Actions
Bug #59514
openclient: read wild pointer when reconnect to mds
Status:
Pending Backport
Priority:
Normal
Assignee:
-
Category:
Correctness/Safety
Target version:
% Done:
0%
Source:
Tags:
backport_processed
Backport:
reef,quincy,pacific
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Client, MDS
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
We use `shallow_copy`(24279ef8) for `MetaRequest::set_caller_perms ` in `Client::make_request` but indeed the lifetime of `MetaRequest` is possible to longer than a `syscall`, because the request will return when they received `unsafe_reply` with release the `UserPerms`, but the `MetaRequest` will not unregister immediately, we have to rebuild the `MClientRequest` when mds reboot, in `send_reconnect`, and that's will access `MetaRequest::perms::gids` again.
int Client::make_request(MetaRequest* request, const UserPerm& perms,
InodeRef* ptarget, bool* pcreated, mds_rank_t use_mds,
bufferlist* pdirbl)
{
...
request->set_caller_perms(perms);
struct MetaRequest
{
...
void set_caller_perms(const UserPerm& _perms) {
perms.shallow_copy(_perms);
Updated by Venky Shankar about 1 year ago
- Status changed from New to Triaged
- Backport set to reef,quincy,pacific
- Pull request ID set to 51188
- Component(FS) MDS added
Updated by Venky Shankar 12 months ago
- Status changed from Triaged to Pending Backport
Updated by Backport Bot 12 months ago
- Copied to Backport #59718: quincy: client: read wild pointer when reconnect to mds added
Updated by Backport Bot 12 months ago
- Copied to Backport #59719: reef: client: read wild pointer when reconnect to mds added
Updated by Backport Bot 12 months ago
- Copied to Backport #59720: pacific: client: read wild pointer when reconnect to mds added
Actions