From 6b273c1644595472d17f08c891aab62cebecbcbe Mon Sep 17 00:00:00 2001
From: Kinglong Mee <mijinlong@open-fs.com>
Date: Tue, 18 Sep 2018 07:38:48 -0400
Subject: libgfapi: fix use after freed of clnt when dispatching events

Avoid dispatching events to mgmt after freed,
unreference mgmt after the event_dispatch_destroy.

Change-Id: I5b762b37901de70a955661df0aff95bf055ba4ea
updates: bz#1626313
Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
---
 api/src/glfs.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/api/src/glfs.c b/api/src/glfs.c
index d21cb8b334f..babaf20cee3 100644
--- a/api/src/glfs.c
+++ b/api/src/glfs.c
@@ -1230,8 +1230,6 @@ pub_glfs_fini(struct glfs *fs)
 
     if (ctx->mgmt) {
         rpc_clnt_disable(ctx->mgmt);
-        rpc_clnt_unref(ctx->mgmt);
-        ctx->mgmt = NULL;
     }
 
     call_pool = fs->ctx->pool;
@@ -1349,6 +1347,13 @@ pub_glfs_fini(struct glfs *fs)
             ret = -1;
     }
 
+    /* Avoid dispatching events to mgmt after freed,
+     * unreference mgmt after the event_dispatch_destroy */
+    if (ctx->mgmt) {
+        rpc_clnt_unref(ctx->mgmt);
+        ctx->mgmt = NULL;
+    }
+
     /* log infra has to be brought down before destroying
      * timer registry, as logging uses timer infra
      */
-- 
cgit