Re: [RFC PATCH] fix use after free in xlog_wait()

2020-06-10 Thread Dave Chinner
On Thu, Jun 11, 2020 at 11:01:38AM +0800, yukuai (C) wrote: > On 2020/6/11 10:28, Dave Chinner wrote > > Actually, it's a lot simpler: > > > > thread1 thread2 > > > > __xfs_trans_commit > > xfs_log_commit_cil > >xlog_wait > > schedule > > xlog_cil

Re: [RFC PATCH] fix use after free in xlog_wait()

2020-06-10 Thread yukuai (C)
On 2020/6/11 10:28, Dave Chinner wrote Actually, it's a lot simpler: thread1 thread2 __xfs_trans_commit xfs_log_commit_cil xlog_wait schedule xlog_cil_push_work wake_up_all

Re: [RFC PATCH] fix use after free in xlog_wait()

2020-06-10 Thread Dave Chinner
On Thu, Jun 11, 2020 at 09:39:52AM +0800, Yu Kuai wrote: > I recently got UAF by running generic/019 in qemu: > > == > BUG: KASAN: use-after-free in __lock_acquire+0x4508/0x68c0 > Read of size 8 at addr 88811327f080 by task fi

[RFC PATCH] fix use after free in xlog_wait()

2020-06-10 Thread Yu Kuai
I recently got UAF by running generic/019 in qemu: == BUG: KASAN: use-after-free in __lock_acquire+0x4508/0x68c0 Read of size 8 at addr 88811327f080 by task fio/11147 CPU: 6 PID: 11147 Comm: fio Tainted: GW