RE: [f2fs-dev] [PATCH 08/12] f2fs: introduce a shrinker for mounted fs

From: Chao Yu
Date: Thu Jul 02 2015 - 08:38:11 EST


> -----Original Message-----
> From: Jaegeuk Kim [mailto:jaegeuk@xxxxxxxxxx]
> Sent: Tuesday, June 30, 2015 2:40 AM
> To: linux-kernel@xxxxxxxxxxxxxxx; linux-fsdevel@xxxxxxxxxxxxxxx;
> linux-f2fs-devel@xxxxxxxxxxxxxxxxxxxxx
> Cc: Jaegeuk Kim
> Subject: [f2fs-dev] [PATCH 08/12] f2fs: introduce a shrinker for mounted fs
>
> This patch introduces a shrinker targeting to reduce memory footprint consumed
> by a number of in-memory f2fs data structures.
>
> In addition, it newly adds:
> - sbi->umount_mutex to avoid data races on shrinker and put_super
> - sbi->shruinker_run_no to not revisit objects
>
> Noteh that the basic implementation was copied from fs/btrfs/shrinker.c

This file seems not exist...

> @@ -1310,6 +1328,7 @@ free_root_inode:
> dput(sb->s_root);
> sb->s_root = NULL;
> free_node_inode:
> + f2fs_leave_shrinker(sbi);

We should detach shrinker under sbi->umount_mutex.
Otherwise we will access freed memory in following call path:

mount shrinker
->fill_super
Failed after f2fs_join_shrinker
->f2fs_leave_shrinker
->f2fs_shrink_scan
spin_lock
get sbi pointer
spin_unlock
spin_lock
list_del sbi->s_list
spin_unlock
free sbi
use-after-free for sbi

Thanks,
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/