Project

General

Profile

Bug #18422

rbd bench-write will crash if "--io-size" is 4G

Added by Jason Dillaman 7 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Low
Assignee:
Target version:
-
Start date:
01/04/2017
Due date:
% Done:

0%

Source:
Tags:
Backport:
kraken,jewel
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Release:
Needs Doc:
No

Description

# rbd bench-write --io-size 4G --io-threads 1 --io-total 100M --io-pattern rand foo
*** Caught signal (Segmentation fault) **
 in thread 7f62db958480 thread_name:rbd
*** Error in `rbd': malloc(): memory corruption: 0x0000556cf50c9730 ***
Segmentation fault (core dumped)

Related issues

Copied to rbd - Backport #18557: kraken: rbd: 'rbd bench-write' will crash if --io-size is 4G Resolved
Copied to rbd - Backport #18558: jewel: rbd bench-write will crash if "--io-size" is 4G Resolved

History

#1 Updated by Gaurav Garg 6 months ago

  • Assignee set to Gaurav Garg

#2 Updated by Gaurav Garg 6 months ago

  • Status changed from New to In Progress

root cause of this problem is that in file src/tools/rbd/action/Bench.cc we are using bufferptr bp(io_size). so if io_size is 4294967296 then bufferptr is returning bp with size 0.so further memset is crashing because we are setting 4294967296 length of area for actual size 0. so its crashing.

#3 Updated by Gaurav Garg 6 months ago

problem here is that for rbd bench if we give size 4G then its is making buffer ptr with size 4G (4294967296) in function rbd_bencher (file: src/tool/rbd/action/Bench.cc). bufferptr taking argument as a unsigned (unsigned is shortcut of unsigned int) which is having range 0 to 4,294,967,295 so its overflowing.

solution of this problem is that either we need to change it unsigned to unsigned long
or
we need to give warning message (for eg: giving io-size greater then 4G (4294967296) is out of bound so performing bench-write operation with io-size 3.9G or 4,294,967,295) when user give io_size greater then 4,294,967,295 and continue performing bench write operation with io-size 4,294,967,295

@Jason Dillaman thoughts ?

#4 Updated by Jason Dillaman 6 months ago

@Gaurav: just validate the io-size to ensure that it is <= 4G and exit w/ an error otherwise.

#5 Updated by Gaurav Garg 6 months ago

@jason, thank you :)

I will do it.

#6 Updated by Gaurav Garg 6 months ago

  • Status changed from In Progress to Need Review

#7 Updated by Jason Dillaman 6 months ago

  • Status changed from Need Review to Pending Backport
  • Backport set to kraken,jewel

#8 Updated by Nathan Cutler 6 months ago

  • Copied to Backport #18557: kraken: rbd: 'rbd bench-write' will crash if --io-size is 4G added

#9 Updated by Nathan Cutler 6 months ago

  • Copied to Backport #18558: jewel: rbd bench-write will crash if "--io-size" is 4G added

#10 Updated by Nathan Cutler 3 months ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF