Commit ba2f48f7 authored by Artem Bityutskiy's avatar Artem Bityutskiy
Browse files

UBIFS: mark unused key objects as invalid 



When scanning the flash, UBIFS builds a list of flash nodes of type
'struct ubifs_scan_node'. Each scanned node has a 'snod->key' field. This field
is valid for most of the nodes, but invalid for some node type, e.g., truncation
nodes. It is safer to explicitly initialize such keys to something invalid,
rather than leaving them initialized to all zeros, which has key type of
UBIFS_INO_KEY.

This patch introduces new "fake" key type UBIFS_INVALID_KEY and initializes
unused 'snod->key' objects to this type. It also adds debugging assertions in
the TNC code to make sure no one ever tries to look these nodes up in the TNC.

Signed-off-by: default avatarArtem Bityutskiy <Artem.Bityutskiy@nokia.com>
parent 5b7a3a2e

fs/ubifs/key.h

+14 −0
Original line number Diff line number Diff line
@@ -305,6 +305,20 @@ static inline void trun_key_init(const struct ubifs_info *c, 
	key->u32[1] = UBIFS_TRUN_KEY << UBIFS_S_KEY_BLOCK_BITS;

}



/**

 * invalid_key_init - initialize invalid node key.

 * @c: UBIFS file-system description object

 * @key: key to initialize

 *

 * This is a helper function which marks a @key object as invalid.

 */

static inline void invalid_key_init(const struct ubifs_info *c,

				    union ubifs_key *key)

{

	key->u32[0] = 0xDEADBEAF;

	key->u32[1] = UBIFS_INVALID_KEY;

}



/**

 * key_type - get key type.

 * @c: UBIFS file-system description object

fs/ubifs/scan.c

+4 −1
Original line number Diff line number Diff line
@@ -197,7 +197,7 @@ int ubifs_add_snod(const struct ubifs_info *c, struct ubifs_scan_leb *sleb, 
	struct ubifs_ino_node *ino = buf;

	struct ubifs_scan_node *snod;



	snod = kzalloc(sizeof(struct ubifs_scan_node), GFP_NOFS);

	snod = kmalloc(sizeof(struct ubifs_scan_node), GFP_NOFS);

	if (!snod)

		return -ENOMEM;
@@ -218,6 +218,9 @@ int ubifs_add_snod(const struct ubifs_info *c, struct ubifs_scan_leb *sleb, 
		 */

		key_read(c, &ino->key, &snod->key);

		break;

	default:

		invalid_key_init(c, &snod->key);

		break;

	}

	list_add_tail(&snod->list, &sleb->nodes);

	sleb->nodes_cnt += 1;

fs/ubifs/tnc.c

+4 −1
Original line number Diff line number Diff line
@@ -1177,6 +1177,7 @@ int ubifs_lookup_level0(struct ubifs_info *c, const union ubifs_key *key, 
	unsigned long time = get_seconds();



	dbg_tnc("search key %s", DBGKEY(key));

	ubifs_assert(key_type(c, key) < UBIFS_INVALID_KEY);



	znode = c->zroot.znode;

	if (unlikely(!znode)) {
@@ -2966,7 +2967,7 @@ static struct ubifs_znode *right_znode(struct ubifs_info *c, 
 *

 * This function searches an indexing node by its first key @key and its

 * address @lnum:@offs. It looks up the indexing tree by pulling all indexing

 * nodes it traverses to TNC. This function is called fro indexing nodes which

 * nodes it traverses to TNC. This function is called for indexing nodes which

 * were found on the media by scanning, for example when garbage-collecting or

 * when doing in-the-gaps commit. This means that the indexing node which is

 * looked for does not have to have exactly the same leftmost key @key, because
@@ -2988,6 +2989,8 @@ static struct ubifs_znode *lookup_znode(struct ubifs_info *c, 
	struct ubifs_znode *znode, *zn;

	int n, nn;



	ubifs_assert(key_type(c, key) < UBIFS_INVALID_KEY);



	/*

	 * The arguments have probably been read off flash, so don't assume

	 * they are valid.

fs/ubifs/ubifs.h

+5 −1
Original line number Diff line number Diff line
@@ -119,8 +119,12 @@ 
 * in TNC. However, when replaying, it is handy to introduce fake "truncation"

 * keys for truncation nodes because the code becomes simpler. So we define

 * %UBIFS_TRUN_KEY type.

 *

 * But otherwise, out of the journal reply scope, the truncation keys are

 * invalid.

 */

#define UBIFS_TRUN_KEY    UBIFS_KEY_TYPES_CNT

#define UBIFS_INVALID_KEY UBIFS_KEY_TYPES_CNT



/*

 * How much a directory entry/extended attribute entry adds to the parent/host

CRA Git | Maintained and supported by SUSTech CRA and CCSE