diff options
| author | Richard Weinberger <richard@nod.at> | 2014-11-10 16:27:10 +0100 |
|---|---|---|
| committer | Richard Weinberger <richard@nod.at> | 2015-03-26 22:46:01 +0100 |
| commit | 8fb2a514780eee48602424a86e3cd72d3f1bdfb2 (patch) | |
| tree | 2c5c3bced155af20a7a27a2b368bc7c1df5586fa /drivers/mtd/ubi/eba.c | |
| parent | ad3d6a05ee45eebf68ff08da0d3f86251b530a27 (diff) | |
| download | linux-stable-8fb2a514780eee48602424a86e3cd72d3f1bdfb2.tar.gz linux-stable-8fb2a514780eee48602424a86e3cd72d3f1bdfb2.tar.bz2 linux-stable-8fb2a514780eee48602424a86e3cd72d3f1bdfb2.zip | |
UBI: Fastmap: Fix race after ubi_wl_get_peb()
ubi_wl_get_peb() returns a fresh PEB which can be used by
user of UBI. Due to the pool logic fastmap will correctly
map this PEB upon attach time because it will be scanned.
If a new fastmap is written (due to heavy parallel io)
while the before the fresh PEB is assigned to the EBA table
it will not be scanned as it is no longer in the pool.
So, the race window exists between ubi_wl_get_peb()
and the EBA table assignment.
We have to make sure that no new fastmap can be written
while that.
To ensure that ubi_wl_get_peb() will grab ubi->fm_sem in read mode
and the user of ubi_wl_get_peb() has to release it after the PEB
got assigned.
Signed-off-by: Richard Weinberger <richard@nod.at>
Diffstat (limited to 'drivers/mtd/ubi/eba.c')
| -rw-r--r-- | drivers/mtd/ubi/eba.c | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/drivers/mtd/ubi/eba.c b/drivers/mtd/ubi/eba.c index e0a06e4b95a4..4757cef756f7 100644 --- a/drivers/mtd/ubi/eba.c +++ b/drivers/mtd/ubi/eba.c @@ -567,6 +567,7 @@ retry: new_pnum = ubi_wl_get_peb(ubi); if (new_pnum < 0) { ubi_free_vid_hdr(ubi, vid_hdr); + up_read(&ubi->fm_sem); return new_pnum; } @@ -577,13 +578,16 @@ retry: if (err && err != UBI_IO_BITFLIPS) { if (err > 0) err = -EIO; + up_read(&ubi->fm_sem); goto out_put; } vid_hdr->sqnum = cpu_to_be64(ubi_next_sqnum(ubi)); err = ubi_io_write_vid_hdr(ubi, new_pnum, vid_hdr); - if (err) + if (err) { + up_read(&ubi->fm_sem); goto write_error; + } data_size = offset + len; mutex_lock(&ubi->buf_mutex); @@ -592,8 +596,10 @@ retry: /* Read everything before the area where the write failure happened */ if (offset > 0) { err = ubi_io_read_data(ubi, ubi->peb_buf, pnum, 0, offset); - if (err && err != UBI_IO_BITFLIPS) + if (err && err != UBI_IO_BITFLIPS) { + up_read(&ubi->fm_sem); goto out_unlock; + } } memcpy(ubi->peb_buf + offset, buf, len); @@ -601,13 +607,13 @@ retry: err = ubi_io_write_data(ubi, ubi->peb_buf, new_pnum, 0, data_size); if (err) { mutex_unlock(&ubi->buf_mutex); + up_read(&ubi->fm_sem); goto write_error; } mutex_unlock(&ubi->buf_mutex); ubi_free_vid_hdr(ubi, vid_hdr); - down_read(&ubi->fm_sem); vol->eba_tbl[lnum] = new_pnum; up_read(&ubi->fm_sem); ubi_wl_put_peb(ubi, vol_id, lnum, pnum, 1); @@ -704,6 +710,7 @@ retry: if (pnum < 0) { ubi_free_vid_hdr(ubi, vid_hdr); leb_write_unlock(ubi, vol_id, lnum); + up_read(&ubi->fm_sem); return pnum; } @@ -714,6 +721,7 @@ retry: if (err) { ubi_warn(ubi, "failed to write VID header to LEB %d:%d, PEB %d", vol_id, lnum, pnum); + up_read(&ubi->fm_sem); goto write_error; } @@ -722,11 +730,11 @@ retry: if (err) { ubi_warn(ubi, "failed to write %d bytes at offset %d of LEB %d:%d, PEB %d", len, offset, vol_id, lnum, pnum); + up_read(&ubi->fm_sem); goto write_error; } } - down_read(&ubi->fm_sem); vol->eba_tbl[lnum] = pnum; up_read(&ubi->fm_sem); @@ -825,6 +833,7 @@ retry: if (pnum < 0) { ubi_free_vid_hdr(ubi, vid_hdr); leb_write_unlock(ubi, vol_id, lnum); + up_read(&ubi->fm_sem); return pnum; } @@ -835,6 +844,7 @@ retry: if (err) { ubi_warn(ubi, "failed to write VID header to LEB %d:%d, PEB %d", vol_id, lnum, pnum); + up_read(&ubi->fm_sem); goto write_error; } @@ -842,11 +852,11 @@ retry: if (err) { ubi_warn(ubi, "failed to write %d bytes of data to PEB %d", len, pnum); + up_read(&ubi->fm_sem); goto write_error; } ubi_assert(vol->eba_tbl[lnum] < 0); - down_read(&ubi->fm_sem); vol->eba_tbl[lnum] = pnum; up_read(&ubi->fm_sem); @@ -943,6 +953,7 @@ retry: pnum = ubi_wl_get_peb(ubi); if (pnum < 0) { err = pnum; + up_read(&ubi->fm_sem); goto out_leb_unlock; } @@ -953,6 +964,7 @@ retry: if (err) { ubi_warn(ubi, "failed to write VID header to LEB %d:%d, PEB %d", vol_id, lnum, pnum); + up_read(&ubi->fm_sem); goto write_error; } @@ -960,10 +972,10 @@ retry: if (err) { ubi_warn(ubi, "failed to write %d bytes of data to PEB %d", len, pnum); + up_read(&ubi->fm_sem); goto write_error; } - down_read(&ubi->fm_sem); old_pnum = vol->eba_tbl[lnum]; vol->eba_tbl[lnum] = pnum; up_read(&ubi->fm_sem); |