From d6c1468b2779b6247e44b75276436021a3469a59 Mon Sep 17 00:00:00 2001
From: Krishnan Parthasarathi <kparthas@redhat.com>
Date: Tue, 21 Jan 2014 23:41:07 +0530
Subject: rpc: transport may be destroyed while rpc isn't

rpc_clnt object is destroyed after the corresponding transport object is
destroyed. But rpc_clnt_reconnect, a timer driven function, refers to
the transport object beyond its 'life'. Instead, using the embedded
connection object prevents use after free problem wrt transport object.

Also, access transport object under conn->lock.

Change-Id: Iae28e8a657d02689963c510114ad7cb7e6764e62
BUG: 962619
Signed-off-by: Krishnan Parthasarathi <kparthas@redhat.com>
Reviewed-on: http://review.gluster.org/6751
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
---
 xlators/mgmt/glusterd/src/glusterd-rebalance.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'xlators/mgmt')

diff --git a/xlators/mgmt/glusterd/src/glusterd-rebalance.c b/xlators/mgmt/glusterd/src/glusterd-rebalance.c
index b274e3367..bdedf4c04 100644
--- a/xlators/mgmt/glusterd/src/glusterd-rebalance.c
+++ b/xlators/mgmt/glusterd/src/glusterd-rebalance.c
@@ -126,7 +126,7 @@ __glusterd_defrag_notify (struct rpc_clnt *rpc, void *mydata,
                 UNLOCK (&defrag->lock);
 
                gf_log ("", GF_LOG_DEBUG, "%s got RPC_CLNT_CONNECT",
-                        rpc->conn.trans->name);
+                        rpc->conn.name);
                break;
         }
 
@@ -161,7 +161,7 @@ __glusterd_defrag_notify (struct rpc_clnt *rpc, void *mydata,
 
                 GF_FREE (defrag);
                 gf_log ("", GF_LOG_DEBUG, "%s got RPC_CLNT_DISCONNECT",
-                        rpc->conn.trans->name);
+                        rpc->conn.name);
                 break;
         }
         case RPC_CLNT_DESTROY:
-- 
cgit