Commit bacfa94b authored by Richard Weinberger's avatar Richard Weinberger
Browse files

ubifs: Correctly use tnc_next() in search_dh_cookie() 



Commit c877154d fixed an uninitialized variable and optimized
the function to not call tnc_next() in the first iteration of the
loop. While this seemed perfectly legit and wise, it turned out to
be illegal.
If the lookup function does not find an exact match it will rewind
the cursor by 1.
The rewinded cursor will not match the name hash we are looking for
and this results in a spurious -ENOENT.
So we need to move to the next entry in case of an non-exact match,
but not if the match was exact.

While we are here, update the documentation to avoid further confusion.

Cc: Hyunchul Lee <hyc.lee@gmail.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Fixes: c877154d ("ubifs: Fix uninitialized variable in search_dh_cookie()")
Fixes: 781f675e ("ubifs: Fix unlink code wrt. double hash lookups")
Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
parent 6fbc7275

fs/ubifs/tnc.c

+11 −5
Original line number Diff line number Diff line
@@ -1158,8 +1158,8 @@ static struct ubifs_znode *dirty_cow_bottom_up(struct ubifs_info *c, 
 *   o exact match, i.e. the found zero-level znode contains key @key, then %1

 *     is returned and slot number of the matched branch is stored in @n;

 *   o not exact match, which means that zero-level znode does not contain

 *     @key, then %0 is returned and slot number of the closest branch is stored

 *     in @n;

 *     @key, then %0 is returned and slot number of the closest branch or %-1

 *     is stored in @n; In this case calling tnc_next() is mandatory.

 *   o @key is so small that it is even less than the lowest key of the

 *     leftmost zero-level node, then %0 is returned and %0 is stored in @n.

 *
@@ -1882,13 +1882,19 @@ int ubifs_tnc_lookup_nm(struct ubifs_info *c, const union ubifs_key *key, 


static int search_dh_cookie(struct ubifs_info *c, const union ubifs_key *key,

			    struct ubifs_dent_node *dent, uint32_t cookie,

			    struct ubifs_znode **zn, int *n)

			    struct ubifs_znode **zn, int *n, int exact)

{

	int err;

	struct ubifs_znode *znode = *zn;

	struct ubifs_zbranch *zbr;

	union ubifs_key *dkey;



	if (!exact) {

		err = tnc_next(c, &znode, n);

		if (err)

			return err;

	}



	for (;;) {

		zbr = &znode->zbranch[*n];

		dkey = &zbr->key;
@@ -1930,7 +1936,7 @@ static int do_lookup_dh(struct ubifs_info *c, const union ubifs_key *key, 
	if (unlikely(err < 0))

		goto out_unlock;



	err = search_dh_cookie(c, key, dent, cookie, &znode, &n);

	err = search_dh_cookie(c, key, dent, cookie, &znode, &n, err);



out_unlock:

	mutex_unlock(&c->tnc_mutex);
@@ -2723,7 +2729,7 @@ int ubifs_tnc_remove_dh(struct ubifs_info *c, const union ubifs_key *key, 
		if (unlikely(err < 0))

			goto out_free;



		err = search_dh_cookie(c, key, dent, cookie, &znode, &n);

		err = search_dh_cookie(c, key, dent, cookie, &znode, &n, err);

		if (err)

			goto out_free;

	}

CRA Git | Maintained and supported by SUSTech CRA and CCSE