is_encrypted(inode) && (attr->ia_valid & ATTR_SIZE)) { + err = fscrypt_get_encryption_info(inode); + if (err) + return err; + if (!fscrypt_has_encryption_key(inode)) + return -ENOKEY; + } + if ((attr->ia_valid & ATTR_SIZE) && attr->ia_size < inode->i_size) /* Truncation to a smaller size */ err = do_truncation(c, inode, attr); -- cgit v1.2.3-59-g8ed1b From af65936a7a5bb8ec1d05b2a7670f84ca2014628d Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Mon, 22 May 2017 17:39:44 -0700 Subject: ubifs: don't bother checking for encryption key in ->mmap() Since only an open file can be mmap'ed, and we only allow open()ing an encrypted file when its key is available, there is no need to check for the key again before permitting each mmap(). Signed-off-by: Eric Biggers Acked-by: Richard Weinberger Signed-off-by: Richard Weinberger --- fs/ubifs/file.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c index ee3ff4c6bf4a..c1d352842ee2 100644 --- a/fs/ubifs/file.c +++ b/fs/ubifs/file.c @@ -1615,15 +1615,6 @@ static const struct vm_operations_struct ubifs_file_vm_ops = { static int ubifs_file_mmap(struct file *file, struct vm_area_struct *vma) { int err; - struct inode *inode = file->f_mapping->host; - - if (ubifs_crypt_is_encrypted(inode)) { - err = fscrypt_get_encryption_info(inode); - if (err) - return -EACCES; - if (!fscrypt_has_encryption_key(inode)) - return -ENOKEY; - } err = generic_file_mmap(file, vma); if (err) -- cgit v1.2.3-59-g8ed1b From e996bfd4287eb7df2354764d47677af08f5867fa Mon Sep 17 00:00:00 2001 From: Richard Weinberger Date: Wed, 17 May 2017 00:20:26 +0200 Subject: ubifs: Unexport ubifs_inode_slab This SLAB is only being used in super.c, there is no need to expose it into the global namespace. Signed-off-by: Richard Weinberger --- fs/ubifs/super.c | 2 +- fs/ubifs/ubifs.h | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c index cf4cc99b75b5..ce684f367f9c 100644 --- a/fs/ubifs/super.c +++ b/fs/ubifs/super.c @@ -45,7 +45,7 @@ #define UBIFS_KMALLOC_OK (128*1024) /* Slab cache for UBIFS inodes */ -struct kmem_cache *ubifs_inode_slab; +static struct kmem_cache *ubifs_inode_slab; /* UBIFS TNC shrinker description */ static struct shrinker ubifs_shrinker_info = { diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h index 298b4d89eee9..aa530e82e9a8 100644 --- a/fs/ubifs/ubifs.h +++ b/fs/ubifs/ubifs.h @@ -1451,7 +1451,6 @@ struct ubifs_info { extern struct list_head ubifs_infos; extern spinlock_t ubifs_infos_lock; extern atomic_long_t ubifs_clean_zn_cnt; -extern struct kmem_cache *ubifs_inode_slab; extern const struct super_operations ubifs_super_operations; extern const struct address_space_operations ubifs_file_address_operations; extern const struct file_operations ubifs_file_operations; -- cgit v1.2.3-59-g8ed1b From 272eda8298dc82eb411ece82bbb2c62911087b24 Mon Sep 17 00:00:00 2001 From: Richard Weinberger Date: Wed, 17 May 2017 00:20:27 +0200 Subject: ubifs: Correctly evict xattr inodes UBIFS handles extended attributes just like files, as consequence of that, they also have inodes. Therefore UBIFS does all the inode machinery also for xattrs. Since new inodes have i_nlink of 1, a file or xattr inode will be evicted if i_nlink goes down to 0 after an unlink. UBIFS assumes this model also for xattrs, which is not correct. One can create a file "foo" with xattr "user.test". By reading "user.test" an inode will be created, and by deleting "user.test" it will get evicted later. The assumption breaks if the file "foo", which hosts the xattrs, will be removed. VFS nor UBIFS does not remove each xattr via ubifs_xattr_remove(), it just removes the host inode from the TNC and all underlying xattr nodes too and the inode will remain in the cache and wastes memory. To solve this problem, remove xattr inodes from the VFS inode cache in ubifs_xattr_remove() to make sure that they get evicted. Fixes: 1e51764a3c2ac05a ("UBIFS: add new flash file system") Cc: Signed-off-by: Richard Weinberger --- fs/ubifs/tnc.c | 2 ++ fs/ubifs/ubifs.h | 1 + fs/ubifs/xattr.c | 22 ++++++++++++++++++++++ 3 files changed, 25 insertions(+) diff --git a/fs/ubifs/tnc.c b/fs/ubifs/tnc.c index 709aa098dd46..96374a39ffba 100644 --- a/fs/ubifs/tnc.c +++ b/fs/ubifs/tnc.c @@ -2802,6 +2802,8 @@ int ubifs_tnc_remove_ino(struct ubifs_info *c, ino_t inum) dbg_tnc("xent '%s', ino %lu", xent->name, (unsigned long)xattr_inum); + ubifs_evict_xattr_inode(c, xattr_inum); + fname_name(&nm) = xent->name; fname_len(&nm) = le16_to_cpu(xent->nlen); err = ubifs_tnc_remove_nm(c, &key1, &nm); diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h index aa530e82e9a8..998fb6eea5ac 100644 --- a/fs/ubifs/ubifs.h +++ b/fs/ubifs/ubifs.h @@ -1756,6 +1756,7 @@ int ubifs_xattr_set(struct inode *host, const char *name, const void *value, size_t size, int flags); ssize_t ubifs_xattr_get(struct inode *host, const char *name, void *buf, size_t size); +void ubifs_evict_xattr_inode(struct ubifs_info *c, ino_t xattr_inum); #ifdef CONFIG_UBIFS_FS_SECURITY extern int ubifs_init_security(struct inode *dentry, struct inode *inode, diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c index 6c9e62c2ef55..98f11257d66c 100644 --- a/fs/ubifs/xattr.c +++ b/fs/ubifs/xattr.c @@ -513,6 +513,28 @@ out_cancel: return err; } +/** + * ubifs_evict_xattr_inode - Evict an xattr inode. + * @c: UBIFS file-system description object + * @xattr_inum: xattr inode number + * + * When an inode that hosts xattrs is being removed we have to make sure + * that cached inodes of the xattrs also get removed from the inode cache + * otherwise we'd waste memory. This function looks up an inode from the + * inode cache and clears the link counter such that iput() will evict + * the inode. + */ +void ubifs_evict_xattr_inode(struct ubifs_info *c, ino_t xattr_inum) +{ + struct inode *inode; + + inode = ilookup(c->vfs_sb, xattr_inum); + if (inode) { + clear_nlink(inode); + iput(inode); + } +} + static int ubifs_xattr_remove(struct inode *host, const char *name) { struct inode *inode; -- cgit v1.2.3-59-g8ed1b From 4d35ca4f774c29ec9ed676fd5112bfc83ef9853e Mon Sep 17 00:00:00 2001 From: Hyunchul Lee Date: Wed, 17 May 2017 08:57:18 +0900 Subject: ubifs: Fix inode data budget in ubifs_mknod Assign inode data budget to budget request correctly. Signed-off-by: Hyunchul Lee Signed-off-by: Richard Weinberger --- fs/ubifs/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index 566079d9b402..4e4bf8f6320f 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -1061,7 +1061,6 @@ static int ubifs_mknod(struct inode *dir, struct dentry *dentry, int sz_change; int err, devlen = 0; struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1, - .new_ino_d = ALIGN(devlen, 8), .dirtied_ino = 1 }; struct fscrypt_name nm; @@ -1079,6 +1078,7 @@ static int ubifs_mknod(struct inode *dir, struct dentry *dentry, devlen = ubifs_encode_dev(dev, rdev); } + req.new_ino_d = ALIGN(devlen, 8); err = ubifs_budget_space(c, &req); if (err) { kfree(dev); -- cgit v1.2.3-59-g8ed1b From bb50c63244687706e11c9b636a5ad3090cd783ac Mon Sep 17 00:00:00 2001 From: Hyunchul Lee Date: Wed, 17 May 2017 08:58:02 +0900 Subject: ubifs: Fix memory leak in RENAME_WHITEOUT error path in do_rename in RENAME_WHITEOUT error path, fscrypt_name should be freed. Signed-off-by: Hyunchul Lee Signed-off-by: Richard Weinberger --- fs/ubifs/dir.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index 4e4bf8f6320f..996e4215fd28 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -1396,17 +1396,14 @@ static int do_rename(struct inode *old_dir, struct dentry *old_dentry, dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS); if (!dev) { - ubifs_release_budget(c, &req); - ubifs_release_budget(c, &ino_req); - return -ENOMEM; + err = -ENOMEM; + goto out_release; } err = do_tmpfile(old_dir, old_dentry, S_IFCHR | WHITEOUT_MODE, &whiteout); if (err) { - ubifs_release_budget(c, &req); - ubifs_release_budget(c, &ino_req); kfree(dev); - return err; + goto out_release; } whiteout->i_state |= I_LINKABLE; @@ -1494,12 +1491,10 @@ static int do_rename(struct inode *old_dir, struct dentry *old_dentry, err = ubifs_budget_space(c, &wht_req); if (err) { - ubifs_release_budget(c, &req); - ubifs_release_budget(c, &ino_req); kfree(whiteout_ui->data); whiteout_ui->data_len = 0; iput(whiteout); - return err; + goto out_release; } inc_nlink(whiteout); @@ -1554,6 +1549,7 @@ out_cancel: iput(whiteout); } unlock_4_inodes(old_dir, new_dir, new_inode, whiteout); +out_release: ubifs_release_budget(c, &ino_req); ubifs_release_budget(c, &req); fscrypt_free_filename(&old_nm); -- cgit v1.2.3-59-g8ed1b From f34e87f58dabc31eb69f61cf4a79e951d4176743 Mon Sep 17 00:00:00 2001 From: David Gstir Date: Wed, 17 May 2017 13:36:16 +0200 Subject: ubifs: Don't encrypt special files on creation When a new inode is created, we check if the containing folder has a encryption policy set and inherit that. This should however only be done for regular files, links and subdirectories. Not for sockes fifos etc. Fixes: d475a507457b ("ubifs: Add skeleton for fscrypto") Cc: stable@vger.kernel.org Signed-off-by: David Gstir Signed-off-by: Richard Weinberger --- fs/ubifs/dir.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index 996e4215fd28..90a3f01c55d1 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -143,6 +143,7 @@ struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir, case S_IFBLK: case S_IFCHR: inode->i_op = &ubifs_file_inode_operations; + encrypted = false; break; default: BUG(); -- cgit v1.2.3-59-g8ed1b From 59a74990f85bb372c9117e40c6cd27693b6df670 Mon Sep 17 00:00:00 2001 From: David Oberhollenzer Date: Wed, 17 May 2017 10:36:45 +0200 Subject: ubifs: Fix data node size for truncating uncompressed nodes Currently, the function truncate_data_node only updates the destination data node size if compression is used. For uncompressed nodes, the old length is incorrectly retained. This patch makes sure that the length is correctly set when compression is disabled. Fixes: 7799953b34d1 ("ubifs: Implement encrypt/decrypt for all IO") Signed-off-by: David Oberhollenzer Signed-off-by: Richard Weinberger --- fs/ubifs/journal.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/ubifs/journal.c b/fs/ubifs/journal.c index 294519b98874..f3b620cbdda4 100644 --- a/fs/ubifs/journal.c +++ b/fs/ubifs/journal.c @@ -1298,7 +1298,9 @@ static int truncate_data_node(const struct ubifs_info *c, const struct inode *in goto out; } - if (compr_type != UBIFS_COMPR_NONE) { + if (compr_type == UBIFS_COMPR_NONE) { + out_len = *new_len; + } else { err = ubifs_decompress(c, &dn->data, dlen, buf, &out_len, compr_type); if (err) goto out; -- cgit v1.2.3-59-g8ed1b From 781f675e2d7ec120e8c0803f88d7bf00fe3f0703 Mon Sep 17 00:00:00 2001 From: Richard Weinberger Date: Wed, 17 May 2017 10:36:46 +0200 Subject: ubifs: Fix unlink code wrt. double hash lookups When removing an encrypted file with a long name and without having the key we have to be able to locate and remove the directory entry via a double hash. This corner case was simply forgotten. Fixes: 528e3d178f25 ("ubifs: Add full hash lookup support") Reported-by: David Oberhollenzer Signed-off-by: Richard Weinberger --- fs/ubifs/journal.c | 10 ++++- fs/ubifs/tnc.c | 129 ++++++++++++++++++++++++++++++++++++++++++++--------- fs/ubifs/ubifs.h | 2 + 3 files changed, 117 insertions(+), 24 deletions(-) diff --git a/fs/ubifs/journal.c b/fs/ubifs/journal.c index f3b620cbdda4..7aef413ea2a9 100644 --- a/fs/ubifs/journal.c +++ b/fs/ubifs/journal.c @@ -585,7 +585,10 @@ int ubifs_jnl_update(struct ubifs_info *c, const struct inode *dir, if (!xent) { dent->ch.node_type = UBIFS_DENT_NODE; - dent_key_init(c, &dent_key, dir->i_ino, nm); + if (nm->hash) + dent_key_init_hash(c, &dent_key, dir->i_ino, nm->hash); + else + dent_key_init(c, &dent_key, dir->i_ino, nm); } else { dent->ch.node_type = UBIFS_XENT_NODE; xent_key_init(c, &dent_key, dir->i_ino, nm); @@ -629,7 +632,10 @@ int ubifs_jnl_update(struct ubifs_info *c, const struct inode *dir, kfree(dent); if (deletion) { - err = ubifs_tnc_remove_nm(c, &dent_key, nm); + if (nm->hash) + err = ubifs_tnc_remove_dh(c, &dent_key, nm->minor_hash); + else + err = ubifs_tnc_remove_nm(c, &dent_key, nm); if (err) goto out_ro; err = ubifs_add_dirt(c, lnum, dlen); diff --git a/fs/ubifs/tnc.c b/fs/ubifs/tnc.c index 96374a39ffba..79d1f18db436 100644 --- a/fs/ubifs/tnc.c +++ b/fs/ubifs/tnc.c @@ -1880,48 +1880,65 @@ int ubifs_tnc_lookup_nm(struct ubifs_info *c, const union ubifs_key *key, return do_lookup_nm(c, key, node, nm); } -static int do_lookup_dh(struct ubifs_info *c, const union ubifs_key *key, - struct ubifs_dent_node *dent, uint32_t cookie) +static int search_dh_cookie(struct ubifs_info *c, const union ubifs_key *key, + struct ubifs_dent_node *dent, uint32_t cookie, + struct ubifs_znode **zn, int *n) { - int n, err, type = key_type(c, key); - struct ubifs_znode *znode; + int err; + struct ubifs_znode *znode = *zn; struct ubifs_zbranch *zbr; - union ubifs_key *dkey, start_key; - - ubifs_assert(is_hash_key(c, key)); - - lowest_dent_key(c, &start_key, key_inum(c, key)); - - mutex_lock(&c->tnc_mutex); - err = ubifs_lookup_level0(c, &start_key, &znode, &n); - if (unlikely(err < 0)) - goto out_unlock; + union ubifs_key *dkey; for (;;) { if (!err) { - err = tnc_next(c, &znode, &n); + err = tnc_next(c, &znode, n); if (err) - goto out_unlock; + goto out; } - zbr = &znode->zbranch[n]; + zbr = &znode->zbranch[*n]; dkey = &zbr->key; if (key_inum(c, dkey) != key_inum(c, key) || - key_type(c, dkey) != type) { + key_type(c, dkey) != key_type(c, key)) { err = -ENOENT; - goto out_unlock; + goto out; } err = tnc_read_hashed_node(c, zbr, dent); if (err) - goto out_unlock; + goto out; if (key_hash(c, key) == key_hash(c, dkey) && - le32_to_cpu(dent->cookie) == cookie) - goto out_unlock; + le32_to_cpu(dent->cookie) == cookie) { + *zn = znode; + goto out; + } } +out: + + return err; +} + +static int do_lookup_dh(struct ubifs_info *c, const union ubifs_key *key, + struct ubifs_dent_node *dent, uint32_t cookie) +{ + int n, err; + struct ubifs_znode *znode; + union ubifs_key start_key; + + ubifs_assert(is_hash_key(c, key)); + + lowest_dent_key(c, &start_key, key_inum(c, key)); + + mutex_lock(&c->tnc_mutex); + err = ubifs_lookup_level0(c, &start_key, &znode, &n); + if (unlikely(err < 0)) + goto out_unlock; + + err = search_dh_cookie(c, key, dent, cookie, &znode, &n); + out_unlock: mutex_unlock(&c->tnc_mutex); return err; @@ -2662,6 +2679,74 @@ out_unlock: return err; } +/** + * ubifs_tnc_remove_dh - remove an index entry for a "double hashed" node. + * @c: UBIFS file-system description object + * @key: key of node + * @cookie: node cookie for collision resolution + * + * Returns %0 on success or negative error code on failure. + */ +int ubifs_tnc_remove_dh(struct ubifs_info *c, const union ubifs_key *key, + uint32_t cookie) +{ + int n, err; + struct ubifs_znode *znode; + struct ubifs_dent_node *dent; + struct ubifs_zbranch *zbr; + + if (!c->double_hash) + return -EOPNOTSUPP; + + mutex_lock(&c->tnc_mutex); + err = lookup_level0_dirty(c, key, &znode, &n); + if (err <= 0) + goto out_unlock; + + zbr = &znode->zbranch[n]; + dent = kmalloc(UBIFS_MAX_DENT_NODE_SZ, GFP_NOFS); + if (!dent) { + err = -ENOMEM; + goto out_unlock; + } + + err = tnc_read_hashed_node(c, zbr, dent); + if (err) + goto out_free; + + /* If the cookie does not match, we're facing a hash collision. */ + if (le32_to_cpu(dent->cookie) != cookie) { + union ubifs_key start_key; + + lowest_dent_key(c, &start_key, key_inum(c, key)); + + err = ubifs_lookup_level0(c, &start_key, &znode, &n); + if (unlikely(err < 0)) + goto out_free; + + err = search_dh_cookie(c, key, dent, cookie, &znode, &n); + if (err) + goto out_free; + } + + if (znode->cnext || !ubifs_zn_dirty(znode)) { + znode = dirty_cow_bottom_up(c, znode); + if (IS_ERR(znode)) { + err = PTR_ERR(znode); + goto out_free; + } + } + err = tnc_delete(c, znode, n); + +out_free: + kfree(dent); +out_unlock: + if (!err) + err = dbg_check_tnc(c, 0); + mutex_unlock(&c->tnc_mutex); + return err; +} + /** * key_in_range - determine if a key falls within a range of keys. * @c: UBIFS file-system description object diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h index 998fb6eea5ac..d933edade14a 100644 --- a/fs/ubifs/ubifs.h +++ b/fs/ubifs/ubifs.h @@ -1589,6 +1589,8 @@ int ubifs_tnc_add_nm(struct ubifs_info *c, const union ubifs_key *key, int ubifs_tnc_remove(struct ubifs_info *c, const union ubifs_key *key); int ubifs_tnc_remove_nm(struct ubifs_info *c, const union ubifs_key *key, const struct fscrypt_name *nm); +int ubifs_tnc_remove_dh(struct ubifs_info *c, const union ubifs_key *key, + uint32_t cookie); int ubifs_tnc_remove_range(struct ubifs_info *c, union ubifs_key *from_key, union ubifs_key *to_key); int ubifs_tnc_remove_ino(struct ubifs_info *c, ino_t inum); -- cgit v1.2.3-59-g8ed1b From 8b2900c01716077a42dbb44c691849ab694fa062 Mon Sep 17 00:00:00 2001 From: Richard Weinberger Date: Wed, 17 May 2017 10:36:47 +0200 Subject: ubifs: Add assert to dent_key_init() ...to make sure that we don't use it for double hashed lookups instead of dent_key_init_hash(). Signed-off-by: Richard Weinberger --- fs/ubifs/key.h | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/ubifs/key.h b/fs/ubifs/key.h index 7547be512db2..b1f7c0caa3ac 100644 --- a/fs/ubifs/key.h +++ b/fs/ubifs/key.h @@ -162,6 +162,7 @@ static inline void dent_key_init(const struct ubifs_info *c, uint32_t hash = c->key_hash(fname_name(nm), fname_len(nm)); ubifs_assert(!(hash & ~UBIFS_S_KEY_HASH_MASK)); + ubifs_assert(!nm->hash && !nm->minor_hash); key->u32[0] = inum; key->u32[1] = hash | (UBIFS_DENT_KEY << UBIFS_S_KEY_HASH_BITS); } -- cgit v1.2.3-59-g8ed1b From 35ee314c84cd4b3e3689292f82c0af2af246c343 Mon Sep 17 00:00:00 2001 From: Richard Weinberger Date: Wed, 17 May 2017 10:36:48 +0200 Subject: ubifs: Massage debug prints wrt. fscrypt If file names are encrypted we can no longer print them. That's why we have to change these prints or remove them completely. Signed-off-by: Richard Weinberger --- fs/ubifs/journal.c | 10 ---------- fs/ubifs/tnc.c | 9 ++++----- 2 files changed, 4 insertions(+), 15 deletions(-) diff --git a/fs/ubifs/journal.c b/fs/ubifs/journal.c index 7aef413ea2a9..419c79ff377e 100644 --- a/fs/ubifs/journal.c +++ b/fs/ubifs/journal.c @@ -549,8 +549,6 @@ int ubifs_jnl_update(struct ubifs_info *c, const struct inode *dir, struct ubifs_ino_node *ino; union ubifs_key dent_key, ino_key; - //dbg_jnl("ino %lu, dent '%.*s', data len %d in dir ino %lu", - // inode->i_ino, nm->len, nm->name, ui->data_len, dir->i_ino); ubifs_assert(mutex_is_locked(&host_ui->ui_mutex)); dlen = UBIFS_DENT_NODE_SZ + fname_len(nm) + 1; @@ -956,9 +954,6 @@ int ubifs_jnl_xrename(struct ubifs_info *c, const struct inode *fst_dir, int twoparents = (fst_dir != snd_dir); void *p; - //dbg_jnl("dent '%pd' in dir ino %lu between dent '%pd' in dir ino %lu", - // fst_dentry, fst_dir->i_ino, snd_dentry, snd_dir->i_ino); - ubifs_assert(ubifs_inode(fst_dir)->data_len == 0); ubifs_assert(ubifs_inode(snd_dir)->data_len == 0); ubifs_assert(mutex_is_locked(&ubifs_inode(fst_dir)->ui_mutex)); @@ -1100,8 +1095,6 @@ int ubifs_jnl_rename(struct ubifs_info *c, const struct inode *old_dir, int move = (old_dir != new_dir); struct ubifs_inode *uninitialized_var(new_ui); - //dbg_jnl("dent '%pd' in dir ino %lu to dent '%pd' in dir ino %lu", - // old_dentry, old_dir->i_ino, new_dentry, new_dir->i_ino); ubifs_assert(ubifs_inode(old_dir)->data_len == 0); ubifs_assert(ubifs_inode(new_dir)->data_len == 0); ubifs_assert(mutex_is_locked(&ubifs_inode(old_dir)->ui_mutex)); @@ -1493,9 +1486,6 @@ int ubifs_jnl_delete_xattr(struct ubifs_info *c, const struct inode *host, int sync = IS_DIRSYNC(host); struct ubifs_inode *host_ui = ubifs_inode(host); - //dbg_jnl("host %lu, xattr ino %lu, name '%s', data len %d", - // host->i_ino, inode->i_ino, nm->name, - // ubifs_inode(inode)->data_len); ubifs_assert(inode->i_nlink == 0); ubifs_assert(mutex_is_locked(&host_ui->ui_mutex)); diff --git a/fs/ubifs/tnc.c b/fs/ubifs/tnc.c index 79d1f18db436..0a213dcba2a1 100644 --- a/fs/ubifs/tnc.c +++ b/fs/ubifs/tnc.c @@ -1812,7 +1812,7 @@ static int do_lookup_nm(struct ubifs_info *c, const union ubifs_key *key, int found, n, err; struct ubifs_znode *znode; - //dbg_tnck(key, "name '%.*s' key ", nm->len, nm->name); + dbg_tnck(key, "key "); mutex_lock(&c->tnc_mutex); found = ubifs_lookup_level0(c, key, &znode, &n); if (!found) { @@ -2410,8 +2410,7 @@ int ubifs_tnc_add_nm(struct ubifs_info *c, const union ubifs_key *key, struct ubifs_znode *znode; mutex_lock(&c->tnc_mutex); - //dbg_tnck(key, "LEB %d:%d, name '%.*s', key ", - // lnum, offs, nm->len, nm->name); + dbg_tnck(key, "LEB %d:%d, key ", lnum, offs); found = lookup_level0_dirty(c, key, &znode, &n); if (found < 0) { err = found; @@ -2645,7 +2644,7 @@ int ubifs_tnc_remove_nm(struct ubifs_info *c, const union ubifs_key *key, struct ubifs_znode *znode; mutex_lock(&c->tnc_mutex); - //dbg_tnck(key, "%.*s, key ", nm->len, nm->name); + dbg_tnck(key, "key "); err = lookup_level0_dirty(c, key, &znode, &n); if (err < 0) goto out_unlock; @@ -2950,7 +2949,7 @@ struct ubifs_dent_node *ubifs_tnc_next_ent(struct ubifs_info *c, struct ubifs_zbranch *zbr; union ubifs_key *dkey; - //dbg_tnck(key, "%s ", nm->name ? (char *)nm->name : "(lowest)"); + dbg_tnck(key, "key "); ubifs_assert(is_hash_key(c, key)); mutex_lock(&c->tnc_mutex); -- cgit v1.2.3-59-g8ed1b From d2eb85226fcd981767d1829b09ae1070cf695b98 Mon Sep 17 00:00:00 2001 From: Richard Weinberger Date: Wed, 17 May 2017 10:36:49 +0200 Subject: ubifs: Remove dead code from ubifs_get_link() We check the length already, no need to check later again for an empty string. Signed-off-by: Richard Weinberger --- fs/ubifs/file.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c index c1d352842ee2..c58efc1470f3 100644 --- a/fs/ubifs/file.c +++ b/fs/ubifs/file.c @@ -1697,12 +1697,6 @@ static const char *ubifs_get_link(struct dentry *dentry, pstr.name[pstr.len] = '\0'; - // XXX this probably won't happen anymore... - if (pstr.name[0] == '\0') { - fscrypt_fname_free_buffer(&pstr); - return ERR_PTR(-ENOENT); - } - set_delayed_call(done, kfree_link, pstr.name); return pstr.name; } -- cgit v1.2.3-59-g8ed1b From a02a6eba9999221b27c691330e93bb54e4b45bb0 Mon Sep 17 00:00:00 2001 From: Richard Weinberger Date: Sun, 21 May 2017 00:16:26 +0200 Subject: ubifs: Wire-up statx() support statx() can report what flags a file has, expose flags that UBIFS supports. Especially STATX_ATTR_COMPRESSED and STATX_ATTR_ENCRYPTED can be interesting for userspace. Signed-off-by: Richard Weinberger --- fs/ubifs/dir.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index 90a3f01c55d1..417fe0b29f23 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -1644,6 +1644,21 @@ int ubifs_getattr(const struct path *path, struct kstat *stat, struct ubifs_inode *ui = ubifs_inode(inode); mutex_lock(&ui->ui_mutex); + + if (ui->flags & UBIFS_APPEND_FL) + stat->attributes |= STATX_ATTR_APPEND; + if (ui->flags & UBIFS_COMPR_FL) + stat->attributes |= STATX_ATTR_COMPRESSED; + if (ui->flags & UBIFS_CRYPT_FL) + stat->attributes |= STATX_ATTR_ENCRYPTED; + if (ui->flags & UBIFS_IMMUTABLE_FL) + stat->attributes |= STATX_ATTR_IMMUTABLE; + + stat->attributes_mask |= (STATX_ATTR_APPEND | + STATX_ATTR_COMPRESSED | + STATX_ATTR_ENCRYPTED | + STATX_ATTR_IMMUTABLE); + generic_fillattr(inode, stat); stat->blksize = UBIFS_BLOCK_SIZE; stat->size = ui->ui_size; -- cgit v1.2.3-59-g8ed1b From 319c10427498620d220931189dcdba7d4244feba Mon Sep 17 00:00:00 2001 From: Rabin Vincent Date: Wed, 31 May 2017 11:40:27 +0200 Subject: ubifs: allow userspace to map mounts to volumes There currently appears to be no way for userspace to find out the underlying volume number for a mounted ubifs file system, since ubifs uses anonymous block devices. The volume name is present in /proc/mounts but UBI volumes can be renamed after the volume has been mounted. To remedy this, show the UBI number and UBI volume number as part of the options visible under /proc/mounts. Also, accept and ignore the ubi= vol= options if they are used mounting (patch from Richard Weinberger). # mount -t ubifs ubi:baz x # mount ubi:baz on /root/x type ubifs (rw,relatime,ubi=0,vol=2) # ubirename /dev/ubi0 baz bazz # mount ubi:baz on /root/x type ubifs (rw,relatime,ubi=0,vol=2) # ubinfo -d 0 -n 2 Volume ID: 2 (on ubi0) Type: dynamic Alignment: 1 Size: 67 LEBs (1063424 bytes, 1.0 MiB) State: OK Name: bazz Character device major/minor: 254:3 Signed-off-by: Rabin Vincent Signed-off-by: Richard Weinberger --- fs/ubifs/super.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c index ce684f367f9c..845c5d7af909 100644 --- a/fs/ubifs/super.c +++ b/fs/ubifs/super.c @@ -446,6 +446,8 @@ static int ubifs_show_options(struct seq_file *s, struct dentry *root) ubifs_compr_name(c->mount_opts.compr_type)); } + seq_printf(s, ",ubi=%d,vol=%d", c->vi.ubi_num, c->vi.vol_id); + return 0; } @@ -931,6 +933,7 @@ enum { Opt_chk_data_crc, Opt_no_chk_data_crc, Opt_override_compr, + Opt_ignore, Opt_err, }; @@ -942,6 +945,8 @@ static const match_table_t tokens = { {Opt_chk_data_crc, "chk_data_crc"}, {Opt_no_chk_data_crc, "no_chk_data_crc"}, {Opt_override_compr, "compr=%s"}, + {Opt_ignore, "ubi=%s"}, + {Opt_ignore, "vol=%s"}, {Opt_err, NULL}, }; @@ -1042,6 +1047,8 @@ static int ubifs_parse_options(struct ubifs_info *c, char *options, c->default_compr = c->mount_opts.compr_type; break; } + case Opt_ignore: + break; default: { unsigned long flag; -- cgit v1.2.3-59-g8ed1b From df71b09145b66e4cf6f7a1ec69d181bf2ccb0efd Mon Sep 17 00:00:00 2001 From: Richard Weinberger Date: Wed, 7 Jun 2017 23:33:35 +0200 Subject: ubifs: Fail commit if TNC is obviously inconsistent A reference to LEB 0 or with length 0 in the TNC is never correct and could be caused by a memory corruption. Don't write such a bad index node to the MTD. Instead fail the commit which will turn UBIFS into read-only mode. This is less painful than having the bad reference on the MTD from where UBFIS has no chance to recover. Signed-off-by: Richard Weinberger --- fs/ubifs/tnc_commit.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/ubifs/tnc_commit.c b/fs/ubifs/tnc_commit.c index 51157da3f76e..aa31f60220ef 100644 --- a/fs/ubifs/tnc_commit.c +++ b/fs/ubifs/tnc_commit.c @@ -57,6 +57,8 @@ static int make_idx_node(struct ubifs_info *c, struct ubifs_idx_node *idx, ubifs_dump_znode(c, znode); if (zbr->znode) ubifs_dump_znode(c, zbr->znode); + + return -EINVAL; } } ubifs_prepare_node(c, idx, len, 0); @@ -859,6 +861,8 @@ static int write_index(struct ubifs_info *c) ubifs_dump_znode(c, znode); if (zbr->znode) ubifs_dump_znode(c, zbr->znode); + + return -EINVAL; } } len = ubifs_idx_node_sz(c, znode->child_cnt); -- cgit v1.2.3-59-g8ed1b From 07d41c3cf254a58b7ab69beb1f08a85ffce02626 Mon Sep 17 00:00:00 2001 From: "karam.lee" Date: Mon, 12 Jun 2017 10:46:31 +0900 Subject: ubifs: Fix oops when remounting with no_bulk_read. When remounting with the no_bulk_read option, there is a problem accessing the "bulk_read buffer(bu.buf)" which has already been freed. If the bulk_read option is enabled, ubifs_tnc_bulk_read uses the pre-allocated bu.buf. While bu.buf is being used by ubifs_tnc_bulk_read, remounting with no_bulk_read frees bu.buf. So I added code to check the use of "bu.buf" to avoid this situation. ------ I tested as follows(kernel v3.18) : Use the script to repeat "no_bulk_read <-> bulk_read" remount.sh #!/bin/sh while true do; mount -o remount,no_bulk_read ${MOUNT_POINT}; sleep 1; mount -o remount,bulk_read ${MOUNT_POINT}; sleep 1; done Perform read operation cat ${MOUNT_POINT}/* > /dev/null The problem is reproduced immediately. [ 234.256845][kernel.0]Internal error: Oops: 17 [#1] PREEMPT ARM [ 234.258557][kernel.0]CPU: 0 PID: 2752 Comm: cat Tainted: G W O 3.18.31+ #51 [ 234.259531][kernel.0]task: cbff8580 ti: cbd66000 task.ti: cbd66000 [ 234.260306][kernel.0]PC is at validate_data_node+0x10/0x264 [ 234.260994][kernel.0]LR is at ubifs_tnc_bulk_read+0x388/0x3ec [ 234.261712][kernel.0]pc : [] lr : [] psr: 80000013 [ 234.261712][kernel.0]sp : cbd67ba0 ip : 00000001 fp : 00000000 [ 234.263337][kernel.0]r10: cd3e0260 r9 : c0df2008 r8 : 00000000 [ 234.264087][kernel.0]r7 : cd3e0000 r6 : 00000000 r5 : cd3e0278 r4 : cd3e0000 [ 234.264999][kernel.0]r3 : 00000003 r2 : cd3e0280 r1 : 00000000 r0 : cd3e0000 [ 234.265910][kernel.0]Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user [ 234.266896][kernel.0]Control: 10c53c7d Table: 8c40c059 DAC: 00000015 [ 234.267711][kernel.0]Process cat (pid: 2752, stack limit = 0xcbd66400) [ 234.268525][kernel.0]Stack: (0xcbd67ba0 to 0xcbd68000) [ 234.269169][kernel.0]7ba0: cd7c3940 c03d8650 0001bfe0 00002ab2 00000000 cbd67c5c cbd67c58 0001bfe0 [ 234.270287][kernel.0]7bc0: cd3e0000 00002ab2 0001bfe0 00000014 cbd66000 cd3e0260 00000000 c01d6660 [ 234.271403][kernel.0]7be0: 00002ab2 00000000 c82a5800 ffffffff cd3e0298 cd3e0278 00000000 cd3e0000 [ 234.272520][kernel.0]7c00: 00000000 00000000 cd3e0260 c01dc300 00002ab2 00000000 60000013 d663affa [ 234.273639][kernel.0]7c20: cd3e01f0 cd3e01f0 60000013 c09397ec 00000000 cd3e0278 00002ab2 00000000 [ 234.274755][kernel.0]7c40: cd3e0000 c01dbf48 00000014 00000003 00000160 00000015 00000004 d663affa [ 234.275874][kernel.0]7c60: ccdaa978 cd3e0278 cd3e0000 cf32a5f4 ccdaa820 00000044 cbd66000 cd3e0260 [ 234.276992][kernel.0]7c80: 00000003 c01cec84 ccdaa8dc cbd67cc4 cbd67ec0 00000010 ccdaa978 00000000 [ 234.278108][kernel.0]7ca0: 0000015e ccdaa8dc 00000000 00000000 cf32a5d0 00000000 0000015f ccdaa8dc [ 234.279228][kernel.0]7cc0: 00000000 c8488300 0009e5a4 0000000e cbd66000 0000015e cf32a5f4 c0113c04 [ 234.280346][kernel.0]7ce0: 0000009f 0000003c c00098c4 ffffffff 00001000 00000000 000000ad 00000010 [ 234.281463][kernel.0]7d00: 00000038 cd68f580 00000150 c8488360 00000000 cbd67d30 cbd67d70 0000000e [ 234.282579][kernel.0]7d20: 00000010 00000000 c0951874 c0112a9c cf379b60 cf379b84 cf379890 cf3798b4 [ 234.283699][kernel.0]7d40: cf379578 cf37959c cf379380 cf3793a4 cf3790b0 cf3790d4 cf378fd8 cf378ffc [ 234.284814][kernel.0]7d60: cf378f48 cf378f6c cf32a5f4 cf32a5d0 00000000 00001000 00000018 00000000 [ 234.285932][kernel.0]7d80: 00001000 c0050da4 00000000 00001000 cec04c00 00000000 00001000 c0e11328 [ 234.287049][kernel.0]7da0: 00000000 00001000 cbd66000 00000000 00001000 c0012a60 00000000 00001000 [ 234.288166][kernel.0]7dc0: cbd67dd4 00000000 00001000 80000013 00000000 00001000 cd68f580 00000000 [ 234.289285][kernel.0]7de0: 00001000 c915d600 00000000 00001000 cbd67e48 00000000 00001000 00000018 [ 234.290402][kernel.0]7e00: 00000000 00001000 00000000 00000000 00001000 c915d768 c915d768 c0113550 [ 234.291522][kernel.0]7e20: cd68f580 cbd67e48 cd68f580 cb6713c0 00010000 000ac5a4 00000000 001fc5a4 [ 234.292637][kernel.0]7e40: 00000000 c8488300 cbd67ec0 00eb0000 cd68f580 c0113ee4 00000000 cbd67ec0 [ 234.293754][kernel.0]7e60: cd68f580 c8488300 cbd67ec0 00eb0000 cd68f580 00150000 c8488300 00eb0000 [ 234.294874][kernel.0]7e80: 00010000 c0112fd0 00000000 cbd67ec0 cd68f580 00150000 00000000 cd68f580 [ 234.295991][kernel.0]7ea0: cbd67ef0 c011308c 00000000 00000002 cd768850 00010000 00000000 c01133fc [ 234.297110][kernel.0]7ec0: 00150000 00000000 cbd67f50 00000000 00000000 cb6713c0 01000000 cbd67f48 [ 234.298226][kernel.0]7ee0: cbd67f50 c8488300 00000000 c0113204 00010000 01000000 00000000 cb6713c0 [ 234.299342][kernel.0]7f00: 00150000 00000000 cbd67f50 00000000 00000000 00000000 00000000 00000000 [ 234.300462][kernel.0]7f20: cbd67f50 01000000 01000000 cb6713c0 c8488300 c00ebba8 01000000 00000000 [ 234.301577][kernel.0]7f40: c8488300 cb6713c0 00000000 00000000 00000000 00000000 ccdaa820 00000000 [ 234.302697][kernel.0]7f60: 00000000 01000000 00000003 00000001 cbd66000 00000000 00000001 c00ec678 [ 234.303813][kernel.0]7f80: 00000000 00000200 00000000 01000000 01000000 00000000 00000000 000000ef [ 234.304933][kernel.0]7fa0: c000e904 c000e780 01000000 00000000 00000001 00000003 00000000 01000000 [ 234.306049][kernel.0]7fc0: 01000000 00000000 00000000 000000ef 00000001 00000003 01000000 00000001 [ 234.307165][kernel.0]7fe0: 00000000 beafb78c 0000ad08 00128d1c 60000010 00000001 00000000 00000000 [ 234.308292][kernel.0][] (validate_data_node) from [] (ubifs_tnc_bulk_read+0x388/0x3ec) [ 234.309493][kernel.0][] (ubifs_tnc_bulk_read) from [] (ubifs_readpage+0x1dc/0x46c) [ 234.310656][kernel.0][] (ubifs_readpage) from [] (__generic_file_splice_read+0x29c/0x4cc) [ 234.311890][kernel.0][] (__generic_file_splice_read) from [] (generic_file_splice_read+0xb0/0xf4) [ 234.313214][kernel.0][] (generic_file_splice_read) from [] (do_splice_to+0x68/0x7c) [ 234.314386][kernel.0][] (do_splice_to) from [] (splice_direct_to_actor+0xa8/0x190) [ 234.315544][kernel.0][] (splice_direct_to_actor) from [] (do_splice_direct+0x90/0xb8) [ 234.316741][kernel.0][] (do_splice_direct) from [] (do_sendfile+0x17c/0x2b8) [ 234.317838][kernel.0][] (do_sendfile) from [] (SyS_sendfile64+0xc4/0xcc) [ 234.318890][kernel.0][] (SyS_sendfile64) from [] (ret_fast_syscall+0x0/0x38) [ 234.319983][kernel.0]Code: e92d47f0 e24dd050 e59f9228 e1a04000 (e5d18014) Signed-off-by: karam.lee Signed-off-by: Richard Weinberger --- fs/ubifs/super.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c index 845c5d7af909..bffadbb67e47 100644 --- a/fs/ubifs/super.c +++ b/fs/ubifs/super.c @@ -1876,8 +1876,10 @@ static int ubifs_remount_fs(struct super_block *sb, int *flags, char *data) bu_init(c); else { dbg_gen("disable bulk-read"); + mutex_lock(&c->bu_mutex); kfree(c->bu.buf); c->bu.buf = NULL; + mutex_unlock(&c->bu_mutex); } ubifs_assert(c->lst.taken_empty_lebs > 0); -- cgit v1.2.3-59-g8ed1b From 480a1a6a3ef6fb6be4cd2f37b34314fbf64867dd Mon Sep 17 00:00:00 2001 From: Hyunchul Lee Date: Wed, 14 Jun 2017 09:31:49 +0900 Subject: ubifs: Change gfp flags in page allocation for bulk read In low memory situations, page allocations for bulk read can kill applications for reclaiming memory, and print an failure message when allocations are failed. Because bulk read is just an optimization, we don't have to do these and can stop page allocations. Though this siutation happens rarely, add __GFP_NORETRY to prevent from excessive memory reclaim and killing applications, and __GFP_WARN to suppress this failure message. For this, Use readahead_gfp_mask for gfp flags when allocating pages. Signed-off-by: Hyunchul Lee Signed-off-by: Richard Weinberger --- fs/ubifs/file.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c index c58efc1470f3..8cad0b19b404 100644 --- a/fs/ubifs/file.c +++ b/fs/ubifs/file.c @@ -735,6 +735,7 @@ static int ubifs_do_bulk_read(struct ubifs_info *c, struct bu_info *bu, int err, page_idx, page_cnt, ret = 0, n = 0; int allocate = bu->buf ? 0 : 1; loff_t isize; + gfp_t ra_gfp_mask = readahead_gfp_mask(mapping) & ~__GFP_FS; err = ubifs_tnc_get_bu_keys(c, bu); if (err) @@ -796,8 +797,7 @@ static int ubifs_do_bulk_read(struct ubifs_info *c, struct bu_info *bu, if (page_offset > end_index) break; - page = find_or_create_page(mapping, page_offset, - GFP_NOFS | __GFP_COLD); + page = find_or_create_page(mapping, page_offset, ra_gfp_mask); if (!page) break; if (!PageUptodate(page)) -- cgit v1.2.3-59-g8ed1b From 4acadda74ff8b949c448c0282765ae747e088c87 Mon Sep 17 00:00:00 2001 From: Richard Weinberger Date: Fri, 16 Jun 2017 16:21:44 +0200 Subject: ubifs: Don't leak kernel memory to the MTD When UBIFS prepares data structures which will be written to the MTD it ensues that their lengths are multiple of 8. Since it uses kmalloc() the padded bytes are left uninitialized and we leak a few bytes of kernel memory to the MTD. To make sure that all bytes are initialized, let's switch to kzalloc(). Kzalloc() is fine in this case because the buffers are not huge and in the IO path the performance bottleneck is anyway the MTD. Cc: stable@vger.kernel.org Fixes: 1e51764a3c2a ("UBIFS: add new flash file system") Signed-off-by: Richard Weinberger Reviewed-by: Boris Brezillon Signed-off-by: Richard Weinberger --- fs/ubifs/journal.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/fs/ubifs/journal.c b/fs/ubifs/journal.c index 419c79ff377e..9f356432f35f 100644 --- a/fs/ubifs/journal.c +++ b/fs/ubifs/journal.c @@ -572,7 +572,7 @@ int ubifs_jnl_update(struct ubifs_info *c, const struct inode *dir, /* Make sure to also account for extended attributes */ len += host_ui->data_len; - dent = kmalloc(len, GFP_NOFS); + dent = kzalloc(len, GFP_NOFS); if (!dent) return -ENOMEM; @@ -968,7 +968,7 @@ int ubifs_jnl_xrename(struct ubifs_info *c, const struct inode *fst_dir, if (twoparents) len += plen; - dent1 = kmalloc(len, GFP_NOFS); + dent1 = kzalloc(len, GFP_NOFS); if (!dent1) return -ENOMEM; @@ -1116,7 +1116,7 @@ int ubifs_jnl_rename(struct ubifs_info *c, const struct inode *old_dir, len = aligned_dlen1 + aligned_dlen2 + ALIGN(ilen, 8) + ALIGN(plen, 8); if (move) len += plen; - dent = kmalloc(len, GFP_NOFS); + dent = kzalloc(len, GFP_NOFS); if (!dent) return -ENOMEM; @@ -1498,7 +1498,7 @@ int ubifs_jnl_delete_xattr(struct ubifs_info *c, const struct inode *host, hlen = host_ui->data_len + UBIFS_INO_NODE_SZ; len = aligned_xlen + UBIFS_INO_NODE_SZ + ALIGN(hlen, 8); - xent = kmalloc(len, GFP_NOFS); + xent = kzalloc(len, GFP_NOFS); if (!xent) return -ENOMEM; @@ -1605,7 +1605,7 @@ int ubifs_jnl_change_xattr(struct ubifs_info *c, const struct inode *inode, aligned_len1 = ALIGN(len1, 8); aligned_len = aligned_len1 + ALIGN(len2, 8); - ino = kmalloc(aligned_len, GFP_NOFS); + ino = kzalloc(aligned_len, GFP_NOFS); if (!ino) return -ENOMEM; -- cgit v1.2.3-59-g8ed1b From d8db5b1ca9d4c57e49893d0f78e6d5ce81450cc8 Mon Sep 17 00:00:00 2001 From: Xiaolei Li Date: Fri, 23 Jun 2017 10:37:23 +0800 Subject: ubifs: Massage assert in ubifs_xattr_set() wrt. init_xattrs The inode is not locked in init_xattrs when creating a new inode. Without this patch, there will occurs assert when booting or creating a new file, if the kernel config CONFIG_SECURITY_SMACK is enabled. Log likes: UBIFS assert failed in ubifs_xattr_set at 298 (pid 1156) CPU: 1 PID: 1156 Comm: ldconfig Tainted: G S 4.12.0-rc1-207440-g1e70b02 #2 Hardware name: MediaTek MT2712 evaluation board (DT) Call trace: [] dump_backtrace+0x0/0x238 [] show_stack+0x14/0x20 [] dump_stack+0x9c/0xc0 [] ubifs_xattr_set+0x374/0x5e0 [] init_xattrs+0x5c/0xb8 [] security_inode_init_security+0x110/0x190 [] ubifs_init_security+0x30/0x68 [] ubifs_mkdir+0x100/0x200 [] vfs_mkdir+0x11c/0x1b8 [] SyS_mkdirat+0x74/0xd0 [] __sys_trace_return+0x0/0x4 Signed-off-by: Xiaolei Li Signed-off-by: Richard Weinberger --- fs/ubifs/crypto.c | 7 ++++++- fs/ubifs/ubifs.h | 2 +- fs/ubifs/xattr.c | 17 ++++++++--------- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/fs/ubifs/crypto.c b/fs/ubifs/crypto.c index 382ed428cfd2..114ba455bac3 100644 --- a/fs/ubifs/crypto.c +++ b/fs/ubifs/crypto.c @@ -9,8 +9,13 @@ static int ubifs_crypt_get_context(struct inode *inode, void *ctx, size_t len) static int ubifs_crypt_set_context(struct inode *inode, const void *ctx, size_t len, void *fs_data) { + /* + * Creating an encryption context is done unlocked since we + * operate on a new inode which is not visible to other users + * at this point. So, no need to check whether inode is locked. + */ return ubifs_xattr_set(inode, UBIFS_XATTR_NAME_ENCRYPTION_CONTEXT, - ctx, len, 0); + ctx, len, 0, false); } static bool ubifs_crypt_empty_dir(struct inode *inode) diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h index d933edade14a..cd43651f1731 100644 --- a/fs/ubifs/ubifs.h +++ b/fs/ubifs/ubifs.h @@ -1755,7 +1755,7 @@ int ubifs_check_dir_empty(struct inode *dir); extern const struct xattr_handler *ubifs_xattr_handlers[]; ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size); int ubifs_xattr_set(struct inode *host, const char *name, const void *value, - size_t size, int flags); + size_t size, int flags, bool check_lock); ssize_t ubifs_xattr_get(struct inode *host, const char *name, void *buf, size_t size); void ubifs_evict_xattr_inode(struct ubifs_info *c, ino_t xattr_inum); diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c index 98f11257d66c..c13eae819cbc 100644 --- a/fs/ubifs/xattr.c +++ b/fs/ubifs/xattr.c @@ -280,7 +280,7 @@ static struct inode *iget_xattr(struct ubifs_info *c, ino_t inum) } int ubifs_xattr_set(struct inode *host, const char *name, const void *value, - size_t size, int flags) + size_t size, int flags, bool check_lock) { struct inode *inode; struct ubifs_info *c = host->i_sb->s_fs_info; @@ -289,12 +289,7 @@ int ubifs_xattr_set(struct inode *host, const char *name, const void *value, union ubifs_key key; int err; - /* - * Creating an encryption context is done unlocked since we - * operate on a new inode which is not visible to other users - * at this point. - */ - if (strcmp(name, UBIFS_XATTR_NAME_ENCRYPTION_CONTEXT) != 0) + if (check_lock) ubifs_assert(inode_is_locked(host)); if (size > UBIFS_MAX_INO_DATA) @@ -598,8 +593,12 @@ static int init_xattrs(struct inode *inode, const struct xattr *xattr_array, } strcpy(name, XATTR_SECURITY_PREFIX); strcpy(name + XATTR_SECURITY_PREFIX_LEN, xattr->name); + /* + * creating a new inode without holding the inode rwsem, + * no need to check whether inode is locked. + */ err = ubifs_xattr_set(inode, name, xattr->value, - xattr->value_len, 0); + xattr->value_len, 0, false); kfree(name); if (err < 0) break; @@ -646,7 +645,7 @@ static int xattr_set(const struct xattr_handler *handler, name = xattr_full_name(handler, name); if (value) - return ubifs_xattr_set(inode, name, value, size, flags); + return ubifs_xattr_set(inode, name, value, size, flags, true); else return ubifs_xattr_remove(inode, name); } -- cgit v1.2.3-59-g8ed1b From a6664433d383eeb71cbdeb9aea2c66eeea76e742 Mon Sep 17 00:00:00 2001 From: Richard Weinberger Date: Mon, 26 Jun 2017 13:49:04 +0200 Subject: ubifs: Set double hash cookie also for RENAME_EXCHANGE We developed RENAME_EXCHANGE and UBIFS_FLG_DOUBLE_HASH more or less in parallel and this case was forgotten. :-( Cc: stable@vger.kernel.org Fixes: d63d61c16972 ("ubifs: Implement UBIFS_FLG_DOUBLE_HASH") Signed-off-by: Richard Weinberger --- fs/ubifs/journal.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/ubifs/journal.c b/fs/ubifs/journal.c index 9f356432f35f..04c4ec6483e5 100644 --- a/fs/ubifs/journal.c +++ b/fs/ubifs/journal.c @@ -985,6 +985,7 @@ int ubifs_jnl_xrename(struct ubifs_info *c, const struct inode *fst_dir, dent1->nlen = cpu_to_le16(fname_len(snd_nm)); memcpy(dent1->name, fname_name(snd_nm), fname_len(snd_nm)); dent1->name[fname_len(snd_nm)] = '\0'; + set_dent_cookie(c, dent1); zero_dent_node_unused(dent1); ubifs_prep_grp_node(c, dent1, dlen1, 0); @@ -997,6 +998,7 @@ int ubifs_jnl_xrename(struct ubifs_info *c, const struct inode *fst_dir, dent2->nlen = cpu_to_le16(fname_len(fst_nm)); memcpy(dent2->name, fname_name(fst_nm), fname_len(fst_nm)); dent2->name[fname_len(fst_nm)] = '\0'; + set_dent_cookie(c, dent2); zero_dent_node_unused(dent2); ubifs_prep_grp_node(c, dent2, dlen2, 0); -- cgit v1.2.3-59-g8ed1b