On 04/12/2016 05:31 PM, Jeff Darcy wrote:
This is a memory corruption issue which is already reported and there is a
patch by Pranith in 3.7 [1] waiting to get reviews. Patch [1] will solve the
issue .
[1] : http://review.gluster.org/#/c/13574/
That patch seems to be about making and modifying a copy of xattr_req,
instead of modifying the original. How exactly does that avoid memory
corruption? Was some code (not that which changed) keeping a pointer
to gfid-req in its original location after that had been freed?
tier can lead to parallel lookups in two different epoll threads on
hot/cold tiers. The race-window to hit the common-dictionary in lookup
use-after-free is too low without dict_copy_with_ref() in either ec/afr.
In either afr/ec side one thread should be executing dict_serialization
in client while the other thread should be doing dict_set(). With
dict_copy_with_ref() in ec probability to hit the issue is more. Once
the patch in afr is also merged, there is no race anymore. We still need
a neat way to fix this problem though. I mean at the dict infra level.
Pranith
_______________________________________________
Gluster-devel mailing list
Gluster-devel@xxxxxxxxxxx
http://www.gluster.org/mailman/listinfo/gluster-devel