davidlt/kernel-ark
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
e11bb8052c
kernel-ark/fs/xfs
History
Dave Chinner e11bb8052c xfs: synchronous buffer IO needs a reference 
When synchronous IO runs IO completion work, it does so without an
IO reference or a hold reference on the buffer. The IO "hold
reference" is owned by the submitter, and released when the
submission is complete. The IO reference is released when both the
submitter and the bio end_io processing is run, and so if the io
completion work is run from IO completion context, it is run without
an IO reference.

Hence we can get the situation where the submitter can submit the
IO, see an error on the buffer and unlock and free the buffer while
there is still IO in progress. This leads to use-after-free and
memory corruption.

Fix this by taking a "sync IO hold" reference that is owned by the
IO and not released until after the buffer completion calls are run
to wake up synchronous waiters. This means that the buffer will not
be freed in any circumstance until all IO processing is completed.

Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2014-10-02 09:04:11 +10:00
..
libxfs Merge branch 'xfs-misc-fixes-3.17-2' into for-next 2014-08-04 13:55:27 +10:00
Kconfig xfs: require 64-bit sector_t 2014-07-30 09:12:05 +10:00
kmem.c xfs: use NOIO contexts for vm_map_ram 2014-03-07 16:19:14 +11:00
kmem.h xfs: simplify kmem_{zone_}zalloc 2013-11-06 16:31:27 -06:00
Makefile xfs: add xfs_mount sysfs kobject 2014-07-15 08:07:01 +10:00
mrlock.h xfs: introduce CONFIG_XFS_WARN 2013-05-07 18:45:36 -05:00
time.h
uuid.c
uuid.h xfs: add CRC infrastructure 2012-11-19 20:11:24 -06:00
xfs_acl.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_acl.h xfs: use generic posix ACL infrastructure 2014-01-25 23:58:21 -05:00
xfs_aops.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_aops.h direct-io: Implement generic deferred AIO completions 2013-09-04 09:23:46 -04:00
xfs_attr_inactive.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_attr_list.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_attr.h xfs: kill xfs_vnodeops.[ch] 2013-08-12 16:53:39 -05:00
xfs_bit.c xfs: fix static and extern sparse warnings 2013-10-30 13:59:56 -05:00
xfs_bmap_util.c Merge branch 'xfs-misc-fixes-3.17-2' into for-next 2014-08-04 13:55:27 +10:00
xfs_bmap_util.h xfs: refine the allocation stack switch 2014-07-15 07:08:24 +10:00
xfs_buf_item.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_buf_item.h xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_buf.c xfs: synchronous buffer IO needs a reference 2014-10-02 09:04:11 +10:00
xfs_buf.h xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_dir2_readdir.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_discard.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_discard.h
xfs_dquot_item.c xfs: remove the quotaoff log format from the quotaoff log item 2013-12-13 11:34:08 +11:00
xfs_dquot_item.h xfs: remove the quotaoff log format from the quotaoff log item 2013-12-13 11:34:08 +11:00
xfs_dquot.c xfs: quotacheck leaves dquot buffers without verifiers 2014-08-04 12:43:26 +10:00
xfs_dquot.h xfs: run an eofblocks scan on ENOSPC/EDQUOT 2014-07-24 19:49:28 +10:00
xfs_error.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_error.h xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_export.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_export.h
xfs_extent_busy.c xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_extent_busy.h xfs: decouple inode and bmap btree header files 2013-10-23 16:28:49 -05:00
xfs_extfree_item.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_extfree_item.h xfs: split out EFI/EFD log item format definition 2013-08-12 16:07:13 -05:00
xfs_file.c Merge branch 'xfs-misc-fixes-3.17-2' into for-next 2014-08-04 13:55:27 +10:00
xfs_filestream.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_filestream.h xfs: add filestream allocator tracepoints 2014-04-23 07:11:52 +10:00
xfs_fs.h Merge branch 'xfs-misc-fixes-3.17-1' into for-next 2014-08-04 13:54:14 +10:00
xfs_fsops.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_fsops.h
xfs_globals.c xfs: add background scanning to clear eofblocks inodes 2012-11-08 15:34:59 -06:00
xfs_icache.c xfs: run an eofblocks scan on ENOSPC/EDQUOT 2014-07-24 19:49:28 +10:00
xfs_icache.h xfs: run an eofblocks scan on ENOSPC/EDQUOT 2014-07-24 19:49:28 +10:00
xfs_icreate_item.c xfs: format log items write directly into the linear CIL buffer 2013-12-13 11:34:02 +11:00
xfs_icreate_item.h xfs: separate icreate log format definitions from xfs_icreate_item.h 2013-08-12 16:10:35 -05:00
xfs_inode_item.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_inode_item.h xfs: remove the inode log format from the inode log item 2013-12-13 11:34:05 +11:00
xfs_inode.c xfs: kill VN_DIRTY() 2014-08-04 13:22:49 +10:00
xfs_inode.h xfs: kill xfs_vnode.h 2014-08-04 13:28:20 +10:00
xfs_ioctl32.c Merge branch 'xfs-misc-fixes-3.17-2' into for-next 2014-08-04 13:55:27 +10:00
xfs_ioctl32.h
xfs_ioctl.c Merge branch 'xfs-misc-fixes-3.17-2' into for-next 2014-08-04 13:55:27 +10:00
xfs_ioctl.h xfs: consolidate extent swap code 2013-08-12 16:56:06 -05:00
xfs_iomap.c Merge branch 'xfs-quota-eofblocks-scan' into for-next 2014-08-04 13:53:47 +10:00
xfs_iomap.h xfs: get rid of count from xfs_iomap_write_allocate() 2013-10-01 15:42:34 -05:00
xfs_iops.c xfs: fix rounding error of fiemap length parameter 2014-08-04 11:35:35 +10:00
xfs_iops.h xfs: use generic posix ACL infrastructure 2014-01-25 23:58:21 -05:00
xfs_itable.c xfs: introduce xfs_bulkstat_ag_ichunk 2014-08-04 11:22:31 +10:00
xfs_itable.h xfs: introduce xfs_bulkstat_ag_ichunk 2014-08-04 11:22:31 +10:00
xfs_linux.h Merge branch 'xfs-misc-fixes-3.17-2' into for-next 2014-08-04 13:55:27 +10:00
xfs_log_cil.c xfs: fix cil push sequence after log recovery 2014-07-24 20:49:40 +10:00
xfs_log_priv.h xfs: add xlog sysfs kobject and attribute handlers 2014-07-15 08:07:29 +10:00
xfs_log_recover.c xfs: dquot recovery needs verifiers 2014-08-04 12:59:31 +10:00
xfs_log.c xfs: force the log before shutting down 2014-10-02 09:02:28 +10:00
xfs_log.h xfs: log vector rounding leaks log space 2014-05-20 08:18:09 +10:00
xfs_message.c xfs: decouple log and transaction headers 2013-10-23 16:17:44 -05:00
xfs_message.h xfs: introduce CONFIG_XFS_WARN 2013-05-07 18:45:36 -05:00
xfs_mount.c Merge branch 'xfs-misc-fixes-3.17-2' into for-next 2014-08-04 13:55:27 +10:00
xfs_mount.h xfs: add xfs_mount sysfs kobject 2014-07-15 08:07:01 +10:00
xfs_mru_cache.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_mru_cache.h xfs: embedd mru_elem into parent structure 2014-04-23 07:11:51 +10:00
xfs_qm_bhv.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_qm_syscalls.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_qm.c Merge branch 'xfs-misc-fixes-3.17-2' into for-next 2014-08-04 13:55:27 +10:00
xfs_qm.h xfs: mark xfs_qm_quotacheck as static 2014-07-24 20:49:57 +10:00
xfs_quota.h xfs: split dquot buffer operations out 2013-10-23 14:28:35 -05:00
xfs_quotaops.c xfs: fix uflags detection at xfs_fs_rm_xquota 2014-07-24 21:27:17 +10:00
xfs_rtalloc.c xfs: require 64-bit sector_t 2014-07-30 09:12:05 +10:00
xfs_rtalloc.h xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_stats.c xfs: support the XFS_BTNUM_FINOBT free inode btree type 2014-04-24 16:00:52 +10:00
xfs_stats.h xfs: support the XFS_BTNUM_FINOBT free inode btree type 2014-04-24 16:00:52 +10:00
xfs_super.c Merge branch 'xfs-misc-fixes-3.17-1' into for-next 2014-08-04 13:54:14 +10:00
xfs_super.h xfs: require 64-bit sector_t 2014-07-30 09:12:05 +10:00
xfs_symlink.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_symlink.h xfs: push down inactive transaction mgmt for remote symlinks 2013-10-08 14:53:02 -05:00
xfs_sysctl.c xfs: Convert use of typedef ctl_table to struct ctl_table 2013-06-17 17:42:25 -05:00
xfs_sysctl.h xfs: add background scanning to clear eofblocks inodes 2012-11-08 15:34:59 -06:00
xfs_sysfs.c xfs: add log attributes for log lsn and grant head data 2014-07-15 08:07:48 +10:00
xfs_sysfs.h xfs: add xlog sysfs kobject and attribute handlers 2014-07-15 08:07:29 +10:00
xfs_trace.c xfs: add filestream allocator tracepoints 2014-04-23 07:11:52 +10:00
xfs_trace.h Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2014-06-12 10:30:18 -07:00
xfs_trans_ail.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_trans_buf.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_trans_dquot.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_trans_extfree.c xfs: decouple log and transaction headers 2013-10-23 16:17:44 -05:00
xfs_trans_inode.c xfs: open code inc_inode_iversion when logging an inode 2013-11-18 09:42:08 -06:00
xfs_trans_priv.h xfs: remove unused ail pointer arg from xfs_trans_ail_cursor_done() 2014-04-14 19:06:05 +10:00
xfs_trans.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs_trans.h xfs: format log items write directly into the linear CIL buffer 2013-12-13 11:34:02 +11:00
xfs_types.h xfs: require 64-bit sector_t 2014-07-30 09:12:05 +10:00
xfs_xattr.c xfs: global error sign conversion 2014-06-25 14:58:08 +10:00
xfs.h xfs: introduce CONFIG_XFS_WARN 2013-05-07 18:45:36 -05:00