From 2564ab2bc8cd3aa2561e091f72278e480fcef33d Mon Sep 17 00:00:00 2001 From: "Kaleb S. KEITHLEY" Date: Wed, 12 Sep 2012 11:47:13 -0400 Subject: glusterfs SEGV on Fedora 17 from UFO fallocate(2) call An upload of a file will cause the volume's glusterfs to SEGV when it fields a FUSE_FALLOCATE op. Swift inspects libc to determine if there is a symbol for fallocate(2) and if so will use it. And while the libc in RHEL 6 does have fallocate(2), the version of fuse in RHEL 6 does not support fallocate, and things are handled gracefully elsewhere (the kernel perhaps?) N.B. fallocate was added to version 7.19 of fuse. Fedora 17 and later (and maybe earlier too) has 7.19. RHEL 6 still has 7.13. Glusterfs uses the 7.13 version (in contrib/fuse-include/fuse_kernel.h) Thus on Fedora 17, with both fallocate(2) in libc and fallocate support in fuse, the fallocate invocation is dispatched to glusterfs, but the dispatch table (fuse_std_ops in xlators/mount/fuse/src/fuse-bridge.c) is too short for one thing; the fallocate opcode (43) indexes beyond the end of the table, and even when that doesn't directly cause a SEGV, the NULL pointer at that location does cause a SEGV when attempting to call the function through the pointer. BUG: 856704 Change-Id: I148acbf1265f01a15bd158f227c8a7cb9365606e Signed-off-by: Kaleb S. KEITHLEY Reviewed-on: http://review.gluster.org/3938 Tested-by: Gluster Build System Reviewed-by: Brian Foster Reviewed-by: Anand Avati --- xlators/mount/fuse/src/fuse-bridge.c | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) (limited to 'xlators/mount/fuse') diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c index f9d38462..9c69cfc0 100644 --- a/xlators/mount/fuse/src/fuse-bridge.c +++ b/xlators/mount/fuse/src/fuse-bridge.c @@ -4198,13 +4198,11 @@ fuse_thread_proc (void *data) finh->uid == priv->uid_map_root) finh->uid = 0; -#ifdef GF_DARWIN_HOST_OS if (finh->opcode >= FUSE_OP_HIGH) /* turn down MacFUSE specific messages */ fuse_enosys (this, finh, msg); else -#endif - fuse_ops[finh->opcode] (this, finh, msg); + fuse_ops[finh->opcode] (this, finh, msg); iobuf_unref (iobuf); continue; @@ -4423,40 +4421,47 @@ mem_acct_init (xlator_t *this) static fuse_handler_t *fuse_std_ops[FUSE_OP_HIGH] = { - [FUSE_INIT] = fuse_init, - [FUSE_DESTROY] = fuse_destroy, [FUSE_LOOKUP] = fuse_lookup, [FUSE_FORGET] = fuse_forget, [FUSE_GETATTR] = fuse_getattr, [FUSE_SETATTR] = fuse_setattr, - [FUSE_OPENDIR] = fuse_opendir, - [FUSE_READDIR] = fuse_readdir, - [FUSE_RELEASEDIR] = fuse_releasedir, - [FUSE_ACCESS] = fuse_access, [FUSE_READLINK] = fuse_readlink, + [FUSE_SYMLINK] = fuse_symlink, [FUSE_MKNOD] = fuse_mknod, [FUSE_MKDIR] = fuse_mkdir, [FUSE_UNLINK] = fuse_unlink, [FUSE_RMDIR] = fuse_rmdir, - [FUSE_SYMLINK] = fuse_symlink, [FUSE_RENAME] = fuse_rename, [FUSE_LINK] = fuse_link, - [FUSE_CREATE] = fuse_create, [FUSE_OPEN] = fuse_open, [FUSE_READ] = fuse_readv, [FUSE_WRITE] = fuse_write, - [FUSE_FLUSH] = fuse_flush, + [FUSE_STATFS] = fuse_statfs, [FUSE_RELEASE] = fuse_release, [FUSE_FSYNC] = fuse_fsync, - [FUSE_FSYNCDIR] = fuse_fsyncdir, - [FUSE_STATFS] = fuse_statfs, [FUSE_SETXATTR] = fuse_setxattr, [FUSE_GETXATTR] = fuse_getxattr, [FUSE_LISTXATTR] = fuse_listxattr, [FUSE_REMOVEXATTR] = fuse_removexattr, + [FUSE_FLUSH] = fuse_flush, + [FUSE_INIT] = fuse_init, + [FUSE_OPENDIR] = fuse_opendir, + [FUSE_READDIR] = fuse_readdir, + [FUSE_RELEASEDIR] = fuse_releasedir, + [FUSE_FSYNCDIR] = fuse_fsyncdir, [FUSE_GETLK] = fuse_getlk, [FUSE_SETLK] = fuse_setlk, [FUSE_SETLKW] = fuse_setlk, + [FUSE_ACCESS] = fuse_access, + [FUSE_CREATE] = fuse_create, + /* [FUSE_INTERRUPT] */ + /* [FUSE_BMAP] */ + [FUSE_DESTROY] = fuse_destroy, + /* [FUSE_IOCTL] */ + /* [FUSE_POLL] */ + /* [FUSE_NOTIFY_REPLY] */ + /* [FUSE_BATCH_FORGET] */ + /* [FUSE_FALLOCATE] */ }; -- cgit