On Tue, Aug 06, 2019 at 08:57:27AM -0400, Brian Foster wrote:
> On Tue, Aug 06, 2019 at 09:33:26AM +1000, Dave Chinner wrote:
> > I'll recheck this, but I'm pretty sure overwrite won't leave a
> > shadow buffer around.
> >
>
> But before that we have the following logic:
>
> static void
> xlog_cil_alloc_shadow_bufs(
> ...
>
> if (!lip->li_lv_shadow ||
> buf_size > lip->li_lv_shadow->lv_size) {
> ...
> lv = kmem_alloc_large(buf_size, KM_SLEEP | KM_NOFS);
> ...
> lip->li_lv_shadow = lv;
> } else {
> <reuse shadow>
> }
> ...
> }
>
> ... which always allocates a shadow buffer if one doesn't exist. We
> don't look at the currently used (lip->li_lv) buffer at all here. IIUC,
> that has to do with the TOCTOU race described in the big comment above
> the function.. hm?
You might be right there. I haven't had a chance to follow up on
this from yesterday yet, so I'll keep this in mind when I look at it
again.
Cheers,
Dave.
--
Dave Chinner
david@xxxxxxxxxxxxx
