| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Feb 2009 16:29:44 +0530 From: "Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com> To: Kazuya Mio <k-mio@...jp.nec.com> Cc: linux-ext4@...r.kernel.org Subject: Re: double free of blocks occurred during online defrag On Wed, Feb 25, 2009 at 04:14:46PM +0530, Aneesh Kumar K.V wrote: > On Wed, Feb 25, 2009 at 03:39:52PM +0900, Kazuya Mio wrote: > > Hi Aneesh, > > > > When I remove the file that is running online defrag, the following error occurs > > after closing the file descriptor: > > > > Jan 22 17:06:52 G3-OPC-SVR2 kernel: EXT4-fs error (device hda8): > > ext4_mb_release_inode_pa: free 2048, pa_free 1562 > > Jan 22 17:06:52 G3-OPC-SVR2 kernel: EXT4-fs error (device hda8): mb_free_blocks: > > double-free of inode 0's block 802817(bit 0 in group 98) > > Jan 22 17:06:52 G3-OPC-SVR2 kernel: EXT4-fs error (device hda8): mb_free_blocks: > > double-free of inode 0's block 802818(bit 1 in group 98) > > Jan 22 17:06:52 G3-OPC-SVR2 kernel: EXT4-fs error (device hda8): mb_free_blocks: > > double-free of inode 0's block 802819(bit 2 in group 98) > > Jan 22 17:06:52 G3-OPC-SVR2 kernel: EXT4-fs error (device hda8): mb_free_blocks: > > double-free of inode 0's block 802820(bit 3 in group 98) > > Jan 22 17:06:52 G3-OPC-SVR2 kernel: EXT4-fs error (device hda8): mb_free_blocks: > > double-free of inode 0's block 802821(bit 4 in group 98) > > Jan 22 17:06:52 G3-OPC-SVR2 kernel: EXT4-fs error (device hda8): mb_free_blocks: > > double-free of inode 0's block 802822(bit 5 in group 98) > > > > So, online defrag calls ext4_discard_preallocations() at the end of > > ext4_defrag() to avoid double-free error. > > However, above error hasn't occurred since applying your patch posted on Nov > > 6th, 2008 because this error is caused by the same reason of your report. > > http://marc.info/?l=linux-ext4&m=122599787406193&w=4 > > > > What is the status of this patch? > > We dropped the patch because I found that the double free in my case was > not exactly due the explanation given in the patch above. > > I asked to drop the patch in > > http://article.gmane.org/gmane.comp.file-systems.ext4/10199 > > I also found that the patch is not completely correct. The meta-data > blocks which are added to the free_list are not allocated from any > prealloc space. > > So what you are seeing may be a different problem which the patch is > hiding from happening. I guess you will have to look more closely at why the > double-free is happening in your case. I found one case of double-free , but not sure how the above patch is helping to avoid that. Any how here is the case: a) We have inode prealloc space. We allocated some blocks out of that for data b) We later free the data blocks. That means we mark the bits in bitmap and buddy as free. c) Now we want to discard the prealloc space. We look at the bitmap and try mark the blocks which are free in bitmap as free in buddy. But since the blocks are already marked free in buddy we hit the double free case. To fix this we will have to scan all the inode prealloc space of the group and if he blocks belong to the inode prealloc space we should not mark them free in buddy. -aneesh -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists