From: Brian Foster <bfoster@redhat.com>
To: Eryu Guan <guaneryu@gmail.com>
Cc: fstests@vger.kernel.org
Subject: Re: [PATCH v2] tests/xfs: filestream allocator inode use-after-free test
Date: Fri, 27 Apr 2018 07:26:38 -0400 [thread overview]
Message-ID: <20180427112638.GA9120@bfoster.bfoster> (raw)
In-Reply-To: <20180427020458.GJ11384@desktop>
On Fri, Apr 27, 2018 at 10:04:58AM +0800, Eryu Guan wrote:
> On Thu, Apr 26, 2018 at 08:04:44AM -0400, Brian Foster wrote:
> > The XFS filestreams allocator caches dir inode -> agno mappings in
> > an MRU mechanism that holds elements in memory for an amount of time
> > and then cleans up expired elements in the background. The elements
> > typically held inode pointers without holding a reference to the
> > associated inode. This means that if the inode is reclaimed before
> > an expired entry is cleaned up, the MRU reaper can access freed
> > memory and cause a panic.
> >
> > Test for this problem by performing continuous filestreams
> > allocations under short-lived parent directory inodes. This will
> > produce KASAN use-after-free splats if enabled during the test.
> >
> > Signed-off-by: Brian Foster <bfoster@redhat.com>
> > ---
> >
> > v2:
> > - Drop unnecessary _scratch_mount error check.
> > - Create and use helper for min. scratch dev size.
> > v1: https://marc.info/?l=fstests&m=152302430125453&w=2
> >
> > common/rc | 10 +++++
> > tests/xfs/445 | 109 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
> > tests/xfs/445.out | 2 +
> > tests/xfs/group | 1 +
> > 4 files changed, 122 insertions(+)
> > create mode 100755 tests/xfs/445
> > create mode 100644 tests/xfs/445.out
> >
> > diff --git a/common/rc b/common/rc
> > index 366489bb..ab15eca1 100644
> > --- a/common/rc
> > +++ b/common/rc
> > @@ -1600,6 +1600,16 @@ _require_scratch()
> > touch ${RESULT_DIR}/require_scratch
> > }
> >
> > +# require a scratch dev of a minimum size (in kb)
> > +_require_scratch_size()
> > +{
> > + [ $# -eq 1 ] || _fail "_require_scratch_size: expected size param"
> > +
> > + _require_scratch
> > + devsize=`_get_device_size $SCRATCH_DEV`
>
> I made it a 'local' variable.
>
Ok.
> [snip]
>
> > diff --git a/tests/xfs/group b/tests/xfs/group
> > index 831f2cfa..2a7dec6f 100644
> > --- a/tests/xfs/group
> > +++ b/tests/xfs/group
> > @@ -442,3 +442,4 @@
> > 442 auto stress clone quota
> > 443 auto quick ioctl fsr
> > 444 auto quick
> > +445 auto filestreams
>
> It looks like a 'quick' test too, it runs for around 15s on my test vm.
> Will add 'quick' group on commit.
>
Sounds good to me, thanks!
Brian
> Thanks,
> Eryu
>
> > --
> > 2.13.6
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe fstests" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> --
> To unsubscribe from this list: send the line "unsubscribe fstests" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2018-04-27 11:26 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-26 12:04 [PATCH v2] tests/xfs: filestream allocator inode use-after-free test Brian Foster
2018-04-27 2:04 ` Eryu Guan
2018-04-27 11:26 ` Brian Foster [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180427112638.GA9120@bfoster.bfoster \
--to=bfoster@redhat.com \
--cc=fstests@vger.kernel.org \
--cc=guaneryu@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox