librbd/cache/pwl/ssd: avoid corrupting first_free_entry
In append_ops(), new_first_free_entry is assigned to after aio_submit()
is called. This can result in accessing uninitialized or freed memory
because all I/Os may complete and append_ctx callback may run before the
assignment is executed. Garbage value gets written to first_free_entry
and we eventually crash, most likely in bufferlist manipulation code.
But worse, the corrupted first_free_entry makes it to media almost all
the time. The result is a corrupted cache -- dirty user data is lost.
Fixes: https://tracker.ceph.com/issues/50832
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
ef381d993ce29c5d0d774a6af27c3af861392ca1)
projects / ceph.git / commit