Re: [PATCH] ext4: Fix warning in ext4_evict_inode()

linux-ext4.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Guenter Roeck <linux@roeck-us.net>
To: Jan Kara <jack@suse.cz>
Cc: Ted Tso <tytso@mit.edu>, linux-ext4@vger.kernel.org
Subject: Re: [PATCH] ext4: Fix warning in ext4_evict_inode()
Date: Tue, 9 Jul 2013 13:38:08 -0700	[thread overview]
Message-ID: <20130709203808.GA6382@roeck-us.net> (raw)
In-Reply-To: <1373399484-10406-1-git-send-email-jack@suse.cz>

On Tue, Jul 09, 2013 at 09:51:24PM +0200, Jan Kara wrote:
> The following race can lead to ext4_evict_inode() seeing i_ioend_count
> > 0 and thus triggering a sanity check warning:
> 
>         CPU1                                    CPU2
> ext4_end_bio()                          ext4_evict_inode()
>   ext4_finish_bio()
>     end_page_writeback();
>                                           truncate_inode_pages()
>                                             evict page
>                                         WARN_ON(i_ioend_count > 0);
>   ext4_put_io_end_defer()
>     ext4_release_io_end()
>       dec i_ioend_count
> 
> This is possible use-after-free bug since we decrement i_ioend_count in
> possibly released inode.
> 
> Since i_ioend_count is used only for sanity checks one possible solution
> would be to just remove it but for now I'd like to keep those sanity
> checks to help debugging the new ext4 writeback code.
> 
> This patch changes ext4_end_bio() to call ext4_put_io_end_defer() before
> ext4_finish_bio() in the shortcut case when unwritten extent conversion
> isn't needed. In that case we don't need the io_end so we are safe to
> drop it early.
> 
> Reported-by: Guenter Roeck <linux@roeck-us.net>
> Signed-off-by: Jan Kara <jack@suse.cz>
> ---

I just saw the problem again, oddly enough while building an image
with this patch.

I'll run the kernel with the patch and let you know how it goes.

Guenter

next prev parent reply	other threads:[~2013-07-09 20:38 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-07-09 19:51 [PATCH] ext4: Fix warning in ext4_evict_inode() Jan Kara
2013-07-09 20:38 ` Guenter Roeck [this message]
2013-07-10 18:46 ` Guenter Roeck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130709203808.GA6382@roeck-us.net \
    --to=linux@roeck-us.net \
    --cc=jack@suse.cz \
    --cc=linux-ext4@vger.kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).