From mboxrd@z Thu Jan 1 00:00:00 1970 From: Bob Peterson Date: Tue, 15 Aug 2017 13:10:50 -0400 (EDT) Subject: [Cluster-devel] [PATCH] gfs2: fix slab corruption during mounting and umounting gfs file system In-Reply-To: <1502809381-62765-1-git-send-email-thomas.tai@oracle.com> References: <1502809381-62765-1-git-send-email-thomas.tai@oracle.com> Message-ID: <1824068695.880672.1502817050529.JavaMail.zimbra@redhat.com> List-Id: To: cluster-devel.redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit ----- Original Message ----- | When using cman-3.0.12.1 and gfs2-utils-3.0.12.1, mounting and | unmounting GFS2 file system would cause kernel to hang. The slab | allocator suggests that it is likely a double free memory corrruption. | The issue is traced back to v3.9-rc6 where a patch is submitted to | use kzalloc() for storing a bitmap instead of using a local variable. | The intention is to allocate memory during mounting and to free memory | during unmounting. The original patch misses a code path which has | already freed the memory and caused memory corruption. This patch sets | the memory pointer to NULL after the memory is freed, so that double | free memory corruption will not be happened. | | gdlm_mount() | '-- set_recover_size() which use kzalloc() | '-- if dlm does not support ops callbacks then | '--- free_recover_size() which use kfree() | | gldm_unmount() | '-- free_recover_size() which use kfree() | | Previous patch which introduce the double free issue is | commit 57c7310b8eb9 ("GFS2: use kmalloc for lvb bitmap") | | Signed-off-by: Thomas Tai | Reviewed-by: Liam R. Howlett | --- Hi, Thanks. This is now pushed to the for-next branch of the linux-gfs2 tree: https://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2.git/commit/fs/gfs2?h=for-next&id=cc1dfa8b7571ea16dec9a29e0f4c4cad90b2a761 Please note that I fixed up the grammar a bit in your patch description. Regards, Bob Peterson Red Hat File Systems