From 782759b9f5f5223e0962af60c3457c912fab755f Mon Sep 17 00:00:00 2001 From: Alexandre Pereira da Silva Date: Mon, 25 Jun 2012 17:47:49 -0300 Subject: [PATCH 1/4] UBIFS: fix compilation warning Fix the following compilation warning: fs/ubifs/dir.c: In function 'ubifs_rename': fs/ubifs/dir.c:972:15: warning: 'saved_nlink' may be used uninitialized in this function Use the 'uninitialized_var()' macro to get rid of this false-positive. Artem: massaged the patch a bit. Signed-off-by: Alexandre Pereira da Silva Signed-off-by: Artem Bityutskiy --- fs/ubifs/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index a6d42efc76d2..390198d91e6d 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -969,7 +969,7 @@ static int ubifs_rename(struct inode *old_dir, struct dentry *old_dentry, struct ubifs_budget_req ino_req = { .dirtied_ino = 1, .dirtied_ino_d = ALIGN(old_inode_ui->data_len, 8) }; struct timespec time; - unsigned int saved_nlink; + unsigned int uninitialized_var(saved_nlink); /* * Budget request settings: deletion direntry, new direntry, removing From 06bef9451a4c5ad882cd15fd7a0df9890c0249f3 Mon Sep 17 00:00:00 2001 From: Artem Bityutskiy Date: Sat, 14 Jul 2012 14:19:46 +0300 Subject: [PATCH 2/4] UBIFS: add debugfs knob to switch to R/O mode This patch adds another debugfs knob which switches UBIFS to R/O mode. I needed it while trying to reproduce the 'first log node is not CS node' bug. Without this debugfs knob you have to perform a power cut to repruduce the bug. The knob is named 'ro_error' and all it does is it sets the 'ro_error' UBIFS flag which makes UBIFS disallow any further writes - even write-back will fail with -EROFS. Useful for debugging. Signed-off-by: Artem Bityutskiy --- fs/ubifs/debug.c | 11 +++++++++++ fs/ubifs/debug.h | 5 +++++ 2 files changed, 16 insertions(+) diff --git a/fs/ubifs/debug.c b/fs/ubifs/debug.c index 92df3b081539..bb3167257aab 100644 --- a/fs/ubifs/debug.c +++ b/fs/ubifs/debug.c @@ -2802,6 +2802,8 @@ static ssize_t dfs_file_read(struct file *file, char __user *u, size_t count, val = d->chk_fs; else if (dent == d->dfs_tst_rcvry) val = d->tst_rcvry; + else if (dent == d->dfs_ro_error) + val = c->ro_error; else return -EINVAL; @@ -2885,6 +2887,8 @@ static ssize_t dfs_file_write(struct file *file, const char __user *u, d->chk_fs = val; else if (dent == d->dfs_tst_rcvry) d->tst_rcvry = val; + else if (dent == d->dfs_ro_error) + c->ro_error = !!val; else return -EINVAL; @@ -2996,6 +3000,13 @@ int dbg_debugfs_init_fs(struct ubifs_info *c) goto out_remove; d->dfs_tst_rcvry = dent; + fname = "ro_error"; + dent = debugfs_create_file(fname, S_IRUSR | S_IWUSR, d->dfs_dir, c, + &dfs_fops); + if (IS_ERR_OR_NULL(dent)) + goto out_remove; + d->dfs_ro_error = dent; + return 0; out_remove: diff --git a/fs/ubifs/debug.h b/fs/ubifs/debug.h index 486a8e024fb6..8b8cc4e945f4 100644 --- a/fs/ubifs/debug.h +++ b/fs/ubifs/debug.h @@ -79,6 +79,10 @@ typedef int (*dbg_znode_callback)(struct ubifs_info *c, * @dfs_chk_lprops: debugfs knob to enable UBIFS LEP properties extra checks * @dfs_chk_fs: debugfs knob to enable UBIFS contents extra checks * @dfs_tst_rcvry: debugfs knob to enable UBIFS recovery testing + * @dfs_ro_error: debugfs knob to switch UBIFS to R/O mode (different to + * re-mounting to R/O mode because it does not flush any buffers + * and UBIFS just starts returning -EROFS on all write + * operations) */ struct ubifs_debug_info { struct ubifs_zbranch old_zroot; @@ -122,6 +126,7 @@ struct ubifs_debug_info { struct dentry *dfs_chk_lprops; struct dentry *dfs_chk_fs; struct dentry *dfs_tst_rcvry; + struct dentry *dfs_ro_error; }; /** From d51f17ea0a3afe11fb4c4ad6635877e24df2758f Mon Sep 17 00:00:00 2001 From: Artem Bityutskiy Date: Sat, 14 Jul 2012 20:52:58 +0300 Subject: [PATCH 3/4] UBIFS: simplify reply code a bit In the log reply code we assume that 'c->lhead_offs' is known and may be non-zero, which is not the case because we do not store it in the master node and have to find out by scanning on every mount. Knowing this fact allows us to simplify the log scanning loop a bit and remove a couple of unneeded local variables. Signed-off-by: Artem Bityutskiy --- fs/ubifs/replay.c | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/fs/ubifs/replay.c b/fs/ubifs/replay.c index 3a2da7e476e5..eba46d4a7619 100644 --- a/fs/ubifs/replay.c +++ b/fs/ubifs/replay.c @@ -1007,7 +1007,7 @@ static int take_ihead(struct ubifs_info *c) */ int ubifs_replay_journal(struct ubifs_info *c) { - int err, i, lnum, offs, free; + int err, lnum, free; BUILD_BUG_ON(UBIFS_TRUN_KEY > 5); @@ -1025,25 +1025,17 @@ int ubifs_replay_journal(struct ubifs_info *c) dbg_mnt("start replaying the journal"); c->replaying = 1; lnum = c->ltail_lnum = c->lhead_lnum; - offs = c->lhead_offs; - for (i = 0; i < c->log_lebs; i++, lnum++) { - if (lnum >= UBIFS_LOG_LNUM + c->log_lebs) { - /* - * The log is logically circular, we reached the last - * LEB, switch to the first one. - */ - lnum = UBIFS_LOG_LNUM; - offs = 0; - } - err = replay_log_leb(c, lnum, offs, c->sbuf); + lnum = UBIFS_LOG_LNUM; + do { + err = replay_log_leb(c, lnum, 0, c->sbuf); if (err == 1) /* We hit the end of the log */ break; if (err) goto out; - offs = 0; - } + lnum = ubifs_next_log_lnum(c, lnum); + } while (lnum != UBIFS_LOG_LNUM); err = replay_buds(c); if (err) From 7074e5eb233343e4bad8c0a3f9e73167cf85a159 Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Mon, 9 Jul 2012 09:27:14 +0200 Subject: [PATCH 4/4] UBIFS: remove invalid reference to list iterator variable If list_for_each_entry, etc complete a traversal of the list, the iterator variable ends up pointing to an address at an offset from the list head, and not a meaningful structure. Thus this value should not be used after the end of the iterator. Replace a field access from orphan by NULL in two places. A simplified version of the semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ identifier c; expression E; iterator name list_for_each_entry; statement S; @@ list_for_each_entry(c,...) { ... when != break; when forall when strict } ... ( c = E | *c ) // Artem: fortunately, this did not cause any issues because we iterate the orphan list using the elements count, so we never dereferenced the corrupted pointer. This is why I do not send this patch to -stable. But otherwise - well spotted! Signed-off-by: Julia Lawall Signed-off-by: Artem Bityutskiy --- fs/ubifs/orphan.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ubifs/orphan.c b/fs/ubifs/orphan.c index b02734db187c..cebf17ea0458 100644 --- a/fs/ubifs/orphan.c +++ b/fs/ubifs/orphan.c @@ -176,7 +176,7 @@ int ubifs_orphan_start_commit(struct ubifs_info *c) *last = orphan; last = &orphan->cnext; } - *last = orphan->cnext; + *last = NULL; c->cmt_orphans = c->new_orphans; c->new_orphans = 0; dbg_cmt("%d orphans to commit", c->cmt_orphans); @@ -382,7 +382,7 @@ static int consolidate(struct ubifs_info *c) last = &orphan->cnext; cnt += 1; } - *last = orphan->cnext; + *last = NULL; ubifs_assert(cnt == c->tot_orphans - c->new_orphans); c->cmt_orphans = cnt; c->ohead_lnum = c->orph_first;