<div dir="ltr">Hi,<br><br>This CASE-13 was my old question.<br>Please check out solution.<br><br><br>--- begin old mail ---<br><br>[CASE-13] Could you please check potential panic scenario by accessing already freed socket?<br><br>Dear Philipp,<div><br>Please check potential panic scenario.</div><div><br>1. Test-scenario:</div><div><br> - disconnect A and B<br> - crash A disk<br> - connect A-B<br> - verify on A, role is secondary-secondary<br> - found oos by verify<br> - promote A with primary<br> - disconnect A<br> - during disconnecting, Windows BSOD occured(panic)<div><br>2. Windows WinDbg Stack dump:<br><br> nt!KiPageFault+0x23a<br> drbd!dtt_update_congested+0x1c // struct sock *sock = tcp_transport->stream[DATA_STREAM]->sk;<br> drbd!dtt_send_page+0x69<br> drbd!flush_send_buffer+0xfd<br> drbd!drbd_uncork+0x71<br> drbd!wait_for_sender_todo+0xe5<br> drbd!drbd_sender+0x14c<br> drbd!drbd_thread_setup+0x107<br><br><br> drbd!schedule+0x199<br> drbd!wait_for_completion+0x28<br> drbd!drbd_flush_workqueue+0x50<br> drbd!drbd_disconnected+0x139<br> drbd!conn_disconnect+0x1c6<br> drbd!drbd_receiver+0x3f<br> drbd!drbd_thread_setup+0x107</div><div><br>3. Question:</div><div><br>According to the above windows stack-dump,<br>drbd_receiver thread released DATA_STREAM socket during conn_disconnect by sock_release. <br>So if drbd_sender thread access this just freed socket then system will be panic.<br>Now, we cannot reproduce this situation anymore. It occured just only one time.<br>Could you please check potential panic scenario by accessing already freed socket in Linux side?</div><div><br>Thanks,<br><br>--- end old mail ---<br><br><br>Solutions:<br> - Insert null socket check code at dtt_send_page.<br><br> static int dtt_send_page(struct drbd_transport *transport, enum drbd_stream stream, struct page *page, int offset, size_t size, unsigned msg_flags)<br> {<br> struct drbd_tcp_transport *tcp_transport = container_of(transport, struct drbd_tcp_transport, transport);<br> struct socket *socket = tcp_transport->stream[stream];<br> #if 1 // insert socket null check<br> if(!socket) <br> {<br> // for safely uncork operation, if socket is NULL.<br> return -EIO;<br> }<br> #endif</div><div><br><br>I think you omitted null socket check while separating sender thread from worker.<br>Please verify our above patch code.<br><br>Thanks.<br><div class="" style="margin:0px;padding:0px"><div class="" style="margin:0px;padding-top:0px;padding-right:0px;padding-bottom:0px"><div class="" style="margin:0px;padding:0px"><div class="" style="margin:0px;padding-top:0px;padding-right:0px;padding-left:0px"><div class="" style="margin-top:0px;margin-right:0px;margin-left:0px;padding:0px"><div class="" style="margin-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px"><div class="" style="margin:0px;padding:0px"><div class="" style="margin-top:0px;margin-right:0px;margin-bottom:0px;padding:0px"><div class="" style="margin-top:0px;margin-right:0px;padding:0px"><div class="" style="margin:0px;padding:0px"><div style="margin:0px;padding:0px"><div style="margin:0px;padding:0px"><div style="color:rgb(51,51,51);font-family:Helvetica,'\00b9d1\00c740 \00ace0\00b515',Verdana,serif;font-size:12px;line-height:15.5844px;margin:0px;padding:0px"><span style="line-height:15.5844px"><br></span></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div></div></div>