From 90f9713607e2a752ea91c9941a46d7757a8bb605 Mon Sep 17 00:00:00 2001 From: Xiubo Li Date: Mon, 15 Aug 2022 17:50:27 +0800 Subject: [PATCH] client: stop the remount_finisher thread in the Client::unmount() The ceph_fuse will unmount the client and then finalize the cfuse and at the same will free the mountpoint memory. And at last will try to stop the remount_finisher thread. But the remount_finisher thread will use the freed mountpoint to do the remount, which will case unexpected remount failures. Just stop the remount_finisher thread in the Client::unmount(). Fixes: https://tracker.ceph.com/issues/56249 Signed-off-by: Xiubo Li --- src/client/Client.cc | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/client/Client.cc b/src/client/Client.cc index 539b7b2d5a16d..e5dfc29356378 100644 --- a/src/client/Client.cc +++ b/src/client/Client.cc @@ -6664,6 +6664,17 @@ void Client::_unmount(bool abort) mref_writer.update_state(CLIENT_UNMOUNTED); + /* + * Stop the remount_queue before clearing the mountpoint memory + * to avoid possible use-after-free bug. + */ + if (remount_cb) { + ldout(cct, 10) << "unmount stopping remount finisher" << dendl; + remount_finisher.wait_for_empty(); + remount_finisher.stop(); + remount_cb = nullptr; + } + ldout(cct, 2) << "unmounted." << dendl; } -- 2.39.5