diff options
| author | Ashish Pandey <aspandey@redhat.com> | 2019-07-11 16:52:49 +0530 |
|---|---|---|
| committer | Rinku Kothiya <rkothiya@redhat.com> | 2020-03-17 14:27:36 +0000 |
| commit | 5b9e4bbeb115d39e1a5e929b4ffbe981e4597ae7 (patch) | |
| tree | 0337ead5951c7390d13f02b5048716b9eef50f3e | |
| parent | 4bb9b30b4d7f49d17e57fad2540d9398c83d427a (diff) | |
cluster/ec: Change handling of heal failure to avoid crash
Problem:
ec_getxattr_heal_cbk was called with NULL as second argument
in case heal was failing.
This function was dereferencing "cookie" argument which caused crash.
Solution:
Cookie is changed to carry the value that was supposed to be
stored in fop->data, so even in the case when fop is NULL in error
case, there won't be any NULL dereference.
Thanks to Xavi for the suggestion about the fix.
Change-Id: I0798000d5cadb17c3c2fbfa1baf77033ffc2bb8c
updates: #1061
| -rw-r--r-- | xlators/cluster/ec/src/ec-heal.c | 23 | ||||
| -rw-r--r-- | xlators/cluster/ec/src/ec-inode-read.c | 3 |
2 files changed, 13 insertions, 13 deletions
diff --git a/xlators/cluster/ec/src/ec-heal.c b/xlators/cluster/ec/src/ec-heal.c index a868230eb40..b25d97a6fb1 100644 --- a/xlators/cluster/ec/src/ec-heal.c +++ b/xlators/cluster/ec/src/ec-heal.c @@ -1959,7 +1959,7 @@ ec_manager_heal_block(ec_fop_data_t *fop, int32_t state) case EC_STATE_REPORT: if (fop->cbks.heal) { - fop->cbks.heal(fop->req_frame, fop, fop->xl, 0, 0, + fop->cbks.heal(fop->req_frame, fop->data, fop->xl, 0, 0, (heal->good | heal->bad), heal->good, heal->bad, NULL); } @@ -1967,8 +1967,8 @@ ec_manager_heal_block(ec_fop_data_t *fop, int32_t state) return EC_STATE_END; case -EC_STATE_REPORT: if (fop->cbks.heal) { - fop->cbks.heal(fop->req_frame, fop, fop->xl, -1, fop->error, 0, - 0, 0, NULL); + fop->cbks.heal(fop->req_frame, fop->data, fop->xl, -1, + fop->error, 0, 0, 0, NULL); } return EC_STATE_END; @@ -2005,7 +2005,7 @@ out: if (fop != NULL) { ec_manager(fop, error); } else { - func(frame, NULL, this, -1, error, 0, 0, 0, NULL); + func(frame, heal, this, -1, error, 0, 0, 0, NULL); } } @@ -2014,10 +2014,11 @@ ec_heal_block_done(call_frame_t *frame, void *cookie, xlator_t *this, int32_t op_ret, int32_t op_errno, uintptr_t mask, uintptr_t good, uintptr_t bad, dict_t *xdata) { - ec_fop_data_t *fop = cookie; - ec_heal_t *heal = fop->data; + ec_heal_t *heal = cookie; - fop->heal = NULL; + if (heal->fop) { + heal->fop->heal = NULL; + } heal->fop = NULL; heal->error = op_ret < 0 ? op_errno : 0; syncbarrier_wake(heal->data); @@ -2594,7 +2595,7 @@ ec_heal_do(xlator_t *this, void *data, loc_t *loc, int32_t partial) out: ec_reset_entry_healing(fop); if (fop->cbks.heal) { - fop->cbks.heal(fop->req_frame, fop, fop->xl, op_ret, op_errno, + fop->cbks.heal(fop->req_frame, fop->data, fop->xl, op_ret, op_errno, ec_char_array_to_mask(participants, ec->nodes), mgood & good, mbad & bad, NULL); } @@ -2646,8 +2647,8 @@ void ec_heal_fail(ec_t *ec, ec_fop_data_t *fop) { if (fop->cbks.heal) { - fop->cbks.heal(fop->req_frame, NULL, ec->xl, -1, fop->error, 0, 0, 0, - NULL); + fop->cbks.heal(fop->req_frame, fop->data, ec->xl, -1, fop->error, 0, 0, + 0, NULL); } ec_fop_data_release(fop); } @@ -2816,7 +2817,7 @@ fail: if (fop) ec_fop_data_release(fop); if (func) - func(frame, NULL, this, -1, err, 0, 0, 0, NULL); + func(frame, data, this, -1, err, 0, 0, 0, NULL); } int diff --git a/xlators/cluster/ec/src/ec-inode-read.c b/xlators/cluster/ec/src/ec-inode-read.c index 503149cf840..7b569fa29b3 100644 --- a/xlators/cluster/ec/src/ec-inode-read.c +++ b/xlators/cluster/ec/src/ec-inode-read.c @@ -392,8 +392,7 @@ ec_getxattr_heal_cbk(call_frame_t *frame, void *cookie, xlator_t *xl, int32_t op_ret, int32_t op_errno, uintptr_t mask, uintptr_t good, uintptr_t bad, dict_t *xdata) { - ec_fop_data_t *fop = cookie; - fop_getxattr_cbk_t func = fop->data; + fop_getxattr_cbk_t func = cookie; ec_t *ec = xl->private; dict_t *dict = NULL; char *str; |