From 3c75958d1948753976405f848f59326fc1896c95 Mon Sep 17 00:00:00 2001 From: shishir gowda Date: Wed, 18 Aug 2010 07:49:15 +0000 Subject: Fix memory corruption in mem pool Added new interface mem_get0, which calls memset on the mem pool entries being returned. Gluster and Kernel compile should now succeed. Signed-off-by: shishir gowda Signed-off-by: Anand V. Avati BUG: 1393 (Gluster and kernel compile fails) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1393 --- libglusterfs/src/call-stub.c | 3 +-- libglusterfs/src/fd.c | 2 +- libglusterfs/src/inode.c | 4 ++-- libglusterfs/src/mem-pool.c | 35 +++++++++++++++++++++++++++++++++++ libglusterfs/src/mem-pool.h | 1 + libglusterfs/src/stack.h | 8 ++++---- 6 files changed, 44 insertions(+), 9 deletions(-) diff --git a/libglusterfs/src/call-stub.c b/libglusterfs/src/call-stub.c index e505bf7fd..89788b3b8 100644 --- a/libglusterfs/src/call-stub.c +++ b/libglusterfs/src/call-stub.c @@ -38,8 +38,7 @@ stub_new (call_frame_t *frame, GF_VALIDATE_OR_GOTO ("call-stub", frame, out); - new = mem_get (frame->this->ctx->stub_mem_pool); - memset (new, 0, sizeof (call_stub_t)); + new = mem_get0 (frame->this->ctx->stub_mem_pool); GF_VALIDATE_OR_GOTO ("call-stub", new, out); new->frame = frame; diff --git a/libglusterfs/src/fd.c b/libglusterfs/src/fd.c index c9ac94734..4e942f5f1 100644 --- a/libglusterfs/src/fd.c +++ b/libglusterfs/src/fd.c @@ -509,7 +509,7 @@ fd_create (inode_t *inode, pid_t pid) return NULL; } - fd = mem_get (inode->table->fd_mem_pool); + fd = mem_get0 (inode->table->fd_mem_pool); if (!fd) goto out; diff --git a/libglusterfs/src/inode.c b/libglusterfs/src/inode.c index 0ed603654..67f4183b4 100644 --- a/libglusterfs/src/inode.c +++ b/libglusterfs/src/inode.c @@ -493,7 +493,7 @@ __dentry_create (inode_t *inode, inode_t *parent, const char *name) if (!inode || !parent || !name) return NULL; - newd = mem_get (parent->table->dentry_pool); + newd = mem_get0 (parent->table->dentry_pool); if (newd == NULL) { gf_log ("inode", GF_LOG_ERROR, "out of memory"); @@ -530,7 +530,7 @@ __inode_create (inode_table_t *table) if (!table) return NULL; - newi = mem_get(table->inode_pool); + newi = mem_get0 (table->inode_pool); if (!newi) { gf_log ("inode", GF_LOG_ERROR, "out of memory"); goto out; diff --git a/libglusterfs/src/mem-pool.c b/libglusterfs/src/mem-pool.c index f1a2c98de..aec1d909d 100644 --- a/libglusterfs/src/mem-pool.c +++ b/libglusterfs/src/mem-pool.c @@ -337,6 +337,41 @@ mem_pool_new_fn (unsigned long sizeof_type, return mem_pool; } +void* +mem_get0 (struct mem_pool *mem_pool) +{ + struct list_head *list = NULL; + void *ptr = NULL; + + if (!mem_pool) { + gf_log ("mem-pool", GF_LOG_ERROR, "invalid argument"); + return NULL; + } + + LOCK (&mem_pool->lock); + { + if (mem_pool->cold_count) { + list = mem_pool->list.next; + list_del (list); + + mem_pool->hot_count++; + mem_pool->cold_count--; + + ptr = list; + goto fwd_addr_out; + } + ptr = MALLOC (mem_pool->real_sizeof_type); + goto unlocked_out; + } +fwd_addr_out: + ptr = mem_pool_chunkhead2ptr (ptr); +unlocked_out: + + memset(ptr, 0, mem_pool->real_sizeof_type); + UNLOCK (&mem_pool->lock); + + return ptr; +} void * mem_get (struct mem_pool *mem_pool) diff --git a/libglusterfs/src/mem-pool.h b/libglusterfs/src/mem-pool.h index 2a064643c..0b467bb2c 100644 --- a/libglusterfs/src/mem-pool.h +++ b/libglusterfs/src/mem-pool.h @@ -114,6 +114,7 @@ mem_pool_new_fn (unsigned long sizeof_type, unsigned long count); void mem_put (struct mem_pool *pool, void *ptr); void *mem_get (struct mem_pool *pool); +void *mem_get0 (struct mem_pool *pool); void mem_pool_destroy (struct mem_pool *pool); diff --git a/libglusterfs/src/stack.h b/libglusterfs/src/stack.h index ad8abe1ea..55bcecc4b 100644 --- a/libglusterfs/src/stack.h +++ b/libglusterfs/src/stack.h @@ -198,7 +198,7 @@ STACK_DESTROY (call_stack_t *stack) call_frame_t *_new = NULL; \ xlator_t *old_THIS = NULL; \ \ - _new = mem_get (frame->root->pool->frame_mem_pool); \ + _new = mem_get0 (frame->root->pool->frame_mem_pool); \ if (!_new) { \ gf_log ("stack", GF_LOG_ERROR, "alloc failed"); \ break; \ @@ -235,7 +235,7 @@ STACK_DESTROY (call_stack_t *stack) call_frame_t *_new = NULL; \ xlator_t *old_THIS = NULL; \ \ - _new = mem_get(frame->root->pool->frame_mem_pool); \ + _new = mem_get0 (frame->root->pool->frame_mem_pool); \ if (!_new) { \ gf_log ("stack", GF_LOG_ERROR, "alloc failed"); \ break; \ @@ -330,7 +330,7 @@ copy_frame (call_frame_t *frame) return NULL; } - newstack = mem_get (frame->root->pool->stack_mem_pool); + newstack = mem_get0 (frame->root->pool->stack_mem_pool); if (newstack == NULL) { return NULL; } @@ -373,7 +373,7 @@ create_frame (xlator_t *xl, call_pool_t *pool) return NULL; } - stack = mem_get (pool->stack_mem_pool); + stack = mem_get0 (pool->stack_mem_pool); if (!stack) return NULL; -- cgit