linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Andrew Morton <akpm@linux-foundation.org>
To: Sergei Antonov <saproj@gmail.com>
Cc: Viacheslav Dubeyko <slava@dubeyko.com>,
	Anton Altaparmakov <aia21@cam.ac.uk>,
	"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
	Sasha Levin <sasha.levin@oracle.com>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Christoph Hellwig <hch@infradead.org>,
	Hin-Tak Leung <htl10@users.sourceforge.net>,
	Sougata Santra <sougata@tuxera.com>
Subject: Re: [PATCH] hfsplus: release bnode pages after use, not before
Date: Tue, 9 Jun 2015 15:15:45 -0700	[thread overview]
Message-ID: <20150609151545.8a146bb5d29051e604d4d211@linux-foundation.org> (raw)
In-Reply-To: <CABikg9wGLwmF8SkYdQs2Fw99gD14kSeiF6uWMYqQ_HRYqwNntg@mail.gmail.com>

On Mon, 8 Jun 2015 18:50:00 +0200 Sergei Antonov <saproj@gmail.com> wrote:

> >> You are basically saying you don___t understand it. Too bad, because the
> >> bug is very simple. It is the ___use after free___ type of bug, and it can
> >> be illustrated by this:
> >> (1) void *ptr = malloc(___);
> >> (2) free(ptr);
> >> (3) memcpy(___, ptr, 1);
> >> Guess which two of these three lines are executed in wrong order.
> >>
> >> My patch is about the same type of bug, but with memory pages mapping.
> >> The driver currently accesses pages that may be unavailable, or
> >> contain different data. The problem is more likely to occur when
> >> memory is a limited resource. I reproduced it while running a
> >> memory-hungry program.
> >
> > I worried not about myself but about potential readers of description of
> > the fix. The description is completely obscure. And it needs to describe
> > the fix in clear and descriptive manner. This is my request. Please,
> > describe the fix in a clear way.
> 
> The description is just right.

Yes, I too would like to hear much more about your thinking on this,
and a detailed description of the bug and how the patch fixes it.


The code is distressingly undocumented and has been that way since
Roman Zippel's original commit in 2004.

>From the looks of it, that loop in __hfs_bnode_create() is simply doing
readahead and is designed as a performance optimisation.  The pages are
pulled into pagecache in the expectation that they will soon be
accessed.  What your patch does is to instead pin the pages in
pagecache until the bnode is freed.  If we're going to do this then we
need to be very careful about worst-case scenarios: we could even run
the machine out of memory.

If I'm correct, and this is just readahead then the bug lies elsewhere:
if other parts of hfsplus are assuming that this memory is in pagecache
then that's an error - that code (where is it?) should instead be performing
a pagecache lookup and if the page isn't present, read it from disk
again.

But for others to be able to review and understand this change and
suggest alternatives, we'll need a much much better changelog!

  reply	other threads:[~2015-06-09 22:15 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-07  0:42 [PATCH] hfsplus: release bnode pages after use, not before Sergei Antonov
2015-06-08 15:45 ` Vyacheslav Dubeyko
2015-06-08 16:32   ` Sergei Antonov
2015-06-08 16:45     ` Viacheslav Dubeyko
2015-06-08 16:50       ` Sergei Antonov
2015-06-09 22:15         ` Andrew Morton [this message]
2015-06-09 23:00           ` Anton Altaparmakov
2015-06-09 23:08           ` Anton Altaparmakov
2015-06-09 23:16             ` Andrew Morton
2015-06-09 23:34               ` Anton Altaparmakov
2015-06-09 23:23             ` Anton Altaparmakov
2015-06-09 23:40           ` Sergei Antonov
2015-06-14  2:27             ` Hin-Tak Leung
2015-06-14 14:18               ` Sergei Antonov
2015-06-17 23:26                 ` Hin-Tak Leung
2015-06-18 13:09                   ` Sergei Antonov
2015-06-09 18:06 ` Anton Altaparmakov
     [not found] <1433781680.24509.YahooMailBasic@web172301.mail.ir2.yahoo.com>
2015-06-08 16:47 ` Sergei Antonov
     [not found] <1434584504.1063.YahooMailBasic@web172304.mail.ir2.yahoo.com>
2015-06-18  2:51 ` Hin-Tak Leung
2015-06-18 12:58   ` Sergei Antonov
2015-06-18 15:37     ` Hin-Tak Leung
2015-06-18 16:19       ` Sergei Antonov
2015-06-18 17:16         ` Hin-Tak Leung
2015-06-18 20:51           ` Sergei Antonov
2015-06-18 22:16             ` Hin-Tak Leung
2015-06-19  1:30               ` Sergei Antonov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150609151545.8a146bb5d29051e604d4d211@linux-foundation.org \
    --to=akpm@linux-foundation.org \
    --cc=aia21@cam.ac.uk \
    --cc=hch@infradead.org \
    --cc=htl10@users.sourceforge.net \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=saproj@gmail.com \
    --cc=sasha.levin@oracle.com \
    --cc=slava@dubeyko.com \
    --cc=sougata@tuxera.com \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).