Re: [PATCH] md-cluster: fix use-after-free issue when removing rdev

From: heming.zhao@suse.com <hidden>
Date: 2021-04-08 05:53:10

On 4/8/21 1:09 PM, Paul Menzel wrote:

Dear Heming,


Thank you for the patch.

Am 08.04.21 um 05:01 schrieb Heming Zhao:

quoted

md_kick_rdev_from_array will remove rdev, so we should
use rdev_for_each_safe to search list.

How to trigger:

for i in {1..20}; do
     echo ==== $i `date` ====;

     mdadm -Ss && ssh ${node2} "mdadm -Ss"
     wipefs -a /dev/sda /dev/sdb

     mdadm -CR /dev/md0 -b clustered -e 1.2 -n 2 -l 1 /dev/sda \
        /dev/sdb --assume-clean
     ssh ${node2} "mdadm -A /dev/md0 /dev/sda /dev/sdb"
     mdadm --wait /dev/md0
     ssh ${node2} "mdadm --wait /dev/md0"

     mdadm --manage /dev/md0 --fail /dev/sda --remove /dev/sda
     sleep 1
done

In the test script, I do not understand, what node2 is used for, where you log in over SSH.

The bug can only be triggered in cluster env. There are two nodes (in cluster),
To run this script on node1, and need ssh to node2 to execute some cmds.
${node2} stands for node2 ip address. e.g.: ssh 192.168.0.3 "mdadm --wait ..."

quoted

... ...

Signed-off-by: Heming Zhao <redacted>
Reviewed-by: Gang He <redacted>

If there is a commit, your patch is fixing, please add a Fixes: tag.

OK, I forgot it, will send v2 patch later.

Thanks,
Heming

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help