Project

General

Profile

Actions
Copy link

Bug #54430

closed

kclient: couldn't properly handle higher version of reply messages

Added by Xiubo Li about 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Xiubo Li
Category:
-
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
fs
Crash signature (v1):
Crash signature (v2):

Description

<6>[ 6811.719527] libceph: mon0 (1)10.72.47.117:40066 session established
<6>[ 6811.723384] libceph: client4230 fsid 936b980d-f8b0-4f4e-9f4c-7417be0857e7
<3>[ 6815.327703] ceph: problem parsing dir contents -5
<3>[ 6815.327753] ceph: mds parse_reply err -5
<3>[ 6815.327756] ceph: mdsc_handle_reply got corrupt reply mds0(tid:2)
<7>[ 6815.327763] header: 00000000: 03 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00  ................
<7>[ 6815.327773] header: 00000010: 1a 00 7f 00 01 00 19 06 00 00 00 00 00 00 00 00  ................
<7>[ 6815.327777] header: 00000020: 00 00 00 00 02 00 00 00 00 00 00 00 00 01 00 00  ................
<7>[ 6815.327780] header: 00000030: 00 ca 39 f4 47                                   ..9.G
<7>[ 6815.327783]  front: 00000000: 05 03 00 00 00 00 00 00 06 00 00 00 01 00 01 4a  ...............J
<7>[ 6815.327787]  front: 00000010: 01 00 00 07 01 44 01 00 00 01 00 00 00 00 00 00  .....D..........
<7>[ 6815.327790]  front: 00000020: 00 fe ff ff ff ff ff ff ff 00 00 00 00 36 00 00  .............6..
<7>[ 6815.327794]  front: 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 55 01 00  .............U..
<7>[ 6815.327797]  front: 00000040: 00 00 00 00 00 02 00 00 00 00 00 00 00 02 00 00  ................
<7>[ 6815.327800]  front: 00000050: 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00  ................
<7>[ 6815.327803]  front: 00000060: 40 00 01 00 00 00 00 00 40 00 00 00 00 00 00 00  @.......@.......
<7>[ 6815.327807]  front: 00000070: 00 00 00 00 00 00 03 00 00 00 f0 7f 1d 62 32 95  .............b2.
<7>[ 6815.327810]  front: 00000080: 25 37 f0 7f 1d 62 32 95 25 37 00 00 00 00 00 00  %7...b2.%7......
<7>[ 6815.327813]  front: 00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.327816]  front: 000000a0: 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 00 00  ................
<7>[ 6815.327819]  front: 000000b0: 00 00 ed 41 00 00 00 00 00 00 00 00 00 00 01 00  ...A............
<7>[ 6815.327822]  front: 000000c0: 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00  ................
<7>[ 6815.327825]  front: 000000d0: 00 00 45 01 00 00 00 00 00 00 04 00 00 00 00 00  ..E.............
<7>[ 6815.327829]  front: 000000e0: 00 00 08 00 00 00 00 00 00 00 2e 80 1d 62 db eb  .............b..
<7>[ 6815.327832]  front: 000000f0: dd 1f 00 00 00 00 00 00 00 00 02 00 00 00 00 00  ................
<7>[ 6815.327835]  front: 00000100: 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.327838]  front: 00000110: 00 00 01 01 10 00 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.327841]  front: 00000120: 00 00 00 00 00 00 00 00 00 00 00 00 c7 77 1d 62  .............w.b
<7>[ 6815.327845]  front: 00000130: ee cd d3 0e 05 00 00 00 00 00 00 00 ff ff ff ff  ................
<7>[ 6815.327848]  front: 00000140: 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00  ................
<7>[ 6815.327851]  front: 00000150: 00 00 00 00 00 00 00 00 00 00 00 00 00 84 04 00  ................
<7>[ 6815.327854]  front: 00000160: 00 01 01 0c 00 00 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.327857]  front: 00000170: 00 00 00 03 00 00 00 01 07 08 00 00 00 2e 66 73  ..............fs
<7>[ 6815.327860]  front: 00000180: 63 72 79 70 74 03 01 0f 00 00 00 04 00 00 00 00  crypt...........
<7>[ 6815.327864]  front: 00000190: 00 00 00 00 00 00 00 00 00 00 07 01 48 01 00 00  ............H...
<7>[ 6815.327867]  front: 000001a0: 01 00 00 00 00 01 00 00 fe ff ff ff ff ff ff ff  ................
<7>[ 6815.327870]  front: 000001b0: 00 00 00 00 76 00 00 00 00 00 00 00 01 00 00 00  ....v...........
<7>[ 6815.327873]  front: 000001c0: 00 00 00 00 55 01 00 00 00 00 00 00 03 00 00 00  ....U...........
<7>[ 6815.327876]  front: 000001d0: 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00  ................
<7>[ 6815.327879]  front: 000001e0: 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.327882]  front: 000001f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.327886]  front: 00000200: 00 a6 7e 1d 62 f1 a0 f6 36 a6 7e 1d 62 91 96 b9  ..~.b...6.~.b...
<7>[ 6815.327892]  front: 00000210: 36 a6 7e 1d 62 00 07 5e 36 00 00 00 00 00 00 00  6.~.b..^6.......
<7>[ 6815.327895]  front: 00000220: 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff  ................
<7>[ 6815.327899]  front: 00000230: ff ff ff ff ff 01 00 00 00 ed 41 00 00 00 00 00  ..........A.....
<7>[ 6815.327902]  front: 00000240: 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.327905]  front: 00000250: 00 02 00 00 00 00 00 00 00 45 01 00 00 00 00 00  .........E......
<7>[ 6815.327908]  front: 00000260: 00 02 00 00 00 00 00 00 00 03 00 00 00 00 00 00  ................
<7>[ 6815.327911]  front: 00000270: 00 fa 7f 1d 62 ab 3c 5f 3b 00 00 00 00 00 00 00  ....b.<_;.......
<7>[ 6815.327914]  front: 00000280: 00 02 00 00 00 00 00 00 00 04 00 00 00 00 00 00  ................
<7>[ 6815.327917]  front: 00000290: 00 ff ff ff ff ff ff ff ff 00 00 00 00 01 01 10  ................
<7>[ 6815.327921]  front: 000002a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.327927]  front: 000002b0: 00 00 00 00 00 00 00 a6 7e 1d 62 00 07 5e 36 03  ........~.b..^6.
<7>[ 6815.327930]  front: 000002c0: 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 00  ................
<7>[ 6815.327933]  front: 000002d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.327936]  front: 000002e0: 00 00 00 00 00 00 00 00 04 00 00 00 64 69 72 31  ............dir1
<7>[ 6815.327940]  front: 000002f0: 03 01 0f 00 00 00 04 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.327943]  front: 00000300: 00 00 00 00 00 07 01 74 01 00 00 fb 01 00 00 00  .......t........
<7>[ 6815.327946]  front: 00000310: 01 00 00 fe ff ff ff ff ff ff ff 00 00 00 00 6e  ...............n
<7>[ 6815.327950]  front: 00000320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.327953]  front: 00000330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.327956]  front: 00000340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01  ................
<7>[ 6815.327959]  front: 00000350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.327962]  front: 00000360: 00 00 00 00 00 00 00 00 00 00 00 00 2e 80 1d 62  ...............b
<7>[ 6815.327965]  front: 00000370: db eb dd 1f 14 80 1d 62 0a 44 5c 27 f0 7f 1d 62  .......b.D\'...b
<7>[ 6815.327969]  front: 00000380: 32 95 25 37 00 00 00 00 00 00 00 00 00 00 00 00  2.%7............
<7>[ 6815.327972]  front: 00000390: 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff  ................
<7>[ 6815.327975]  front: 000003a0: 01 00 00 00 c0 41 00 00 00 00 00 00 00 00 00 00  .....A..........
<7>[ 6815.327978]  front: 000003b0: 01 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00  ................
<7>[ 6815.327981]  front: 000003c0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00  ................
<7>[ 6815.327984]  front: 000003d0: 00 00 00 00 02 00 00 00 00 00 00 00 2e 80 1d 62  ...............b
<7>[ 6815.327988]  front: 000003e0: db eb dd 1f 00 00 00 00 00 00 00 00 02 00 00 00  ................
<7>[ 6815.327991]  front: 000003f0: 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff  ................
<7>[ 6815.327994]  front: 00000400: 00 00 00 00 01 01 10 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.327997]  front: 00000410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 7f  ................
<7>[ 6815.328000]  front: 00000420: 1d 62 32 95 25 37 02 00 00 00 00 00 00 00 ff ff  .b2.%7..........
<7>[ 6815.328003]  front: 00000430: ff ff 00 00 00 00 00 00 00 00 03 00 00 00 00 00  ................
<7>[ 6815.328006]  front: 00000440: 00 00 00 00 00 00 01 30 00 00 00 01 00 00 00 28  .......0.......(
<7>[ 6815.328010]  front: 00000450: 00 00 00 02 01 04 03 00 00 00 00 19 d4 b6 37 4f  ..............7O
<7>[ 6815.328013]  front: 00000460: 9a 9f 9e 89 2c 0f ec e4 3e bb cc ee 51 64 b2 7d  ....,...>...Qd.}
<7>[ 6815.328016]  front: 00000470: 7b 3b 5d ae 7d 0a 2f 34 ae 6c dd 00 00 00 00 03  {;].}./4.l......
<7>[ 6815.328019]  front: 00000480: 00 00 00 64 69 72 03 01 0f 00 00 00 04 00 00 00  ...dir..........
<7>[ 6815.328022]  front: 00000490: 00 00 00 00 00 00 00 00 00 00 00 07 01 44 01 00  .............D..
<7>[ 6815.328025]  front: 000004a0: 00 04 00 00 00 00 01 00 00 fe ff ff ff ff ff ff  ................
<7>[ 6815.328032]  front: 000004b0: ff 00 00 00 00 3a 00 00 00 00 00 00 00 00 00 00  .....:..........
<7>[ 6815.328035]  front: 000004c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.328038]  front: 000004d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.328041]  front: 000004e0: 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.328044]  front: 000004f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.328055]  front: 00000500: 00 00 fc 7e 1d 62 4b b2 27 28 e1 7e 1d 62 30 6f  ...~.bK.'(.~.b0o
<7>[ 6815.328058]  front: 00000510: 8b 35 af 7e 1d 62 42 4b b9 25 00 00 00 00 00 00  .5.~.bBK.%......
<7>[ 6815.328061]  front: 00000520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff  ................
<7>[ 6815.328064]  front: 00000530: ff ff ff ff ff ff 01 00 00 00 ed 41 00 00 00 00  ...........A....
<7>[ 6815.328067]  front: 00000540: 00 00 00 00 00 00 01 00 00 00 01 00 00 00 00 00  ................
<7>[ 6815.328071]  front: 00000550: 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.328074]  front: 00000560: 00 00 01 00 00 00 00 00 00 00 02 00 00 00 00 00  ................
<7>[ 6815.328077]  front: 00000570: 00 00 fc 7e 1d 62 4b b2 27 28 00 00 00 00 00 00  ...~.bK.'(......
<7>[ 6815.328080]  front: 00000580: 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ff ff  ................
<7>[ 6815.328087]  front: 00000590: ff ff ff ff ff ff 00 00 00 00 01 01 10 00 00 00  ................
<7>[ 6815.328094]  front: 000005a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.328097]  front: 000005b0: 00 00 00 00 af 7e 1d 62 42 4b b9 25 02 00 00 00  .....~.bBK.%....
<7>[ 6815.328100]  front: 000005c0: 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00  ................
<7>[ 6815.328104]  front: 000005d0: 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.328107]  front: 000005e0: 00 00 00 00 00 30 00 00 00 01 00 00 00 00 00 00  .....0..........
<7>[ 6815.328110]  front: 000005f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
<7>[ 6815.328114]  front: 00000600: 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00  ................
<7>[ 6815.328117]  front: 00000610: 00 00 00 00 00 00 00 00 00                       .........
<7>[ 6815.328120] footer: 00000000: 72 d9 26 ff 00 00 00 00 00 00 00 00 00 00 00 00  r.&.............
<7>[ 6815.328123] footer: 00000010: 00 00 00 00 01                                   .....
Actions
Copy link
 #1

Updated by Xiubo Li about 2 years ago

The user space client doesn't have this issue because it will always skip the extra memory when decoding in DECODE_FINISHE(), please see Line#1514 below:

1503 /**
1504  * finish decode block
1505  *
1506  * @param bl bufferlist::iterator we were decoding from
1507  */
1508 #define DECODE_FINISH(bl)                                               \                                                                         
1509   } while (false);                                                      \
1510   if (struct_end) {                                                     \
1511     if (bl.get_off() > struct_end)                                      \
1512       throw ::ceph::buffer::malformed_input(DECODE_ERR_PAST(__PRETTY_FUNCTION__)); \
1513     if (bl.get_off() < struct_end)                                      \
1514       bl += struct_end - bl.get_off();                                  \
1515   }
Actions
Copy link
 #2

Updated by Xiubo Li about 2 years ago

This is a bug in wip-fscrypt branch only, and the patch work is https://patchwork.kernel.org/project/ceph-devel/list/?series=619234.

Actions
Copy link
 #3

Updated by Xiubo Li about 2 years ago

  • Status changed from In Progress to Resolved
Actions
Copy link

Also available in: Atom PDF