Bug 856704 - UFO (swift) causes glusterfs SEGV on Fedora 17 when it invokes fallocate for an uploaded file
UFO (swift) causes glusterfs SEGV on Fedora 17 when it invokes fallocate for ...
Status: CLOSED CURRENTRELEASE
Product: GlusterFS
Classification: Community
Component: core (Show other bugs)
mainline
All Linux
high Severity high
: ---
: ---
Assigned To: Kaleb KEITHLEY
:
Depends On: 949242
Blocks: 852221
  Show dependency treegraph
 
Reported: 2012-09-12 11:39 EDT by Kaleb KEITHLEY
Modified: 2015-12-01 11:45 EST (History)
2 users (show)

See Also:
Fixed In Version: glusterfs-3.4.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-24 13:34:41 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
proposed fix (4.34 KB, application/octet-stream)
2012-09-12 11:39 EDT, Kaleb KEITHLEY
no flags Details

  None (edit)
Description Kaleb KEITHLEY 2012-09-12 11:39:58 EDT
Created attachment 612159 [details]
proposed fix

Description of problem:

An upload of a file will cause the volume's glusterfs to SEGV when it fields a FUSE_FALLOCATE op. Swift inspects libc to see if there is a symbol for fallocate(2) and if so will use it. And while the libc in RHEL 6 does have fallocate(2), the version of fuse in RHEL 6 does not support fallocate, and things are handled gracefully elsewhere (the kernel perhaps?)

N.B. fallocate was added to version 7.19 of fuse. Fedora 17 and later (and maybe earlier too) has 7.19. RHEL 6 still has 7.13. Glusterfs uses the 7.13 version <linux/fuse.h> (in contrib/fuse-include/fuse_kernel.h) 

Thus on Fedora 17, with both fallocate(2) in libc and fallocate support in fuse, the fallocate invocation is dispatched to glusterfs, but the dispatch table (fuse_std_ops in xlators/mount/fuse/src/fuse-bridge.c) is too short for one thing; the fallocate opcode (43) indexes beyond the end of the table, and even when that doesn't directly cause a SEGV, the NULL pointer at that location does cause a SEGV when attempting to call the function through the pointer.


Version-Release number of selected component (if applicable):

glusterfs, glusterfs-swift, etc. (Fedora koji build) 3.3.0-[56]

How reproducible:

Run UFO (glusterfs-swift) in F17 using the RPMs from  http://repos.fedorapeople.org/repos/kkeithle/glusterfs/

Use swift to upload a file. Watch the volume's glusterfs SEGV and drop a core file.

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

The attached patch contains a fix that 
 a) abandons the "carried" contrib/fuse-include/fuse_kernel.h in favor of using the system's <linux/fuse.h>
 b) extends the dispatch table as necessary (fuse_std_ops) to include a handler for fallocate. This handler merely returns ENOSYS, which Swift appears to handle ENOSYS from the handler the same way it would on systems where fuse and/or the file system doesn't support fallocate.

Another option would be to implement fallocate in the Gluster protocol stack and have the handler dispatch the op to gluster.

Note You need to log in before you can comment on or make changes to this bug.