deepakarumugam.s@nutanix.com has uploaded this change for review.

View Change

Use after free in fd_lru

Currently release function doesn't use close_fsal_fd
instead it tries to replicate the functionality of
close_fsal_fd with the exception that it doesn't
remove the fd from fd lru.This is problematic
because if the handle has a fd associated with it
then the fd doesn't get released from the fd lru.

There are code paths in mdcache - mdcache_new_entry
for example that call release without calling
close. This leads to use after free scenarios
where the fd stays in the fd lru long after it is
freed.

We caught one such use after free scenario
while running a workload with asan build

This patch tries to resolve the issue by calling
close_fsal_fd from within the release function

Change-Id: I507347b4ca731d733033199f514759bc56d99fb3
Signed-off-by: Deepak Arumugam Sankara Subramanian <deepakarumugam.s@nutanix.com>
---
M src/FSAL/FSAL_VFS/handle.c
1 file changed, 1 insertion(+), 14 deletions(-)

git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/97/1176997/1

To view, visit change 1176997. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: newchange
Gerrit-Project: ffilz/nfs-ganesha
Gerrit-Branch: next
Gerrit-Change-Id: I507347b4ca731d733033199f514759bc56d99fb3
Gerrit-Change-Number: 1176997
Gerrit-PatchSet: 1
Gerrit-Owner: deepakarumugam.s@nutanix.com