Project

General

Profile

Bug #163

put_osd on umount can use client after free

Added by Sage Weil almost 14 years ago. Updated over 13 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
-
Target version:
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):

Description

the connection can be put after ceph_client is freed, at which point this will dereference a bad pointer

static void put_osd(struct ceph_osd *osd)
{
    dout("put_osd %p %d -> %d\n", osd, atomic_read(&osd->o_ref),
         atomic_read(&osd->o_ref) - 1);
    if (atomic_dec_and_test(&osd->o_ref)) {
        struct ceph_auth_client *ac = osd->o_osdc->client->monc.auth;

History

#1 Updated by Sage Weil almost 14 years ago

  • Subject changed from put_osd on con shutdown can happen after client is destroyed to put_osd on umount can use client after free
  • Target version set to v2.6.35

#2 Updated by Sage Weil almost 14 years ago

  • Priority changed from Normal to High

#3 Updated by Yehuda Sadeh almost 14 years ago

That would explain bug #144:

[12836.065773] Last user: [<ffffffffa01106b9>](put_osd+0x3f/0x82 [ceph])

#4 Updated by Sage Weil almost 14 years ago

  • Status changed from New to Resolved

fixed by commit:a922d38fd10d55d5033f10df15baf966e8f5b18c

Also available in: Atom PDF