public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-04-13 09:59:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

f2fs: don't access node/meta inode mapping after iput

Browse source 
This fixes wrong access of address spaces of node and meta inodes after iput.

Fixes: 60aa4d5536 ("f2fs: fix use-after-free issue when accessing sbi->stat_info")
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
This commit is contained in:
Jaegeuk Kim 2019-01-01 00:11:30 -08:00
parent 31867b23d7
commit 7c77bf7de1
2 changed files with 17 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
fs/f2fs/debug.c
View file

@ -96,7 +96,9 @@ static void update_general_status(struct f2fs_sb_info *sbi)
si->free_secs = free_sections(sbi); si->free_secs = free_sections(sbi);
si->prefree_count = prefree_segments(sbi); si->prefree_count = prefree_segments(sbi);
si->dirty_count = dirty_segments(sbi); si->dirty_count = dirty_segments(sbi);
if (sbi->node_inode)
si->node_pages = NODE_MAPPING(sbi)->nrpages; si->node_pages = NODE_MAPPING(sbi)->nrpages;
if (sbi->meta_inode)
si->meta_pages = META_MAPPING(sbi)->nrpages; si->meta_pages = META_MAPPING(sbi)->nrpages;
si->nats = NM_I(sbi)->nat_cnt; si->nats = NM_I(sbi)->nat_cnt;
si->dirty_nats = NM_I(sbi)->dirty_nat_cnt; si->dirty_nats = NM_I(sbi)->dirty_nat_cnt;
@ -175,7 +177,6 @@ static void update_sit_info(struct f2fs_sb_info *sbi)
static void update_mem_info(struct f2fs_sb_info *sbi) static void update_mem_info(struct f2fs_sb_info *sbi)
{ {
struct f2fs_stat_info *si = F2FS_STAT(sbi); struct f2fs_stat_info *si = F2FS_STAT(sbi);
unsigned npages;
int i; int i;
if (si->base_mem) if (si->base_mem)
@ -258,10 +259,14 @@ get_cache:
sizeof(struct extent_node); sizeof(struct extent_node);
si->page_mem = 0; si->page_mem = 0;
npages = NODE_MAPPING(sbi)->nrpages; if (sbi->node_inode) {
unsigned npages = NODE_MAPPING(sbi)->nrpages;
si->page_mem += (unsigned long long)npages << PAGE_SHIFT; si->page_mem += (unsigned long long)npages << PAGE_SHIFT;
npages = META_MAPPING(sbi)->nrpages; }
if (sbi->meta_inode) {
unsigned npages = META_MAPPING(sbi)->nrpages;
si->page_mem += (unsigned long long)npages << PAGE_SHIFT; si->page_mem += (unsigned long long)npages << PAGE_SHIFT;
}
} }
static int stat_show(struct seq_file *s, void *v) static int stat_show(struct seq_file *s, void *v)

5
fs/f2fs/super.c
View file

@ -1075,7 +1075,10 @@ static void f2fs_put_super(struct super_block *sb)
f2fs_bug_on(sbi, sbi->fsync_node_num); f2fs_bug_on(sbi, sbi->fsync_node_num);
iput(sbi->node_inode); iput(sbi->node_inode);
sbi->node_inode = NULL;
iput(sbi->meta_inode); iput(sbi->meta_inode);
sbi->meta_inode = NULL;
/* /*
* iput() can update stat information, if f2fs_write_checkpoint() * iput() can update stat information, if f2fs_write_checkpoint()
@ -3410,6 +3413,7 @@ free_node_inode:
f2fs_release_ino_entry(sbi, true); f2fs_release_ino_entry(sbi, true);
truncate_inode_pages_final(NODE_MAPPING(sbi)); truncate_inode_pages_final(NODE_MAPPING(sbi));
iput(sbi->node_inode); iput(sbi->node_inode);
sbi->node_inode = NULL;
free_stats: free_stats:
f2fs_destroy_stats(sbi); f2fs_destroy_stats(sbi);
free_nm: free_nm:
@ -3422,6 +3426,7 @@ free_devices:
free_meta_inode: free_meta_inode:
make_bad_inode(sbi->meta_inode); make_bad_inode(sbi->meta_inode);
iput(sbi->meta_inode); iput(sbi->meta_inode);
sbi->meta_inode = NULL;
free_io_dummy: free_io_dummy:
mempool_destroy(sbi->write_io_dummy); mempool_destroy(sbi->write_io_dummy);
free_percpu: free_percpu: