On Sun, Nov 24, 2013 at 01:18:30AM -0800, Christoph Hellwig wrote:
> On Sat, Nov 23, 2013 at 07:11:56AM -0800, Christoph Hellwig wrote:
> > No need to allocate large chunks of memory to format each extent into
> > an array when logging the EFI or EFD items. Instead just point to the
> > bmap free list and only generate the log format at iop_format time.
> > Also get rid of the now almost empty xfs_trans_extfree.c by merging it
> > into xfs_extfree_item.c.
> > Signed-off-by: Christoph Hellwig <hch@xxxxxx>
> Turns out this version can fairly easily cause use after frees, so it'll
> need a bit of an overhaul to get the lifetime rules right.
Yeah, you can't use the freelist structure like that - it's a
linked, which you copy the freelist structure when logging the
EFI/EFD, and then free the items on the linked list. Then when
formatting the structure, you walk the list attached to the copy of
the freelist structure, which has alreayd been freed.
Basically, we've got a bunch of nasty life cycle issues around the
EFI/EFD that need to be fixed. Firstly, the EFD code assumes that
the EFI always outlives it, but we don't take a reference when we
connect the EFD to the EFI - the EFI is created with the reference
for the EFD already added to it. Then in abort cases we simply free
the EFI, even though there may be an EFD that still references it...
So I think that this needs to be fixed up before you can even
consider sharing something like a reference counted freelist
structure between the EFI/EFD structures....