xfs
[Top] [All Lists]

Re: [PATCH] Fix use-after-free with log and quotas

To: Lachlan McIlroy <lachlan@xxxxxxx>
Subject: Re: [PATCH] Fix use-after-free with log and quotas
From: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Date: Fri, 12 Sep 2008 04:43:40 -0400
Cc: xfs-dev <xfs-dev@xxxxxxx>, xfs-oss <xfs@xxxxxxxxxxx>
In-reply-to: <48CA2B23.4020405@xxxxxxx>
References: <48CA2B23.4020405@xxxxxxx>
User-agent: Mutt/1.5.18 (2008-05-17)
On Fri, Sep 12, 2008 at 06:41:07PM +1000, Lachlan McIlroy wrote:
> Destroying the quota stuff on unmount can access the log - ie XFS_QM_DONE()
> ends up in xfs_dqunlock() which calls xfs_trans_unlocked_item() and then
> xfs_log_move_tail().  By this time the log has already been destroyed.
> Just move the cleanup of the quota code earlier in xfs_unmountfs() before
> the call to xfs_log_unmount().  Moving XFS_QM_DONE() up near
> XFS_QM_DQPURGEALL() seems like a good spot.

Yeah, I have something like this in my large mount/unmount audit.

Looks good, and I have to rebase all the other changes anyway.

<Prev in Thread] Current Thread [Next in Thread>