Re: [PATCH] f2fs: fix ref of discard command

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/23, Chao Yu wrote:
> Hi Jaegeuk,
> 
> On 2017/6/12 11:04, Jaegeuk Kim wrote:
> > This patch resolves kernel panic for xfstests/081, caused by recent f2fs_bug_on
> > 
> >   f2fs: add f2fs_bug_on in __remove_discard_cmd
> > 
> > Signed-off-by: Jaegeuk Kim <jaegeuk@xxxxxxxxxx>
> > ---
> >  fs/f2fs/segment.c | 2 ++
> >  1 file changed, 2 insertions(+)
> > 
> > diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
> > index 86a0c1095939..a6d77388a806 100644
> > --- a/fs/f2fs/segment.c
> > +++ b/fs/f2fs/segment.c
> > @@ -1025,6 +1025,8 @@ static void __wait_discard_cmd(struct f2fs_sb_info *sbi, bool wait_cond)
> >  	list_for_each_entry_safe(dc, tmp, wait_list, list) {
> >  		if (!wait_cond || (dc->state == D_DONE && !dc->ref)) {
> >  			wait_for_completion_io(&dc->wait);
> > +			if (dc->state == D_DONE && dc->ref)
> > +				dc->ref--;
> 
> How about using ("f2fs: stop discard thread in prior during umount") instead of
> this one? As dereference of dc here will lead use-after-free of real referrer.

Yup, I'll also verify that.
Thank you. :)

> 
> Thanks,
> 
> >  			__remove_discard_cmd(sbi, dc);
> >  		} else {
> >  			dc->ref++;
> > 



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux