git-server-git.apps.pok.os.sepia.ceph.com Git

author	Sage Weil <sage@redhat.com>
	Mon, 22 Oct 2018 19:38:48 +0000 (14:38 -0500)
committer	Sage Weil <sage@redhat.com>
	Mon, 22 Oct 2018 19:45:37 +0000 (14:45 -0500)
commit	020bd7b5f38a82d9eef5e25e6f4a4dd12b066915
tree	ef41b1ef70ef04279a545456353e170e24eae3cf	tree \| snapshot
parent	ae583f5dde2500a53636a68d4e03d865ac413abc	commit \| diff

os/bluestore: fix race between SharedBlobSet::lookup and SharedBlob::put

A                             B
SharedBlobSet::lookup()
  takes lock
  nref is not 0
                              SharedBlob::put()
                                --nref
returns SharedBlobRef,
  ++nref
                                takes cache lock
                                SharedBlobSet::remove
                                  takes lock
                                  removes
                                deletes SharedBlob

-> A ends up with a ref to deleted SharedBlob

Fix by verifying that nref is still zero in SharedBlobSet::remove(),
while we are holding the SharedBlobSet::lock.  The lock ensures that we
have increased the ref for the lookup before entering remove, so we can
verify that nref is still zero before removing it.  If not, we have
raced, and put() bails out and does nothing.

Fixes: http://tracker.ceph.com/issues/36526
Signed-off-by: Sage Weil <sage@redhat.com>

src/os/bluestore/BlueStore.cc		diff \| blob \| history
src/os/bluestore/BlueStore.h		diff \| blob \| history