Re: XFS regression? - David Chinner

linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: David Chinner <dgc@sgi.com>
To: Bhagi rathi <jahnu77@gmail.com>
Cc: Andrew Clayton <andrew@digital-domain.net>,
	David Chinner <dgc@sgi.com>,
	linux-fsdevel@vger.kernel.org, xfs@oss.sgi.com
Subject: Re: XFS regression?
Date: Mon, 15 Oct 2007 09:09:49 +1000	[thread overview]
Message-ID: <20071014230949.GO23367404@sgi.com> (raw)
In-Reply-To: <cc7060690710130635u2a85bc28we36b344c0987b691@mail.gmail.com>

On Sat, Oct 13, 2007 at 07:05:17PM +0530, Bhagi rathi wrote:
> David, Can you let me know the use after free problem? I want to understand
> how the life cycle of linux inode
> and xfs inode are related to log flush.

Log I/O completion:

  -> xfs_trans_commited
       -> xfs_iunpin(xfs inode)
         get linux inode from xfs inode
          -> mark_inode_dirty_sync(linux inode)

Freeing the linux inode:

clear_inode(linux_inode)
 -> xfs_inactive()
    -> xfs_trans_commit() (e.g. freeing data associated with unlinked inode)
       -> xfs_ipin()
    (link between xfs and linux inode broken)
  linux inode freed 
 
So, in log I/O completion, we can be completing a previous
transaction at the same time clear_inode() is running, and
hence in xfs_iunpin() we can race with the freeing of the
linux inode as xfs_iunpin does not hold any locks.

> Any pointer is also of great help.

/me points at the code.

Cheers,

Dave.
-- 
Dave Chinner
Principal Engineer
SGI Australian Software Group

next prev parent reply	other threads:[~2007-10-14 23:10 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-10-10 14:27 XFS regression? Andrew Clayton
2007-10-11  1:01 ` David Chinner
2007-10-11  9:05   ` Andrew Clayton
2007-10-11 14:15   ` Andrew Clayton
2007-10-11 21:53     ` David Chinner
2007-10-12  0:26       ` David Chinner
2007-10-12 11:36         ` Andrew Clayton
2007-10-12 13:28           ` Andrew Clayton
     [not found]           ` <cc7060690710130635u2a85bc28we36b344c0987b691@mail.gmail.com>
2007-10-14 23:09             ` David Chinner [this message]
2007-10-15  9:58               ` Bhagi rathi
2007-10-15 11:57                 ` David Chinner
2007-10-14 23:19           ` David Chinner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20071014230949.GO23367404@sgi.com \
    --to=dgc@sgi.com \
    --cc=andrew@digital-domain.net \
    --cc=jahnu77@gmail.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=xfs@oss.sgi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).