]> git.ipfire.org Git - thirdparty/xfsprogs-dev.git/commit
projects / thirdparty / xfsprogs-dev.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: af71e8c) | patch
libxfs: don't UAF a requeued EFI
authorDarrick J. Wong <djwong@kernel.org>
Wed, 20 Dec 2023 16:53:43 +0000 (08:53 -0800)
committerDarrick J. Wong <djwong@kernel.org>
Fri, 22 Dec 2023 02:29:13 +0000 (18:29 -0800)
commitb9166aea5eb825bdb603f21d9eb43c7bfe846ca2
tree1d61123725feb6869b94b0e2b69a1f7b228814abtree | snapshot
parentaf71e8c1f99aaf14f4b008a7468e62b03e60213dcommit | diff
libxfs: don't UAF a requeued EFI

In the kernel, commit 8ebbf262d4684 ("xfs: don't block in busy flushing
when freeing extents") changed the allocator behavior such that AGFL
fixing can return -EAGAIN in response to detection of a deadlock with
the transaction busy extent list.  If this happens, we're supposed to
requeue the EFI so that we can roll the transaction and try the item
again.

If a requeue happens, we should not free the xefi pointer in
xfs_extent_free_finish_item or else the retry will walk off a dangling
pointer.  There is no extent busy list in userspace so this should
never happen, but let's fix the logic bomb anyway.

We should have ported kernel commit 0853b5de42b47 ("xfs: allow extent
free intents to be retried") to userspace, but neither Carlos nor I
noticed this fine detail. :(

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Chandan Babu R <chandanbabu@kernel.org>
libxfs/defer_item.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.