[JFFS2] fix race condition in jffs2_lzo_compress()

deflate_mutex protects the globals lzo_mem and lzo_compress_buf.  However,
jffs2_lzo_compress() unlocks deflate_mutex _before_ it has copied out the
compressed data from lzo_compress_buf.  Correct this by moving the mutex
unlock after the copy.

In addition, document what deflate_mutex actually protects.

Cc: stable@kernel.org
Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
Acked-by: Richard Purdie <rpurdie@openedhand.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
This commit is contained in:
Geert Uytterhoeven 2008-11-05 23:21:16 +01:00 committed by David Woodhouse
parent 467622ef2a
commit dc8a0843a4

View file

@ -19,7 +19,7 @@
static void *lzo_mem; static void *lzo_mem;
static void *lzo_compress_buf; static void *lzo_compress_buf;
static DEFINE_MUTEX(deflate_mutex); static DEFINE_MUTEX(deflate_mutex); /* for lzo_mem and lzo_compress_buf */
static void free_workspace(void) static void free_workspace(void)
{ {
@ -49,18 +49,21 @@ static int jffs2_lzo_compress(unsigned char *data_in, unsigned char *cpage_out,
mutex_lock(&deflate_mutex); mutex_lock(&deflate_mutex);
ret = lzo1x_1_compress(data_in, *sourcelen, lzo_compress_buf, &compress_size, lzo_mem); ret = lzo1x_1_compress(data_in, *sourcelen, lzo_compress_buf, &compress_size, lzo_mem);
mutex_unlock(&deflate_mutex);
if (ret != LZO_E_OK) if (ret != LZO_E_OK)
return -1; goto fail;
if (compress_size > *dstlen) if (compress_size > *dstlen)
return -1; goto fail;
memcpy(cpage_out, lzo_compress_buf, compress_size); memcpy(cpage_out, lzo_compress_buf, compress_size);
*dstlen = compress_size; mutex_unlock(&deflate_mutex);
*dstlen = compress_size;
return 0; return 0;
fail:
mutex_unlock(&deflate_mutex);
return -1;
} }
static int jffs2_lzo_decompress(unsigned char *data_in, unsigned char *cpage_out, static int jffs2_lzo_decompress(unsigned char *data_in, unsigned char *cpage_out,