| To: | Lachlan McIlroy <lachlan@xxxxxxx> |
|---|---|
| Subject: | Re: [PATCH] Fix use-after-free with log and quotas |
| From: | Dave Chinner <david@xxxxxxxxxxxxx> |
| Date: | Sat, 13 Sep 2008 14:02:19 +1000 |
| Cc: | xfs-dev <xfs-dev@xxxxxxx>, xfs-oss <xfs@xxxxxxxxxxx> |
| In-reply-to: | <48CA2B23.4020405@xxxxxxx> |
| Mail-followup-to: | Lachlan McIlroy <lachlan@xxxxxxx>, xfs-dev <xfs-dev@xxxxxxx>, xfs-oss <xfs@xxxxxxxxxxx> |
| References: | <48CA2B23.4020405@xxxxxxx> |
| User-agent: | Mutt/1.5.18 (2008-05-17) |
On Fri, Sep 12, 2008 at 06:41:07PM +1000, Lachlan McIlroy wrote: > Destroying the quota stuff on unmount can access the log - ie XFS_QM_DONE() > ends up in xfs_dqunlock() which calls xfs_trans_unlocked_item() and then > xfs_log_move_tail(). By this time the log has already been destroyed. > Just move the cleanup of the quota code earlier in xfs_unmountfs() before > the call to xfs_log_unmount(). Moving XFS_QM_DONE() up near > XFS_QM_DQPURGEALL() seems like a good spot. FWIW, has this been actually seen in the real world? xfs_trans_unlocked_item() only does stuff if the log item is in the AIL. If we've already destroyed the log, then we should have already torn down the AIL and there should be no log items in the system that are in the AIL.... What am I missing here? Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: What happened to my XFS?, Peter Grandi |
|---|---|
| Next by Date: | Re: xfs bug/crash on, Dave Chinner |
| Previous by Thread: | Re: [PATCH] Fix use-after-free with log and quotas, Christoph Hellwig |
| Next by Thread: | Re: [PATCH] Fix use-after-free with log and quotas, Lachlan McIlroy |
| Indexes: | [Date] [Thread] [Top] [All Lists] |