From: Min Chen <minchen@ubuntukylin.com>
Date: Mon, 15 Jun 2015 01:48:51 +0000 (+0800)
Subject: bug fix: librados segmentation fault, when two read ops share one AioCompletionImpl
X-Git-Tag: v9.1.0~186^2~2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=51862e3d057559aa8ad39627d149dfbeb68160af;p=ceph.git

bug fix: librados segmentation fault, when two read ops share one AioCompletionImpl

This is a serious BUG:
In librados, use two read ops to read one object twice
with the same completion will cause segmentation fault.

reproduce test code as bellow:

rados_read_op_read(read_op, 0, len, buf, &bytes_read, &ret);
rados_read_op_read(read_op2, 0, len, buf2, &bytes_read2, &ret2);
ret = rados_aio_read_op_operate(read_op, ioctx, read_completion, object, 0);
ret = rados_aio_read_op_operate(read_op2, ioctx, read_completion, object, 0);
ret = rados_aio_wait_for_complete(read_completion);

In order to fix it, we just need an assert() to make sure
there is only one IoCtx on a single AioCompletionImpl.

Signed-off-by: Min Chen <minchen@ubuntukylin.com>
---

diff --git a/src/librados/IoCtxImpl.cc b/src/librados/IoCtxImpl.cc
index 15ebc6fd8dc2..50a600beb1b0 100644
--- a/src/librados/IoCtxImpl.cc
+++ b/src/librados/IoCtxImpl.cc
@@ -1299,6 +1299,7 @@ void librados::IoCtxImpl::set_notify_timeout(uint32_t timeout)
 
 librados::IoCtxImpl::C_aio_Ack::C_aio_Ack(AioCompletionImpl *_c) : c(_c)
 {
+  assert(!c->io);
   c->get();
 }
 
@@ -1331,6 +1332,7 @@ librados::IoCtxImpl::C_aio_stat_Ack::C_aio_stat_Ack(AioCompletionImpl *_c,
 						    time_t *pm)
    : c(_c), pmtime(pm)
 {
+  assert(!c->io);
   c->get();
 }