git.apps.os.sepia.ceph.com Git - ceph-ci.git/commit

author	Ilya Dryomov <idryomov@gmail.com>
	Fri, 21 May 2021 13:27:31 +0000 (15:27 +0200)
committer	Ilya Dryomov <idryomov@gmail.com>
	Sat, 29 May 2021 16:44:20 +0000 (18:44 +0200)
commit	d83a0f6db8ff26eeb2c817b1bd192fb357f715df
tree	c044372935422d778437243d0203a2dea8a71c92	tree \| snapshot
parent	ef381d993ce29c5d0d774a6af27c3af861392ca1	commit \| diff

librbd/cache/pwl/ssd: avoid corrupting m_first_free_entry

In append_op_log_entries(), new_first_free_entry is read after
append_ops() returns.  This can result in accessing freed memory
because all I/Os may complete and append_ctx callback may run
by the time new_first_free_entry is read.  Garbage value gets
written to m_first_free_entry and depending on the circumstances
it may allow AbstractWriteLog code to accept more dirty user data
than we have space for.  Luckily we usually crash before then.

Fixes: https://tracker.ceph.com/issues/50832
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

src/librbd/cache/pwl/ssd/WriteLog.cc		diff \| blob \| history
src/librbd/cache/pwl/ssd/WriteLog.h		diff \| blob \| history