diff options
| author | Richard Wareing <rwareing@fb.com> | 2015-11-24 20:45:23 -0800 |
|---|---|---|
| committer | Jeff Darcy <jeff@pl.atyp.us> | 2017-08-28 17:05:09 +0000 |
| commit | ddd37db74fdda99874e9087b43a106a72ec256f8 (patch) | |
| tree | c3f1a23a0b7d8335b19b0f2cf382f5f871e09891 | |
| parent | af38bab4e6185f97f84fbfe096d85d8ec4727846 (diff) | |
features/locks: Fix crash bug in connection (lock) clean-up flow
Summary:
- Fixes crash bug where bricks can crash when the "clear locks" command is run
(by CLI or by revocation code) and sockets are later cleaned-up
causing bricks to crash. Crash bug is due to use-after-free due to
refs being left to the lock in the client-list. When this list is
later traversed it triggers a crash as pointers are now pointing to
garbage.
Test Plan:
- Ran with monkey-unlock and tested connection clean-ups after lock
revocation
Reviewers: sshreyas, dph, moox
Reviewed By: moox
Differential Revision: https://phabricator.fb.com/D2695087
Tasks: 6207062
Change-Id: Iea26efe4bfbadc26431a3c50a0a8bda218bb5219
Signed-off-by: Jeff Darcy <jdarcy@fb.com>
Reviewed-on: https://review.gluster.org/18122
Smoke: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Jeff Darcy <jeff@pl.atyp.us>
Tested-by: Jeff Darcy <jeff@pl.atyp.us>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
| -rw-r--r-- | xlators/features/locks/src/entrylk.c | 9 | ||||
| -rw-r--r-- | xlators/features/locks/src/inodelk.c | 6 |
2 files changed, 3 insertions, 12 deletions
diff --git a/xlators/features/locks/src/entrylk.c b/xlators/features/locks/src/entrylk.c index 4231d760cdc..626541237b3 100644 --- a/xlators/features/locks/src/entrylk.c +++ b/xlators/features/locks/src/entrylk.c @@ -701,12 +701,6 @@ pl_common_entrylk (call_frame_t *frame, xlator_t *this, gf_log (this->name, GF_LOG_WARNING, "MONKEY LOCKING (forcing stuck lock)!"); op_ret = 0; - need_inode_unref = _gf_true; - pthread_mutex_lock (&pinode->mutex); - { - __pl_entrylk_unref (reqlock); - } - pthread_mutex_unlock (&pinode->mutex); goto out; } } @@ -790,6 +784,7 @@ pl_common_entrylk (call_frame_t *frame, xlator_t *this, "a bug report at http://bugs.gluster.com", cmd); goto out; } + /* The following (extra) unref corresponds to the ref that * was done at the time the lock was granted. */ @@ -884,6 +879,8 @@ pl_entrylk_client_cleanup (xlator_t *this, pl_ctx_t *ctx) { list_for_each_entry_safe (l, tmp, &ctx->entrylk_lockers, client_list) { + list_del_init (&l->client_list); + pl_entrylk_log_cleanup (l); pinode = l->pinode; diff --git a/xlators/features/locks/src/inodelk.c b/xlators/features/locks/src/inodelk.c index e1702c78ba1..275fb9d20e4 100644 --- a/xlators/features/locks/src/inodelk.c +++ b/xlators/features/locks/src/inodelk.c @@ -645,12 +645,6 @@ pl_inode_setlk (xlator_t *this, pl_ctx_t *ctx, pl_inode_t *pl_inode, __inodelk_prune_stale (this, pl_inode, dom, lock); } else if (priv->monkey_unlocking == _gf_true) { if (pl_does_monkey_want_stuck_lock ()) { - pthread_mutex_lock (&pl_inode->mutex); - { - __pl_inodelk_unref (lock); - } - pthread_mutex_unlock (&pl_inode->mutex); - inode_unref (pl_inode->inode); gf_log (this->name, GF_LOG_WARNING, "MONKEY LOCKING (forcing stuck lock)!"); return 0; |