diff options
| author | Holger Assmann <h.assmann@pengutronix.de> | 2021-11-29 13:45:44 +0100 |
|---|---|---|
| committer | Sascha Hauer <s.hauer@pengutronix.de> | 2021-11-30 10:58:30 +0100 |
| commit | b185d453fd910d3f0197d0dfade939e562a3a9a6 (patch) | |
| tree | cdc7ec62d21435476d5fc52283d136423e2cfe06 | |
| parent | f9e320b6fee489a5634aca59fe5715e208353621 (diff) | |
| download | barebox-b185d453fd910d3f0197d0dfade939e562a3a9a6.tar.gz barebox-b185d453fd910d3f0197d0dfade939e562a3a9a6.tar.xz | |
fs: jffs2: introduce reference counting at probe
The Barebox jffs2 driver initialises global slab caches and compressors
within the probing stage [1]. In Barebox, jffs2_create_slab_caches() has
several calls to kmem_cache_create() which does nothing more than
allocating the context data structure for the kmem_cache.
Probing a second jffs2 however will overwrite the original pointers
returned by kmem_cache_create(), leading to a double free when more than
one jffs2 file system gets unmounted and jffs2_destroy_slab_caches() is
called. The same issue exists regarding jffs2_compressors_init().
We can fix this bug by introducing reference counting for both the slab
caches and the compressors so that the global data structures are kept
as long as at least one file system is present.
[1] jffs2_compressors_init(), jffs2_create_slab_caches() in probe()
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Holger Assmann <h.assmann@pengutronix.de>
Link: https://lore.barebox.org/20211129124545.14171-2-h.assmann@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
| -rw-r--r-- | fs/jffs2/fs.c | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c index f094291aa4..ace592d973 100644 --- a/fs/jffs2/fs.c +++ b/fs/jffs2/fs.c @@ -397,6 +397,8 @@ void jffs2_flash_cleanup(struct jffs2_sb_info *c) { } } +static int jffs2_probe_cnt; + static int jffs2_probe(struct device_d *dev) { struct fs_device_d *fsdev; @@ -419,17 +421,19 @@ static int jffs2_probe(struct device_d *dev) sb->s_fs_info = ctx; - ret = jffs2_compressors_init(); - if (ret) { - pr_err("error: Failed to initialise compressors\n"); - goto err_out; - } + if (!jffs2_probe_cnt) { + ret = jffs2_compressors_init(); + if (ret) { + pr_err("error: Failed to initialise compressors\n"); + goto err_out; + } - ret = jffs2_create_slab_caches(); - if (ret) { - pr_err("error: Failed to initialise slab caches\n"); - goto err_compressors; - } + ret = jffs2_create_slab_caches(); + if (ret) { + pr_err("error: Failed to initialise slab caches\n"); + goto err_compressors; + } + } if (jffs2_fill_super(fsdev, 0)) { dev_err(dev, "no valid jffs2 found\n"); @@ -437,6 +441,8 @@ static int jffs2_probe(struct device_d *dev) goto err_slab; } + jffs2_probe_cnt++; + return 0; err_slab: @@ -456,8 +462,12 @@ static void jffs2_remove(struct device_d *dev) fsdev = dev_to_fs_device(dev); sb = &fsdev->sb; - jffs2_destroy_slab_caches(); - jffs2_compressors_exit(); + jffs2_probe_cnt--; + + if (!jffs2_probe_cnt) { + jffs2_destroy_slab_caches(); + jffs2_compressors_exit(); + } jffs2_put_super(sb); } |