Hi all, In this second series, I try to fix a use-after-free that I discovered during development of the dfops freezer, where BUI recovery releases the inode even if it requeues itself. If the inode gets reclaimed, the fs corrupts memory and explodes. The fix is to make the dfops capture struct take over ownership of the inodes if there's any more work to be done. This is a bit clunky, but it's a simpler mechanism than saving inode pointers and inode numbers and introducing tagged structures so that we can distinguish one from the other. v2: rebase atop the new defer capture code If you're going to start using this mess, you probably ought to just pull from my git trees, which are linked below. This is an extraordinary way to destroy everything. Enjoy! Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=fix-bmap-intent-recovery-5.10 --- fs/xfs/libxfs/xfs_defer.c | 45 ++++++++++++++++++++++- fs/xfs/libxfs/xfs_defer.h | 22 +++++++++++ fs/xfs/libxfs/xfs_log_recover.h | 11 +++++- fs/xfs/xfs_bmap_item.c | 78 ++++++++++++++++----------------------- fs/xfs/xfs_icache.c | 41 +++++++++++++++++++++ fs/xfs/xfs_log_recover.c | 35 +++++++++++++++--- fs/xfs/xfs_trans.h | 6 --- 7 files changed, 175 insertions(+), 63 deletions(-)
