diff options
| author | Pranith Kumar K <pkarampu@redhat.com> | 2015-11-26 09:58:39 +0530 |
|---|---|---|
| committer | Venky Shankar <vshankar@redhat.com> | 2015-11-26 20:04:16 -0800 |
| commit | a1919e91279a6c691fbd3dd6c0d97e74e78ccf22 (patch) | |
| tree | 42c00762fa39f3b42e98b13e7cc5683a5b821531 /xlators/features/bit-rot | |
| parent | 0db6d57a184ed79eb3142c42957b1a2415744011 (diff) | |
features/bit-rot: Fix NULL dereference
Problem:
By the time br_stub_worker is accessing this->private in it's
thread, 'init' may not have set 'this->private = priv'. This
leads to NULL dereference leading to brick crash.
Fix:
Set this->private before launching these threads.
Change-Id: Ic797eb195fdd0c70d19f28d0b97bc0181fd3dd2f
BUG: 1285616
Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
Reviewed-on: http://review.gluster.org/12754
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Diffstat (limited to 'xlators/features/bit-rot')
| -rw-r--r-- | xlators/features/bit-rot/src/stub/bit-rot-stub.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/xlators/features/bit-rot/src/stub/bit-rot-stub.c b/xlators/features/bit-rot/src/stub/bit-rot-stub.c index 83a78604665..27a5ff7559a 100644 --- a/xlators/features/bit-rot/src/stub/bit-rot-stub.c +++ b/xlators/features/bit-rot/src/stub/bit-rot-stub.c @@ -154,7 +154,12 @@ init (xlator_t *this) pthread_cond_init (&priv->cond, NULL); INIT_LIST_HEAD (&priv->squeue); - ret = gf_thread_create (&priv->signth, NULL, br_stub_signth, priv); + /* Thread creations need 'this' to be passed so that THIS can be + * assigned inside the thread. So setting this->private here. + */ + this->private = priv; + + ret = gf_thread_create (&priv->signth, NULL, br_stub_signth, this); if (ret != 0) goto cleanup_lock; @@ -165,8 +170,6 @@ init (xlator_t *this) goto cleanup_lock; } - this->private = priv; - gf_msg_debug (this->name, 0, "bit-rot stub loaded"); return 0; @@ -178,6 +181,7 @@ init (xlator_t *this) mem_pool_destroy (priv->local_pool); free_priv: GF_FREE (priv); + this->private = NULL; error_return: return -1; } @@ -758,9 +762,11 @@ br_stub_perform_objsign (call_frame_t *frame, xlator_t *this, void * br_stub_signth (void *arg) { - br_stub_private_t *priv = arg; + xlator_t *this = arg; + br_stub_private_t *priv = this->private; struct br_stub_signentry *sigstub = NULL; + THIS = this; while (1) { pthread_mutex_lock (&priv->lock); { |