On Thu, Apr 05, 2018 at 08:11:46AM -0400, Brian Foster wrote: > A test case to reproduce a filestream/MRU use-after-free of a > reclaimed inode requires bits (e.g., ip->i_mount) of the inode to be > reset/reused once the inode memory is freed. This normally only > occurs when a new page is cycled into the zone, however. > > Perform the "one-time" inode init immediately prior to freeing > inodes when in DEBUG mode. This will zero the inode, init the low > level structures (locks, lists, etc.) and otherwise ensure each > inode is in a purely uninitialized state while sitting in the zone > as free memory. Does KASAN catch this use-after-free? i.e. Given that people regularly run fstests with KASAN enabled, do we need to change the code for the test to trigger detection? Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe linux-xfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
