git.apps.os.sepia.ceph.com Git

author	Kefu Chai <k.chai@proxmox.com>
	Mon, 10 Nov 2025 13:44:07 +0000 (21:44 +0800)
committer	Kefu Chai <k.chai@proxmox.com>
	Mon, 10 Nov 2025 13:54:19 +0000 (21:54 +0800)
commit	81a6d6072b79e50c5c62023cdb2d907adffdb79d
tree	0ae669b7b21cc775cacf7763e7bbdb2177380509	tree \| snapshot
parent	060b69c6605d88ad06bd1a3b81697abff2bd4ca5	commit \| diff

rgw/posix: Fix race condition in Inotify causing segfault

Fixed a race condition in the Inotify class where the ev_loop() thread
and caller threads (add_watch/remove_watch) were accessing the
wd_callback_map and wd_remove_map hash maps without synchronization.

This caused a segfault during hash table operations when one thread
was reading from the map while another was modifying it, leading to
iterator invalidation and memory corruption.

Backtrace from the crash:
  Frame 5: file::listing::Inotify::ev_loop()+0x190
  Frame 4: ankerl::unordered_dense::v3_1_0::detail::table::find()
  Crash: Memory access violation during WatchRecord lookup

The fix adds:
- A mutex (map_mutex) to protect both hash maps
- Lock guards in add_watch() and remove_watch() during map modifications
- Lock guard in ev_loop() with proper copying of watch record data to
  avoid holding the lock during callbacks and prevent use-after-free

See https://jenkins.ceph.com/job/ceph-pull-requests/169774/testReport/junit/projectroot.src.test/rgw/unittest_rgw_posix_driver/

Signed-off-by: Kefu Chai <k.chai@proxmox.com>