On Thu, Oct 09, 2008 at 03:21:34PM +1100, Dave Chinner wrote:
> Folks,
>
> The following patch fixes a use after free I just found.
> It appears that switching between SLAB and SLUB seems to
> turn off slab/slub memory poisoning, so i d??dn't realise
> I'd be running for some time without poisoning turned on.
> Once I turned poisoning back on I found this use-after-free
> immediately on the first unmount trying to reclaim a clean
> realtime bitmap inode.
>
> With this patch, the netire patchset that I posted yesterday
> passes xfsqa with memory poisoning turned on.
Looks good.
> + XFS_STATS_INC(vn_reclaim);
> + if (xfs_reclaim(ip))
> + panic("%s: cannot reclaim 0x%p\n", __func__, inode);
Eventually we should kill the return value from xfs_reclaim and just put
an assert directly into it. In fact given that xfs_reclaim is quite
OS dependent we might just merge the content directly into
destroy_inode.
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
