[linux-cifs-client] [patch] prevent slab corruption by fixing race codition in cifs
Jeff Layton
jlayton at redhat.com
Mon Aug 17 13:50:52 MDT 2009
On Sun, 16 Aug 2009 11:38:57 -0500
Shirish Pargaonkar <shirishpargaonkar at gmail.com> wrote:
> This patch prevents a slab corruption like this. During heavy stress,
> it is possible that
> cifs_close will free up cifsFileInfo while due to delayed writes,
> wrtPending of that
> cifsFileInfo gets updated (decremented), cifsFileInfo either freed or
> freed and allocated to another process.
>
>
> Slab corruption: start=ffff8101e28e3818, len=256
> Redzone: 0x5a2cf071/0x5a2cf071.
> Last user: [<ffffffff88276ec4>](cifs_close+0x224/0x2c2 [cifs])
> 060: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b
> Prev obj: start=ffff8101e28e3700, len=256
> Redzone: 0x170fc2a5/0x170fc2a5.
> Last user: [<ffffffff882784fa>](cifs_open+0x348/0x6d9 [cifs])
> 000: b8 d3 44 e2 01 81 ff ff a0 e2 c7 e1 01 81 ff ff
> 010: 68 f5 fa dc 01 81 ff ff 10 47 d4 dd 01 81 ff ff
> Next obj: start=ffff8101e28e3930, len=256
> Redzone: 0x170fc2a5/0x170fc2a5.
> Last user: [<ffffffff882784fa>](cifs_open+0x348/0x6d9 [cifs])
> 000: 18 b8 2a e3 01 81 ff ff b8 a3 5a e0 01 81 ff ff
> 010: 68 f5 36 65 02 81 ff ff 40 99 a1 dc 01 81 ff ff
Can you resend this patch with it inlined into the email? I can't
reasonably comment on it with it sent as a binary attachment.
Thanks,
--
Jeff Layton <jlayton at redhat.com>
More information about the linux-cifs-client
mailing list