[Bugs] [Bug 1668286] READDIRP incorrectly updates posix-acl inode ctx

bugzilla at redhat.com bugzilla at redhat.com
Tue Feb 26 13:31:31 UTC 2019 

https://bugzilla.redhat.com/show_bug.cgi?id=1668286



--- Comment #10 from homma at allworks.co.jp ---
(In reply to Jiffin from comment #9)
> As far as I understand, rda_fill_fd_cbk() sets iatt to zero and that info is
> stored in its context not passed to the other layers.
> I tried to reproduce, but was not able to hit till now.(turned on
> performance.readdir-ahead).
> Prior to this bug myself have seen similar issue when, the permission of acl
> ctx gets zeroed after readdir operations. The issue was
> very much spurious and there was no specific steps to hit that issue

I think rda_fill_fd_cbk() passes entries with zeroed iatts to other xlators.

On entry of rda_fill_fd_cbk(), 'entries' holds dentries obtained by READDIRP
operation.
After setting iatt to zero, it calls STACK_UNWIND_STRICT with modified
'serve_entries', not the original 'entries'.
Then posix_acl_readdirp_cbk() receives that modified entries information.

(gdb) b rda_fill_fd_cbk
Breakpoint 1 at 0x7fef2451f9d0: file readdir-ahead.c, line 424.
(gdb) b readdir-ahead.c:537
b posix_acl_readdirp_cbk
Breakpoint 2 at 0x7fef2451fcd9: file readdir-ahead.c, line 537.
(gdb) b posix_acl_readdirp_cbk
Breakpoint 3 at 0x7fef1f7990b0: file posix-acl.c, line 1654.
(gdb) c
Continuing.
[Switching to Thread 0x7fef25b37700 (LWP 12060)]

Breakpoint 1, rda_fill_fd_cbk (frame=frame at entry=0x7fef2005c628,
cookie=0x7fef2006a4d8, this=0x7fef200132e0,
    op_ret=op_ret at entry=4, op_errno=op_errno at entry=2,
entries=entries at entry=0x7fef25b36710, xdata=xdata at entry=0x0)
    at readdir-ahead.c:424
424     {
(gdb) p *entries.next.next.next
$1 = {{list = {next = 0x7fef200011a0, prev = 0x7fef20000f40}, {next =
0x7fef200011a0, prev = 0x7fef20000f40}},
  d_ino = 10966013112435171471, d_off = 28, d_len = 3, d_type = 8, d_stat =
{ia_flags = 6143, ia_ino = 10966013112435171471,
    ia_dev = 51792, ia_rdev = 0, ia_size = 5, ia_nlink = 1, ia_uid = 1000,
ia_gid = 1000, ia_blksize = 4096, ia_blocks = 1,
    ia_atime = 1551186297, ia_mtime = 1551186488, ia_ctime = 1551186488,
ia_btime = 0, ia_atime_nsec = 517274116,
    ia_mtime_nsec = 150035482, ia_ctime_nsec = 153035462, ia_btime_nsec = 0,
ia_attributes = 0, ia_attributes_mask = 0,
    ia_gfid = "\341n\035>u\030C#\230/\032\323H\371`\217", ia_type = IA_IFREG,
ia_prot = {suid = 0 '\000', sgid = 0 '\000',
      sticky = 0 '\000', owner = {read = 1 '\001', write = 1 '\001', exec = 0
'\000'}, group = {read = 1 '\001', write = 1 '\001',
        exec = 0 '\000'}, other = {read = 1 '\001', write = 0 '\000', exec = 0
'\000'}}}, dict = 0x7fef200658f8,
  inode = 0x7fef100032c8, d_name = 0x7fef20001140 "foo"}
(gdb) c
Continuing.

Breakpoint 2, rda_fill_fd_cbk (frame=frame at entry=0x7fef2005c628,
cookie=<optimized out>, this=0x7fef200132e0,
    op_ret=op_ret at entry=4, op_errno=op_errno at entry=2,
entries=entries at entry=0x7fef25b36710, xdata=xdata at entry=0x0)
    at readdir-ahead.c:537
537             STACK_UNWIND_STRICT(readdirp, stub->frame, ret, op_errno,
(gdb) l
532             op_errno = 0;
533
534         UNLOCK(&ctx->lock);
535
536         if (serve) {
537             STACK_UNWIND_STRICT(readdirp, stub->frame, ret, op_errno,
538                                 &serve_entries, xdata);
539             gf_dirent_free(&serve_entries);
540             call_stub_destroy(stub);
541         }
(gdb) p &serve_entries
$2 = (gf_dirent_t *) 0x7fef25b364c0
(gdb) p *serve_entries.next.next.next
$3 = {{list = {next = 0x7fef200011a0, prev = 0x7fef20000f40}, {next =
0x7fef200011a0, prev = 0x7fef20000f40}},
  d_ino = 10966013112435171471, d_off = 28, d_len = 3, d_type = 8, d_stat =
{ia_flags = 0, ia_ino = 0, ia_dev = 0, ia_rdev = 0,
    ia_size = 0, ia_nlink = 0, ia_uid = 0, ia_gid = 0, ia_blksize = 0,
ia_blocks = 0, ia_atime = 0, ia_mtime = 0, ia_ctime = 0,
    ia_btime = 0, ia_atime_nsec = 0, ia_mtime_nsec = 0, ia_ctime_nsec = 0,
ia_btime_nsec = 0, ia_attributes = 0,
    ia_attributes_mask = 0, ia_gfid =
"\341n\035>u\030C#\230/\032\323H\371`\217", ia_type = IA_IFREG, ia_prot = {suid
= 0 '\000',
      sgid = 0 '\000', sticky = 0 '\000', owner = {read = 0 '\000', write = 0
'\000', exec = 0 '\000'}, group = {read = 0 '\000',
        write = 0 '\000', exec = 0 '\000'}, other = {read = 0 '\000', write = 0
'\000', exec = 0 '\000'}}}, dict = 0x7fef200658f8,
  inode = 0x7fef100032c8, d_name = 0x7fef20001140 "foo"}
(gdb) c
Continuing.

Breakpoint 3, posix_acl_readdirp_cbk (frame=0x7fef1000b8c8,
cookie=0x7fef1000c9e8, this=0x7fef2001dc00, op_ret=4, op_errno=2,
    entries=0x7fef25b364c0, xdata=0x0) at posix-acl.c:1654
1654    {
(gdb) p entries
$4 = (gf_dirent_t *) 0x7fef25b364c0
(gdb) p *entries.next.next.next
$5 = {{list = {next = 0x7fef200011a0, prev = 0x7fef20000f40}, {next =
0x7fef200011a0, prev = 0x7fef20000f40}},
  d_ino = 10966013112435171471, d_off = 28, d_len = 3, d_type = 8, d_stat =
{ia_flags = 0, ia_ino = 0, ia_dev = 0, ia_rdev = 0,
    ia_size = 0, ia_nlink = 0, ia_uid = 0, ia_gid = 0, ia_blksize = 0,
ia_blocks = 0, ia_atime = 0, ia_mtime = 0, ia_ctime = 0,
    ia_btime = 0, ia_atime_nsec = 0, ia_mtime_nsec = 0, ia_ctime_nsec = 0,
ia_btime_nsec = 0, ia_attributes = 0,
    ia_attributes_mask = 0, ia_gfid =
"\341n\035>u\030C#\230/\032\323H\371`\217", ia_type = IA_IFREG, ia_prot = {suid
= 0 '\000',
      sgid = 0 '\000', sticky = 0 '\000', owner = {read = 0 '\000', write = 0
'\000', exec = 0 '\000'}, group = {read = 0 '\000',
        write = 0 '\000', exec = 0 '\000'}, other = {read = 0 '\000', write = 0
'\000', exec = 0 '\000'}}}, dict = 0x7fef200658f8,
  inode = 0x7fef100032c8, d_name = 0x7fef20001140 "foo"}

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the Bugs mailing list