"linux-mtd" <linux-mtd-bounces@xxxxxxxxxxxxxxxxxxx> wrote on 2013/06/28 13:15:14: > > From: Artem Bityutskiy <artem.bityutskiy@xxxxxxxxxxxxxxx> > > Al Viro pointed me to the fact that '->readdir()' and '->llseek()' have no > mutual exclusion, which means the 'ubifs_dir_llseek()' can be run while we are > in the middle of 'ubifs_readdir()'. > > First of all, this means that 'file->private_data' can be freed while > 'ubifs_readdir()' uses it. But this particular patch does not fix the problem. > This patch is only a preparation, and the fix will follow next. > > In this patch we make 'ubifs_readdir()' stop using 'file->f_pos' directly, > because 'file->f_pos' can be changed by '->llseek()' at any point. This may > lead 'ubifs_readdir()' to returning inconsistent data: directory entry names > may correspond to incorrect file positions. > > So here we introduce a local variable 'pos', read 'file->f_pose' once at very > the beginning, and then stick to 'pos'. The result of this is that when > 'ubifs_dir_llseek()' changes 'file->f_pos' while we are in the middle of > 'ubifs_readdir()', the latter "wins". Ouch, I hope JFFS2 doesn't have the same bug? Jcoe -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
