Project

General

Profile

Actions
Copy link

Bug #19371

closed

monitor creation with IPv6 public network segfaults

Added by Fabian Grünbichler about 7 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Fabian Grünbichler
Category:
common
Target version:
-
% Done:

0%

Source:
Community (dev)
Tags:
Backport:
hammer, jewel, kraken
Regression:
No
Severity:
4 - irritation
Reviewed:
Affected Versions:
v0.39, v0.40, v0.41, v0.42, v0.43, v0.44, v0.45, v0.46, v0.47, v0.48, v0.49, v0.50, v0.51, v0.52a, v0.53a, v0.53b, v0.53c, v0.54a, v0.54b, v0.55a, v0.55b, v0.55c, v0.55d, v0.56, v0.57a, v0.57b, v0.57c, v0.58, v0.59, v0.60, v0.61 - Cuttlefish, v0.62a, v0.62b, v0.63, v0.64, v0.65, v0.66, v0.67 - Dumpling, v0.67rc, v0.67rc - continued, v0.68, v0.68 - continued, v0.69, v0.70, v0.71, v0.72 Emperor, v0.73, v0.74, v0.75, v0.76a, v0.76b, v0.77, 0.78, 0.79, 0.80rc, 0.80, v0.81, 0.82, 0.83, 0.83 cont., 0.84, 0.84 cont., 0.85, 0.85 cont., 0.86, 0.88, 0.89, 0.90, v.91, v.actually90, v.actually91, v0.92, v0.93 - Last Hammer Sprint, v0.94, v0.95, v9.0.2, v9.0.3, v9.0.4, v9.0.5, v9.0.6, v9.0.7, v9.0.8, v10.0.4, v0.80.10, v0.80.11, v0.80.12, v0.94.10, v0.94.11, v0.94.2, v0.94.3, v0.94.4, v0.94.5, v0.94.6, v0.94.7, v0.94.8, v0.94.9, v10.0.0, v10.1.1, v10.2.0, v10.2.1, v10.2.2, v10.2.3, v10.2.4, v10.2.5, v10.2.6, v10.2.7, v11.1.0, v11.2.1, v12.0.0, v9.1.1, v9.2.1, v9.2.2
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

steps to reproduce:

1.) setup host using IPv6
2.) configure cluster and public network with IPv6 subnets in ceph.conf
3.) attempt to create a monitor
4.) ceph-mon --mkfs ... segfaults

the problematic code has been commited in 2011 before v0.39 - I haven't actually verified whether it is triggered that far back. it definitely triggers a segfault on Ceph Luminous (12.0.0)

the root cause is declaring a "struct sockaddr" in src/common/pick_address.cc find_ip_in_subnet_list, which is then first passed to parse_network and then to find_ip_in_subnet (both in src/common/ipaddr.cc). find_ip_in_subnet then casts the reference to sockaddr to one to sockaddr_in6 and assigns the IPv6 address. unfortunately, sockaddr is only 16 bytes big, so this assignment overwrites stuff on the stack.

note that the test cases don't catch this, as they only pass bigger structs casted to (sockaddr *) to parse_networks and find_ip_in_subnet when testing IPv6.

pull request will follow

Related issues 3 (0 open3 closed)

Copied to Ceph - Backport #19463: hammer: monitor creation with IPv6 public network segfaultsRejectedActions
Copied to Ceph - Backport #19464: jewel: monitor creation with IPv6 public network segfaultsResolvedShinobu KinjoActions
Copied to Ceph - Backport #19465: kraken: monitor creation with IPv6 public network segfaultsResolvedShinobu KinjoActions
Actions
Copy link
 #2

Updated by Kefu Chai about 7 years ago

  • Status changed from New to Fix Under Review
  • Assignee set to Fabian Grünbichler
Actions
Copy link
 #3

Updated by Kefu Chai about 7 years ago

  • Backport set to hammer, jewel, kraken
Actions
Copy link
 #4

Updated by Kefu Chai about 7 years ago

  • Status changed from Fix Under Review to Pending Backport
Actions
Copy link
 #5

Updated by Nathan Cutler about 7 years ago

  • Copied to Backport #19463: hammer: monitor creation with IPv6 public network segfaults added
Actions
Copy link
 #6

Updated by Nathan Cutler about 7 years ago

  • Copied to Backport #19464: jewel: monitor creation with IPv6 public network segfaults added
Actions
Copy link
 #7

Updated by Nathan Cutler about 7 years ago

  • Copied to Backport #19465: kraken: monitor creation with IPv6 public network segfaults added
Actions
Copy link
 #8

Updated by Nathan Cutler over 6 years ago

  • Status changed from Pending Backport to Resolved
Actions
Copy link

Also available in: Atom PDF