From 663d1a5eed5a8aef6cfad4710e16d21740bf0da8 Mon Sep 17 00:00:00 2001
From: Atin Mukherjee <amukherj@redhat.com>
Date: Thu, 11 Feb 2016 15:37:08 +0530
Subject: rpc : build_prog_details should iterate program list inside critical
 section

While I was analyzing a glusterd crash from free_prog_details, a code
walkthrough detects that we iterate over the rpc svc program list without been
inside the criticial section. This opens up a possibility of a crash when there
is a concurrent writer updating the same list. Solution is to read the list
inside lock.

Change-Id: Ib4b4b0022a9535e139cd3c00574aab23f07aa9d2
BUG: 1306560
Signed-off-by: Atin Mukherjee <amukherj@redhat.com>
Reviewed-on: http://review.gluster.org/13428
Smoke: Gluster Build System <jenkins@build.gluster.com>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
CentOS-regression: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
---
 rpc/rpc-lib/src/rpcsvc.c | 33 ++++++++++++++++++++-------------
 1 file changed, 20 insertions(+), 13 deletions(-)

(limited to 'rpc/rpc-lib')

diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c
index 6955d1ad328..f4cff12762f 100644
--- a/rpc/rpc-lib/src/rpcsvc.c
+++ b/rpc/rpc-lib/src/rpcsvc.c
@@ -1904,21 +1904,28 @@ build_prog_details (rpcsvc_request_t *req, gf_dump_rsp *rsp)
         if (!req || !req->trans || !req->svc)
                 goto out;
 
-        list_for_each_entry (program, &req->svc->programs, program) {
-                prog = GF_CALLOC (1, sizeof (*prog), 0);
-                if (!prog)
-                        goto out;
-                prog->progname = program->progname;
-                prog->prognum  = program->prognum;
-                prog->progver  = program->progver;
-                if (!rsp->prog)
-                        rsp->prog = prog;
+        pthread_mutex_lock (&req->svc->rpclock);
+        {
+                list_for_each_entry (program, &req->svc->programs, program) {
+                        prog = GF_CALLOC (1, sizeof (*prog), 0);
+                        if (!prog)
+                                goto unlock;
+
+                        prog->progname = program->progname;
+                        prog->prognum  = program->prognum;
+                        prog->progver  = program->progver;
+
+                        if (!rsp->prog)
+                                rsp->prog = prog;
+                        if (prev)
+                                prev->next = prog;
+                        prev = prog;
+                }
                 if (prev)
-                        prev->next = prog;
-                prev = prog;
+                        ret = 0;
         }
-        if (prev)
-                ret = 0;
+unlock:
+        pthread_mutex_unlock (&req->svc->rpclock);
 out:
         return ret;
 }
-- 
cgit