Re: [PATCH] ext2: fix unbalanced kmap()/kunmap()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Theodore Tso <tytso@mit.edu>
To: Nicolas Pitre <nico@cam.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
	linux-ext4@vger.kernel.org, lkml <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] ext2: fix unbalanced kmap()/kunmap()
Date: Sat, 5 Sep 2009 08:59:30 -0400	[thread overview]
Message-ID: <20090905125930.GF16217@mit.edu> (raw)
In-Reply-To: <alpine.LFD.2.00.0909042343540.6044@xanadu.home>

On Sat, Sep 05, 2009 at 12:25:37AM -0400, Nicolas Pitre wrote:
> In ext2_rename(), dir_page is acquired through ext2_dotdot().  It is 
> then released through ext2_set_link() but only if old_dir != new_dir. 
> Failing that, the pkmap reference count is never decremented and the 
> page remains pinned forever.  Repeat that a couple times with highmem 
> pages and all pkmap slots get exhausted, and every further kmap() calls 
> end up stalling on the pkmap_map_wait queue at which point the whole 
> system comes to a halt.
> 
> Signed-off-by: Nicolas Pitre <nico@marvell.com>

Acked-by: "Theodore Ts'o" <tytso@mit.edu>

> I ran into this issue while testing highmem on ARM by running the git 
> test suite in a loop with 3 parallel instances.  Using the right mv 
> sequence in a script would constitute a pretty simple recipe for a 
> local DoS on systems running ext2 and highmem.  No idea if ext3 or ext4 
> have the same issue.

This is an ext2-only issue; for journalling reasons ext3 and ext4 read
and write the directory via buffer heads.  So this issue won't apply
for ext3 or ext4.

						- Ted

     prev parent reply	other threads:[~2009-09-05 12:59 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-09-05  4:25 [PATCH] ext2: fix unbalanced kmap()/kunmap() Nicolas Pitre
2009-09-05 12:59 ` Theodore Tso [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20090905125930.GF16217@mit.edu \
    --to=tytso@mit.edu \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nico@cam.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.