Bug #163
put_osd on umount can use client after free
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):
Description
the connection can be put after ceph_client is freed, at which point this will dereference a bad pointer
static void put_osd(struct ceph_osd *osd) { dout("put_osd %p %d -> %d\n", osd, atomic_read(&osd->o_ref), atomic_read(&osd->o_ref) - 1); if (atomic_dec_and_test(&osd->o_ref)) { struct ceph_auth_client *ac = osd->o_osdc->client->monc.auth;
History
#1 Updated by Sage Weil almost 14 years ago
- Subject changed from put_osd on con shutdown can happen after client is destroyed to put_osd on umount can use client after free
- Target version set to v2.6.35
#2 Updated by Sage Weil almost 14 years ago
- Priority changed from Normal to High
#3 Updated by Yehuda Sadeh almost 14 years ago
That would explain bug #144:
[12836.065773] Last user: [<ffffffffa01106b9>](put_osd+0x3f/0x82 [ceph])
#4 Updated by Sage Weil almost 14 years ago
- Status changed from New to Resolved
fixed by commit:a922d38fd10d55d5033f10df15baf966e8f5b18c