DAOS-16931 container: fix oid iv race with using invalid on update ptr (

#15714) the src pointer for on_update() callback is on the stack and should not be saved beyond that call to detect the same request, because in some cases we can end up with 2 different requests sharing getting the same pointer value. Use the private pointer allocated by the oid iv on_get operation instead. Signed-off-by: Mohamad Chaarawi <[email protected]>
daos-stack · Jan 12, 2025 · 6dda9d7 · 6dda9d7
1 parent b298eb9
commit 6dda9d7
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/src/container/oid_iv.c b/src/container/oid_iv.c
@@ -1,5 +1,6 @@
 /**
  * (C) Copyright 2017-2024 Intel Corporation.
+ * (C) Copyright 2025 Hewlett Packard Enterprise Development LP
  *
  * SPDX-License-Identifier: BSD-2-Clause-Patent
  */
@@ -133,10 +134,10 @@ oid_iv_ent_update(struct ds_iv_entry *ns_entry, struct ds_iv_key *iv_key,
 	entry = ns_entry->iv_value.sg_iovs[0].iov_buf;
 	rc = ABT_mutex_trylock(entry->lock);
 	/** For retry requests, from _iv_op(), the lock may not be released in some cases. */
-	if (rc == ABT_ERR_MUTEX_LOCKED && entry->current_req != src)
+	if (rc == ABT_ERR_MUTEX_LOCKED && entry->current_req != priv)
 		return -DER_BUSY;
 
-	entry->current_req = src;
+	entry->current_req = priv;
 	avail = &entry->rg;
 
 	oids = src->sg_iovs[0].iov_buf;