From 567304eaa24c0715f8f5d8ca5c70ac9e2af3d2c8 Mon Sep 17 00:00:00 2001
From: Soumya Koduri <skoduri@redhat.com>
Date: Thu, 4 Aug 2016 16:00:31 +0530
Subject: inode: Adjust lru_size while retiring entries in lru list

As part of inode_table_destroy(), we first retire entries
in the lru list but the lru_size is not adjusted accordingly.
This may result in invalid memory reference in inode_table_prune
if the lru_size > lru_limit.

Change-Id: I29ee3c03b0eaa8a118d06dc0cefba85877daf963
BUG: 1364026
Signed-off-by: Soumya Koduri <skoduri@redhat.com>
Reviewed-on: http://review.gluster.org/15087
Smoke: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Reviewed-by: Prashanth Pai <ppai@redhat.com>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
---
 libglusterfs/src/inode.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'libglusterfs/src/inode.c')

diff --git a/libglusterfs/src/inode.c b/libglusterfs/src/inode.c
index 6e1234e9ce2..6e4c2f11bc2 100644
--- a/libglusterfs/src/inode.c
+++ b/libglusterfs/src/inode.c
@@ -1511,6 +1511,14 @@ inode_table_prune (inode_table_t *table)
         {
                 while (table->lru_limit
                        && table->lru_size > (table->lru_limit)) {
+                        if (list_empty (&table->lru)) {
+                                gf_msg_callingfn (THIS->name, GF_LOG_WARNING, 0,
+                                                  LG_MSG_INVALID_INODE_LIST,
+                                                  "Empty inode lru list found"
+                                                  " but with (%d) lru_size",
+                                                  table->lru_size);
+                                break;
+                        }
 
                         entry = list_entry (table->lru.next, inode_t, list);
 
@@ -1780,6 +1788,7 @@ inode_table_destroy (inode_table_t *inode_table) {
                                                  inode_t, list);
                         __inode_forget (trav, 0);
                         __inode_retire (trav);
+                        inode_table->lru_size--;
                 }
 
                 while (!list_empty (&inode_table->active)) {
-- 
cgit