| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Apr 2015 15:11:37 -0400
From: Brian Foster <bfoster@...hat.com>
To: Waiman Long <Waiman.Long@...com>
Cc: Dave Chinner <david@...morbit.com>, xfs@....sgi.com,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] xfs: call xfs_idestroy_fork() in xfs_ilock() critical
section
On Wed, Apr 22, 2015 at 01:33:41PM -0400, Waiman Long wrote:
> The commit f7be2d7f594cbc ("xfs: push down inactive transaction
> mgmt for truncate") refactored the xfs_inactive() function
> in fs/xfs/xfs_inode.c. However, it also moved the call to
> xfs_idestroy_fork() from inside the xfs_ilock() critical section to
> outside. That was causing memory corruption and strange failures like
> deferencing NULL pointers in some circumstances.
>
> This patch moves the xfs_idestroy_fork() call back into an xfs_ilock()
> critical section to avoid memory corruption problem.
>
> Signed-off-by: Waiman Long <Waiman.Long@...com>
> ---
Interesting... so from your previous mail we have an inactive/reclaim
racing with an xfs_iflush_fork() of the attr fork, or something of that
nature? Is there a specific reproducer or is it some kind of stress
test?
Good catch in any case, it looks like a deviation from the previous
code...
> fs/xfs/xfs_inode.c | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
> index 6163767..31850fb 100644
> --- a/fs/xfs/xfs_inode.c
> +++ b/fs/xfs/xfs_inode.c
> @@ -1900,8 +1900,11 @@ xfs_inactive(
> return;
> }
>
> - if (ip->i_afp)
> + if (ip->i_afp) {
> + xfs_ilock(ip, XFS_ILOCK_EXCL);
> xfs_idestroy_fork(ip, XFS_ATTR_FORK);
> + xfs_iunlock(ip, XFS_ILOCK_EXCL);
> + }
It probably doesn't matter, but I wonder if it would be better to just
place the lock outside of the ip->i_afp check to preserve the original
behavior if nothing else...
Brian
>
> ASSERT(ip->i_d.di_anextents == 0);
>
> --
> 1.7.1
>
> _______________________________________________
> xfs mailing list
> xfs@....sgi.com
> http://oss.sgi.com/mailman/listinfo/xfs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists