Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754032AbbGDEwG (ORCPT <rfc822;w@1wt.eu>);
	Sat, 4 Jul 2015 00:52:06 -0400
Received: from mail.kernel.org ([198.145.29.136]:59821 "EHLO mail.kernel.org"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752714AbbGDEv6 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Sat, 4 Jul 2015 00:51:58 -0400
Date: Fri, 3 Jul 2015 21:51:58 -0700
From: Jaegeuk Kim <jaegeuk@kernel.org>
To: Chao Yu <yuchaochina@hotmail.com>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [f2fs-dev] [PATCH 08/12] f2fs: introduce a shrinker for mounted
 fs
Message-ID: <20150704045158.GA15817@jaegeuk-mac02.hsd1.ca.comcast.net>
References: <1435603176-63219-1-git-send-email-jaegeuk@kernel.org>
 <1435603176-63219-8-git-send-email-jaegeuk@kernel.org>
 <COL402-EAS146FC72F96B6A18319140B5AB970@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <COL402-EAS146FC72F96B6A18319140B5AB970@phx.gbl>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2220
Lines: 65

On Thu, Jul 02, 2015 at 08:32:39PM +0800, Chao Yu wrote:
> > -----Original Message-----
> > From: Jaegeuk Kim [mailto:jaegeuk@kernel.org]
> > Sent: Tuesday, June 30, 2015 2:40 AM
> > To: linux-kernel@vger.kernel.org; linux-fsdevel@vger.kernel.org;
> > linux-f2fs-devel@lists.sourceforge.net
> > Cc: Jaegeuk Kim
> > Subject: [f2fs-dev] [PATCH 08/12] f2fs: introduce a shrinker for mounted fs
> > 
> > This patch introduces a shrinker targeting to reduce memory footprint consumed
> > by a number of in-memory f2fs data structures.
> > 
> > In addition, it newly adds:
> >  - sbi->umount_mutex to avoid data races on shrinker and put_super
> >  - sbi->shruinker_run_no to not revisit objects
> > 
> > Noteh that the basic implementation was copied from fs/btrfs/shrinker.c
> 
> This file seems not exist...
> 
> > @@ -1310,6 +1328,7 @@ free_root_inode:
> >  	dput(sb->s_root);
> >  	sb->s_root = NULL;
> >  free_node_inode:
> > +	f2fs_leave_shrinker(sbi);
> 
> We should detach shrinker under sbi->umount_mutex.
> Otherwise we will access freed memory in following call path:
> 
> mount					shrinker
> ->fill_super
>   Failed after f2fs_join_shrinker
>   ->f2fs_leave_shrinker
> 					->f2fs_shrink_scan
> 					  spin_lock
> 					  get sbi pointer
> 					  spin_unlock
>     spin_lock
>     list_del sbi->s_list
>     spin_unlock
>     free sbi
> 					  use-after-free for sbi

Right, confirmed this.

Thanks,

> 
> Thanks,
> 
> ------------------------------------------------------------------------------
> Don't Limit Your Business. Reach for the Cloud.
> GigeNET's Cloud Solutions provide you with the tools and support that
> you need to offload your IT needs and focus on growing your business.
> Configured For All Businesses. Start Your Cloud Today.
> https://www.gigenetcloud.com/
> _______________________________________________
> Linux-f2fs-devel mailing list
> Linux-f2fs-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/