lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 09 Feb 2011 10:26:46 +0200
From:	Boaz Harrosh <bharrosh@...asas.com>
To:	Al Viro <viro@...iv.linux.org.uk>,
	Andrew Morton <akpm@...ux-foundation.org>
CC:	Christoph Hellwig <hch@...radead.org>,
	"Aneesh Kumar K. V" <aneesh.kumar@...ux.vnet.ibm.com>,
	Tao Ma <tm@....ma>, Nick Piggin <npiggin@...nel.dk>,
	linux-fsdevel@...r.kernel.org, linux-ext4@...r.kernel.org,
	Chris Mason <chris.mason@...cle.com>
Subject: [PATCH] VFS: call rcu_barrier after kill_sb.


In fa0d7e3, we use rcu free inode instead of freeing the inode
directly. It causes a crash when we rmmod immediately after
we umount the volume[1].

So we need to call rcu_barrier after we kill_sb so that
the inode is freed before we do rmmod. The idea is inspired
by Aneesh Kumar. rcu_barrier will wait for all callbacks
to end before preceding. The original patch was done by
Tao Ma, but synchronize_rcu() is not enough here.

1. http://marc.info/?l=linux-fsdevel&m=129680863330185&w=2

Cc: Nick Piggin <npiggin@...nel.dk>
Cc: Al Viro <viro@...iv.linux.org.uk>
Cc: Chris Mason <chris.mason@...cle.com>
Tested-by: Tao Ma <boyu.mt@...bao.com>
Signed-off-by: Boaz Harrosh <bharrosh@...asas.com>
---
 fs/super.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/fs/super.c b/fs/super.c
index 74e149e..7e9dd4c 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -177,6 +177,11 @@ void deactivate_locked_super(struct super_block *s)
 	struct file_system_type *fs = s->s_type;
 	if (atomic_dec_and_test(&s->s_active)) {
 		fs->kill_sb(s);
+		/*
+		 * We need to call rcu_barrier so all the delayed rcu free
+		 * inodes are flushed before we release the fs module.
+		 */
+		rcu_barrier();
 		put_filesystem(fs);
 		put_super(s);
 	} else {
-- 
1.7.2.3


--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ