From 78b6513d2881f1a759fb9825a036d926392de084 Mon Sep 17 00:00:00 2001 From: Jeff Mahoney Date: Mon, 30 Mar 2009 14:02:24 -0400 Subject: [PATCH] reiserfs: add locking around error buffer The formatting of the error buffer is race prone. It uses static buffers for both formatting and output. While overwriting the error buffer can product garbled output, overwriting the format buffer with incompatible % directives can cause crashes. Signed-off-by: Jeff Mahoney Signed-off-by: Linus Torvalds --- fs/reiserfs/prints.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/reiserfs/prints.c b/fs/reiserfs/prints.c index b87b23717c23..de71372f0dfe 100644 --- a/fs/reiserfs/prints.c +++ b/fs/reiserfs/prints.c @@ -184,7 +184,7 @@ static char *is_there_reiserfs_struct(char *fmt, int *what) printk ("bad key %lu %lu %lu %lu", key->k_dir_id, key->k_objectid, key->k_offset, key->k_uniqueness); */ - +static DEFINE_SPINLOCK(error_lock); static void prepare_error_buf(const char *fmt, va_list args) { char *fmt1 = fmt_buf; @@ -192,6 +192,8 @@ static void prepare_error_buf(const char *fmt, va_list args) char *p = error_buf; int what; + spin_lock(&error_lock); + strcpy(fmt1, fmt); while ((k = is_there_reiserfs_struct(fmt1, &what)) != NULL) { @@ -237,6 +239,7 @@ static void prepare_error_buf(const char *fmt, va_list args) fmt1 = k + 2; } vsprintf(p, fmt1, args); + spin_unlock(&error_lock); } -- 2.30.2