path: root/xlators/features/leases/src/leases.h
diff options
authorSoumya Koduri <>2018-11-11 22:53:07 +0530
committerAmar Tumballi <>2018-11-17 09:16:13 +0000
commitb7aec05aa965202ab73120acf0da4c32fe0cf16c (patch)
treec76b1409a8d66a22bd68fe1c23b976306d07c04d /xlators/features/leases/src/leases.h
parent04be5463b20ababc29942fa967017e763d0ae2af (diff)
leases: Fix incorrect inode_ref/unrefs
From testing & code-reading, found couple of places where we incorrectly unref the inode resulting in use_after_free crash or ref leaks. This patch addresses couple of them. a) When we try to grant the very first lease for a inode, inode_ref is taken in __add_lease. This ref should be active till all the leases granted to that inode are released (i.e, till lease_cnt > 0). In addition even after lease_cnt becomes '0', the inode should be active till all the blocked fops are resumed. Hence release this ref, after resuming all those fops. To avoid granting new leases while resuming those fops, defined a new boolean (blocked_fops_resuming) to flag it in the lease_ctx. b) 'new_lease_inode' which creates new lease_inode_entry and takes ref on inode, is used while adding that entry to client_list and recall_list. Use its counter function '__destroy_lease_inode' which does unref while removing those entries from those lists. c) inode ref is also taken when added to timer->data. Unref the same after processing timer->data. Change-Id: Ie77c78ff4a971e0d9a66178597fb34faf39205fb updates: bz#1648768 Signed-off-by: Soumya Koduri <>
Diffstat (limited to 'xlators/features/leases/src/leases.h')
1 files changed, 1 insertions, 0 deletions
diff --git a/xlators/features/leases/src/leases.h b/xlators/features/leases/src/leases.h
index d5fc451289d..6ac712b0bb0 100644
--- a/xlators/features/leases/src/leases.h
+++ b/xlators/features/leases/src/leases.h
@@ -185,6 +185,7 @@ struct _lease_inode_ctx {
uint64_t lease_cnt; /* Total number of leases on this inode */
uint64_t openfd_cnt; /* number of fds open */
gf_boolean_t recall_in_progress; /* if lease recall is sent on this inode */
+ gf_boolean_t blocked_fops_resuming; /* if blocked fops are being resumed */
struct list_head blocked_list; /* List of fops blocked until the
lease recall is complete */
inode_t *inode; /* this represents the inode on which the