ethandmd
commented
1 year ago Use after free: As suspected, when the allocated pages went out of scope and were dropped, the memory backing the block struct should have been part of the free list, but they were overwritten.
Double free: Alternatively, if you try fancy casting, blah blah, nonsense, things go poorly as well (double free), even with a Vec. So currently I used BlockSlice which a struct representing a file system block-minus can implement for free:
impl<T: Copy> BlockSlice<T> for MyStruct {}
where we first get the backing data and then copy it into a new Box<T> so that we can safely drop the original buffer.
7e0e4b1ccb638f65aefd041b74c0abf78c8aa53b
Currently from
src/main.rsonce hart0 hitsprocess:test_multiprocess_syscalland eventually hitsproc.initialize64(), the ensuingpalloc_pluralfails whenalloc_pagesattempts to dopage.read_free()and finds garbage in the memory of the free page.The culprit is likely
src/fs.rs:29when we read the superblock into the buffer.