Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-18485

use-after-free in batch_send_update_req()

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Minor
    • None
    • None
    • None
    • 3
    • 9223372036854775807

    Description

      if rpc in batch_send_update_req() is async, then the interpreter (freeing the head) can be called sooner than lprocfs_oh_tally_log2() (using the head):

      [  147.017882] BUG: unable to handle kernel paging request at ffffa35eb3668018
      [  147.017908] PGD 100090067 P4D 100090067 PUD 100091067 PMD 14d0c0067 PTE 0
      [  147.017934] Oops: 0000 [#1] PREEMPT SMP
      [  147.017949] CPU: 1 PID: 10997 Comm: ll_sa_10979 Tainted: G        W  O     --------- -  - 4.18.0 #43
      [  147.017983] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014
      [  147.018015] RIP: 0010:batch_send_update_req.constprop.1.cold.4+0xb5/0x1d1 [ptlrpc]
      [  147.018097] Code: 00 00 48 c7 c6 90 1b 69 c0 48 c7 c7 99 88 6a c0 41 89 c4 e8 05 f2 ac c5 48 85 ed 74 08 48 89 ef e8 ad 39 ef ff 48 8b 7c 24 10 <8b> 73 18 48 81 c7 60 14 00 00 e8 59 8d bb ff ba fa 01 00 00 48 c7
      [  147.018156] RSP: 0018:ffff89758d2e7da0 EFLAGS: 00010246
      [  147.018177] RAX: 000000000000002f RBX: ffffa35eb3668000 RCX: 0000000000000001
      [  147.018205] RDX: 0000000080000001 RSI: ffffffff86e49006 RDI: ffff897574afc0c0
      [  147.018233] RBP: ffff89757c4f3ac0 R08: 0000000000000000 R09: 0000000000000000
      [  147.018263] R10: ffff89758d2e7bf0 R11: ffff89758d2e7be8 R12: 0000000000000000
      [  147.018288] R13: ffffa35eb3656000 R14: ffff89757c4f3e48 R15: 0000000000001000
      [  147.018314] FS:  0000000000000000(0000) GS:ffff897681500000(0000) knlGS:0000000000000000
      [  147.018337] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  147.018357] CR2: ffffa35eb3668018 CR3: 00000001027cf000 CR4: 0000000000350ea0
      [  147.018382] Call Trace:
      [  147.018395]  cli_batch_flush+0x7f/0x120 [ptlrpc]
      [  147.018455]  lmv_batch_flush+0xce/0x2e0 [lmv]
      [  147.018477]  ? ll_statahead_thread+0xebb/0x2000 [lustre]
      [  147.018513]  ll_statahead_thread+0x193/0x2000 [lustre]
      [  147.018548]  ? ll_statahead_handle.constprop.4+0x1e0/0x1e0 [lustre]
      [  147.018588]  kthread+0x16e/0x1a0
      

      Attachments

        Issue Links

          Activity

            People

              bzzz Alex Zhuravlev
              bzzz Alex Zhuravlev
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: