[Bugs] [Bug 1288857] Use after free bug in notify_kernel_loop in fuse-bridge code

bugzilla at redhat.com bugzilla at redhat.com
Tue Feb 2 10:10:14 UTC 2016


--- Comment #6 from Vijay Bellur <vbellur at redhat.com> ---
COMMIT: http://review.gluster.org/13274 committed in master by Raghavendra G
(rgowdapp at redhat.com) 
commit 29bd2316b6d4f522e1bd00e3c9a1c97dcc7d80ea
Author: Kaleb S KEITHLEY <kkeithle at redhat.com>
Date:   Thu Jan 21 15:03:38 2016 -0500

    fuse: use-after-free fix in fuse-bridge, revisited

    Prompted by the email exchange in gluster-devel between Oleksandr
    Natalenko, xavi, and soumyak, I looked at this because the fuse client
    on the longevity cluster has also been suffering from a serious memory
    leak for some time. (longevity cluster is currently running 3.7.6)

    The longevity cluster manifests the same kernel notifier loop terminated
    log message the Oleksandr sees, and some sample runs suggest that the
    length passed to the (sys_)write call is unexpectedly and abnormally large.

    Basically this fix
      a) uses correct types for len and rv,
      b) copies the len from potentially incorrectly aligned memory (in a
         way that should minimize potential performance issues related to
         accessing unaligned memory.)
      c) changes log level of the kernel notifier loop terminated message
      d) fixes a potential mutex lock/unlock issue

    Change-Id: Icedb3525706f59803878bb37ef6b4ffe4a986880
    BUG: 1288857
    Signed-off-by: Kaleb S KEITHLEY <kkeithle at redhat.com>
    Reviewed-on: http://review.gluster.org/13274
    Smoke: Gluster Build System <jenkins at build.gluster.com>
    Reviewed-by: Xavier Hernandez <xhernandez at datalab.es>
    NetBSD-regression: NetBSD Build System <jenkins at build.gluster.org>
    CentOS-regression: Gluster Build System <jenkins at build.gluster.com>
    Reviewed-by: Raghavendra Bhat <raghavendra at redhat.com>
    Reviewed-by: Raghavendra G <rgowdapp at redhat.com>

You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=xSeQJw2RMu&a=cc_unsubscribe

More information about the Bugs mailing list