From: Dave Chinner <david@fromorbit.com>
To: Lachlan McIlroy <lachlan@sgi.com>
Cc: Sven Geggus <lists@fuchsschwanzdomain.de>, xfs@oss.sgi.com
Subject: Re: Ooops in Kernel 2.6.26.2
Date: Tue, 12 Aug 2008 11:55:08 +1000 [thread overview]
Message-ID: <20080812015508.GM6119@disturbed> (raw)
In-Reply-To: <489FF0EE.5040607@sgi.com>
On Mon, Aug 11, 2008 at 05:57:34PM +1000, Lachlan McIlroy wrote:
> The ticket allocation code got reworked in 2.6.26 and we now free
> tickets whereas before we used to cache them so the use-after-free
> went undetected.
>
> This patch should do the trick.
>
> --- a/fs/xfs/xfs_log.c 2008-08-11 17:47:18.000000000 +1000
> +++ b/fs/xfs/xfs_log.c 2008-08-11 17:53:24.000000000 +1000
> @@ -336,15 +364,12 @@ xfs_log_done(xfs_mount_t *mp,
> } else {
> xlog_trace_loggrant(log, ticket, "xfs_log_done: (permanent)");
> xlog_regrant_reserve_log_space(log, ticket);
> - }
> -
> - /* If this ticket was a permanent reservation and we aren't
> - * trying to release it, reset the inited flags; so next time
> - * we write, a start record will be written out.
> - */
> - if ((ticket->t_flags & XLOG_TIC_PERM_RESERV) &&
> - (flags & XFS_LOG_REL_PERM_RESERV) == 0)
> + /* If this ticket was a permanent reservation and we aren't
> + * trying to release it, reset the inited flags; so next time
> + * we write, a start record will be written out.
> + */
> ticket->t_flags |= XLOG_TIC_INITED;
> + }
>
> return lsn;
> } /* xfs_log_done */
Looks sane, Lachlan. Good catch, though it makes me wonder how we
didn't hit it in debug builds with memory poisoning turned on.
Compiler optimisation, perhaps?
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2008-08-12 1:54 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-08 18:09 Ooops in Kernel 2.6.26.2 Sven Geggus
[not found] ` <489FECCD.6050703@sgi.com>
[not found] ` <489FF0EE.5040607@sgi.com>
2008-08-12 1:55 ` Dave Chinner [this message]
2008-08-12 4:36 ` Lachlan McIlroy
2008-09-21 11:46 ` Sven Geggus
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080812015508.GM6119@disturbed \
--to=david@fromorbit.com \
--cc=lachlan@sgi.com \
--cc=lists@fuchsschwanzdomain.de \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.