mds: fix heap-use-after-free in C_Flush_Journal#62553
Merged
Conversation
Moved dout() statement out of trim_expired_segments() to avoid dereferencing 'this' object after object deletion via context completion handler. Fixes: https://tracker.ceph.com/issues/69953 Signed-off-by: Milind Changire <mchangir@redhat.com>
Resolved use-after-free issue of ESubtreeMap. The subtreemap event gets destroyed after it is submitted to the log. MDLog::submit_event() now returns a sequence number of the submitted event. Fixes: https://tracker.ceph.com/issues/69953 Signed-off-by: Milind Changire <mchangir@redhat.com>
batrick
approved these changes
Mar 30, 2025
| LogSegment* _start_new_segment(SegmentBoundary* sb); | ||
| void _segment_upkeep(); | ||
| void _submit_entry(LogEvent* e, MDSLogContextBase* c); | ||
| LogSegment::seq_t _submit_entry(LogEvent* e, MDSLogContextBase* c); |
Member
There was a problem hiding this comment.
To avoid this in the future, we should pass a smart unique_ptr (r-value) to the LogEvent.
vshankar
approved these changes
Apr 7, 2025
Contributor
|
This PR is under test in https://tracker.ceph.com/issues/70819. |
Contributor
|
Oh, what fun - not a single failure that I suspected from the original fs suite run is seen with a rerun. So, it's unlikely that this PR is related to the failures originally seen. This is good to merge IMO. |
Contributor
|
jenkins test make check |
vshankar
approved these changes
Apr 15, 2025
This was referenced Aug 20, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes: https://tracker.ceph.com/issues/69953
Signed-off-by: Milind Changire mchangir@redhat.com
Contribution Guidelines
To sign and title your commits, please refer to Submitting Patches to Ceph.
If you are submitting a fix for a stable branch (e.g. "quincy"), please refer to Submitting Patches to Ceph - Backports for the proper workflow.
When filling out the below checklist, you may click boxes directly in the GitHub web UI. When entering or editing the entire PR message in the GitHub web UI editor, you may also select a checklist item by adding an
xbetween the brackets:[x]. Spaces and capitalization matter when checking off items this way.Checklist
Show available Jenkins commands
jenkins test classic perfJenkins Job | Jenkins Job Definitionjenkins test crimson perfJenkins Job | Jenkins Job Definitionjenkins test signedJenkins Job | Jenkins Job Definitionjenkins test make checkJenkins Job | Jenkins Job Definitionjenkins test make check arm64Jenkins Job | Jenkins Job Definitionjenkins test submodulesJenkins Job | Jenkins Job Definitionjenkins test dashboardJenkins Job | Jenkins Job Definitionjenkins test dashboard cephadmJenkins Job | Jenkins Job Definitionjenkins test apiJenkins Job | Jenkins Job Definitionjenkins test docsReadTheDocs | Github Workflow Definitionjenkins test ceph-volume allJenkins Jobs | Jenkins Jobs Definitionjenkins test windowsJenkins Job | Jenkins Job Definitionjenkins test rook e2eJenkins Job | Jenkins Job Definition