Project

General

Profile

Actions
Copy link

Bug #50807

closed

mds: MDSLog::journaler pointer maybe crash with use-after-free

Added by Xiubo Li almost 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Xiubo Li
Category:
-
Target version:
Ceph - v17.0.0
% Done:

0%

Source:
Development
Tags:
Backport:
pacific,octopus
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
fs
Component(FS):
MDS
Labels (FS):
crash
Pull request ID:
41332
Crash signature (v1):
Crash signature (v2):

Description

When the _recovery_thread is trying to reformat the journal, it will delete the old journal pointer and assign with a new one, during this the mds_lock is unlocked. That means in other thread who are using the MDSLog::journaler pointer will potentially hit use-after-free bug.

Related issues 2 (0 open2 closed)

Copied to CephFS - Backport #50874: octopus: mds: MDSLog::journaler pointer maybe crash with use-after-freeResolvedCory SnyderActions
Copied to CephFS - Backport #50875: pacific: mds: MDSLog::journaler pointer maybe crash with use-after-freeResolvedPatrick DonnellyActions
Actions
Copy link

Also available in: Atom PDF