diff options
| author | Raghavendra G <rgowdapp@redhat.com> | 2015-02-24 10:25:16 +0530 |
|---|---|---|
| committer | Raghavendra G <rgowdapp@redhat.com> | 2015-02-25 23:15:22 -0800 |
| commit | 2a60854e8360309347236852989d520a04975e9c (patch) | |
| tree | 5d9c2b7703e226e522d4e539435614867c4f121e /xlators | |
| parent | 9112806b02b1c8668acff87af62553462aa7cf48 (diff) | |
cluster/dht: serialize execution of dht_discover_complete and
STACK_DESTROY (frame).
In the current code, dht_discover_complete can be invoked because of:
1. attempt_unwind is true
2. we are processing reply from the last subvolume
In scenario 1, following race is possible:
T1: calls dht_frame_return.
T2: calls dht_frame_return. This happens to be last call and hence it
invokes dht_discover_complete, goes ahead and destroys frame
T1: since attempt_unwind is true, calls
dht_discover_complete. However, since frame is already freed, call
to dht_discover_complete can result in a crash.
The fix is to make sure that destruction of the frame is done only by
the thread executing dht_discover_complete.
Change-Id: I45765b90c4a9d0af0b33f8911b564d99e12d099e
BUG: 1195120
Signed-off-by: Raghavendra G <rgowdapp@redhat.com>
Reviewed-on: http://review.gluster.org/9729
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com>
Reviewed-by: N Balachandran <nbalacha@redhat.com>
Diffstat (limited to 'xlators')
| -rw-r--r-- | xlators/cluster/dht/src/dht-common.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/xlators/cluster/dht/src/dht-common.c b/xlators/cluster/dht/src/dht-common.c index 1847b2fe003..47e617230f9 100644 --- a/xlators/cluster/dht/src/dht-common.c +++ b/xlators/cluster/dht/src/dht-common.c @@ -363,9 +363,18 @@ dht_discover_cbk (call_frame_t *frame, void *cookie, xlator_t *this, unlock: UNLOCK (&frame->lock); out: + /* Make sure, the thread executing dht_discover_complete is the one + * which calls STACK_DESTROY (frame). In the case of "attempt_unwind", + * this makes sure that the thread don't call dht_frame_return, till + * call to dht_discover_complete is done. + */ + if (attempt_unwind) { + dht_discover_complete (this, frame); + } + this_call_cnt = dht_frame_return (frame); - if (is_last_call (this_call_cnt) || attempt_unwind) { + if (is_last_call (this_call_cnt) && !attempt_unwind) { dht_discover_complete (this, frame); } |