From: Chandan Babu R <chandanrlinux@gmail.com>
To: "Darrick J. Wong" <djwong@kernel.org>
Cc: sandeen@sandeen.net, darrick.wong@oracle.com, linux-xfs@vger.kernel.org
Subject: Re: [PATCH 3/3] xfs_scrub: handle concurrent directory updates during name scan
Date: Tue, 12 Jan 2021 16:45:35 +0530 [thread overview]
Message-ID: <87a6tev220.fsf@garuda> (raw)
In-Reply-To: <161017373322.1142776.5174880606166253807.stgit@magnolia>
On 09 Jan 2021 at 11:58, Darrick J. Wong wrote:
> From: Darrick J. Wong <djwong@kernel.org>
>
> The name scanner in xfs_scrub cannot lock a namespace (dirent or xattr)
> and the kernel does not provide a stable cursor interface, which means
> that we can see the same byte sequence multiple times during a scan.
> This isn't a confusing name error since the kernel enforces uniqueness
> on the byte sequence, so all we need to do here is update the old entry.
>
> Signed-off-by: Darrick J. Wong <djwong@kernel.org>
> ---
> scrub/unicrash.c | 16 +++++++++++++++-
> 1 file changed, 15 insertions(+), 1 deletion(-)
>
>
> diff --git a/scrub/unicrash.c b/scrub/unicrash.c
> index de3217c2..f5407b5e 100644
> --- a/scrub/unicrash.c
> +++ b/scrub/unicrash.c
> @@ -68,7 +68,7 @@ struct name_entry {
>
> xfs_ino_t ino;
>
> - /* Raw UTF8 name */
> + /* Raw dirent name */
> size_t namelen;
> char name[0];
> };
> @@ -627,6 +627,20 @@ unicrash_add(
> uc->buckets[bucket] = new_entry;
>
> while (entry != NULL) {
> + /*
> + * If we see the same byte sequence then someone's modifying
> + * the namespace while we're scanning it. Update the existing
> + * entry's inode mapping and erase the new entry from existence.
> + */
> + if (new_entry->namelen == entry->namelen &&
> + !memcmp(new_entry->name, entry->name, entry->namelen)) {
> + entry->ino = new_entry->ino;
> + uc->buckets[bucket] = new_entry->next;
> + name_entry_free(new_entry);
> + *badflags = 0;
> + continue;
If the above condition evaluates to true, the memory pointed to by "new_entry"
is freed. The "continue" statement would cause the while loop to be executed
once more. At this stage, "entry" will still have the previously held non-NULL
value and hence the while loop is executed once more causing the invalid
address in "new_entry" to be dereferenced.
> + }
> +
> /* Same normalization? */
> if (new_entry->normstrlen == entry->normstrlen &&
> !u_strcmp(new_entry->normstr, entry->normstr) &&
--
chandan
next prev parent reply other threads:[~2021-01-12 11:16 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-09 6:28 [PATCHSET 0/3] various: random fixes Darrick J. Wong
2021-01-09 6:28 ` [PATCH 1/3] misc: fix valgrind complaints Darrick J. Wong
2021-01-11 13:38 ` Chandan Babu R
2021-01-12 1:22 ` Darrick J. Wong
2021-01-11 17:27 ` Christoph Hellwig
2021-01-12 1:22 ` Darrick J. Wong
2021-01-09 6:28 ` [PATCH 2/3] xfs_scrub: load and unload libicu properly Darrick J. Wong
2021-01-11 14:15 ` Chandan Babu R
2021-01-12 1:21 ` Darrick J. Wong
2021-01-09 6:28 ` [PATCH 3/3] xfs_scrub: handle concurrent directory updates during name scan Darrick J. Wong
2021-01-12 11:15 ` Chandan Babu R [this message]
2021-01-12 17:13 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a6tev220.fsf@garuda \
--to=chandanrlinux@gmail.com \
--cc=darrick.wong@oracle.com \
--cc=djwong@kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=sandeen@sandeen.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.