Re: [f2fs-dev] [PATCH 08/12] f2fs: introduce a shrinker for mounted fs

From: Jaegeuk Kim
Date: Sat Jul 04 2015 - 00:52:19 EST

On Thu, Jul 02, 2015 at 08:32:39PM +0800, Chao Yu wrote:
> > -----Original Message-----
> > From: Jaegeuk Kim [mailto:jaegeuk@xxxxxxxxxx]
> > Sent: Tuesday, June 30, 2015 2:40 AM
> > To: linux-kernel@xxxxxxxxxxxxxxx; linux-fsdevel@xxxxxxxxxxxxxxx;
> > linux-f2fs-devel@xxxxxxxxxxxxxxxxxxxxx
> > Cc: Jaegeuk Kim
> > Subject: [f2fs-dev] [PATCH 08/12] f2fs: introduce a shrinker for mounted fs
> >
> > This patch introduces a shrinker targeting to reduce memory footprint consumed
> > by a number of in-memory f2fs data structures.
> >
> > In addition, it newly adds:
> > - sbi->umount_mutex to avoid data races on shrinker and put_super
> > - sbi->shruinker_run_no to not revisit objects
> >
> > Noteh that the basic implementation was copied from fs/btrfs/shrinker.c
>
> This file seems not exist...
>
> > @@ -1310,6 +1328,7 @@ free_root_inode:
> > dput(sb->s_root);
> > sb->s_root = NULL;
> > free_node_inode:
> > + f2fs_leave_shrinker(sbi);
>
> We should detach shrinker under sbi->umount_mutex.
> Otherwise we will access freed memory in following call path:
>
> mount shrinker
> ->fill_super
> Failed after f2fs_join_shrinker
> ->f2fs_leave_shrinker
> ->f2fs_shrink_scan
> spin_lock
> get sbi pointer
> spin_unlock
> spin_lock
> list_del sbi->s_list
> spin_unlock
> free sbi
> use-after-free for sbi

Right, confirmed this.

Thanks,

>
> Thanks,
>
> ------------------------------------------------------------------------------
> Don't Limit Your Business. Reach for the Cloud.
> GigeNET's Cloud Solutions provide you with the tools and support that
> you need to offload your IT needs and focus on growing your business.
> Configured For All Businesses. Start Your Cloud Today.
> https://www.gigenetcloud.com/
> _______________________________________________
> Linux-f2fs-devel mailing list
> Linux-f2fs-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/