That code itself hasn't changed, but the surrounding code has changed,
and it looks like the uv bits are only used for client calls now, not on
the server side. This may have changed how/when it's freed.
Daniel
On 2/19/19 10:39 AM, Daniel Gryniewicz wrote:
I can't find any place where uio_release is set, so it should
always be
NULL. This means that the if() check above that line should have
failed, and this shouldn't be called.
I assume that uio_release is not NULL, since we tried to call it. This
could be memory corruption, or use-after-free.
Daniel
On 2/18/19 6:34 AM, Sachin Punadikar wrote:
> Hi All,
> Customer reported a crash in Ganesha 2.3.
>
> Jan 22 20:40:52 xxxxx kernel: ganesha.nfsd[xxxxx]: unhandled signal 11
> at 00003ffcf8005200 nip 00003ffcf8005200 lr 00003fff7a265e1c code 30002
>
> Program terminated with signal 11, Segmentation fault.
> (gdb) where
> #0 0x00003ffcf8005200 in ?? ()
> #1 0x00003fff7a265e1c in xdr_ioq_uv_release (uv=0x3ffd389df700) at
> /usr/src/debug/nfs-ganesha-2.3.2-ibm59-0.1.1-Source/libntirpc/src/xdr_ioq.c:206
>
> #2 0x00003fff7a267340 in xdr_ioq_release (ioqh=0x3ffd385f8fc8) at
> /usr/src/debug/nfs-ganesha-2.3.2-ibm59-0.1.1-Source/libntirpc/src/xdr_ioq.c:720
>
> #3 0x00003fff7a2673dc in xdr_ioq_destroy (xioq=0x3ffd385f8f00,
> qsize=424) at
> /usr/src/debug/nfs-ganesha-2.3.2-ibm59-0.1.1-Source/libntirpc/src/xdr_ioq.c:729
>
> #4 0x00003fff7a267470 in xdr_ioq_destroy_internal
> (xdrs=0x3ffd385f8f00) at
> /usr/src/debug/nfs-ganesha-2.3.2-ibm59-0.1.1-Source/libntirpc/src/xdr_ioq.c:742
>
> #5 0x00003fff7a268480 in svc_ioq_callback (wpe=0x3ff9880025e0) at
> /usr/src/debug/nfs-ganesha-2.3.2-ibm59-0.1.1-Source/libntirpc/src/svc_ioq.c:222
>
> #6 0x00003fff7a269400 in work_pool_thread (arg=0x3ffa180008c0) at
> /usr/src/debug/nfs-ganesha-2.3.2-ibm59-0.1.1-Source/libntirpc/src/work_pool.c:196
>
> #7 0x00003fff7a2dc2bc in .start_thread () from /lib64/libpthread.so.0
> #8 0x00003fff7a0fb304 in .__clone () from /lib64/libc.so.6
>
> (gdb) frame 1
> #1 0x00003fff7a265e1c in xdr_ioq_uv_release (uv=0x3ffd389df700) at
> /usr/src/debug/nfs-ganesha-2.3.2-ibm59-0.1.1-Source/libntirpc/src/xdr_ioq.c:206
>
> 206 uv->u.uio_release(&uv->u, UIO_FLAG_NONE);
>
> When I checked Ganesha 2.3/2.5 code (also the latest community code),
> I am unable to find code for function uio_release.
>
> Am I missing anything here ? Or the code is really missing this
> function ?
>
> --
> with regards,
> Sachin Punadikar
>
> _______________________________________________
> Devel mailing list -- devel(a)lists.nfs-ganesha.org
> To unsubscribe send an email to devel-leave(a)lists.nfs-ganesha.org
>