[PATCH] Do not access buffers after dropping reference count

public inbox for linux-xfs@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] Do not access buffers after dropping reference count
@ 2008-07-22  2:16 Lachlan McIlroy
  2008-07-22  2:24 ` Dave Chinner
  0 siblings, 1 reply; 3+ messages in thread
From: Lachlan McIlroy @ 2008-07-22  2:16 UTC (permalink / raw)
  To: xfs-dev, xfs-oss

We should not access a buffer after dropping it's reference count otherwise
we could race with another thread that releases the final reference count
and frees the buffer causing us to access potentially unmapped memory.

Lachlan

--- fs/xfs/linux-2.6/xfs_buf.c_1.257	2008-07-16 17:38:00.000000000 +1000
+++ fs/xfs/linux-2.6/xfs_buf.c	2008-07-22 12:05:50.000000000 +1000
@@ -839,6 +839,7 @@ xfs_buf_rele(
 		return;
 	}
 
+	ASSERT(atomic_read(&bp->b_hold) > 0);
 	if (atomic_dec_and_lock(&bp->b_hold, &hash->bh_lock)) {
 		if (bp->b_relse) {
 			atomic_inc(&bp->b_hold);
@@ -852,11 +853,6 @@ xfs_buf_rele(
 			spin_unlock(&hash->bh_lock);
 			xfs_buf_free(bp);
 		}
-	} else {
-		/*
-		 * Catch reference count leaks
-		 */
-		ASSERT(atomic_read(&bp->b_hold) >= 0);
 	}
 }
 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] Do not access buffers after dropping reference count
  2008-07-22  2:16 [PATCH] Do not access buffers after dropping reference count Lachlan McIlroy
@ 2008-07-22  2:24 ` Dave Chinner
  2008-07-22  2:55   ` Lachlan McIlroy
  0 siblings, 1 reply; 3+ messages in thread
From: Dave Chinner @ 2008-07-22  2:24 UTC (permalink / raw)
  To: Lachlan McIlroy; +Cc: xfs-dev, xfs-oss

On Tue, Jul 22, 2008 at 12:16:45PM +1000, Lachlan McIlroy wrote:
> We should not access a buffer after dropping it's reference count otherwise
> we could race with another thread that releases the final reference count
> and frees the buffer causing us to access potentially unmapped memory.

Looks OK. The commit message should point out this is a problem
only for DEBUG kernels, though.

Cheers,

Dave.
-- 
Dave Chinner
david@fromorbit.com

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] Do not access buffers after dropping reference count
  2008-07-22  2:24 ` Dave Chinner
@ 2008-07-22  2:55   ` Lachlan McIlroy
  0 siblings, 0 replies; 3+ messages in thread
From: Lachlan McIlroy @ 2008-07-22  2:55 UTC (permalink / raw)
  To: Lachlan McIlroy, xfs-dev, xfs-oss

Dave Chinner wrote:
> On Tue, Jul 22, 2008 at 12:16:45PM +1000, Lachlan McIlroy wrote:
>> We should not access a buffer after dropping it's reference count otherwise
>> we could race with another thread that releases the final reference count
>> and frees the buffer causing us to access potentially unmapped memory.
> 
> Looks OK. The commit message should point out this is a problem
> only for DEBUG kernels, though.

Okay, will do.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2008-07-22  2:49 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-07-22  2:16 [PATCH] Do not access buffers after dropping reference count Lachlan McIlroy
2008-07-22  2:24 ` Dave Chinner
2008-07-22  2:55   ` Lachlan McIlroy

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox