Thread (34 messages) 34 messages, 5 authors, 2019-02-21

Re: v4.20-rc6: Sporadic use-after-free in bt_iter()

From: Bart Van Assche <bvanassche@acm.org>
Date: 2018-12-20 21:40:47

On Thu, 2018-12-20 at 14:34 -0700, Jens Axboe wrote:
Yeah, I don't think it's bullet proof either, it just closes the gap.
I'm fine with fiddling with the tag iteration. On top of what I sent, we
could have tag iteration hold the RCU read lock, and then we just need
to ensure that the tags are freed with RCU.
Do you mean using call_rcu() to free tags? Would that require to add a
struct rcu_head to every request? Would it be acceptable to increase the
size of struct request with an rcu_head? Additionally, could that reduce
the queue depth if the time between grace periods is larger than the time
between I/O submissions?

Thanks,

Bart.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help