Project

General

Profile

Actions
Copy link

Bug #46293

closed

kclient: delayed work will be potential crash with mdsc used-after-free

Added by Xiubo Li almost 4 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Xiubo Li
Category:
-
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
kcephfs
Crash signature (v1):
Crash signature (v2):

Description

Hit for twice that when doing the mount and umount testing before without any logs catched. And both time the OS is under pressure, almost run out of the disk/memories, etc.

Checked the related code, the cancel_delayed_work_sync() should be a potential problem:

Because the cancel_delayed_work_sync() will only guarantee that the work finishes executing if it is already on the ->worklist. But in case the work will re-arm itself, that means after the cancel_delayed_work_sync() returns it will leave the work requeued. And if we release the resources before the delayed work to run again we will hit the use-after-free bug.

Use the flush_delayed_work() to wait the work to be executed and to exit directly by checking the mdsc->stoppping without re-arming itself.

Actions
Copy link
 #1

Updated by Xiubo Li almost 4 years ago

  • Status changed from New to In Progress
  • ceph-qa-suite kcephfs added
  • ceph-qa-suite deleted (fs)
Actions
Copy link
 #2

Updated by Xiubo Li almost 4 years ago

  • Status changed from In Progress to Fix Under Review
Actions
Copy link
 #3

Updated by Xiubo Li almost 4 years ago

  • Status changed from Fix Under Review to Resolved
Actions
Copy link

Also available in: Atom PDF