* [PATCH] cifs: Possible slab memory corruption while updating extended stats (repost)
@ 2011-02-03 20:31 shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w
[not found] ` <1296765078-25531-1-git-send-email-shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
0 siblings, 1 reply; 5+ messages in thread
From: shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w @ 2011-02-03 20:31 UTC (permalink / raw)
To: smfrench-Re5JQEeQqe8AvxtiuMwx3w
Cc: linux-cifs-u79uwXL29TY76Z2rM5mHXA, Shirish Pargaonkar
From: Shirish Pargaonkar <shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Updating extended statistics here can cause slab memory corruption
if a callback function frees slab memory (mid_entry).
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
---
fs/cifs/connect.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 945b220..1f32a28 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -633,11 +633,11 @@ incomplete_rcv:
mid_entry->largeBuf = isLargeBuf;
multi_t2_fnd:
mid_entry->midState = MID_RESPONSE_RECEIVED;
- list_del_init(&mid_entry->qhead);
- mid_entry->callback(mid_entry);
#ifdef CONFIG_CIFS_STATS2
mid_entry->when_received = jiffies;
#endif
+ list_del_init(&mid_entry->qhead);
+ mid_entry->callback(mid_entry);
break;
}
mid_entry = NULL;
--
1.6.0.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] cifs: Possible slab memory corruption while updating extended stats (repost)
[not found] ` <1296765078-25531-1-git-send-email-shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
@ 2011-02-03 21:04 ` Jeff Layton
2011-02-04 3:18 ` Steve French
1 sibling, 0 replies; 5+ messages in thread
From: Jeff Layton @ 2011-02-03 21:04 UTC (permalink / raw)
To: shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w
Cc: smfrench-Re5JQEeQqe8AvxtiuMwx3w, linux-cifs-u79uwXL29TY76Z2rM5mHXA
On Thu, 3 Feb 2011 14:31:18 -0600
shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote:
> From: Shirish Pargaonkar <shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
>
>
> Updating extended statistics here can cause slab memory corruption
> if a callback function frees slab memory (mid_entry).
>
>
> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> ---
> fs/cifs/connect.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> index 945b220..1f32a28 100644
> --- a/fs/cifs/connect.c
> +++ b/fs/cifs/connect.c
> @@ -633,11 +633,11 @@ incomplete_rcv:
> mid_entry->largeBuf = isLargeBuf;
> multi_t2_fnd:
> mid_entry->midState = MID_RESPONSE_RECEIVED;
> - list_del_init(&mid_entry->qhead);
> - mid_entry->callback(mid_entry);
> #ifdef CONFIG_CIFS_STATS2
> mid_entry->when_received = jiffies;
> #endif
> + list_del_init(&mid_entry->qhead);
> + mid_entry->callback(mid_entry);
> break;
> }
> mid_entry = NULL;
Looks good.
Reviewed-by: Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] cifs: Possible slab memory corruption while updating extended stats (repost)
[not found] ` <1296765078-25531-1-git-send-email-shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2011-02-03 21:04 ` Jeff Layton
@ 2011-02-04 3:18 ` Steve French
[not found] ` <AANLkTi=_HAQfH2oGvBrd2gBLa05EFndnpFGOny0NGCgW-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
1 sibling, 1 reply; 5+ messages in thread
From: Steve French @ 2011-02-04 3:18 UTC (permalink / raw)
To: shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w
Cc: linux-cifs-u79uwXL29TY76Z2rM5mHXA
Good catch.
But doesn't this belong in stable?
On Thu, Feb 3, 2011 at 2:31 PM, <shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> From: Shirish Pargaonkar <shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
>
>
> Updating extended statistics here can cause slab memory corruption
> if a callback function frees slab memory (mid_entry).
>
>
> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> ---
> fs/cifs/connect.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> index 945b220..1f32a28 100644
> --- a/fs/cifs/connect.c
> +++ b/fs/cifs/connect.c
> @@ -633,11 +633,11 @@ incomplete_rcv:
> mid_entry->largeBuf = isLargeBuf;
> multi_t2_fnd:
> mid_entry->midState = MID_RESPONSE_RECEIVED;
> - list_del_init(&mid_entry->qhead);
> - mid_entry->callback(mid_entry);
> #ifdef CONFIG_CIFS_STATS2
> mid_entry->when_received = jiffies;
> #endif
> + list_del_init(&mid_entry->qhead);
> + mid_entry->callback(mid_entry);
> break;
> }
> mid_entry = NULL;
> --
> 1.6.0.2
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
Thanks,
Steve
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] cifs: Possible slab memory corruption while updating extended stats (repost)
[not found] ` <AANLkTi=_HAQfH2oGvBrd2gBLa05EFndnpFGOny0NGCgW-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
@ 2011-02-04 12:39 ` Jeff Layton
[not found] ` <20110204073925.3a21a048-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
0 siblings, 1 reply; 5+ messages in thread
From: Jeff Layton @ 2011-02-04 12:39 UTC (permalink / raw)
To: Steve French
Cc: shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w,
linux-cifs-u79uwXL29TY76Z2rM5mHXA
On Thu, 3 Feb 2011 21:18:18 -0600
Steve French <smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> Good catch.
>
> But doesn't this belong in stable?
>
No, it's a recent regression from the call timeout patches.
> On Thu, Feb 3, 2011 at 2:31 PM, <shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > From: Shirish Pargaonkar <shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> >
> >
> > Updating extended statistics here can cause slab memory corruption
> > if a callback function frees slab memory (mid_entry).
> >
> >
> > Signed-off-by: Shirish Pargaonkar <shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> > ---
> > fs/cifs/connect.c | 4 ++--
> > 1 files changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> > index 945b220..1f32a28 100644
> > --- a/fs/cifs/connect.c
> > +++ b/fs/cifs/connect.c
> > @@ -633,11 +633,11 @@ incomplete_rcv:
> > mid_entry->largeBuf = isLargeBuf;
> > multi_t2_fnd:
> > mid_entry->midState = MID_RESPONSE_RECEIVED;
> > - list_del_init(&mid_entry->qhead);
> > - mid_entry->callback(mid_entry);
> > #ifdef CONFIG_CIFS_STATS2
> > mid_entry->when_received = jiffies;
> > #endif
> > + list_del_init(&mid_entry->qhead);
> > + mid_entry->callback(mid_entry);
> > break;
> > }
> > mid_entry = NULL;
> > --
> > 1.6.0.2
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> > the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> >
>
>
>
--
Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] cifs: Possible slab memory corruption while updating extended stats (repost)
[not found] ` <20110204073925.3a21a048-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
@ 2011-02-04 20:21 ` Steve French
0 siblings, 0 replies; 5+ messages in thread
From: Steve French @ 2011-02-04 20:21 UTC (permalink / raw)
To: Jeff Layton
Cc: shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w,
linux-cifs-u79uwXL29TY76Z2rM5mHXA
On Fri, Feb 4, 2011 at 6:39 AM, Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:
> On Thu, 3 Feb 2011 21:18:18 -0600
> Steve French <smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
>> Good catch.
>>
>> But doesn't this belong in stable?
>>
>
> No, it's a recent regression from the call timeout patches.
Yes, you are right. It shows up in rc1, but not 2.6.37
--
Thanks,
Steve
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2011-02-04 20:21 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-02-03 20:31 [PATCH] cifs: Possible slab memory corruption while updating extended stats (repost) shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w
[not found] ` <1296765078-25531-1-git-send-email-shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2011-02-03 21:04 ` Jeff Layton
2011-02-04 3:18 ` Steve French
[not found] ` <AANLkTi=_HAQfH2oGvBrd2gBLa05EFndnpFGOny0NGCgW-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-02-04 12:39 ` Jeff Layton
[not found] ` <20110204073925.3a21a048-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2011-02-04 20:21 ` Steve French
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.