Bug 1129710

Summary: rdma: glusterfsd SEGV at volume start
Product: [Community] GlusterFS Reporter: Kaleb KEITHLEY <kkeithle>
Component: rdmaAssignee: Kaleb KEITHLEY <kkeithle>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.6.0CC: aavati, bugs, gluster-bugs, jthottan, nlevinki, rgowdapp, rhs-bugs, rwheeler, sdharane, ssamanta
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: glusterfs-3.6.0beta1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1129708 Environment:
Last Closed: 2014-11-11 08:37:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1124981, 1129708    
Bug Blocks: 1117822    

Description Kaleb KEITHLEY 2014-08-13 14:07:09 UTC
+++ This bug was initially created as a clone of Bug #1129708 +++

+++ This bug was initially created as a clone of Bug #1124981 +++

Description of problem: glusterfsd NULL ptr deref in proto/server: get_frame_from_request() on transport rdma volume


Version-Release number of selected component (if applicable):

3.6.0.25 and earlier


How reproducible:

Create a volume with "... transport rdma ...", then start it


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

--- Additional comment from Kaleb KEITHLEY on 2014-07-30 15:18:13 EDT ---

(gdb) where
#0  get_frame_from_request (req=0x7f3157e9e04c) at server-helpers.c:435
#1  0x00007f315c5245ce in server3_3_statfs (req=0x7f3157e9e04c)
    at server-rpc-fops.c:6106
#2  0x00000035b3809995 in rpcsvc_handle_rpc_call (svc=<value optimized out>,
    trans=<value optimized out>, msg=0x7f3130000a00) at rpcsvc.c:680
#3  0x00000035b3809bd3 in rpcsvc_notify (trans=0x7f3151636070,
    mydata=<value optimized out>, event=<value optimized out>,
    data=0x7f3130000a00) at rpcsvc.c:774
#4  0x00000035b380b678 in rpc_transport_notify (this=<value optimized out>,
    event=<value optimized out>, data=<value optimized out>)
    at rpc-transport.c:512
#5  0x00007f3157c948e0 in gf_rdma_pollin_notify (peer=0x7f3151632c60,
    post=<value optimized out>) at rdma.c:3517
#6  0x00007f3157c94e14 in gf_rdma_recv_request (peer=0x7f3151632c60,
    wc=<value optimized out>) at rdma.c:3633
#7  gf_rdma_process_recv (peer=0x7f3151632c60, wc=<value optimized out>)
    at rdma.c:3734
#8  0x00007f3157c951c7 in gf_rdma_recv_completion_proc (data=0x7f3150019bc0)
    at rdma.c:3867
#9  0x00000035b20079d1 in start_thread () from /lib64/libpthread.so.0
#10 0x00000035b18e8b5d in clone () from /lib64/libc.so.6
(gdb)

Same crash and backtrace regardless of 3.6.0.22 or 3.6.0.25.

(gdb) print req->trans->xl
$6 = (void *) 0x0

related to this fragment of code near line 435 of server-helpers.c:

        ...
        this = req->trans->xl;
        priv = this->private;
        ...

--- Additional comment from Kaleb KEITHLEY on 2014-07-30 15:25:29 EDT ---

with this fix the RHS-glusterfs-3.6.0.25 glusterfsd no longer SEGVs, but a) this may not be the right place to do this, and b) I confess I'm puzzled as to why upstream 3.5.1 works without it. The .../rpc/.... source tree is, delta the addition of the ssl logic in upstream, the same, and it works.

--- rpc/rpc-transport/rdma/src/rdma.c.orig	2014-07-30 15:19:17.931001471 -0400
+++ rpc/rpc-transport/rdma/src/rdma.c	2014-07-30 15:19:42.684999382 -0400
@@ -716,6 +716,7 @@
         this->name = gf_strdup (listener->name);
         this->notify = listener->notify;
         this->mydata = listener->mydata;
+        this->xl = listener->xl;
 
         this->myinfo.sockaddr_len = sizeof (cm_id->route.addr.src_addr);
         memcpy (&this->myinfo.sockaddr, &cm_id->route.addr.src_addr,


On a separate note

--- Additional comment from RHEL Product and Program Management on 2014-07-30 15:43:26 EDT ---

Since this issue was entered in bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

--- Additional comment from Kaleb KEITHLEY on 2014-07-30 16:08:39 EDT ---

https://code.engineering.redhat.com/gerrit/30050

--- Additional comment from Kaleb KEITHLEY on 2014-08-13 10:06:16 EDT ---

--- Additional comment from Kaleb KEITHLEY on 2014-07-30 15:25:29 EDT ---

with this fix the glusterfs-3.7dev glusterfsd no longer SEGVs, 

--- rpc/rpc-transport/rdma/src/rdma.c.orig	2014-07-30 15:19:17.931001471 -0400
+++ rpc/rpc-transport/rdma/src/rdma.c	2014-07-30 15:19:42.684999382 -0400
@@ -716,6 +716,7 @@
         this->name = gf_strdup (listener->name);
         this->notify = listener->notify;
         this->mydata = listener->mydata;
+        this->xl = listener->xl;
 
         this->myinfo.sockaddr_len = sizeof (cm_id->route.addr.src_addr);
         memcpy (&this->myinfo.sockaddr, &cm_id->route.addr.src_addr,

Comment 1 Anand Avati 2014-08-13 14:37:17 UTC
REVIEW: http://review.gluster.org/8480 (rdma: glusterfsd SEGV at volume start) posted (#1) for review on release-3.6 by Kaleb KEITHLEY (kkeithle@redhat.com)

Comment 2 Anand Avati 2014-08-13 17:32:29 UTC
COMMIT: http://review.gluster.org/8480 committed in release-3.6 by Vijay Bellur (vbellur@redhat.com) 
------
commit 2f9db25fe5a2a488fb6e7033fae3bf2ef6093dfe
Author: Kaleb S. KEITHLEY <kkeithle@redhat.com>
Date:   Wed Aug 13 10:35:16 2014 -0400

    rdma: glusterfsd SEGV at volume start
    
    glusterfsd NULL ptr deref in proto/server: get_frame_from_request()
    with 'transport rdma' volume
    
    no test case, our regression test framework doesn't have Infiniband.
    If it did, the test case would be to create a 'transport rdma' volume,
    start it, and create/write/read/delete files on the volume.
    
    Change-Id: I8dd4bea08bdecbbdf0115d3badccb1594fa69a27
    BUG: 1129710
    Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
    Reviewed-on: http://review.gluster.org/8480
    Reviewed-by: Humble Devassy Chirammal <humble.devassy@gmail.com>
    Tested-by: Gluster Build System <jenkins@build.gluster.com>
    Reviewed-by: Vijay Bellur <vbellur@redhat.com>

Comment 3 Niels de Vos 2014-09-22 12:45:03 UTC
A beta release for GlusterFS 3.6.0 has been released. Please verify if the release solves this bug report for you. In case the glusterfs-3.6.0beta1 release does not have a resolution for this issue, leave a comment in this bug and move the status to ASSIGNED. If this release fixes the problem for you, leave a note and change the status to VERIFIED.

Packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update (possibly an "updates-testing" repository) infrastructure for your distribution.

[1] http://supercolony.gluster.org/pipermail/gluster-users/2014-September/018836.html
[2] http://supercolony.gluster.org/pipermail/gluster-users/

Comment 4 Niels de Vos 2014-11-11 08:37:19 UTC
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.6.1, please reopen this bug report.

glusterfs-3.6.1 has been announced [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://supercolony.gluster.org/pipermail/gluster-users/2014-November/019410.html
[2] http://supercolony.gluster.org/mailman/listinfo/gluster-users