[Nfs-ganesha-devel] Change in ffilz/nfs-ganesha[next]: 9P lock: aquire state_lock properly

Mon, 06 Nov 2017 02:42:00 -0800 

>From Dominique Martinet <[email protected]>:

Dominique Martinet has uploaded this change for review. ( 
https://review.gerrithub.io/385823


Change subject: 9P lock: aquire state_lock properly
......................................................................

9P lock: aquire state_lock properly

The caller of state_lock() is expected to take the lock on its own.
This should fix the sporadical failure seen in this patchset:
https://review.gerrithub.io/#/c/385433/

==3884==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110003fbf68 
at pc 0x00000077cd18 bp 0x7fffc9cbf150 sp 0x7fffc9cbf148
READ of size 8 at 0x6110003fbf68 thread T34
Detaching after fork from child process 3944.
    #0 0x77cd17 in copy_conflict 
/export/nfs-ganesha/src/SAL/state_lock.c:2239:26
    #1 0x77fa9c in state_lock /export/nfs-ganesha/src/SAL/state_lock.c:2444:5
    #2 0x733404 in _9p_lock 
/export/nfs-ganesha/src/Protocols/9P/9p_lock.c:168:18
    #3 0x71c904 in _9p_process_buffer 
/export/nfs-ganesha/src/Protocols/9P/9p_interpreter.c:180:7
    #4 0x5fb386 in _9p_rdma_process_request 
/export/nfs-ganesha/src/MainNFSD/9p_rdma_callbacks.c:158:8
    #5 0x5c928f in _9p_execute 
/export/nfs-ganesha/src/MainNFSD/nfs_worker_thread.c:1509:3
    #6 0x5aa899 in worker_run 
/export/nfs-ganesha/src/MainNFSD/nfs_worker_thread.c:1604:4
    #7 0x88c1c4 in fridgethr_start_routine 
/export/nfs-ganesha/src/support/fridgethr.c:550:3
    #8 0x7ffff79b16c9 in start_thread (/lib64/libpthread.so.0+0x76c9)
    #9 0x7ffff4ed7f7e in __GI___clone (/lib64/libc.so.6+0x107f7e)

0x6110003fbf68 is located 104 bytes inside of 200-byte region 
[0x6110003fbf00,0x6110003fbfc8)
freed by thread T26 here:
    #0 0x4e2ae0 in __interceptor_cfree.localalias.1 
(/export/nfs-ganesha/build/MainNFSD/ganesha.nfsd+0x4e2ae0)
    #1 0x7731e4 in gsh_free /export/nfs-ganesha/src/include/abstract_mem.h:271:2
    #2 0x7731b6 in lock_entry_dec_ref 
/export/nfs-ganesha/src/SAL/state_lock.c:714:3
    #3 0x77b06a in remove_from_locklist 
/export/nfs-ganesha/src/SAL/state_lock.c:774:2
    #4 0x78d39a in free_list /export/nfs-ganesha/src/SAL/state_lock.c:967:3
    #5 0x7848c4 in subtract_lock_from_list 
/export/nfs-ganesha/src/SAL/state_lock.c:1140:3
    #6 0x7833ac in state_unlock /export/nfs-ganesha/src/SAL/state_lock.c:2716:11
    #7 0x7334fe in _9p_lock /export/nfs-ganesha/src/Protocols/9P/9p_lock.c:187:7
    #8 0x71c904 in _9p_process_buffer 
/export/nfs-ganesha/src/Protocols/9P/9p_interpreter.c:180:7
    #9 0x5fb386 in _9p_rdma_process_request 
/export/nfs-ganesha/src/MainNFSD/9p_rdma_callbacks.c:158:8
    #10 0x5c928f in _9p_execute 
/export/nfs-ganesha/src/MainNFSD/nfs_worker_thread.c:1509:3
    #11 0x5aa899 in worker_run 
/export/nfs-ganesha/src/MainNFSD/nfs_worker_thread.c:1604:4
    #12 0x88c1c4 in fridgethr_start_routine 
/export/nfs-ganesha/src/support/fridgethr.c:550:3
    #13 0x7ffff79b16c9 in start_thread (/lib64/libpthread.so.0+0x76c9)

previously allocated by thread T16 here:
    #0 0x4e2c98 in __interceptor_malloc 
(/export/nfs-ganesha/build/MainNFSD/ganesha.nfsd+0x4e2c98)
    #1 0x77443f in gsh_malloc__ 
/export/nfs-ganesha/src/include/abstract_mem.h:78:12
    #2 0x780f13 in create_state_lock_entry 
/export/nfs-ganesha/src/SAL/state_lock.c:579:14
    #3 0x77ffcf in state_lock /export/nfs-ganesha/src/SAL/state_lock.c:2562:16
    #4 0x733404 in _9p_lock 
/export/nfs-ganesha/src/Protocols/9P/9p_lock.c:168:18
    #5 0x71c904 in _9p_process_buffer 
/export/nfs-ganesha/src/Protocols/9P/9p_interpreter.c:180:7
    #6 0x5fb386 in _9p_rdma_process_request 
/export/nfs-ganesha/src/MainNFSD/9p_rdma_callbacks.c:158:8
    #7 0x5c928f in _9p_execute 
/export/nfs-ganesha/src/MainNFSD/nfs_worker_thread.c:1509:3
    #8 0x5aa899 in worker_run 
/export/nfs-ganesha/src/MainNFSD/nfs_worker_thread.c:1604:4
    #9 0x88c1c4 in fridgethr_start_routine 
/export/nfs-ganesha/src/support/fridgethr.c:550:3
    #10 0x7ffff79b16c9 in start_thread (/lib64/libpthread.so.0+0x76c9)

Thanks goes to Malahal for the analysis of the problem

Change-Id: Ie82eb4a5ecf5da3fd3a8d1cd9dbdb99b54842745
Signed-off-by: Dominique Martinet <[email protected]>
---
M src/Protocols/9P/9p_lock.c
1 file changed, 2 insertions(+), 1 deletion(-)



  git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha 
refs/changes/23/385823/1
-- 
To view, visit https://review.gerrithub.io/385823
To unsubscribe, visit https://review.gerrithub.io/settings

Gerrit-Project: ffilz/nfs-ganesha
Gerrit-Branch: next
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie82eb4a5ecf5da3fd3a8d1cd9dbdb99b54842745
Gerrit-Change-Number: 385823
Gerrit-PatchSet: 1
Gerrit-Owner: Dominique Martinet <[email protected]>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfs-ganesha-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel

Reply via email to