From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: Eric Sandeen <sandeen@sandeen.net>
Cc: linux-xfs@vger.kernel.org
Subject: Re: [PATCH 07/10] libxfs: refactor buffer item release code
Date: Mon, 22 Apr 2019 14:35:29 -0700 [thread overview]
Message-ID: <20190422213529.GD4676@magnolia> (raw)
In-Reply-To: <e964dcb8-5a9d-26bf-e5ac-7489c9f259a1@sandeen.net>
On Mon, Apr 22, 2019 at 04:26:58PM -0500, Eric Sandeen wrote:
> On 4/22/19 10:45 AM, Darrick J. Wong wrote:
> > From: Darrick J. Wong <darrick.wong@oracle.com>
> >
> > Refactor the buffer item release code into a helper, which we will use
> > in subsequent patches to make the buffer log item lifetime match the
> > kernel equivalents.
> >
> > Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
> > ---
> > libxfs/trans.c | 14 +++++++++++---
> > 1 file changed, 11 insertions(+), 3 deletions(-)
> >
> >
> > diff --git a/libxfs/trans.c b/libxfs/trans.c
> > index 9de77c8b..629501f8 100644
> > --- a/libxfs/trans.c
> > +++ b/libxfs/trans.c
> > @@ -505,6 +505,16 @@ libxfs_trans_ordered_buf(
> > return ret;
> > }
> >
> > +static void
> > +xfs_buf_item_put(
> > + struct xfs_buf_log_item *bip)
> > +{
> > + struct xfs_buf *bp = bip->bli_buf;
> > +
> > + bp->b_log_item = NULL;
> > + kmem_zone_free(xfs_buf_item_zone, bip);
> > +}
> > +
> > void
> > libxfs_trans_brelse(
> > xfs_trans_t *tp,
> > @@ -846,7 +856,6 @@ buf_item_done(
> >
> > bp = bip->bli_buf;
> > ASSERT(bp != NULL);
> > - bp->b_log_item = NULL; /* remove log item */
> > bp->b_transp = NULL; /* remove xact ptr */
> >
> > hold = (bip->bli_flags & XFS_BLI_HOLD);
> > @@ -861,8 +870,7 @@ buf_item_done(
> > bip->bli_flags &= ~XFS_BLI_HOLD;
> > else
> > libxfs_putbuf(bp);
> > - /* release the buf item */
> > - kmem_zone_free(xfs_buf_item_zone, bip);
> > + xfs_buf_item_put(bip);
>
> In xfs_buf_item_put(), we reach back up from bip to bip->bli_buf, which is
> the bp. This is after we did a libxfs_putbuf(bp) on that bp. Is there not
> a chance of use after free here? Enough puts and a shaker can run, right?
I think you're right, the xfs_buf_item_put should come before the
libxfs_putbuf.
--D
> > }
> >
> > static void
> >
next prev parent reply other threads:[~2019-04-22 21:35 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-22 15:44 [PATCH v3 00/10] xfsprogs-5.0: fix various problems Darrick J. Wong
2019-04-22 15:44 ` [PATCH 01/10] scrub: fix Makefile targets which depend on builddefs Darrick J. Wong
2019-04-22 18:27 ` Eric Sandeen
2019-04-22 18:28 ` Bill O'Donnell
2019-04-22 15:45 ` [PATCH 02/10] xfs_info: use findmnt to handle mounted block devices Darrick J. Wong
2019-04-22 18:35 ` Eric Sandeen
2019-04-22 19:27 ` Bill O'Donnell
2019-04-22 15:45 ` [PATCH 03/10] xfs_repair: correctly account for free space btree shrinks when fixing freelist Darrick J. Wong
2019-04-22 19:24 ` Eric Sandeen
2019-04-22 19:36 ` Bill O'Donnell
2019-04-22 15:45 ` [PATCH 04/10] libxfs: retain ifork_ops when flushing inode Darrick J. Wong
2019-04-22 19:40 ` Bill O'Donnell
2019-04-22 19:45 ` Eric Sandeen
2019-10-02 6:00 ` Arkadiusz Miśkiewicz
2019-04-22 15:45 ` [PATCH 05/10] libxfs: drop the ifork_ops parameter from _inode_verify_forks Darrick J. Wong
2019-04-22 19:43 ` Bill O'Donnell
2019-04-22 20:49 ` Eric Sandeen
2019-04-22 15:45 ` [PATCH 06/10] misc: fix strncpy length complaints Darrick J. Wong
2019-04-22 20:48 ` Eric Sandeen
2019-04-22 20:57 ` Darrick J. Wong
2019-04-22 21:04 ` Eric Sandeen
2019-04-22 21:07 ` Eric Sandeen
2019-04-23 15:07 ` Bill O'Donnell
2019-04-22 15:45 ` [PATCH 07/10] libxfs: refactor buffer item release code Darrick J. Wong
2019-04-22 21:26 ` Eric Sandeen
2019-04-22 21:35 ` Darrick J. Wong [this message]
2019-04-22 21:40 ` Eric Sandeen
2019-04-23 20:51 ` [PATCH v2 " Darrick J. Wong
2019-04-23 20:56 ` Bill O'Donnell
2019-04-22 15:45 ` [PATCH 08/10] libxfs: don't touch buffer log item pointer when flushing inode log item Darrick J. Wong
2019-04-23 17:56 ` Eric Sandeen
2019-04-23 20:52 ` Bill O'Donnell
2019-04-22 15:45 ` [PATCH 09/10] libxfs: fix buffer log item lifetime weirdness Darrick J. Wong
2019-04-23 21:15 ` Bill O'Donnell
2019-04-22 15:45 ` [PATCH 10/10] libxfs: shorten inode item lifetime Darrick J. Wong
2019-04-23 21:22 ` Bill O'Donnell
2019-04-23 21:04 ` [PATCH 11/10] libfrog: fix memory leak in bitmap_free Darrick J. Wong
2019-04-23 21:23 ` Bill O'Donnell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190422213529.GD4676@magnolia \
--to=darrick.wong@oracle.com \
--cc=linux-xfs@vger.kernel.org \
--cc=sandeen@sandeen.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.