UBIFS: mark unused key objects as invalid
When scanning the flash, UBIFS builds a list of flash nodes of type 'struct ubifs_scan_node'. Each scanned node has a 'snod->key' field. This field is valid for most of the nodes, but invalid for some node type, e.g., truncation nodes. It is safer to explicitly initialize such keys to something invalid, rather than leaving them initialized to all zeros, which has key type of UBIFS_INO_KEY. This patch introduces new "fake" key type UBIFS_INVALID_KEY and initializes unused 'snod->key' objects to this type. It also adds debugging assertions in the TNC code to make sure no one ever tries to look these nodes up in the TNC. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
This commit is contained in:
parent
5b7a3a2e1b
commit
ba2f48f70e
|
@ -305,6 +305,20 @@ static inline void trun_key_init(const struct ubifs_info *c,
|
||||||
key->u32[1] = UBIFS_TRUN_KEY << UBIFS_S_KEY_BLOCK_BITS;
|
key->u32[1] = UBIFS_TRUN_KEY << UBIFS_S_KEY_BLOCK_BITS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* invalid_key_init - initialize invalid node key.
|
||||||
|
* @c: UBIFS file-system description object
|
||||||
|
* @key: key to initialize
|
||||||
|
*
|
||||||
|
* This is a helper function which marks a @key object as invalid.
|
||||||
|
*/
|
||||||
|
static inline void invalid_key_init(const struct ubifs_info *c,
|
||||||
|
union ubifs_key *key)
|
||||||
|
{
|
||||||
|
key->u32[0] = 0xDEADBEAF;
|
||||||
|
key->u32[1] = UBIFS_INVALID_KEY;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* key_type - get key type.
|
* key_type - get key type.
|
||||||
* @c: UBIFS file-system description object
|
* @c: UBIFS file-system description object
|
||||||
|
|
|
@ -197,7 +197,7 @@ int ubifs_add_snod(const struct ubifs_info *c, struct ubifs_scan_leb *sleb,
|
||||||
struct ubifs_ino_node *ino = buf;
|
struct ubifs_ino_node *ino = buf;
|
||||||
struct ubifs_scan_node *snod;
|
struct ubifs_scan_node *snod;
|
||||||
|
|
||||||
snod = kzalloc(sizeof(struct ubifs_scan_node), GFP_NOFS);
|
snod = kmalloc(sizeof(struct ubifs_scan_node), GFP_NOFS);
|
||||||
if (!snod)
|
if (!snod)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
|
@ -218,6 +218,9 @@ int ubifs_add_snod(const struct ubifs_info *c, struct ubifs_scan_leb *sleb,
|
||||||
*/
|
*/
|
||||||
key_read(c, &ino->key, &snod->key);
|
key_read(c, &ino->key, &snod->key);
|
||||||
break;
|
break;
|
||||||
|
default:
|
||||||
|
invalid_key_init(c, &snod->key);
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
list_add_tail(&snod->list, &sleb->nodes);
|
list_add_tail(&snod->list, &sleb->nodes);
|
||||||
sleb->nodes_cnt += 1;
|
sleb->nodes_cnt += 1;
|
||||||
|
|
|
@ -1177,6 +1177,7 @@ int ubifs_lookup_level0(struct ubifs_info *c, const union ubifs_key *key,
|
||||||
unsigned long time = get_seconds();
|
unsigned long time = get_seconds();
|
||||||
|
|
||||||
dbg_tnc("search key %s", DBGKEY(key));
|
dbg_tnc("search key %s", DBGKEY(key));
|
||||||
|
ubifs_assert(key_type(c, key) < UBIFS_INVALID_KEY);
|
||||||
|
|
||||||
znode = c->zroot.znode;
|
znode = c->zroot.znode;
|
||||||
if (unlikely(!znode)) {
|
if (unlikely(!znode)) {
|
||||||
|
@ -2966,7 +2967,7 @@ static struct ubifs_znode *right_znode(struct ubifs_info *c,
|
||||||
*
|
*
|
||||||
* This function searches an indexing node by its first key @key and its
|
* This function searches an indexing node by its first key @key and its
|
||||||
* address @lnum:@offs. It looks up the indexing tree by pulling all indexing
|
* address @lnum:@offs. It looks up the indexing tree by pulling all indexing
|
||||||
* nodes it traverses to TNC. This function is called fro indexing nodes which
|
* nodes it traverses to TNC. This function is called for indexing nodes which
|
||||||
* were found on the media by scanning, for example when garbage-collecting or
|
* were found on the media by scanning, for example when garbage-collecting or
|
||||||
* when doing in-the-gaps commit. This means that the indexing node which is
|
* when doing in-the-gaps commit. This means that the indexing node which is
|
||||||
* looked for does not have to have exactly the same leftmost key @key, because
|
* looked for does not have to have exactly the same leftmost key @key, because
|
||||||
|
@ -2988,6 +2989,8 @@ static struct ubifs_znode *lookup_znode(struct ubifs_info *c,
|
||||||
struct ubifs_znode *znode, *zn;
|
struct ubifs_znode *znode, *zn;
|
||||||
int n, nn;
|
int n, nn;
|
||||||
|
|
||||||
|
ubifs_assert(key_type(c, key) < UBIFS_INVALID_KEY);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The arguments have probably been read off flash, so don't assume
|
* The arguments have probably been read off flash, so don't assume
|
||||||
* they are valid.
|
* they are valid.
|
||||||
|
|
|
@ -119,8 +119,12 @@
|
||||||
* in TNC. However, when replaying, it is handy to introduce fake "truncation"
|
* in TNC. However, when replaying, it is handy to introduce fake "truncation"
|
||||||
* keys for truncation nodes because the code becomes simpler. So we define
|
* keys for truncation nodes because the code becomes simpler. So we define
|
||||||
* %UBIFS_TRUN_KEY type.
|
* %UBIFS_TRUN_KEY type.
|
||||||
|
*
|
||||||
|
* But otherwise, out of the journal reply scope, the truncation keys are
|
||||||
|
* invalid.
|
||||||
*/
|
*/
|
||||||
#define UBIFS_TRUN_KEY UBIFS_KEY_TYPES_CNT
|
#define UBIFS_TRUN_KEY UBIFS_KEY_TYPES_CNT
|
||||||
|
#define UBIFS_INVALID_KEY UBIFS_KEY_TYPES_CNT
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* How much a directory entry/extended attribute entry adds to the parent/host
|
* How much a directory entry/extended attribute entry adds to the parent/host
|
||||||
|
|
Loading…
Reference in New Issue