[PATCH] jffs2: Fix race condition in jffs2_lzo_compress() - Kernel

This is a discussion on [PATCH] jffs2: Fix race condition in jffs2_lzo_compress() - Kernel ; deflate_mutex protects the globals lzo_mem and lzo_compress_buf. However, jffs2_lzo_compress() unlocks deflate_mutex _before_ it has copied out the compressed data from lzo_compress_buf. Correct this by moving the mutex unlock after the copy. In addition, document what deflate_mutex actually protects. Signed-off-by: Geert ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [PATCH] jffs2: Fix race condition in jffs2_lzo_compress()

  1. [PATCH] jffs2: Fix race condition in jffs2_lzo_compress()

    deflate_mutex protects the globals lzo_mem and lzo_compress_buf. However,
    jffs2_lzo_compress() unlocks deflate_mutex _before_ it has copied out the
    compressed data from lzo_compress_buf. Correct this by moving the mutex unlock
    after the copy.
    In addition, document what deflate_mutex actually protects.

    Signed-off-by: Geert Uytterhoeven
    ---
    Just noticed this when looking at the code.
    The patch is untested, except for a quick compile test.

    fs/jffs2/compr_lzo.c | 15 +++++++++------
    1 file changed, 9 insertions(+), 6 deletions(-)

    --- a/fs/jffs2/compr_lzo.c
    +++ b/fs/jffs2/compr_lzo.c
    @@ -19,7 +19,7 @@

    static void *lzo_mem;
    static void *lzo_compress_buf;
    -static DEFINE_MUTEX(deflate_mutex);
    +static DEFINE_MUTEX(deflate_mutex); /* for lzo_mem and lzo_compress_buf */

    static void free_workspace(void)
    {
    @@ -49,18 +49,21 @@ static int jffs2_lzo_compress(unsigned c

    mutex_lock(&deflate_mutex);
    ret = lzo1x_1_compress(data_in, *sourcelen, lzo_compress_buf, &compress_size, lzo_mem);
    - mutex_unlock(&deflate_mutex);
    -
    if (ret != LZO_E_OK)
    - return -1;
    + goto fail;

    if (compress_size > *dstlen)
    - return -1;
    + goto fail;

    memcpy(cpage_out, lzo_compress_buf, compress_size);
    - *dstlen = compress_size;
    + mutex_unlock(&deflate_mutex);

    + *dstlen = compress_size;
    return 0;
    +
    + fail:
    + mutex_unlock(&deflate_mutex);
    + return -1;
    }

    static int jffs2_lzo_decompress(unsigned char *data_in, unsigned char *cpage_out,

    With kind regards,

    Geert Uytterhoeven
    Software Architect

    Sony Techsoft Centre Europe
    The Corporate Village · Da Vincilaan 7-D1 · B-1935 Zaventem · Belgium

    Phone: +32 (0)2 700 8453
    Fax: +32 (0)2 700 8622
    E-mail: Geert.Uytterhoeven@sonycom.com
    Internet: http://www.sony-europe.com/

    A division of Sony Europe (Belgium) N.V.
    VAT BE 0413.825.160 · RPR Brussels
    Fortis · BIC GEBABEBB · IBAN BE41293037680010

  2. Re: [PATCH] jffs2: Fix race condition in jffs2_lzo_compress()


    On Mon, 2008-11-03 at 17:17 +0100, Geert Uytterhoeven wrote:
    > deflate_mutex protects the globals lzo_mem and lzo_compress_buf. However,
    > jffs2_lzo_compress() unlocks deflate_mutex _before_ it has copied out the
    > compressed data from lzo_compress_buf. Correct this by moving the mutex unlock
    > after the copy.
    > In addition, document what deflate_mutex actually protects.
    >
    > Signed-off-by: Geert Uytterhoeven


    Acked-by: Richard Purdie

    This should probably be queued as a bugfix for the current -rc series.

    > ---
    > Just noticed this when looking at the code.
    > The patch is untested, except for a quick compile test.
    >
    > fs/jffs2/compr_lzo.c | 15 +++++++++------
    > 1 file changed, 9 insertions(+), 6 deletions(-)
    >



    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

+ Reply to Thread