xfs
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

TAKE 987086 - Fix use-after-free with log and quotas

from [Lachlan McIlroy] [Permanent Link][Original]
To: sgi.bugs.xfs@xxxxxxxxxxxx, xfs@xxxxxxxxxxx
Subject: TAKE 987086 - Fix use-after-free with log and quotas
From: lachlan@xxxxxxx (Lachlan McIlroy)
Date: Thu, 18 Sep 2008 17:36:21 +1000 (EST)
Sender: xfs-bounce@xxxxxxxxxxx 
Fix use-after-free with log and quotas

Destroying the quota stuff on unmount can access the log - ie XFS_QM_DONE()
ends up in xfs_dqunlock() which calls xfs_trans_unlocked_item() and then
xfs_log_move_tail().  By this time the log has already been destroyed.
Just move the cleanup of the quota code earlier in xfs_unmountfs() before
the call to xfs_log_unmount().  Moving XFS_QM_DONE() up near
XFS_QM_DQPURGEALL() seems like a good spot. 

Date:  Thu Sep 18 17:35:23 AEST 2008
Workarea:  redback.melbourne.sgi.com:/home/lachlan/isms/2.6.x-tot
Inspected by:  
hch
lachlan
pleckie
Author:  lachlan

The following file(s) were checked into:
  longdrop.melbourne.sgi.com:/isms/linux/2.6.x-xfs-melb


Modid:  xfs-linux-melb:xfs-kern:32148a
fs/xfs/xfs_mount.c - 1.446 - changed
http://oss.sgi.com/cgi-bin/cvsweb.cgi/xfs-linux/xfs_mount.c.diff?r1=text&tr1=1.446&r2=text&tr2=1.445&f=h
        - Fix use-after-free with log and quotas
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • TAKE 987086 - Fix use-after-free with log and quotas, Lachlan McIlroy <=
Previous by Date:  Re: REVIEW: Fix for incore extent corruption., Lachlan McIlroy
Next by Date:  [GIT PULL] XFS update for 2.6.27, Lachlan McIlroy
Previous by Thread:  REVIEW: Fix for incore extent corruption., Russell Cattelan
Next by Thread:  [GIT PULL] XFS update for 2.6.27, Lachlan McIlroy
Indexes:  [Date] [Thread] [Top] [All Lists]