Project

General

Profile

Bug #50807

mds: MDSLog::journaler pointer maybe crash with use-after-free

Added by Xiubo Li about 1 month ago. Updated about 1 month ago.

Status:
Pending Backport
Priority:
Normal
Assignee:
Category:
-
Target version:
% Done:

0%

Source:
Development
Tags:
Backport:
pacific,octopus
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
fs
Component(FS):
MDS
Labels (FS):
crash
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

When the _recovery_thread is trying to reformat the journal, it will delete the old journal pointer and assign with a new one, during this the mds_lock is unlocked. That means in other thread who are using the MDSLog::journaler pointer will potentially hit use-after-free bug.


Related issues

Copied to CephFS - Backport #50874: octopus: mds: MDSLog::journaler pointer maybe crash with use-after-free In Progress
Copied to CephFS - Backport #50875: pacific: mds: MDSLog::journaler pointer maybe crash with use-after-free New

History

#1 Updated by Xiubo Li about 1 month ago

  • Pull request ID set to 41332

#2 Updated by Xiubo Li about 1 month ago

  • Status changed from New to Fix Under Review
  • Assignee set to Xiubo Li

#3 Updated by Patrick Donnelly about 1 month ago

  • Target version set to v17.0.0
  • Source set to Development
  • Backport set to pacific,octopus

#4 Updated by Patrick Donnelly about 1 month ago

  • Status changed from Fix Under Review to Pending Backport

#5 Updated by Backport Bot about 1 month ago

  • Copied to Backport #50874: octopus: mds: MDSLog::journaler pointer maybe crash with use-after-free added

#6 Updated by Backport Bot about 1 month ago

  • Copied to Backport #50875: pacific: mds: MDSLog::journaler pointer maybe crash with use-after-free added

Also available in: Atom PDF