protocol/client: fix memory corruption

There was an issue when some accesses to saved_fds list were protected by the wrong mutex (lock instead of fd_lock). Additionally, the retrieval of fdctx from fd's context and any checks done on it have also been protected by fd_lock to avoid fdctx to become outdated just after retrieving it. Change-Id: If2910508bcb7d1ff23debb30291391f00903a6fe BUG: 1553129 Signed-off-by: Xavi Hernandez <xhernandez@redhat.com>
author: Xavi Hernandez <xhernandez@redhat.com> 2018-03-09 22:48:33 +0100
committer: Xavi Hernandez <xhernandez@redhat.com> 2018-03-09 23:31:29 +0100
commit: 157e55fe43ba13f04452aa11f42200b279fb4f7a (patch)
tree: 8ea7ab1685741b8236fde8a7accc611e98d73acc /xlators/protocol/client/src/client-rpc-fops.c
parent: 940f870f4716f9cd32c68db95aa326a0ae87bf03 (diff)
1 files changed, 12 insertions, 12 deletions
diff --git a/xlators/protocol/client/src/client-rpc-fops.c b/xlators/protocol/client/src/client-rpc-fops.c
index 03ca2172692..94fe4ea5ad2 100644
--- a/xlators/protocol/client/src/client-rpc-fops.c
+++ b/xlators/protocol/client/src/client-rpc-fops.c
@@ -368,10 +368,10 @@ client_add_fd_to_saved_fds (xlator_t *this, fd_t *fd, loc_t *loc, int32_t flags,
         INIT_LIST_HEAD (&fdctx->sfd_pos);
         INIT_LIST_HEAD (&fdctx->lock_list);
 
-        this_fd_set_ctx (fd, this, loc, fdctx);
-
         pthread_spin_lock (&conf->fd_lock);
         {
+                this_fd_set_ctx (fd, this, loc, fdctx);
+
                 list_add_tail (&fdctx->sfd_pos, &conf->saved_fds);
         }
         pthread_spin_unlock (&conf->fd_lock);
@@ -3225,10 +3225,10 @@ client3_3_releasedir (call_frame_t *frame, xlator_t *this,
         args = data;
         conf = this->private;
 
-        fdctx = this_fd_del_ctx (args->fd, this);
-        if (fdctx != NULL) {
-                pthread_spin_lock (&conf->fd_lock);
-                {
+        pthread_spin_lock (&conf->fd_lock);
+        {
+                fdctx = this_fd_del_ctx (args->fd, this);
+                if (fdctx != NULL) {
                         remote_fd = fdctx->remote_fd;
 
                         /* fdctx->remote_fd == -1 indicates a reopen attempt
@@ -3243,8 +3243,8 @@ client3_3_releasedir (call_frame_t *frame, xlator_t *this,
                                 destroy = _gf_true;
                         }
                 }
-                pthread_spin_unlock (&conf->fd_lock);
         }
+        pthread_spin_unlock (&conf->fd_lock);
 
         if (destroy)
                 client_fdctx_destroy (this, fdctx);
@@ -3270,10 +3270,10 @@ client3_3_release (call_frame_t *frame, xlator_t *this,
         args = data;
         conf = this->private;
 
-        fdctx = this_fd_del_ctx (args->fd, this);
-        if (fdctx != NULL) {
-                pthread_spin_lock (&conf->fd_lock);
-                {
+        pthread_spin_lock (&conf->fd_lock);
+        {
+                fdctx = this_fd_del_ctx (args->fd, this);
+                if (fdctx != NULL) {
                         remote_fd     = fdctx->remote_fd;
 
                         /* fdctx->remote_fd == -1 indicates a reopen attempt
@@ -3287,8 +3287,8 @@ client3_3_release (call_frame_t *frame, xlator_t *this,
                                 destroy = _gf_true;
                         }
                 }
-                pthread_spin_unlock (&conf->fd_lock);
         }
+        pthread_spin_unlock (&conf->fd_lock);
 
         if (destroy)
                 client_fdctx_destroy (this, fdctx);
author	Xavi Hernandez <xhernandez@redhat.com>	2018-03-09 22:48:33 +0100
committer	Xavi Hernandez <xhernandez@redhat.com>	2018-03-09 23:31:29 +0100
commit	157e55fe43ba13f04452aa11f42200b279fb4f7a (patch)
tree	8ea7ab1685741b8236fde8a7accc611e98d73acc /xlators/protocol/client/src/client-rpc-fops.c
parent	940f870f4716f9cd32c68db95aa326a0ae87bf03 (diff)