[Top] [All Lists]

TAKE 952967 - BUG() in generic_delete_inode()

To: linux-xfs@xxxxxxxxxxx, sgi.bugs.xfs@xxxxxxxxxxxx
Subject: TAKE 952967 - BUG() in generic_delete_inode()
From: dgc@xxxxxxx (David Chinner)
Date: Thu, 14 Sep 2006 11:39:03 +1000 (EST)
Sender: xfs-bounce@xxxxxxxxxxx
Really fix use after free in xfs_iunpin.

The previous attempts to fix the linux inode use-after-free in
xfs_iunpin simply made the problem harder to hit. We actually need
complete exclusion between xfs_reclaim and xfs_iunpin, as well as
ensuring that the i_flags are consistent during both of these
functions. Introduce a new spinlock for exclusion and the i_flags,
and fix up xfs_iunpin to use igrab before marking the inode dirty.

Date:  Thu Sep 14 11:37:19 AEST 2006
Workarea:  chook.melbourne.sgi.com:/build/dgc/isms/2.6.x-xfs-new
Inspected by:  m-saito,masano,nathans

The following file(s) were checked into:

Modid:  xfs-linux-melb:xfs-kern:26964a
fs/xfs/xfs_vnodeops.c - 1.683 - changed
        - Use new i_flags_lock to protect i_flags.

fs/xfs/xfs_itable.c - 1.149 - changed
        - Use new i_flags_lock to protect i_flags.

fs/xfs/xfs_iget.c - 1.221 - changed
        - Use new i_flags_lock to protect i_flags.

fs/xfs/xfs_inode.c - 1.452 - changed
        - Fix xfs_iunpin to prevent use-after-free of the linux inode.

fs/xfs/xfs_inode.h - 1.216 - changed
        - Use new i_flags_lock to protect i_flags.

fs/xfs/linux-2.6/xfs_super.c - 1.370 - changed
        - Use new i_flags_lock to protect i_flags.

<Prev in Thread] Current Thread [Next in Thread>
  • TAKE 952967 - BUG() in generic_delete_inode(), David Chinner <=