Skip to content

Fix interconnection udpifc UAF in ipc teardown#95

Merged
avamingli merged 1 commit intoapache:mainfrom
avamingli:pick_ic_proxy
Jul 27, 2023
Merged

Fix interconnection udpifc UAF in ipc teardown#95
avamingli merged 1 commit intoapache:mainfrom
avamingli:pick_ic_proxy

Conversation

@avamingli
Copy link
Copy Markdown
Contributor

@avamingli avamingli commented Jul 26, 2023

Cherry-pick from Gitlab master branch to fix udpifc crash.

Problem details:

In function chunkTransportStateEntryInitialized got wrong valid with motNodeID When tear down happen in udpifc, the outgoing route may not delete entry in shared htab. The htab will be shared with rxthread.

After main thread tear down, some of conns will be freed by MemoryContextReset But in the same time, htab will hold the invalid conn ptr in rxthread Then got core dump.

Fixed:

Changed the chunkTransportStateEntryInitialized, using the getChunkTransportState* to get the right entry Also do not direct access states in ChunkTransportState.

closes: #ISSUE

Change logs

Describe your change clearly, including what problem is being solved or what feature is being added.

If it has some breaking backward or forward compatibility, please clary.

Why are the changes needed?

Describe why the changes are necessary.

Does this PR introduce any user-facing change?

If yes, please clarify the previous behavior and the change this PR proposes.

How was this patch tested?

Please detail how the changes were tested, including manual tests and any relevant unit or integration tests.

Contributor's Checklist

Here are some reminders before you submit the pull request:

  • Document changes
  • Communicate in the GitHub Issues or Discussions (list them if needed)
  • Add tests for the change
  • Pass make installcheck
  • Pass make -C src/test installcheck-cbdb-parallel

@avamingli avamingli requested review from jiaqizho and my-ship-it July 26, 2023 04:56
@avamingli avamingli added the priority: High After critical issues are fixed, these should be dealt with before any further issues. label Jul 26, 2023
@jiaqizho @avamingli
Fix interconnection udpifc UAF in ipc teardown
1eba682 
Problem details:

In function chunkTransportStateEntryInitialized got **wrong** valid with motNodeID
When tear down happen in udpifc, the outgoing route may not delete entry in shared htab.
The htab will be shared with rxthread.

After main thread tear down, some of conns will be freed by MemoryContextReset
But in the same time, htab will hold the invalid conn ptr in rxthread Then got core dump.

Fixed:

Changed the chunkTransportStateEntryInitialized, using the getChunkTransportState* to get the right entry
Also do not direct access states in ChunkTransportState.
@jiaqizho
Copy link
Copy Markdown
Contributor

jiaqizho commented Jul 26, 2023

LGTM

@avamingli avamingli merged commit 36a9f1d into apache:main Jul 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yjhjstz yjhjstz yjhjstz approved these changes

@my-ship-it my-ship-it my-ship-it approved these changes

@jiaqizho jiaqizho Awaiting requested review from jiaqizho

Assignees

No one assigned

Labels

priority: High After critical issues are fixed, these should be dealt with before any further issues.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@avamingli @jiaqizho @yjhjstz @my-ship-it