[03/18] fs_context: fix detecting full log buffer

Commit Message

Eric Biggers July 8, 2018, 9:01 p.m. UTC

From: Eric Biggers <ebiggers@google.com>

When 'head' and 'tail' wrap around, 'log->head - log->tail' will be
something like '4 - 252 = -248', and comparing that directly to the
array size is wrong.  Fix by casting to 'u8'.

Fixes: 09aeca629fb3 ("vfs: Implement logging through fs_context")
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 fs/fs_context.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

David Howells July 9, 2018, 9:32 a.m. UTC | #1

Eric Biggers <ebiggers3@gmail.com> wrote:

> When 'head' and 'tail' wrap around, 'log->head - log->tail' will be
> something like '4 - 252 = -248', and comparing that directly to the
> array size is wrong.  Fix by casting to 'u8'.

I think a better fix is to use CIRC_CNT() or CIRC_SPACE().

David

David Howells July 9, 2018, 9:35 a.m. UTC | #2

David Howells <dhowells@redhat.com> wrote:

> > When 'head' and 'tail' wrap around, 'log->head - log->tail' will be
> > something like '4 - 252 = -248', and comparing that directly to the
> > array size is wrong.  Fix by casting to 'u8'.
> 
> I think a better fix is to use CIRC_CNT() or CIRC_SPACE().

Or it would be - if CIRC_CNT() and CIRC_SPACE() didn't leave a hole in the
buffer - but that's unnecessary if the head and tail counters can hold 2x the
ring size or more.

David

Patch

diff --git a/fs/fs_context.c b/fs/fs_context.c
index 97e8c1dc4e3b1..a0e22f4c6b64a 100644
--- a/fs/fs_context.c
+++ b/fs/fs_context.c
@@ -418,7 +418,9 @@  void logfc(struct fs_context *fc, const char *fmt, ...)
 	freeable = 0;
 store_string:
 	index = log->head & (logsize - 1);
-	if ((int)log->head - (int)log->tail == 8) {
+	BUILD_BUG_ON(sizeof(log->head) != sizeof(u8) ||
+		     sizeof(log->tail) != sizeof(u8));
+	if ((u8)(log->head - log->tail) == logsize) {
 		/* The buffer is full, discard the oldest message */
 		if (log->need_free & (1 << index))
 			kfree(log->buffer[index]);