From fe8fe3effb70b8c9bb0c675b867114a9b0139d0a Mon Sep 17 00:00:00 2001
From: Poornima G <pgurusid@redhat.com>
Date: Thu, 3 Aug 2017 17:43:22 +0530
Subject: gfapi: Duplicate the buffer sent in setxattr calls

Issue:
The caller of glfs_setxattr sends a buffer to set as the value.
We create a dict in which the pointer to the value is set.
Underlying layers like md-cache take a ref on this dict to store
the value for a longer time. But the moment setxattr is complete,
the caller of glfs_setxattr can free the value memory.

Solution:
memcpy the setxattr value to the gluster buffer.

> Reviewed-on: https://review.gluster.org/17967
> Reviewed-by: soumya k <skoduri@redhat.com>
> Smoke: Gluster Build System <jenkins@build.gluster.org>
> CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
> Reviewed-by: Jeff Darcy <jeff@pl.atyp.us>
> (cherry picked from commit e11296f8e52b7e3b13d21b41d4fa34baea878edf)

Change-Id: I58753fe702e8b7d0f6c4f058714c65d0ad5d7a0a
BUG: 1479655
Signed-off-by: Poornima G <pgurusid@redhat.com>
Reviewed-on: https://review.gluster.org/18001
Smoke: Gluster Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com>
---
 api/src/glfs-fops.c      | 18 ++++++++++++++----
 api/src/glfs-handleops.c |  8 +++++++-
 api/src/glfs-internal.h  |  1 -
 3 files changed, 21 insertions(+), 6 deletions(-)

(limited to 'api')

diff --git a/api/src/glfs-fops.c b/api/src/glfs-fops.c
index e8d4f9af18f..c8ddeea196e 100644
--- a/api/src/glfs-fops.c
+++ b/api/src/glfs-fops.c
@@ -3571,6 +3571,7 @@ glfs_setxattr_common (struct glfs *fs, const char *path, const char *name,
 	struct iatt      iatt = {0, };
 	dict_t          *xattr = NULL;
 	int              reval = 0;
+        void            *value_cp = NULL;
 
         DECLARE_OLD_THIS;
         __GLFS_ENTRY_VALIDATE_FS (fs, invalid_fs);
@@ -3605,8 +3606,13 @@ retry:
 	if (ret)
 		goto out;
 
-	xattr = dict_for_key_value (name, value, size);
+        value_cp = gf_memdup (value, size);
+        GF_CHECK_ALLOC_AND_LOG (subvol->name, value_cp, ret, "Failed to"
+                                " duplicate setxattr value", out);
+
+	xattr = dict_for_key_value (name, value_cp, size, _gf_false);
 	if (!xattr) {
+                GF_FREE (value_cp);
 		ret = -1;
 		errno = ENOMEM;
 		goto out;
@@ -3615,8 +3621,6 @@ retry:
 	ret = syncop_setxattr (subvol, &loc, xattr, flags, NULL, NULL);
         DECODE_SYNCOP_ERR (ret);
 
-	ESTALE_RETRY (ret, errno, reval, &loc, retry);
-
 out:
 	loc_wipe (&loc);
 	if (xattr)
@@ -3659,6 +3663,7 @@ pub_glfs_fsetxattr (struct glfs_fd *glfd, const char *name, const void *value,
 	xlator_t        *subvol = NULL;
 	dict_t          *xattr = NULL;
 	fd_t            *fd = NULL;
+        void            *value_cp = NULL;
 
         DECLARE_OLD_THIS;
 	__GLFS_ENTRY_VALIDATE_FD (glfd, invalid_fs);
@@ -3691,8 +3696,13 @@ pub_glfs_fsetxattr (struct glfs_fd *glfd, const char *name, const void *value,
 		goto out;
 	}
 
-	xattr = dict_for_key_value (name, value, size);
+        value_cp = gf_memdup (value, size);
+        GF_CHECK_ALLOC_AND_LOG (subvol->name, value_cp, ret, "Failed to"
+                                " duplicate setxattr value", out);
+
+	xattr = dict_for_key_value (name, value_cp, size, _gf_false);
 	if (!xattr) {
+                GF_FREE (value_cp);
 		ret = -1;
 		errno = ENOMEM;
 		goto out;
diff --git a/api/src/glfs-handleops.c b/api/src/glfs-handleops.c
index dbffa9e26bf..4180f5cf777 100644
--- a/api/src/glfs-handleops.c
+++ b/api/src/glfs-handleops.c
@@ -481,6 +481,7 @@ pub_glfs_h_setxattrs (struct glfs *fs, struct glfs_object *object,
         inode_t         *inode = NULL;
         loc_t            loc = {0, };
         dict_t          *xattr = NULL;
+        void            *value_cp = NULL;
 
         /* validate in args */
         if ((fs == NULL) || (object == NULL) ||
@@ -517,8 +518,13 @@ pub_glfs_h_setxattrs (struct glfs *fs, struct glfs_object *object,
                 goto out;
         }
 
-        xattr = dict_for_key_value (name, value, size);
+        value_cp = gf_memdup (value, size);
+        GF_CHECK_ALLOC_AND_LOG (subvol->name, value_cp, ret, "Failed to"
+                                " duplicate setxattr value", out);
+
+        xattr = dict_for_key_value (name, value_cp, size, _gf_false);
         if (!xattr) {
+                GF_FREE (value_cp);
                 ret = -1;
                 errno = ENOMEM;
                 goto out;
diff --git a/api/src/glfs-internal.h b/api/src/glfs-internal.h
index 838b5c748b2..180981830d7 100644
--- a/api/src/glfs-internal.h
+++ b/api/src/glfs-internal.h
@@ -373,7 +373,6 @@ int glfs_loc_touchup (loc_t *loc)
 void glfs_iatt_to_stat (struct glfs *fs, struct iatt *iatt, struct stat *stat);
 int glfs_loc_link (loc_t *loc, struct iatt *iatt);
 int glfs_loc_unlink (loc_t *loc);
-dict_t *dict_for_key_value (const char *name, const char *value, size_t size);
 int glfs_getxattr_process (void *value, size_t size, dict_t *xattr,
 			   const char *name);
 
-- 
cgit