Bug #18422
closed
rbd bench-write will crash if "--io-size" is 4G
Added by Jason Dillaman over 7 years ago.
Updated about 7 years ago.
Description
# rbd bench-write --io-size 4G --io-threads 1 --io-total 100M --io-pattern rand foo
*** Caught signal (Segmentation fault) **
in thread 7f62db958480 thread_name:rbd
*** Error in `rbd': malloc(): memory corruption: 0x0000556cf50c9730 ***
Segmentation fault (core dumped)
- Assignee set to Gaurav Garg
- Status changed from New to In Progress
root cause of this problem is that in file src/tools/rbd/action/Bench.cc we are using bufferptr bp(io_size). so if io_size is 4294967296 then bufferptr is returning bp with size 0.so further memset is crashing because we are setting 4294967296 length of area for actual size 0. so its crashing.
problem here is that for rbd bench if we give size 4G then its is making buffer ptr with size 4G (4294967296) in function rbd_bencher (file: src/tool/rbd/action/Bench.cc). bufferptr taking argument as a unsigned (unsigned is shortcut of unsigned int) which is having range 0 to 4,294,967,295 so its overflowing.
solution of this problem is that either we need to change it unsigned to unsigned long
or
we need to give warning message (for eg: giving io-size greater then 4G (4294967296) is out of bound so performing bench-write operation with io-size 3.9G or 4,294,967,295) when user give io_size greater then 4,294,967,295 and continue performing bench write operation with io-size 4,294,967,295
@Jason Borden Dillaman thoughts ?
@Gaurav: just validate the io-size to ensure that it is <= 4G and exit w/ an error otherwise.
- Status changed from In Progress to Fix Under Review
- Status changed from Fix Under Review to Pending Backport
- Backport set to kraken,jewel
- Copied to Backport #18557: kraken: rbd: 'rbd bench-write' will crash if --io-size is 4G added
- Copied to Backport #18558: jewel: rbd bench-write will crash if "--io-size" is 4G added
- Status changed from Pending Backport to Resolved
Also available in: Atom
PDF