Project

General

Profile

Bug #18830

Coverity: bad iterator dereference in Locker::acquire_locks

Added by John Spray 4 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Correctness/Safety
Target version:
-
Start date:
02/06/2017
Due date:
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Release:
Component(FS):
MDS
Needs Doc:
No

Description

** CID 1400092:    (INVALIDATE_ITERATOR)
/home/brad/working/src/ceph/src/mds/Locker.cc: 474 in Locker::acquire_locks(boost::intrusive_ptr<MDRequestImpl> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::map<SimpleLock *, int, std::less<SimpleLock *>, std::allocator<std::pair<SimpleLock *const , int>>> *, CInode *, bool)()
/home/brad/working/src/ceph/src/mds/Locker.cc: 474 in Locker::acquire_locks(boost::intrusive_ptr<MDRequestImpl> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::map<SimpleLock *, int, std::less<SimpleLock *>, std::allocator<std::pair<SimpleLock *const , int>>> *, CInode *, bool)()

________________________________________________________________________________________________________
*** CID 1400092:    (INVALIDATE_ITERATOR)
/home/brad/working/src/ceph/src/mds/Locker.cc: 474 in Locker::acquire_locks(boost::intrusive_ptr<MDRequestImpl> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::map<SimpleLock *, int, std::less<SimpleLock *>, std::allocator<std::pair<SimpleLock *const , int>>> *, CInode *, bool)()
468             dout(10) << " already rdlocked " << *have << " " << *have->get_parent() << dendl;
469             continue;
470           }
471         }
472
473         // hose any stray locks
>>>     CID 1400092:    (INVALIDATE_ITERATOR)
>>>     Dereferencing iterator "existing" though it is already past the end of its container.
474         if (*existing == *p) {
475           assert(need_wrlock || need_remote_wrlock);
476           SimpleLock *lock = *existing;
477           if (mdr->wrlocks.count(lock)) {
478             if (!need_wrlock)
479               dout(10) << " unlocking extra " << *lock << " " << *lock->get_parent() << dendl;
/home/brad/working/src/ceph/src/mds/Locker.cc: 474 in Locker::acquire_locks(boost::intrusive_ptr<MDRequestImpl> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::map<SimpleLock *, int, std::less<SimpleLock *>, std::allocator<std::pair<SimpleLock *const , int>>> *, CInode *, bool)()
468             dout(10) << " already rdlocked " << *have << " " << *have->get_parent() << dendl;
469             continue;
470           }
471         }
472
473         // hose any stray locks
>>>     CID 1400092:    (INVALIDATE_ITERATOR)
>>>     Dereferencing iterator "existing" though it is already past the end of its container.
474         if (*existing == *p) {
475           assert(need_wrlock || need_remote_wrlock);
476           SimpleLock *lock = *existing;
477           if (mdr->wrlocks.count(lock)) {
478             if (!need_wrlock)
479               dout(10) << " unlocking extra " << *lock << " " << *lock->get_parent() << dendl;

I'm not seeing anything that prevents the ++existing in the next block taking the iterator past the end of the container, so I'm inclined to believe coverity on this one.

History

#1 Updated by John Spray 4 months ago

  • Status changed from New to Need Review

#2 Updated by John Spray 3 months ago

  • Status changed from Need Review to Resolved

Also available in: Atom PDF