From: Al Viro <viro@ZenIV.linux.org.uk>
To: chenggang.qin@gmail.com
Cc: linux-kernel@vger.kernel.org,
chenggang <chenggang.qcg@alibaba-inc.com>,
Steven Rostedt <rostedt@goodmis.org>,
Frederic Weisbecker <fweisbec@gmail.com>,
Ingo Molnar <mingo@redhat.com>
Subject: Re: [PATCH] Tracepoint: Add 'file name' as a parameter of tracepoint events ext4:ext4_direct_IO_enter&ext4:ext4_direct_IO_exit
Date: Fri, 1 Feb 2013 19:34:02 +0000 [thread overview]
Message-ID: <20130201193402.GQ4503@ZenIV.linux.org.uk> (raw)
In-Reply-To: <510be15d.29bf440a.56c6.ffffb82e@mx.google.com>
On Fri, Feb 01, 2013 at 11:37:38PM +0800, chenggang.qin@gmail.com wrote:
> @@ -3213,13 +3214,15 @@ static ssize_t ext4_direct_IO(int rw, struct kiocb *iocb,
> if (ext4_has_inline_data(inode))
> return 0;
>
> - trace_ext4_direct_IO_enter(inode, offset, iov_length(iov, nr_segs), rw);
> + fname = file->f_path.dentry->d_name.name;
> + trace_ext4_direct_IO_enter(inode, offset, iov_length(iov, nr_segs), rw,
> + fname);
Oh, wonderful... "your patch is racy; there's no warranty that fname will
not be freed right under you" -- "OK, we shouldn't do it in VFS... let's
try to do exact same thing in ext4, then"
Let me spell it out for you: opened files *can* be renamed while they are
in the middle of IO. If both old and new names are short, the contents
of ->d_name.name will be overwritten, so dereferencing your fname can yield
a mix of old and new name, or something that isn't NUL-terminated. If they
are long enough, they will be allocated separately from struct dentry and
your fname can bloody well end up pointing to freed memory by the time you
get around to dereferencing it.
Again, there is no exclusion between ext4_direct_IO() (or its callers) and
rename(). The NAK still stands.
prev parent reply other threads:[~2013-02-01 19:34 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-01 15:37 [PATCH] Tracepoint: Add 'file name' as a parameter of tracepoint events ext4:ext4_direct_IO_enter&ext4:ext4_direct_IO_exit chenggang.qin
2013-02-01 16:26 ` Theodore Ts'o
2013-02-01 19:34 ` Al Viro [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130201193402.GQ4503@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=chenggang.qcg@alibaba-inc.com \
--cc=chenggang.qin@gmail.com \
--cc=fweisbec@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox