[dm-devel] [RFC PATCH] libmultipath: prevent DSO unloading with astray checker threads
Benjamin Marzinski
bmarzins at redhat.com
Tue Nov 24 20:33:39 UTC 2020
On Fri, Nov 06, 2020 at 06:32:16PM +0100, Martin Wilck wrote:
> On Thu, 2020-11-05 at 18:41 -0600, Benjamin Marzinski wrote:
> >
> > I can't make this segfault. So that looks good, but it does need
> > libmultipath.version updated to include checker_thread_entry()
>
> Great news, thanks. Well the library version stuff hasn't been
> committed yet anyway, this was against Christophe's current base.
Actually, I ran into a different segfault with this patch.
While the tur checker's libcheck_check() function is run under locking,
so the device cannot be removed, The thread it creates is not. This
means that it is possible for the device to get removed after
libcheck_check() runs, but before checker_thread_entry() runs. In this
case, when checker_thread_entry() is finally run, the passed in checker
structure would already have been freed, causing a segfault. I have
been able to easily reproduce this in the case where multipath device
creation failed in the kernel.
I'm pretty sure that the checker class needs its ref count increased
before the thread is created, and the thread inself must only access the
context, which should include a pointer to the class.
-Ben
>
> @Christophe, any chance to move forward with the merge?
> (then we can go ahead with this patch later, too...)
>
> Martin
>
More information about the dm-devel
mailing list