[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[hurd] 01/02: Fix some reference counting assertion failures
|
From: |
Samuel Thibault |
|
Subject: |
[hurd] 01/02: Fix some reference counting assertion failures |
|
Date: |
Sun, 22 May 2016 14:24:24 +0000 |
This is an automated email from the git hooks/post-receive script.
sthibault pushed a commit to branch master
in repository hurd.
commit 381dd8055cbfe4c7ededdbc7c17ff64fef740b69
Author: Samuel Thibault <address@hidden>
Date: Sun May 22 13:41:14 2016 +0000
Fix some reference counting assertion failures
* patches/git-0ab3825f250486453892e3e18a702a44538bff6d: Cherry-pick fix
from upstream.
* patches/git-60d14f5b3c4ea27af6f4220a15947c328bc888ee: Cherry-pick fix
from upstream.
---
debian/changelog | 9 +++
.../git-0ab3825f250486453892e3e18a702a44538bff6d | 21 ++++++
.../git-60d14f5b3c4ea27af6f4220a15947c328bc888ee | 82 ++++++++++++++++++++++
debian/patches/series | 2 +
4 files changed, 114 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 349dada..782ae44 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+hurd (1:0.8.git20160522-2) UNRELEASED; urgency=medium
+
+ * patches/git-0ab3825f250486453892e3e18a702a44538bff6d: Cherry-pick fix
+ from upstream.
+ * patches/git-60d14f5b3c4ea27af6f4220a15947c328bc888ee: Cherry-pick fix
+ from upstream, fixes some reference counting assertion failures.
+
+ -- Samuel Thibault <address@hidden> Sun, 22 May 2016 13:39:41 +0000
+
hurd (1:0.8.git20160522-1) unstable; urgency=medium
* New upstream release & snapshot.
diff --git a/debian/patches/git-0ab3825f250486453892e3e18a702a44538bff6d
b/debian/patches/git-0ab3825f250486453892e3e18a702a44538bff6d
new file mode 100644
index 0000000..50d2e2c
--- /dev/null
+++ b/debian/patches/git-0ab3825f250486453892e3e18a702a44538bff6d
@@ -0,0 +1,21 @@
+commit 0ab3825f250486453892e3e18a702a44538bff6d
+Author: Justus Winter <address@hidden>
+Date: Sun May 22 00:43:19 2016 +0200
+
+ libdiskfs: fix error handling
+
+ * libdiskfs/dir-rmdir.c (diskfs_S_dir_rmdir): Initialize 'np'.
+
+diff --git a/libdiskfs/dir-rmdir.c b/libdiskfs/dir-rmdir.c
+index 83ec37b..8a29979 100644
+--- a/libdiskfs/dir-rmdir.c
++++ b/libdiskfs/dir-rmdir.c
+@@ -25,7 +25,7 @@ diskfs_S_dir_rmdir (struct protid *dircred,
+ char *name)
+ {
+ struct node *dnp;
+- struct node *np;
++ struct node *np = NULL;
+ struct dirstat *ds = alloca (diskfs_dirstat_size);
+ error_t error;
+
diff --git a/debian/patches/git-60d14f5b3c4ea27af6f4220a15947c328bc888ee
b/debian/patches/git-60d14f5b3c4ea27af6f4220a15947c328bc888ee
new file mode 100644
index 0000000..c3d5aa0
--- /dev/null
+++ b/debian/patches/git-60d14f5b3c4ea27af6f4220a15947c328bc888ee
@@ -0,0 +1,82 @@
+commit 60d14f5b3c4ea27af6f4220a15947c328bc888ee
+Author: Justus Winter <address@hidden>
+Date: Sun May 22 00:52:29 2016 +0200
+
+ ext2fs: fix pager use-after-free
+
+ Previously, pagers had no reference for being part of a node, only for
+ having a send right made for them. Hence we sometimes saw
+ use-after-free errors if the kernel did give up that send right,
+ typically while deleting files. Keep a weak reference as long as the
+ pager is referenced by a node.
+
+ * ext2fs/pager.c (pager_clear_user_data): Assert that 'pager' has been
+ NULLed.
+ (pager_dropweak): Drop the weak reference and NULL 'pager'.
+ (diskfs_get_filemap): Simplify. Acquire a weak reference.
+
+diff --git a/ext2fs/pager.c b/ext2fs/pager.c
+index 7d3a8f3..485f69c 100644
+--- a/ext2fs/pager.c
++++ b/ext2fs/pager.c
+@@ -817,8 +817,7 @@ pager_clear_user_data (struct user_pager_info *upi)
+
+ pthread_spin_lock (&node_to_page_lock);
+ pager = diskfs_node_disknode (upi->node)->pager;
+- if (pager && pager_get_upi (pager) == upi)
+- diskfs_node_disknode (upi->node)->pager = 0;
++ assert (!pager || pager_get_upi (pager) != upi);
+ pthread_spin_unlock (&node_to_page_lock);
+
+ diskfs_nrele_light (upi->node);
+@@ -831,8 +830,21 @@ pager_clear_user_data (struct user_pager_info *upi)
+ The pager library creates no weak references itself. If the user doesn't
+ either, then it's OK for this function to do nothing. */
+ void
+-pager_dropweak (struct user_pager_info *p __attribute__ ((unused)))
++pager_dropweak (struct user_pager_info *upi)
+ {
++ if (upi->type == FILE_DATA)
++ {
++ struct pager *pager;
++
++ pthread_spin_lock (&node_to_page_lock);
++ pager = diskfs_node_disknode (upi->node)->pager;
++ if (pager && pager_get_upi (pager) == upi)
++ {
++ diskfs_node_disknode (upi->node)->pager = NULL;
++ ports_port_deref_weak (pager);
++ }
++ pthread_spin_unlock (&node_to_page_lock);
++ }
+ }
+ �
+ /* Cached blocks from disk. */
+@@ -1298,15 +1310,9 @@ diskfs_get_filemap (struct node *node, vm_prot_t prot)
+ struct pager *pager = diskfs_node_disknode (node)->pager;
+ if (pager)
+ {
+- /* Because PAGER is not a real reference,
+- this might be nearly deallocated. If that's so, then
+- the port right will be null. In that case, clear here
+- and loop. The deallocation will complete separately. */
+ right = pager_get_port (pager);
+- if (right == MACH_PORT_NULL)
+- diskfs_node_disknode (node)->pager = 0;
+- else
+- pager_get_upi (pager)->max_prot |= prot;
++ assert (MACH_PORT_VALID (right));
++ pager_get_upi (pager)->max_prot |= prot;
+ }
+ else
+ {
+@@ -1327,6 +1333,9 @@ diskfs_get_filemap (struct node *node, vm_prot_t prot)
+ return MACH_PORT_NULL;
+ }
+
++ /* A weak reference for being part of the node. */
++ ports_port_ref_weak (diskfs_node_disknode (node)->pager);
++
+ right = pager_get_port (diskfs_node_disknode (node)->pager);
+ ports_port_deref (diskfs_node_disknode (node)->pager);
+ }
diff --git a/debian/patches/series b/debian/patches/series
index 4198bd7..76ebc04 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -28,3 +28,5 @@ crash-logging.patch
using_std.patch
netdde_log.patch
libports-iterate-refcount.patch
+git-0ab3825f250486453892e3e18a702a44538bff6d
+git-60d14f5b3c4ea27af6f4220a15947c328bc888ee
--
Alioth's /usr/local/bin/git-commit-notice on
/srv/git.debian.org/git/pkg-hurd/hurd.git