[LU-7078] use after free from ll_update_lsm_md() Created: 01/Sep/15  Updated: 19/Sep/15  Resolved: 19/Sep/15

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: Lustre 2.8.0
Fix Version/s: Lustre 2.8.0

Type: Bug Priority: Minor
Reporter: John Hammond Assignee: Di Wang
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Related
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

In ll_update_lmd_md() if md_merge_attr() fails then the lmv_stripe_md is pointed to by both lli->lli_lsm_md and md->lmv. After the failure the stripe md is freed by md_free_lustre_md() and so lli->lli_lsm_md becomes a dangling pointer.

 Comments   
Comment by Gerrit Updater [ 11/Sep/15 ]

wangdi (di.wang@intel.com) uploaded a new patch: http://review.whamcloud.com/16382
Subject: LU-7078 llite: reset md->lmv to NULL
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 67a659447eda3ca3f9ced42a4a656c2e1210bd85

Comment by Gerrit Updater [ 19/Sep/15 ]

Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/16382/
Subject: LU-7078 llite: reset md->lmv to NULL
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: ab074f434b198c86872954402b94857d7cec38c4

Comment by Peter Jones [ 19/Sep/15 ]

Landed for 2.8

Generated at Sat Feb 10 02:05:48 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.