git-server-git.apps.pok.os.sepia.ceph.com Git

author	Milind Changire <mchangir@redhat.com>
	Thu, 3 Apr 2025 07:54:37 +0000 (13:24 +0530)
committer	Milind Changire <mchangir@redhat.com>
	Wed, 14 May 2025 16:03:32 +0000 (21:33 +0530)
commit	0ea8570f967374073bd3fcd6def711fdd3187120
tree	39749550d13c275435fe7f41f0de822c9fa9fb53	tree \| snapshot
parent	e1f7b2c3a5b8a983581263b4a7be4c17f4d18174	commit \| diff

mds: use available CInode* for uninline data

This is a null pointer dereference issue and it happens as follows:

Uninline Data is not a regular client request ... it is an Internal Request.
So, there's no client request struct allocated and assigned in the mdr to
begin with.

In the scrubbing path, the auth validation is already done in
ScrubStack::kick_off_scrubs() ... and since Uninline Data path piggybacks
on the scrubbing path, we get the auth validation for free.

rdlock_path_pin_ref(), fails to lock the path if the lock is already taken.
This is what happens in the Uninline Data case. So rdlock_path_pin_ref()
creates a C_MDS_RetryRequest and this causes the request to be re-attempted
in the regular client request path where Server::handle_client_request()
assumes that the mdr->client_request member is valid ...
and hence the null pointer dereference issue.
---
Since the scrub path dequeues the CInode* from the ScrubStack, this
commit attempts to use the already available CInode*.

Fixes: https://tracker.ceph.com/issues/70624
Signed-off-by: Milind Changire <mchangir@redhat.com>

src/mds/MDCache.cc		diff \| blob \| history
src/mds/ScrubStack.cc		diff \| blob \| history