From: Johannes Thumshirn <jth@kernel.org>
To: linux-btrfs@vger.kernel.org
Cc: Filipe Manana <fdmanana@suse.com>,
Damien Le Moal <dlemoal@kernel.org>,
Johannes Thumshirn <johannes.thumshirn@wdc.com>,
Johannes Thumshirn <jth@kernel.org>,
Mark Harmstone <maharmstone@fb.com>,
Omar Sandoval <osandov@osandov.com>
Subject: [PATCH v3 0/2] btrfs: fix use-after-free in btrfs_encoded_read_endio
Date: Wed, 13 Nov 2024 18:16:47 +0100 [thread overview]
Message-ID: <cover.1731517699.git.jth@kernel.org> (raw)
Shinichiro reported a occassional memory corruption in our CI system with
btrfs/248 that lead to panics. He also managed to reproduce this
corruption reliably on one host. See patch 1/2 for details on the
corruption and the fix, patch 2/2 is a cleanup Damien suggested on top of
the fix to make the code more obvious.
Changes to v2:
- Make patch 1/2 only do the atomic_dec_and_test() as a minimal viable fix
- Make patch 2/2 only do completion and refcount_t
Link to v2:
https://lore.kernel.org/linux-btrfs/cover.1731407982.git.jth@kernel.org
Changes to v1:
- Update commit message of patch 1/1
- Prevent double-free of 'priv' in case of io_uring in 2/2
- Use wait_for_completion_io() in 2/2
- Convert priv->pending from atomic_t to refcount_t calling it refs in 2/2
Link to v1:
https://lore.kernel.org/linux-btrfs/cover.1731316882.git.jth@kernel.org
Johannes Thumshirn (2):
btrfs: fix use-after-free in btrfs_encoded_read_endio
btrfs: simplify waiting for encoded read endios
fs/btrfs/inode.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
--
2.43.0
next reply other threads:[~2024-11-13 17:17 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-13 17:16 Johannes Thumshirn [this message]
2024-11-13 17:16 ` [PATCH v3 1/2] btrfs: fix use-after-free in btrfs_encoded_read_endio Johannes Thumshirn
2024-11-13 19:30 ` Filipe Manana
2024-11-13 21:11 ` Qu Wenruo
2024-11-13 17:16 ` [PATCH v3 2/2] btrfs: simplify waiting for encoded read endios Johannes Thumshirn
2024-11-13 19:29 ` Filipe Manana
2024-11-13 21:11 ` Qu Wenruo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1731517699.git.jth@kernel.org \
--to=jth@kernel.org \
--cc=dlemoal@kernel.org \
--cc=fdmanana@suse.com \
--cc=johannes.thumshirn@wdc.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=maharmstone@fb.com \
--cc=osandov@osandov.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox