From 72d3dde33bd12f4aea96d59097bef5df45672610 Mon Sep 17 00:00:00 2001
From: Krutika Dhananjay <kdhananj@redhat.com>
Date: Thu, 28 Nov 2013 16:47:09 +0530
Subject: posix-acl: Fix crash resulting from GF_FREE() done on a CALLOC'd
 object

The object in question was created in posix_acl_inherit () and
was being GF_FREE'd as part of data_destroy().

Change-Id: Ibdb7c3b5c10ce447f061bde68452502e5170de92
BUG: 1035751
Signed-off-by: Krutika Dhananjay <kdhananj@redhat.com>
Reviewed-on: http://review.gluster.org/6377
Reviewed-by: Pranith Kumar Karampuri <pkarampu@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
---
 xlators/system/posix-acl/src/Makefile.am           |  2 +-
 xlators/system/posix-acl/src/posix-acl-mem-types.h | 24 +++++++++++++++
 xlators/system/posix-acl/src/posix-acl.c           | 35 +++++++++++++++++-----
 3 files changed, 53 insertions(+), 8 deletions(-)
 create mode 100644 xlators/system/posix-acl/src/posix-acl-mem-types.h

(limited to 'xlators/system')

diff --git a/xlators/system/posix-acl/src/Makefile.am b/xlators/system/posix-acl/src/Makefile.am
index 11c939fa3..14ba51863 100644
--- a/xlators/system/posix-acl/src/Makefile.am
+++ b/xlators/system/posix-acl/src/Makefile.am
@@ -4,7 +4,7 @@ posix_acl_la_LDFLAGS = -module -avoid-version
 posix_acl_la_SOURCES = posix-acl.c posix-acl-xattr.c
 posix_acl_la_LIBADD = $(top_builddir)/libglusterfs/src/libglusterfs.la
 
-noinst_HEADERS = posix-acl.h posix-acl-xattr.h
+noinst_HEADERS = posix-acl.h posix-acl-xattr.h posix-acl-mem-types.h
 
 AM_CPPFLAGS = $(GF_CPPFLAGS) -I$(top_srcdir)/libglusterfs/src
 
diff --git a/xlators/system/posix-acl/src/posix-acl-mem-types.h b/xlators/system/posix-acl/src/posix-acl-mem-types.h
new file mode 100644
index 000000000..7eed2ebb5
--- /dev/null
+++ b/xlators/system/posix-acl/src/posix-acl-mem-types.h
@@ -0,0 +1,24 @@
+/*
+   Copyright (c) 2008-2013 Red Hat, Inc. <http://www.redhat.com>
+   This file is part of GlusterFS.
+
+   This file is licensed to you under your choice of the GNU Lesser
+   General Public License, version 3 or any later version (LGPLv3 or
+   later), or the GNU General Public License, version 2 (GPLv2), in all
+   cases as published by the Free Software Foundation.
+*/
+
+#ifndef __POSIX_ACL_MEM_TYPES_H__
+#define __POSIX_ACL_MEM_TYPES_H__
+
+#include "mem-types.h"
+
+typedef enum gf_posix_acl_mem_types_ {
+        gf_posix_acl_mt_ctx_t   =  gf_common_mt_end + 1,
+        gf_posix_acl_mt_posix_ace_t,
+        gf_posix_acl_mt_char,
+        gf_posix_acl_mt_conf_t,
+        gf_posix_acl_mt_end
+} gf_posix_acl_mem_types_t;
+#endif
+
diff --git a/xlators/system/posix-acl/src/posix-acl.c b/xlators/system/posix-acl/src/posix-acl.c
index 4658cad49..947c71c77 100644
--- a/xlators/system/posix-acl/src/posix-acl.c
+++ b/xlators/system/posix-acl/src/posix-acl.c
@@ -15,12 +15,32 @@
 
 #include "posix-acl.h"
 #include "posix-acl-xattr.h"
+#include "posix-acl-mem-types.h"
 
 
 #define UINT64(ptr) ((uint64_t)((long)(ptr)))
 #define PTR(num) ((void *)((long)(num)))
 
 
+int32_t
+mem_acct_init (xlator_t *this)
+{
+        int     ret = -1;
+
+        if (!this)
+                return ret;
+
+        ret = xlator_mem_acct_init (this, gf_posix_acl_mt_end + 1);
+
+        if (ret != 0) {
+                gf_log(this->name, GF_LOG_ERROR, "Memory accounting init"
+                       "failed");
+                return ret;
+        }
+
+        return ret;
+}
+
 static uid_t
 r00t ()
 {
@@ -277,7 +297,7 @@ posix_acl_ctx_get (inode_t *inode, xlator_t *this)
         if ((ret == 0) && (int_ctx))
                 return PTR(int_ctx);
 
-        ctx = CALLOC (1, sizeof (*ctx));
+        ctx = GF_CALLOC (1, sizeof (*ctx), gf_posix_acl_mt_ctx_t);
         if (!ctx)
                 return NULL;
 
@@ -333,7 +353,8 @@ posix_acl_new (xlator_t *this, int entrycnt)
         struct posix_acl *acl = NULL;
         struct posix_ace *ace = NULL;
 
-        acl = CALLOC (1, sizeof (*acl) + (entrycnt * sizeof (*ace)));
+        acl = GF_CALLOC (1, sizeof (*acl) + (entrycnt * sizeof (*ace)),
+                         gf_posix_acl_mt_posix_ace_t);
         if (!acl)
                 return NULL;
 
@@ -348,7 +369,7 @@ posix_acl_new (xlator_t *this, int entrycnt)
 void
 posix_acl_destroy (xlator_t *this, struct posix_acl *acl)
 {
-        FREE (acl);
+       GF_FREE (acl);
 
         return;
 }
@@ -577,7 +598,7 @@ posix_acl_inherit (xlator_t *this, loc_t *loc, dict_t *params, mode_t mode,
         ctx->perm = retmode;
 
         size_access = posix_acl_to_xattr (this, acl_access, NULL, 0);
-        xattr_access = CALLOC (1, size_access);
+        xattr_access = GF_CALLOC (1, size_access, gf_posix_acl_mt_char);
         if (!xattr_access) {
                 gf_log (this->name, GF_LOG_ERROR, "out of memory");
                 ret = -1;
@@ -600,7 +621,7 @@ posix_acl_inherit (xlator_t *this, loc_t *loc, dict_t *params, mode_t mode,
         acl_default = posix_acl_ref (this, par_default);
 
         size_default = posix_acl_to_xattr (this, acl_default, NULL, 0);
-        xattr_default = CALLOC (1, size_default);
+        xattr_default = GF_CALLOC (1, size_default, gf_posix_acl_mt_char);
         if (!xattr_default) {
                 gf_log (this->name, GF_LOG_ERROR, "out of memory");
                 ret = -1;
@@ -2050,7 +2071,7 @@ posix_acl_forget (xlator_t *this, inode_t *inode)
         if (ctx->acl_default)
                 posix_acl_unref (this, ctx->acl_default);
 
-        FREE (ctx);
+        GF_FREE (ctx);
 out:
         return 0;
 }
@@ -2078,7 +2099,7 @@ init (xlator_t *this)
         struct posix_acl        *minacl = NULL;
         struct posix_ace        *minace = NULL;
 
-        conf = CALLOC (1, sizeof (*conf));
+        conf = GF_CALLOC (1, sizeof (*conf), gf_posix_acl_mt_conf_t);
         if (!conf) {
                 gf_log (this->name, GF_LOG_ERROR,
                         "out of memory");
-- 
cgit