xfs: filestream allocator inode use-after-free test
authorBrian Foster <bfoster@redhat.com>
Thu, 26 Apr 2018 12:04:44 +0000 (08:04 -0400)
committerEryu Guan <guaneryu@gmail.com>
Fri, 27 Apr 2018 02:05:55 +0000 (10:05 +0800)
commit91481af94986d17f95a7b0e0d41d771374112d6f
treee5a5c7bf275f6b491ab0d5b74b62cbf612539efc
parente46a9aa0bef7991081f5542668a13e74acd68111
xfs: filestream allocator inode use-after-free test

The XFS filestreams allocator caches dir inode -> agno mappings in
an MRU mechanism that holds elements in memory for an amount of time
and then cleans up expired elements in the background. The elements
typically held inode pointers without holding a reference to the
associated inode. This means that if the inode is reclaimed before
an expired entry is cleaned up, the MRU reaper can access freed
memory and cause a panic.

Test for this problem by performing continuous filestreams
allocations under short-lived parent directory inodes. This will
produce KASAN use-after-free splats if enabled during the test.

Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
common/rc
tests/xfs/445 [new file with mode: 0755]
tests/xfs/445.out [new file with mode: 0644]
tests/xfs/group