| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Jul 2010 14:11:17 +0200 From: Jan Kara <jack@...e.cz> To: Stephen Rothwell <sfr@...b.auug.org.au> Cc: Andrew Morton <akpm@...ux-foundation.org>, Dave Chinner <david@...morbit.com>, Al Viro <viro@...iv.linux.org.uk>, linux-next@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>, Christoph Hellwig <hch@....de>, Jens Axboe <axboe@...nel.dk>, Jan Kara <jack@...e.cz> Subject: Re: linux-next: OOPS at boot time On Wed 21-07-10 17:48:09, Stephen Rothwell wrote: > On Wed, 21 Jul 2010 00:29:07 -0700 Andrew Morton <akpm@...ux-foundation.org> wrote: > > > > On Wed, 21 Jul 2010 15:20:07 +1000 Dave Chinner <david@...morbit.com> wrote: > > > > > > and they were dirtied within dquot_free_space(). > > > > > > AFAICT dquot_free_space() is called deep in the guts of > > > ext3_truncate() via dquot_free_block(), which is called directly > > > before end_writeback(). That should overwrite any state changes made > > > inside ext3_truncate. I wonder if iput_final() is racing with > > > something else here? > > > > > > > This isn't a race. I type `make' and the warnings spew out at hundreds > > per second - every unlink, I'd say. > > Bisected to: > > commit 8bfe4a06746e5f03c02afe3ceb97b5364c099f63 > Author: Al Viro <viro@...iv.linux.org.uk> > Date: Sun Jun 6 07:08:19 2010 -0400 > > convert ext3 to ->evict_inode() > > Signed-off-by: Al Viro <viro@...iv.linux.org.uk> Thanks for bisecting this. The patch series indeed seems to uncover some discrepancies. Ext3 has always dirtied inode in it's ->delete_inode method (via quota code). But previously clear_inode() just overwrote the state with I_CLEAR and thus we never saw the BUG_ON. After Al's patches, i_state is set in end_writeback() which happens earlier. In particular it happens before ext3_free_inode() which dirties the inode through quota code while freeing xattrs - they are accounted in i_blocks, so i_blocks are updated during freeing and inode is dirtied. Actually, ext3_mark_inode_dirty() called during each mark_inode_dirty() call writes the inode state to the journal so the dirty flag in the inode state is in fact stale and overwriting it with I_CLEAR never mattered. In this sense, the BUG_ON triggered is a false positive. But I believe this is a separate story. I'm not sure how to really fix this. It seems a bit premature to me to mark inode as I_CLEAR before the filesystem is actually done with it. So maybe the line inode->i_state = I_FREEING | I_CLEAR; should be moved to evict() fuction? Honza -- Jan Kara <jack@...e.cz> SUSE Labs, CR -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists