diff options
author | Xavi Hernandez <xhernandez@redhat.com> | 2018-03-09 22:48:33 +0100 |
---|---|---|
committer | Xavi Hernandez <xhernandez@redhat.com> | 2018-03-09 23:31:29 +0100 |
commit | 157e55fe43ba13f04452aa11f42200b279fb4f7a (patch) | |
tree | 8ea7ab1685741b8236fde8a7accc611e98d73acc /xlators/protocol/client/src/client-rpc-fops.c | |
parent | 940f870f4716f9cd32c68db95aa326a0ae87bf03 (diff) |
protocol/client: fix memory corruption
There was an issue when some accesses to saved_fds list were
protected by the wrong mutex (lock instead of fd_lock).
Additionally, the retrieval of fdctx from fd's context and any
checks done on it have also been protected by fd_lock to avoid
fdctx to become outdated just after retrieving it.
Change-Id: If2910508bcb7d1ff23debb30291391f00903a6fe
BUG: 1553129
Signed-off-by: Xavi Hernandez <xhernandez@redhat.com>
Diffstat (limited to 'xlators/protocol/client/src/client-rpc-fops.c')
-rw-r--r-- | xlators/protocol/client/src/client-rpc-fops.c | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/xlators/protocol/client/src/client-rpc-fops.c b/xlators/protocol/client/src/client-rpc-fops.c index 03ca2172692..94fe4ea5ad2 100644 --- a/xlators/protocol/client/src/client-rpc-fops.c +++ b/xlators/protocol/client/src/client-rpc-fops.c @@ -368,10 +368,10 @@ client_add_fd_to_saved_fds (xlator_t *this, fd_t *fd, loc_t *loc, int32_t flags, INIT_LIST_HEAD (&fdctx->sfd_pos); INIT_LIST_HEAD (&fdctx->lock_list); - this_fd_set_ctx (fd, this, loc, fdctx); - pthread_spin_lock (&conf->fd_lock); { + this_fd_set_ctx (fd, this, loc, fdctx); + list_add_tail (&fdctx->sfd_pos, &conf->saved_fds); } pthread_spin_unlock (&conf->fd_lock); @@ -3225,10 +3225,10 @@ client3_3_releasedir (call_frame_t *frame, xlator_t *this, args = data; conf = this->private; - fdctx = this_fd_del_ctx (args->fd, this); - if (fdctx != NULL) { - pthread_spin_lock (&conf->fd_lock); - { + pthread_spin_lock (&conf->fd_lock); + { + fdctx = this_fd_del_ctx (args->fd, this); + if (fdctx != NULL) { remote_fd = fdctx->remote_fd; /* fdctx->remote_fd == -1 indicates a reopen attempt @@ -3243,8 +3243,8 @@ client3_3_releasedir (call_frame_t *frame, xlator_t *this, destroy = _gf_true; } } - pthread_spin_unlock (&conf->fd_lock); } + pthread_spin_unlock (&conf->fd_lock); if (destroy) client_fdctx_destroy (this, fdctx); @@ -3270,10 +3270,10 @@ client3_3_release (call_frame_t *frame, xlator_t *this, args = data; conf = this->private; - fdctx = this_fd_del_ctx (args->fd, this); - if (fdctx != NULL) { - pthread_spin_lock (&conf->fd_lock); - { + pthread_spin_lock (&conf->fd_lock); + { + fdctx = this_fd_del_ctx (args->fd, this); + if (fdctx != NULL) { remote_fd = fdctx->remote_fd; /* fdctx->remote_fd == -1 indicates a reopen attempt @@ -3287,8 +3287,8 @@ client3_3_release (call_frame_t *frame, xlator_t *this, destroy = _gf_true; } } - pthread_spin_unlock (&conf->fd_lock); } + pthread_spin_unlock (&conf->fd_lock); if (destroy) client_fdctx_destroy (this, fdctx); |