From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932860AbdDEK0S (ORCPT <rfc822;w@1wt.eu>);
        Wed, 5 Apr 2017 06:26:18 -0400
Received: from szxga02-in.huawei.com ([45.249.212.188]:5337 "EHLO
        dggrg02-dlp.huawei.com" rhost-flags-OK-FAIL-OK-FAIL)
        by vger.kernel.org with ESMTP id S932269AbdDEK0R (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 5 Apr 2017 06:26:17 -0400
Subject: Re: [PATCH 3/3] f2fs: prevent waiter encountering incorrect discard
 states
To: Jaegeuk Kim <jaegeuk@kernel.org>
References: <20170327101406.56028-1-yuchao0@huawei.com>
 <20170327101406.56028-3-yuchao0@huawei.com>
 <20170327235608.GA4984@jaegeuk.local>
 <1040d25a-9cc8-a4c8-7143-a0375ecdeeb5@huawei.com>
 <b435e31f-5413-b392-4fc7-d0bcb1ef2600@huawei.com>
 <20170403174057.GB1076@jaegeuk.local>
CC: <linux-f2fs-devel@lists.sourceforge.net>,
        <linux-kernel@vger.kernel.org>, <chao@kernel.org>
From: Chao Yu <yuchao0@huawei.com>
Message-ID: <61dcdb40-0e30-fbc7-8bc3-19326c4eada4@huawei.com>
Date: Wed, 5 Apr 2017 18:25:49 +0800
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <20170403174057.GB1076@jaegeuk.local>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.134.22.195]
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0),
        refid=str=0001.0A020203.58E4C631.0024,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0,
        ip=0.0.0.0,
        so=2014-11-16 11:51:01,
        dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 4c3e3ab14b75972f4d0dd0724609f5c3
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2017/4/4 1:40, Jaegeuk Kim wrote:
> On 04/01, Chao Yu wrote:
>> Ping,
>>
>> Any problem here?
>>
>> Thanks,
>>
>> On 2017/3/28 9:17, Chao Yu wrote:
>>> On 2017/3/28 7:56, Jaegeuk Kim wrote:
>>>> On 03/27, Chao Yu wrote:
>>>>> In f2fs_submit_discard_endio, we will wake up waiter before setting
>>>>> discard command states, so waiter may use incorrect states. Change
>>>>> the order between complete() and states setting to fix this issue.
>>>>>
>>>>> Signed-off-by: Chao Yu <yuchao0@huawei.com>
>>>>> ---
>>>>>  fs/f2fs/segment.c | 2 +-
>>>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
>>>>> index 57a81f9c8c14..9f9542c9fe47 100644
>>>>> --- a/fs/f2fs/segment.c
>>>>> +++ b/fs/f2fs/segment.c
>>>>> @@ -717,9 +717,9 @@ static void f2fs_submit_discard_endio(struct bio *bio)
>>>>>  {
>>>>>  	struct discard_cmd *dc = (struct discard_cmd *)bio->bi_private;
>>>>>  
>>>>> -	complete(&dc->wait);
>>>>>  	dc->error = bio->bi_error;
>>>>>  	dc->state = D_DONE;
>>>>> +	complete(&dc->wait);
>>>>
>>>> If we set D_DONE first, the object can be released by __remove_discard_cmd()?
> 
> What I mean was about use-after-free.

I updated the patch, could you help to review it?

Thanks,

> 
> Thanks,
> 
>>>
>>> Yes, I think so.
>>>
>>> Thanks,
>>>
>>>>
>>>> Thanks,
>>>>
>>>>>  	bio_put(bio);
>>>>>  }
>>>>>  
>>>>> -- 
>>>>> 2.8.2.295.g3f1c1d0
>>>>
>>>> .
>>>>
> 
> .
> 

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Chao Yu <yuchao0@huawei.com>
Subject: Re: [PATCH 3/3] f2fs: prevent waiter encountering
 incorrect discard states
Date: Wed, 5 Apr 2017 18:25:49 +0800
Message-ID: <61dcdb40-0e30-fbc7-8bc3-19326c4eada4@huawei.com>
References: <20170327101406.56028-1-yuchao0@huawei.com>
	<20170327101406.56028-3-yuchao0@huawei.com>
	<20170327235608.GA4984@jaegeuk.local>
	<1040d25a-9cc8-a4c8-7143-a0375ecdeeb5@huawei.com>
	<b435e31f-5413-b392-4fc7-d0bcb1ef2600@huawei.com>
	<20170403174057.GB1076@jaegeuk.local>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-f2fs-devel-bounces@lists.sourceforge.net>
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
	helo=mx.sourceforge.net)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <yuchao0@huawei.com>) id 1cvi8f-0003xN-EB
	for linux-f2fs-devel@lists.sourceforge.net;
	Wed, 05 Apr 2017 10:26:09 +0000
Received: from [45.249.212.188] (helo=dggrg02-dlp.huawei.com)
	by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1cvi8c-0000fV-Pk
	for linux-f2fs-devel@lists.sourceforge.net;
	Wed, 05 Apr 2017 10:26:09 +0000
In-Reply-To: <20170403174057.GB1076@jaegeuk.local>
List-Id: <linux-f2fs-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel>,
	<mailto:linux-f2fs-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=linux-f2fs-devel>
List-Post: <mailto:linux-f2fs-devel@lists.sourceforge.net>
List-Help: <mailto:linux-f2fs-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel>,
	<mailto:linux-f2fs-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: linux-f2fs-devel-bounces@lists.sourceforge.net
To: Jaegeuk Kim <jaegeuk@kernel.org>
Cc: chao@kernel.org, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net

On 2017/4/4 1:40, Jaegeuk Kim wrote:
> On 04/01, Chao Yu wrote:
>> Ping,
>>
>> Any problem here?
>>
>> Thanks,
>>
>> On 2017/3/28 9:17, Chao Yu wrote:
>>> On 2017/3/28 7:56, Jaegeuk Kim wrote:
>>>> On 03/27, Chao Yu wrote:
>>>>> In f2fs_submit_discard_endio, we will wake up waiter before setting
>>>>> discard command states, so waiter may use incorrect states. Change
>>>>> the order between complete() and states setting to fix this issue.
>>>>>
>>>>> Signed-off-by: Chao Yu <yuchao0@huawei.com>
>>>>> ---
>>>>>  fs/f2fs/segment.c | 2 +-
>>>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
>>>>> index 57a81f9c8c14..9f9542c9fe47 100644
>>>>> --- a/fs/f2fs/segment.c
>>>>> +++ b/fs/f2fs/segment.c
>>>>> @@ -717,9 +717,9 @@ static void f2fs_submit_discard_endio(struct bio *bio)
>>>>>  {
>>>>>  	struct discard_cmd *dc = (struct discard_cmd *)bio->bi_private;
>>>>>  
>>>>> -	complete(&dc->wait);
>>>>>  	dc->error = bio->bi_error;
>>>>>  	dc->state = D_DONE;
>>>>> +	complete(&dc->wait);
>>>>
>>>> If we set D_DONE first, the object can be released by __remove_discard_cmd()?
> 
> What I mean was about use-after-free.

I updated the patch, could you help to review it?

Thanks,

> 
> Thanks,
> 
>>>
>>> Yes, I think so.
>>>
>>> Thanks,
>>>
>>>>
>>>> Thanks,
>>>>
>>>>>  	bio_put(bio);
>>>>>  }
>>>>>  
>>>>> -- 
>>>>> 2.8.2.295.g3f1c1d0
>>>>
>>>> .
>>>>
> 
> .
> 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot