From f0f6ff219b9cb934848c3d2334aa53a034a63554 Mon Sep 17 00:00:00 2001 From: Robert Baldyga Date: Mon, 27 Jun 2022 22:31:48 +0200 Subject: [PATCH] Set core volume type in metadata on core insert ocf_metadata_flush_superblock() is being called on the cache stop, after deinitialization of the cores (and their volumes), thus accessing core volume in superblock flushing procedure leads to use-after-free bug. Fix this by moving volume type setting to the core insertion code. Signed-off-by: Robert Baldyga --- src/metadata/metadata_superblock.c | 18 ------------------ src/mngt/ocf_mngt_core.c | 3 ++- 2 files changed, 2 insertions(+), 19 deletions(-) diff --git a/src/metadata/metadata_superblock.c b/src/metadata/metadata_superblock.c index f237971..ef0be1f 100644 --- a/src/metadata/metadata_superblock.c +++ b/src/metadata/metadata_superblock.c @@ -440,23 +440,6 @@ void ocf_metadata_load_superblock_recovery(ocf_cache_t cache, ocf_pipeline_next(pipeline); } -static void ocf_metadata_flush_superblock_prepare(ocf_pipeline_t pipeline, - void *priv, ocf_pipeline_arg_t arg) -{ - struct ocf_metadata_context *context = priv; - ocf_cache_t cache = context->cache; - ocf_core_t core; - ocf_core_id_t core_id; - - /* Synchronize core objects types */ - for_each_core_metadata(cache, core, core_id) { - core->conf_meta->type = ocf_ctx_get_volume_type_id( - cache->owner, core->volume.type); - } - - ocf_pipeline_next(pipeline); -} - static void ocf_metadata_flush_superblock_flap(ocf_pipeline_t pipeline, void *priv, ocf_pipeline_arg_t arg) { @@ -544,7 +527,6 @@ struct ocf_pipeline_properties ocf_metadata_flush_sb_pipeline_props = { .priv_size = sizeof(struct ocf_metadata_context), .finish = ocf_metadata_flush_superblock_finish, .steps = { - OCF_PL_STEP(ocf_metadata_flush_superblock_prepare), OCF_PL_STEP_FOREACH(ocf_metadata_calculate_crc, ocf_metadata_flush_sb_args), OCF_PL_STEP_FOREACH(ocf_metadata_flush_segment, diff --git a/src/mngt/ocf_mngt_core.c b/src/mngt/ocf_mngt_core.c index de29774..afdc6e9 100644 --- a/src/mngt/ocf_mngt_core.c +++ b/src/mngt/ocf_mngt_core.c @@ -1,5 +1,5 @@ /* - * Copyright(c) 2012-2021 Intel Corporation + * Copyright(c) 2012-2022 Intel Corporation * SPDX-License-Identifier: BSD-3-Clause */ @@ -426,6 +426,7 @@ static void ocf_mngt_cache_add_core_insert(ocf_pipeline_t pipeline, } core->conf_meta->length = length; + core->conf_meta->type = cfg->volume_type; if (ocf_cache_is_device_attached(cache)) { result = ocf_cleaning_add_core(cache, core_id);