| To: | Brian Foster <bfoster@xxxxxxxxxx> |
|---|---|
| Subject: | Re: [PATCH] xfs: fix buffer use after free on IO error |
| From: | Christoph Hellwig <hch@xxxxxxxxxxxxx> |
| Date: | Tue, 25 Mar 2014 06:17:05 -0700 |
| Cc: | Eric Sandeen <sandeen@xxxxxxxxxx>, xfs-oss <xfs@xxxxxxxxxxx> |
| Delivered-to: | xfs@xxxxxxxxxxx |
| In-reply-to: | <20140325125754.GA18691@xxxxxxxxxxxxxxx> |
| References: | <532CFA12.4040104@xxxxxxxxxx> <20140325125754.GA18691@xxxxxxxxxxxxxxx> |
| User-agent: | Mutt/1.5.21 (2010-09-15) |
> On Fri, Mar 21, 2014 at 09:48:50PM -0500, Eric Sandeen wrote: > > + /* > > + * If _xfs_buf_ioapply failed, we'll get back here with > > + * only the reference we took above. _xfs_buf_ioend will > > + * drop it to zero, so we'd better not queue it for later, > > + * or we'll free it before it's done. > > + */ > > + _xfs_buf_ioend(bp, bp->b_error ? 0 : 1); > > > > Out of curiosity, is there any major reason we don't use 0 here > unconditionally? Are we worried about I/O completing before we have a > chance to decrement the reference? I think this should unconditionally avoid the schedule, and while we're at it we should kill _xfs_buf_ioend and opencode it here and at the other callsite. Also atomic_dec_and_test really just returns true/false - there should ne no need for the explicit == 1 in the conditional. |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [PATCH] xfs: fix buffer use after free on IO error, Brian Foster |
|---|---|
| Next by Date: | Re: [PATCH 2/2] remove ancient sys_getdents code paths, Christoph Hellwig |
| Previous by Thread: | Re: [PATCH] xfs: fix buffer use after free on IO error, Brian Foster |
| Next by Thread: | Re: [PATCH] xfs: fix buffer use after free on IO error, Eric Sandeen |
| Indexes: | [Date] [Thread] [Top] [All Lists] |