[dm-devel] [RFC PATCH] libmultipath: prevent DSO unloading with astray checker threads
Martin Wilck
mwilck at suse.com
Tue Nov 24 20:59:52 UTC 2020
On Tue, 2020-11-24 at 14:33 -0600, Benjamin Marzinski wrote:
> On Fri, Nov 06, 2020 at 06:32:16PM +0100, Martin Wilck wrote:
> > On Thu, 2020-11-05 at 18:41 -0600, Benjamin Marzinski wrote:
> > > I can't make this segfault. So that looks good, but it does need
> > > libmultipath.version updated to include checker_thread_entry()
> >
> > Great news, thanks. Well the library version stuff hasn't been
> > committed yet anyway, this was against Christophe's current base.
>
> Actually, I ran into a different segfault with this patch.
>
> While the tur checker's libcheck_check() function is run under
> locking,
> so the device cannot be removed, The thread it creates is not. This
> means that it is possible for the device to get removed after
> libcheck_check() runs, but before checker_thread_entry() runs. In
> this
> case, when checker_thread_entry() is finally run, the passed in
> checker
> structure would already have been freed, causing a segfault. I have
> been able to easily reproduce this in the case where multipath device
> creation failed in the kernel.
>
> I'm pretty sure that the checker class needs its ref count increased
> before the thread is created, and the thread inself must only access
> the
> context, which should include a pointer to the class.
>
Thanks for pointing this out. I'll have another look.
Martin
More information about the dm-devel
mailing list