From: Xiubo Li <xiubli@redhat.com>
Date: Mon, 15 Aug 2022 09:50:27 +0000 (+0800)
Subject: client: stop the remount_finisher thread in the Client::unmount()
X-Git-Tag: v16.2.11~295^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F48108%2Fhead;p=ceph.git

client: stop the remount_finisher thread in the Client::unmount()

The ceph_fuse will unmount the client and then finalize the cfuse
and at the same will free the mountpoint memory. And at last will
try to stop the remount_finisher thread. But the remount_finisher
thread will use the freed mountpoint to do the remount, which will
case unexpected remount failures.

Just stop the remount_finisher thread in the Client::unmount().

Fixes: https://tracker.ceph.com/issues/56249
Signed-off-by: Xiubo Li <xiubli@redhat.com>
(cherry picked from commit 90f9713607e2a752ea91c9941a46d7757a8bb605)
---

diff --git a/src/client/Client.cc b/src/client/Client.cc
index df5021af1712..bbdcc07ce54f 100644
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -6537,6 +6537,17 @@ void Client::_unmount(bool abort)
 
   mref_writer.update_state(CLIENT_UNMOUNTED);
 
+  /*
+   * Stop the remount_queue before clearing the mountpoint memory
+   * to avoid possible use-after-free bug.
+   */
+  if (remount_cb) {
+    ldout(cct, 10) << "unmount stopping remount finisher" << dendl;
+    remount_finisher.wait_for_empty();
+    remount_finisher.stop();
+    remount_cb = nullptr;
+  }
+
   ldout(cct, 2) << "unmounted." << dendl;
 }