diff options
author | Anand Avati <avati@gluster.com> | 2011-07-15 01:09:41 +0000 |
---|---|---|
committer | Anand Avati <avati@gluster.com> | 2011-07-16 12:47:30 -0700 |
commit | b1dd2440bd69b190620616b86ce96c0b50422ed4 (patch) | |
tree | fc8e7567c0f43b2a62b9e142a119a18a238d4616 /NEWS | |
parent | 53a11db91a34718778aea4123dc1fa69287d39ec (diff) |
posix: perform readdir filling in locked region
When two application threads share an open dir fd (DIR *) and issue
readdirs, storage/posix will receive separate readdir fops in separate
threads in parallel. This has two-fold issues
1. In the following pair of operations -
entry = readdir(dir)
and
strcpy (gf_dirent->name, entry->d_name)
@entry is a static buffer in libc which can get reused by another thread
to get filled with a longer name. This can cause the second operation
to overflow the buffer as the allocation was for the smaller name.
2. In the following pair of operations -
seekdir (dir, offset)
and
entry = readdir(dir)
If two threads are executing these sequence in parallel in separate
threads, then one of them will end up reading wrong/unexpected entries.
It would be sufficient to fix 1. by using readdir_r but that still keeps
the second race open. Hence the patch moves all the set of operations to a
locked region which solves both races.
Signed-off-by: Anand Avati <avati@gluster.com>
BUG: 3171 (Crash in server)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3171
Diffstat (limited to 'NEWS')
0 files changed, 0 insertions, 0 deletions