From: Paul P Komkoff Jr <i@stingr.net>
To: sarlug@lug.ru
Subject: Re: [Sarlug] Re: [Sarlug] праздники
Date: Sun, 15 Dec 2002 00:38:47 +0300
Message-ID: <20021214213847.GG3240@stingr.net> (raw)
In-Reply-To: <20021215001653.4c36c77e.horohorinev@mail.ru>
Replying to Genix:
> Ну дык а на самом деле? Кроме состояния здоровья что мешает? Только
> честно!
heh ... ну неужели кому-то это будет интересно?
---- линия отреза ----
Return-Path: <Andrew.Morton@digeo.com>
Delivered-To: i@stingr.net
Sender: akpm@digeo.com
Date: Sat, 14 Dec 2002 01:38:15 -0800
From: Andrew Morton <akpm@digeo.com>
To: Paul P Komkoff Jr <i@stingr.net>,
ext2-devel@lists.sourceforge.net
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [OOPS] 2.5.51-mm2
References: <20021213181155.GB2496@stingr.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 14 Dec 2002 09:38:16.0454 (UTC) FILETIME=[876E7A60:01C2A354]
Content-Length: 2245
Lines: 81
Paul P Komkoff Jr wrote:
>
> This is very funny.
Actually it's very bad. Thanks for reporting this.
> mke2fs -j -O dir_index -J size=192 -T news -N 1000100
> atest3 1000000
> (creat & write 1 byte to 1000000 files)
>
> free space on device became 0 and voila
>
> Unable to handle kernel paging request at virtual address 5a5a5b9e
Here's a fix:
If ext3_add_nondir() fails it will do an iput() of the inode. But we
continue to run ext3_mark_inode_dirty() against the potentially-freed
inode. This oopses when slab poisoning is enabled.
Fix it so that we only run ext3_mark_inode_dirty() if the inode was
successfully instantiated.
fs/ext3/namei.c | 11 +++++------
1 files changed, 5 insertions(+), 6 deletions(-)
--- 25/fs/ext3/namei.c~ext3-use-after-free Sat Dec 14 01:25:03 2002
+++ 25-akpm/fs/ext3/namei.c Sat Dec 14 01:25:53 2002
@@ -1566,8 +1566,11 @@ static int ext3_add_nondir(handle_t *han
{
int err = ext3_add_entry(handle, dentry, inode);
if (!err) {
- d_instantiate(dentry, inode);
- return 0;
+ err = ext3_mark_inode_dirty(handle, inode);
+ if (!err) {
+ d_instantiate(dentry, inode);
+ return 0;
+ }
}
ext3_dec_count(handle, inode);
iput(inode);
@@ -1609,7 +1612,6 @@ static int ext3_create (struct inode * d
else
inode->i_mapping->a_ops = &ext3_aops;
err = ext3_add_nondir(handle, dentry, inode);
- ext3_mark_inode_dirty(handle, inode);
}
ext3_journal_stop(handle, dir);
unlock_kernel();
@@ -1642,7 +1644,6 @@ static int ext3_mknod (struct inode * di
inode->i_op = &ext3_special_inode_operations;
#endif
err = ext3_add_nondir(handle, dentry, inode);
- ext3_mark_inode_dirty(handle, inode);
}
ext3_journal_stop(handle, dir);
unlock_kernel();
@@ -2105,7 +2106,6 @@ static int ext3_symlink (struct inode *
}
EXT3_I(inode)->i_disksize = inode->i_size;
err = ext3_add_nondir(handle, dentry, inode);
- ext3_mark_inode_dirty(handle, inode);
out_stop:
ext3_journal_stop(handle, dir);
unlock_kernel();
@@ -2140,7 +2140,6 @@ static int ext3_link (struct dentry * ol
atomic_inc(&inode->i_count);
err = ext3_add_nondir(handle, dentry, inode);
- ext3_mark_inode_dirty(handle, inode);
ext3_journal_stop(handle, dir);
unlock_kernel();
return err;
_
--
Paul P 'Stingray' Komkoff 'Greatest' Jr /// (icq)23200764 /// (http)stingr.net
When you're invisible, the only one really watching you is you (my keychain)
next prev parent reply other threads:[~2002-12-14 21:38 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-12-11 6:38 Алексей Синицын
2002-12-11 7:01 ` [Sarlug] " Viktor
2002-12-11 7:50 ` Sergey Mihailov
2002-12-11 9:01 ` [Sarlug] " Viktor
2002-12-11 13:08 ` Amodeus
2002-12-11 15:27 ` [Sarlug] авСкФЮЩЫЩ MD
2002-12-13 10:59 ` Amodeus
2002-12-13 12:13 ` [Sarlug] Re: [Sarlug] праздники Alexey A. Shishkin
2002-12-13 12:20 ` Paul P Komkoff Jr
2002-12-14 16:57 ` CityHawk
2002-12-14 21:16 ` Paul P Komkoff Jr
2002-12-14 21:16 ` Genix
2002-12-14 21:38 ` Paul P Komkoff Jr [this message]
2002-12-15 16:55 ` CityHawk
2002-12-15 18:05 ` Paul P Komkoff Jr
2002-12-15 18:31 ` CityHawk
2002-12-15 18:54 ` Genix
2002-12-15 19:37 ` CityHawk
2002-12-15 19:48 ` Genix
2002-12-16 6:19 ` MD
2002-12-16 6:31 ` Алексей Синицын
2002-12-16 9:32 ` **SPAM** Re: [Sarlug] Re: [Sarlug] ÐÒÁÚÄÎÉËÉ Paul Galashin
2002-12-16 14:05 ` [Sarlug] Re[2]: **SPAM** Re: [Sarlug] Re: [Sarlug] праздники dmitry0909
2002-12-16 6:12 ` MD
2002-12-16 6:15 ` Genix
2002-12-16 8:42 ` [Sarlug] Re[2]: " Sin
2002-12-15 21:00 ` Alex
2002-12-15 19:00 ` Paul P Komkoff Jr
2002-12-15 19:05 ` Genix
2002-12-16 6:30 ` Алексей Синицын
2002-12-16 6:35 ` Sergey Mihailov
2002-12-16 6:50 ` Алексей Синицын
2002-12-16 10:00 ` Paul P Komkoff Jr
2002-12-16 11:42 ` Sergey Mihailov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021214213847.GG3240@stingr.net \
--to=i@stingr.net \
--cc=sarlug@lug.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Saratov Linux User Group
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sarlug/0 sarlug/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sarlug sarlug/ http://lore.altlinux.org/sarlug \
sarlug@lists.lug.ru sarlug@lug.ru
public-inbox-index sarlug
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sarlug
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git