diff options
| author | N Balachandran <nbalacha@redhat.com> | 2017-05-16 10:26:25 +0530 |
|---|---|---|
| committer | Raghavendra Talur <rtalur@redhat.com> | 2017-05-18 08:06:43 +0000 |
| commit | 45662f8d3447e5e467e5fb77c983c422e6f9ca36 (patch) | |
| tree | e52ffe783dc62c7aa8c2b17ccecf49bd6ff92df4 /xlators | |
| parent | bbd891a942f25b59d5dce188e22de2debccfd0a8 (diff) | |
cluster/dht: Fix crash in dht rmdir
Using local->call_cnt to check STACK_WINDs can
cause dht_rmdir_do to be called erroneously if
dht_rmdir_readdirp_cbk unwinds before we check if
local->call_cnt is zero in dht_rmdir_opendir_cbk.
This can cause frame corruptions and crashes.
Thanks to Shyam (srangana@redhat.com) for the
analysis.
> BUG: 1451083
> Signed-off-by: N Balachandran <nbalacha@redhat.com>
> Reviewed-on: https://review.gluster.org/17305
> Smoke: Gluster Build System <jenkins@build.gluster.org>
> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
> CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
> Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com>
(cherry picked from commit 6f7d55c9d58797beaf8d5393c03a5a545bed8bec)
Change-Id: I5362cf78f97f21b3fade0b9e94d492002a8d4a11
BUG: 1451371
Signed-off-by: N Balachandran <nbalacha@redhat.com>
Reviewed-on: https://review.gluster.org/17309
Smoke: Gluster Build System <jenkins@build.gluster.org>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com>
Diffstat (limited to 'xlators')
| -rw-r--r-- | xlators/cluster/dht/src/dht-common.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/xlators/cluster/dht/src/dht-common.c b/xlators/cluster/dht/src/dht-common.c index c9be87c5aab..fe0dc0d3455 100644 --- a/xlators/cluster/dht/src/dht-common.c +++ b/xlators/cluster/dht/src/dht-common.c @@ -8666,6 +8666,7 @@ dht_rmdir_opendir_cbk (call_frame_t *frame, void *cookie, xlator_t *this, char gfid[GF_UUID_BUF_SIZE] = {0}; dht_local_t *readdirp_local = NULL; call_frame_t *readdirp_frame = NULL; + int cnt = 0; local = frame->local; prev = cookie; @@ -8708,7 +8709,7 @@ dht_rmdir_opendir_cbk (call_frame_t *frame, void *cookie, xlator_t *this, "%s: Failed to set dictionary value:key = %s", local->loc.path, conf->link_xattr_name); - local->call_cnt = conf->subvolume_cnt; + cnt = local->call_cnt = conf->subvolume_cnt; /* Create a separate frame per subvol as we might need @@ -8721,7 +8722,9 @@ dht_rmdir_opendir_cbk (call_frame_t *frame, void *cookie, xlator_t *this, readdirp_frame = copy_frame (frame); if (!readdirp_frame) { - local->call_cnt--; + cnt--; + /* Reduce the local->call_cnt as well */ + dht_frame_return (frame); continue; } @@ -8730,7 +8733,9 @@ dht_rmdir_opendir_cbk (call_frame_t *frame, void *cookie, xlator_t *this, if (!readdirp_local) { DHT_STACK_DESTROY (readdirp_frame); - local->call_cnt--; + cnt--; + /* Reduce the local->call_cnt as well */ + dht_frame_return (frame); continue; } readdirp_local->main_frame = frame; @@ -8750,7 +8755,8 @@ dht_rmdir_opendir_cbk (call_frame_t *frame, void *cookie, xlator_t *this, dict_unref (dict); /* Could not wind readdirp to any subvol */ - if (!local->call_cnt) + + if (!cnt) goto err; return 0; |