From: Dave Chinner <david@fromorbit.com>
To: Christoph Hellwig <hch@infradead.org>
Cc: xfs@oss.sgi.com, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 6/5]: XFS: Prevent use-after-free caused by synchronous inode reclaim
Date: Thu, 9 Oct 2008 19:07:41 +1100 [thread overview]
Message-ID: <20081009080741.GF9597@disturbed> (raw)
In-Reply-To: <20081009070245.GA16621@infradead.org>
On Thu, Oct 09, 2008 at 03:02:45AM -0400, Christoph Hellwig wrote:
> On Thu, Oct 09, 2008 at 03:21:34PM +1100, Dave Chinner wrote:
> > Folks,
> >
> > The following patch fixes a use after free I just found.
> > It appears that switching between SLAB and SLUB seems to
> > turn off slab/slub memory poisoning, so i d??dn't realise
> > I'd be running for some time without poisoning turned on.
> > Once I turned poisoning back on I found this use-after-free
> > immediately on the first unmount trying to reclaim a clean
> > realtime bitmap inode.
> >
> > With this patch, the netire patchset that I posted yesterday
> > passes xfsqa with memory poisoning turned on.
>
> Looks good.
>
> > + XFS_STATS_INC(vn_reclaim);
> > + if (xfs_reclaim(ip))
> > + panic("%s: cannot reclaim 0x%p\n", __func__, inode);
>
> Eventually we should kill the return value from xfs_reclaim and just put
> an assert directly into it. In fact given that xfs_reclaim is quite
> OS dependent we might just merge the content directly into
> destroy_inode.
Yeah, I was thinking of doing exactly that in this patch, but I
figured that I'd just do the minimum needed to fix the bug because
we're getting close to the next merge window.
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2008-10-09 8:06 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-07 21:52 [PATCH 0/5] Combine the XFS and Linux inode structures V2 Dave Chinner
2008-10-07 21:52 ` Dave Chinner
2008-10-07 21:52 ` [PATCH 1/5] XFS: factor xfs_iget_core() into hit and miss cases Dave Chinner
2008-10-07 21:52 ` [PATCH 2/5] XFS: Never call mark_inode_dirty_sync() directly Dave Chinner
2008-10-07 21:52 ` [PATCH 3/5] Inode: Allow external initialisers Dave Chinner
2008-10-14 7:00 ` Lachlan McIlroy
2008-10-14 6:53 ` Dave Chinner
2008-10-14 12:55 ` Christoph Hellwig
2008-10-15 1:09 ` Lachlan McIlroy
2008-10-07 21:52 ` [PATCH 4/5] Inode: Allow external list initialisation Dave Chinner
2008-10-07 21:52 ` [PATCH 5/5] XFS: Combine the XFS and Linux inodes V3 Dave Chinner
2008-10-09 4:21 ` [PATCH 6/5]: XFS: Prevent use-after-free caused by synchronous inode reclaim Dave Chinner
2008-10-09 4:21 ` Dave Chinner
2008-10-09 7:02 ` Christoph Hellwig
2008-10-09 8:07 ` Dave Chinner [this message]
2008-10-09 8:20 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081009080741.GF9597@disturbed \
--to=david@fromorbit.com \
--cc=hch@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.