From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Sun, 15 Dec 2002 00:38:47 +0300 From: Paul P Komkoff Jr To: sarlug@lug.ru Subject: Re: [Sarlug] Re: [Sarlug] =?koi8-r?B?0NLB?= =?koi8-r?B?2sTOycvJ?= Message-ID: <20021214213847.GG3240@stingr.net> Mail-Followup-To: sarlug@lug.ru References: <20021211093857.13990c2e.a.sinitsin@overta.ru> <154157421299.20021213151317@sgu.ru> <20021213122012.GB3240@stingr.net> <20021214195759.6923c245.CityHawk@mail.ru> <20021214211609.GF3240@stingr.net> <20021215001653.4c36c77e.horohorinev@mail.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20021215001653.4c36c77e.horohorinev@mail.ru> User-Agent: Agent Darien Fawkes X-Mailer: Intel Ultra ATA Storage Driver X-RealName: Stingray Greatest Jr Organization: Department of Fish & Wildlife Sender: sarlug-admin@lug.ru Errors-To: sarlug-admin@lug.ru X-BeenThere: sarlug@lug.ru X-Mailman-Version: 2.0.9 Precedence: bulk Reply-To: sarlug@lug.ru List-Unsubscribe: , List-Id: Saratov Linux User Group Maillist List-Post: List-Help: List-Subscribe: , List-Archive: Archived-At: List-Archive: List-Post: Replying to Genix: > Ну дык а на самом деле? Кроме состояния здоровья что мешает? Только > честно! heh ... ну неужели кому-то это будет интересно? ---- линия отреза ---- Return-Path: Delivered-To: i@stingr.net Sender: akpm@digeo.com Date: Sat, 14 Dec 2002 01:38:15 -0800 From: Andrew Morton To: Paul P Komkoff Jr , ext2-devel@lists.sourceforge.net Cc: Linux Kernel Mailing List Subject: Re: [OOPS] 2.5.51-mm2 References: <20021213181155.GB2496@stingr.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 14 Dec 2002 09:38:16.0454 (UTC) FILETIME=[876E7A60:01C2A354] Content-Length: 2245 Lines: 81 Paul P Komkoff Jr wrote: > > This is very funny. Actually it's very bad. Thanks for reporting this. > mke2fs -j -O dir_index -J size=192 -T news -N 1000100 > atest3 1000000 > (creat & write 1 byte to 1000000 files) > > free space on device became 0 and voila > > Unable to handle kernel paging request at virtual address 5a5a5b9e Here's a fix: If ext3_add_nondir() fails it will do an iput() of the inode. But we continue to run ext3_mark_inode_dirty() against the potentially-freed inode. This oopses when slab poisoning is enabled. Fix it so that we only run ext3_mark_inode_dirty() if the inode was successfully instantiated. fs/ext3/namei.c | 11 +++++------ 1 files changed, 5 insertions(+), 6 deletions(-) --- 25/fs/ext3/namei.c~ext3-use-after-free Sat Dec 14 01:25:03 2002 +++ 25-akpm/fs/ext3/namei.c Sat Dec 14 01:25:53 2002 @@ -1566,8 +1566,11 @@ static int ext3_add_nondir(handle_t *han { int err = ext3_add_entry(handle, dentry, inode); if (!err) { - d_instantiate(dentry, inode); - return 0; + err = ext3_mark_inode_dirty(handle, inode); + if (!err) { + d_instantiate(dentry, inode); + return 0; + } } ext3_dec_count(handle, inode); iput(inode); @@ -1609,7 +1612,6 @@ static int ext3_create (struct inode * d else inode->i_mapping->a_ops = &ext3_aops; err = ext3_add_nondir(handle, dentry, inode); - ext3_mark_inode_dirty(handle, inode); } ext3_journal_stop(handle, dir); unlock_kernel(); @@ -1642,7 +1644,6 @@ static int ext3_mknod (struct inode * di inode->i_op = &ext3_special_inode_operations; #endif err = ext3_add_nondir(handle, dentry, inode); - ext3_mark_inode_dirty(handle, inode); } ext3_journal_stop(handle, dir); unlock_kernel(); @@ -2105,7 +2106,6 @@ static int ext3_symlink (struct inode * } EXT3_I(inode)->i_disksize = inode->i_size; err = ext3_add_nondir(handle, dentry, inode); - ext3_mark_inode_dirty(handle, inode); out_stop: ext3_journal_stop(handle, dir); unlock_kernel(); @@ -2140,7 +2140,6 @@ static int ext3_link (struct dentry * ol atomic_inc(&inode->i_count); err = ext3_add_nondir(handle, dentry, inode); - ext3_mark_inode_dirty(handle, inode); ext3_journal_stop(handle, dir); unlock_kernel(); return err; _ -- Paul P 'Stingray' Komkoff 'Greatest' Jr /// (icq)23200764 /// (http)stingr.net When you're invisible, the only one really watching you is you (my keychain)