[LU-15634] Use after free in ptlrpc Created: 09/Mar/22  Updated: 18/Mar/22  Resolved: 18/Mar/22

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: Lustre 2.14.0, Lustre 2.15.0
Fix Version/s: Lustre 2.15.0

Type: Bug Priority: Critical
Reporter: Shaun Tancheff Assignee: Shaun Tancheff
Resolution: Fixed Votes: 0
Labels: None

Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

ptlrpc: Use after free of 'conn' in rhashtable retry

Use after free of 'conn' in the uncommon case of
rhashtable_lookup_get_insert_fast failing with -EBUSY or -ENOMEM

Move OBD_FREE_PTR(conn) below the retry and set conn2 to NULL
on error, propagating to conn and returning to the caller.

Fixes: 37b29a8f70 ("LU-8130 ptlrpc: convert conn_hash to rhashtable");

 Comments   
Comment by Gerrit Updater [ 09/Mar/22 ]

"Shaun Tancheff <shaun.tancheff@hpe.com>" uploaded a new patch: https://review.whamcloud.com/46763
Subject: LU-15634 ptlrpc: Use after free of 'conn' in rhashtable retry
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: ba185ad950b678dfbada531e6425fbbdaa1e18e3

Comment by Gerrit Updater [ 18/Mar/22 ]

"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/46763/
Subject: LU-15634 ptlrpc: Use after free of 'conn' in rhashtable retry
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 9dcbf8b3d44f9bb2b1d9c3ac6036345bad827797

Comment by Peter Jones [ 18/Mar/22 ]

Landed for 2.15

Generated at Sat Feb 10 03:20:00 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.