Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DAOS-15563 engine: Fix dss_chore use-after-free (#14096) #14196

Merged
merged 1 commit into from
Apr 19, 2024
Merged

DAOS-15563 engine: Fix dss_chore use-after-free (#14096) #14196

merged 1 commit into from
Apr 19, 2024

Conversation

jolivier23
Copy link
Contributor

When dss_chore.cho_func returns DSS_CHORE_DONE, the dss_chore object may
have been freed already. For instance, in the dtx_rpc_helper case,
dtx_check may have already returned, freeing (strictly speaking,
releasing) its stack frame that contains the dca.dca_chore object.
Hence, after calling chore->cho_func, dss_chore_queue_ult should only
dereference chore if the return value is DSS_CHORE_YIELD.

Signed-off-by: Li Wei wei.g.li@intel.com

Before requesting gatekeeper:

  • Two review approvals and any prior change requests have been resolved.
  • Testing is complete and all tests passed or there is a reason documented in the PR why it should be force landed and forced-landing tag is set.
  • Features: (or Test-tag*) commit pragma was used or there is a reason documented that there are no appropriate tags for this PR.
  • Commit messages follows the guidelines outlined here.
  • Any tests skipped by the ticket being addressed have been run and passed in the PR.

Gatekeeper:

  • You are the appropriate gatekeeper to be landing the patch.
  • The PR has 2 reviews by people familiar with the code, including appropriate owners.
  • Githooks were used. If not, request that user install them and check copyright dates.
  • Checkpatch issues are resolved. Pay particular attention to ones that will show up on future PRs.
  • All builds have passed. Check non-required builds for any new compiler warnings.
  • Sufficient testing is done. Check feature pragmas and test tags and that tests skipped for the ticket are run and now pass with the changes.
  • If applicable, the PR has addressed any potential version compatibility issues.
  • Check the target branch. If it is master branch, should the PR go to a feature branch? If it is a release branch, does it have merge approval in the JIRA ticket.
  • Extra checks if forced landing is requested
    • Review comments are sufficiently resolved, particularly by prior reviewers that requested changes.
    • No new NLT or valgrind warnings. Check the classic view.
    • Quick-build or Quick-functional is not used.
  • Fix the commit message upon landing. Check the standard here. Edit it to create a single commit. If necessary, ask submitter for a new summary.

@github-actions GitHub Actions
Copy link

Bug-tracker data:
Ticket title is 'dss_chore_queue_ult segmentation fault during ec_multiple_rank_failure test'
Status is 'Resolved'
Labels: 'scrubbed'
https://daosio.atlassian.net/browse/DAOS-15563

daosbuild1
daosbuild1 reviewed Apr 19, 2024
View reviewed changes
Copy link
Collaborator

@daosbuild1 daosbuild1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. No errors found by checkpatch.

@daosbuild1
Copy link
Collaborator

Test stage Functional on EL 8.8 completed with status UNSTABLE. https://build.hpdd.intel.com/job/daos-stack/job/daos//view/change-requests/job/PR-14196/1/testReport/

@jolivier23 jolivier23 requested a review from mjmac April 19, 2024 15:00
Base automatically changed from jvolivie/backport_io_forward to google/2.4 April 19, 2024 17:59
daosbuild1
daosbuild1 reviewed Apr 19, 2024
View reviewed changes
Copy link
Collaborator

@daosbuild1 daosbuild1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. No errors found by checkpatch.

@liw @jolivier23
DAOS-15563 engine: Fix dss_chore use-after-free (#14096)
fa1c067 
When dss_chore.cho_func returns DSS_CHORE_DONE, the dss_chore object may
have been freed already. For instance, in the dtx_rpc_helper case,
dtx_check may have already returned, freeing (strictly speaking,
releasing) its stack frame that contains the dca.dca_chore object.
Hence, after calling chore->cho_func, dss_chore_queue_ult should only
dereference chore if the return value is DSS_CHORE_YIELD.


Signed-off-by: Li Wei <wei.g.li@intel.com>
@jolivier23 jolivier23 force-pushed the jvolivie/backport_io_forward2 branch from 3ec5849 to fa1c067 Compare April 19, 2024 18:03
daosbuild1
daosbuild1 reviewed Apr 19, 2024
View reviewed changes
Copy link
Collaborator

@daosbuild1 daosbuild1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. No errors found by checkpatch.

@jolivier23 jolivier23 merged commit 98c953a into google/2.4 Apr 19, 2024
20 of 24 checks passed
@jolivier23 jolivier23 deleted the jvolivie/backport_io_forward2 branch April 19, 2024 18:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daosbuild1 daosbuild1 daosbuild1 left review comments

@mjmac mjmac mjmac approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jolivier23 @daosbuild1 @mjmac @liw