Re: [PATCH] f2fs: fix ref of discard command

Chao Yu Fri, 23 Jun 2017 01:17:45 -0700

Hi Jaegeuk,

On 2017/6/12 11:04, Jaegeuk Kim wrote:
> This patch resolves kernel panic for xfstests/081, caused by recent 
> f2fs_bug_on
> 
>   f2fs: add f2fs_bug_on in __remove_discard_cmd
> 
> Signed-off-by: Jaegeuk Kim <jaeg...@kernel.org>
> ---
>  fs/f2fs/segment.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
> index 86a0c1095939..a6d77388a806 100644
> --- a/fs/f2fs/segment.c
> +++ b/fs/f2fs/segment.c
> @@ -1025,6 +1025,8 @@ static void __wait_discard_cmd(struct f2fs_sb_info 
> *sbi, bool wait_cond)
>       list_for_each_entry_safe(dc, tmp, wait_list, list) {
>               if (!wait_cond || (dc->state == D_DONE && !dc->ref)) {
>                       wait_for_completion_io(&dc->wait);
> +                     if (dc->state == D_DONE && dc->ref)
> +                             dc->ref--;


How about using ("f2fs: stop discard thread in prior during umount") instead of
this one? As dereference of dc here will lead use-after-free of real referrer.

Thanks,

>                       __remove_discard_cmd(sbi, dc);
>               } else {
>                       dc->ref++;
>

Re: [PATCH] f2fs: fix ref of discard command

Reply via email to