[PATCH 2/2] xfs/051: test buffer use after free race on I/O failure in XFS log recovery
Dave Chinner
david at fromorbit.com
Mon Sep 8 05:47:49 CDT 2014
On Tue, Sep 02, 2014 at 10:22:41AM -0400, Brian Foster wrote:
> A buffer use after free race was discovered in the XFS log recovery
> codepath if I/O failures occur during recovery. The I/O submission path
> can abort the mount and release the only reference held on some buffers
> before I/O completion processing (e.g., async workqueue processing)
> might have completed. Badness ensues if the I/O completion path
> subsequently attempts to access said buffers.
.....
>
> case goes to Alex Lyakas.
> index 4d35df5..9784dea 100644
> --- a/tests/xfs/group
> +++ b/tests/xfs/group
> @@ -47,6 +47,7 @@
> 048 other auto quick
> 049 rw auto quick
> 050 quota auto quick
> +051 dangerous
I'm going to consider this auto/log/metadata rather than dangerous.
Once the bug is fixed, we want to continue running this test as a
regression test, and nobody does that with the dangerous group....
Cheers,
Dave.
--
Dave Chinner
david at fromorbit.com
More information about the xfs
mailing list