Project

General

Profile

Bug #18422

rbd bench-write will crash if "--io-size" is 4G

Added by Jason Dillaman 11 months ago. Updated 7 months ago.

Status:
Resolved
Priority:
Low
Assignee:
Target version:
-
Start date:
01/04/2017
Due date:
% Done:

0%

Source:
Tags:
Backport:
kraken,jewel
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Release:
Needs Doc:
No

Description

# rbd bench-write --io-size 4G --io-threads 1 --io-total 100M --io-pattern rand foo
*** Caught signal (Segmentation fault) **
 in thread 7f62db958480 thread_name:rbd
*** Error in `rbd': malloc(): memory corruption: 0x0000556cf50c9730 ***
Segmentation fault (core dumped)

Related issues

Copied to rbd - Backport #18557: kraken: rbd: 'rbd bench-write' will crash if --io-size is 4G Resolved
Copied to rbd - Backport #18558: jewel: rbd bench-write will crash if "--io-size" is 4G Resolved

History

#1 Updated by Gaurav Garg 10 months ago

  • Assignee set to Gaurav Garg

#2 Updated by Gaurav Garg 10 months ago

  • Status changed from New to In Progress

root cause of this problem is that in file src/tools/rbd/action/Bench.cc we are using bufferptr bp(io_size). so if io_size is 4294967296 then bufferptr is returning bp with size 0.so further memset is crashing because we are setting 4294967296 length of area for actual size 0. so its crashing.

#3 Updated by Gaurav Garg 10 months ago

problem here is that for rbd bench if we give size 4G then its is making buffer ptr with size 4G (4294967296) in function rbd_bencher (file: src/tool/rbd/action/Bench.cc). bufferptr taking argument as a unsigned (unsigned is shortcut of unsigned int) which is having range 0 to 4,294,967,295 so its overflowing.

solution of this problem is that either we need to change it unsigned to unsigned long
or
we need to give warning message (for eg: giving io-size greater then 4G (4294967296) is out of bound so performing bench-write operation with io-size 3.9G or 4,294,967,295) when user give io_size greater then 4,294,967,295 and continue performing bench write operation with io-size 4,294,967,295

@Jason Dillaman thoughts ?

#4 Updated by Jason Dillaman 10 months ago

@Gaurav: just validate the io-size to ensure that it is <= 4G and exit w/ an error otherwise.

#5 Updated by Gaurav Garg 10 months ago

@jason, thank you :)

I will do it.

#6 Updated by Gaurav Garg 10 months ago

  • Status changed from In Progress to Need Review

#7 Updated by Jason Dillaman 10 months ago

  • Status changed from Need Review to Pending Backport
  • Backport set to kraken,jewel

#8 Updated by Nathan Cutler 10 months ago

  • Copied to Backport #18557: kraken: rbd: 'rbd bench-write' will crash if --io-size is 4G added

#9 Updated by Nathan Cutler 10 months ago

  • Copied to Backport #18558: jewel: rbd bench-write will crash if "--io-size" is 4G added

#10 Updated by Nathan Cutler 7 months ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF