From 67088da0825667f5004eb78531687513e9965835 Mon Sep 17 00:00:00 2001 From: Igor Fedotov Date: Mon, 5 Oct 2020 17:49:12 +0300 Subject: [PATCH] os/bluestore: fix segfault on out-of-bound offset provided to claim_free_to_right() call Hybrid allocator might provide such an offset when final extent is marked as free by HybridAllocator::_add_to_tree(). Hence provides start+size point out to the end of the controled space. Fixes: https://tracker.ceph.com/issues/47751 Signed-off-by: Igor Fedotov (cherry picked from commit 0792382f4c51ec612d596efb13bf63fea92f3a2d) --- src/os/bluestore/fastbmap_allocator_impl.cc | 3 +++ src/test/objectstore/fastbmap_allocator_test.cc | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/src/os/bluestore/fastbmap_allocator_impl.cc b/src/os/bluestore/fastbmap_allocator_impl.cc index 6155451738b4..c89096555841 100755 --- a/src/os/bluestore/fastbmap_allocator_impl.cc +++ b/src/os/bluestore/fastbmap_allocator_impl.cc @@ -678,6 +678,9 @@ uint64_t AllocatorLevel01Loose::_claim_free_to_right_l0(int64_t l0_pos_start) int64_t pos = l0_pos_start; slot_t bits = (slot_t)1 << (pos % d0); size_t idx = pos / d0; + if (idx >= l0.size()) { + return pos; + } slot_t* val_s = l0.data() + idx; int64_t pos_e = p2roundup(pos + 1, d0); diff --git a/src/test/objectstore/fastbmap_allocator_test.cc b/src/test/objectstore/fastbmap_allocator_test.cc index c3af73706569..c59531985050 100755 --- a/src/test/objectstore/fastbmap_allocator_test.cc +++ b/src/test/objectstore/fastbmap_allocator_test.cc @@ -1016,6 +1016,11 @@ TEST(TestAllocatorLevel01, test_claim_free_l2) ASSERT_EQ(0x1000, claimed); ASSERT_EQ(0x2000, al2.debug_get_free()); + // claiming on the right boundary + claimed = al2.claim_free_to_right(capacity); + ASSERT_EQ(0x0, claimed); + ASSERT_EQ(0x2000, al2.debug_get_free()); + // extend allocator space up to 64M auto max_available2 = 64 * 1024 * 1024; al2.mark_free(max_available, max_available2 - max_available); -- 2.47.3