deploy: Correctly use libmount unref() calls rather than free() #705
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We saw a random ostree SEGV start popping up in our CI environment: coreos/rpm-ostree#641 (comment) Looking at this code more and comparing it to what util-linux does, I noticed we had a write-after-free, since `mnt_unref_table()` will invoke `mnt_unref_cache()` on its cache, and that function does: ``` if (cache) { cache->rfcount--; ``` unconditionally. Fix this by using `unref()`.
|
Eh, it's probably safest to just go with this - a revert would be messy and less obviously safe. |
|
Yeah, had no luck at all reproducing coreos/rpm-ostree#641 (comment) locally. In re. to reverting 32d4369, we don't want to break people's setups if they started relying on it. So I'm +1 on just getting this in. |
|
☀️ Test successful - status-atomicjenkins |
cgwalters
added a commit
to cgwalters/rpm-ostree
that referenced
this pull request
Feb 23, 2017
cgwalters
added a commit
to cgwalters/rpm-ostree
that referenced
this pull request
Feb 23, 2017
rh-atomic-bot
pushed a commit
to coreos/rpm-ostree
that referenced
this pull request
Feb 23, 2017
For ostreedev/ostree#705 Closes: #642 Approved by: jlebon
cgwalters
added a commit
to cgwalters/ostree
that referenced
this pull request
Feb 24, 2017
ostreedev#705 broke the build on CentOS 7 which only has util-linux 2.23. When I was thinking about this, I realized that there must really be a way to make this safe even for older versions. Looking at that version of util-linux, all we need to do is invert the order of frees so we `mnt_free_table()` *before* `mnt_free_cache()`, like util-linux does: https://github.com/karelzak/util-linux/blob/stable/v2.23/sys-utils/eject.c#L1131 We still use the `_unref()` versions if available. I also fixed the ordering there too for double plus redundant safety.
rh-atomic-bot
pushed a commit
that referenced
this pull request
Feb 24, 2017
#705 broke the build on CentOS 7 which only has util-linux 2.23. When I was thinking about this, I realized that there must really be a way to make this safe even for older versions. Looking at that version of util-linux, all we need to do is invert the order of frees so we `mnt_free_table()` *before* `mnt_free_cache()`, like util-linux does: https://github.com/karelzak/util-linux/blob/stable/v2.23/sys-utils/eject.c#L1131 We still use the `_unref()` versions if available. I also fixed the ordering there too for double plus redundant safety. Closes: #712 Approved by: jlebon
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We saw a random ostree SEGV start popping up in our CI environment:
coreos/rpm-ostree#641 (comment)
Looking at this code more and comparing it to what util-linux does, I noticed we
had a write-after-free, since
mnt_unref_table()will invokemnt_unref_cache()on its cache, and that function does:unconditionally.
Fix this by using
unref().