Bug 1288922
Summary: | Use after free bug in notify_kernel_loop in fuse-bridge code | ||
---|---|---|---|
Product: | [Community] GlusterFS | Reporter: | Pranith Kumar K <pkarampu> |
Component: | fuse | Assignee: | Pranith Kumar K <pkarampu> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.7.6 | CC: | bugs, rgowdapp |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | glusterfs-3.7.7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | 1288857 | Environment: | |
Last Closed: | 2016-04-19 07:41:21 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1288857, 1327036 | ||
Bug Blocks: | 1288921 |
Description
Pranith Kumar K
2015-12-07 02:22:18 UTC
REVIEW: http://review.gluster.org/12887 (mount/fuse: Fix use-after-free crash) posted (#1) for review on release-3.7 by Pranith Kumar Karampuri (pkarampu) REVIEW: http://review.gluster.org/12887 (mount/fuse: Fix use-after-free crash) posted (#2) for review on release-3.7 by Pranith Kumar Karampuri (pkarampu) COMMIT: http://review.gluster.org/12887 committed in release-3.7 by Raghavendra G (rgowdapp) ------ commit a97ea63aaf4ee79bd6bb9759840fdaa43f37534c Author: Pranith Kumar K <pkarampu> Date: Sun Dec 6 22:05:54 2015 +0530 mount/fuse: Fix use-after-free crash Backport of http://review.gluster.com/12886 fouh->len is accessed after 'node' is freed. Also 'rv' is int where as fouh->len is uint32, changed comparison to ssize_t variables. BUG: 1288922 Change-Id: Ib5e22ce56a022740fcc09ce430ff1de31a8a45d6 Signed-off-by: Pranith Kumar K <pkarampu> Reviewed-on: http://review.gluster.org/12887 Tested-by: Gluster Build System <jenkins.com> Tested-by: NetBSD Build System <jenkins.org> Reviewed-by: Raghavendra G <rgowdapp> REVIEW: http://review.gluster.org/13275 (fuse: use-after-free fix in fuse-bridge, revisited) posted (#1) for review on release-3.7 by Kaleb KEITHLEY (kkeithle) REVIEW: http://review.gluster.org/13275 (fuse: use-after-free fix in fuse-bridge, revisited) posted (#2) for review on release-3.7 by Kaleb KEITHLEY (kkeithle) REVIEW: http://review.gluster.org/13275 (fuse: use-after-free fix in fuse-bridge, revisited) posted (#3) for review on release-3.7 by Kaleb KEITHLEY (kkeithle) REVIEW: http://review.gluster.org/13275 (fuse: use-after-free fix in fuse-bridge, revisited) posted (#4) for review on release-3.7 by Kaleb KEITHLEY (kkeithle) COMMIT: http://review.gluster.org/13275 committed in release-3.7 by Raghavendra G (rgowdapp) ------ commit 4ae9ac6dd48d378984fa3a34a6b63d90bc74e431 Author: Kaleb S KEITHLEY <kkeithle> Date: Thu Jan 21 17:03:17 2016 -0500 fuse: use-after-free fix in fuse-bridge, revisited Prompted by the email exchange in gluster-devel between Oleksandr Natalenko, xavi, and soumyak, I looked at this because the fuse client on the longevity cluster has also been suffering from a serious memory leak for some time. (longevity cluster is currently running 3.7.6) The longevity cluster manifests the same kernel notifier loop terminated log message the Oleksandr sees, and some sample runs suggest that the length passed to the (sys_)write call is unexpectedly and abnormally large. Basically this fix a) uses correct types for len and rv, b) copies the len from potentially incorrectly aligned memory (in a way that should minimize potential performance issues related to accessing unaligned memory.) c) changes log level of the kernel notifier loop terminated message d) fixes a potential mutex lock/unlock issue See Change-Id: Icedb3525706f59803878bb37ef6b4ffe4a986880 BUG: 1288857 http://review.gluster.org/13274 Change-Id: I1a2f957a95978468baa33c2b1f3667934d88939c BUG: 1288922 Signed-off-by: Kaleb S KEITHLEY <kkeithle> Reviewed-on: http://review.gluster.org/13275 Smoke: Gluster Build System <jenkins.com> NetBSD-regression: NetBSD Build System <jenkins.org> CentOS-regression: Gluster Build System <jenkins.com> Reviewed-by: Raghavendra G <rgowdapp> This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.8, please open a new bug report. glusterfs-3.7.8 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution. [1] https://www.gluster.org/pipermail/gluster-users/2016-February/025292.html [2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.7, please open a new bug report. glusterfs-3.7.7 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution. [1] https://www.gluster.org/pipermail/gluster-users/2016-February/025292.html [2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user |