From 147b3871180a699a642767d0cc0ea00fa69a33c8 Mon Sep 17 00:00:00 2001 From: Ravishankar N Date: Wed, 11 Mar 2015 16:41:06 +0530 Subject: afr: exit out of stack winds in for loops if call_count is zero ....in order to avoid a race where the fop cbk frees the frame's local variables and the fop tries to access it at a later point in time. Change-Id: I91d2696e5e183c61ea1368b3a538f9ed7f3851de BUG: 1200764 Signed-off-by: Ravishankar N Reviewed-on: http://review.gluster.org/9856 Tested-by: Gluster Build System Reviewed-by: pranith karampuri Reviewed-by: Niels de Vos --- xlators/cluster/afr/src/afr-dir-write.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'xlators/cluster/afr/src/afr-dir-write.c') diff --git a/xlators/cluster/afr/src/afr-dir-write.c b/xlators/cluster/afr/src/afr-dir-write.c index f996181cd2e..3bf9facd610 100644 --- a/xlators/cluster/afr/src/afr-dir-write.c +++ b/xlators/cluster/afr/src/afr-dir-write.c @@ -147,6 +147,7 @@ afr_mark_new_entry_changelog (call_frame_t *frame, xlator_t *this) afr_private_t *priv = NULL; dict_t **xattr = NULL; int32_t **changelog = NULL; + int call_count = -1; int i = 0; GF_UNUSED int op_errno = 0; @@ -186,6 +187,7 @@ afr_mark_new_entry_changelog (call_frame_t *frame, xlator_t *this) uuid_copy (new_local->loc.gfid, local->cont.dir_fop.buf.ia_gfid); new_local->loc.inode = inode_ref (local->cont.dir_fop.inode); new_local->call_count = local->success_count; + call_count = new_local->call_count; for (i = 0; i < priv->child_count; i++) { if (local->child_errno[i]) @@ -197,6 +199,8 @@ afr_mark_new_entry_changelog (call_frame_t *frame, xlator_t *this) priv->children[i]->fops->xattrop, &new_local->loc, GF_XATTROP_ADD_ARRAY, xattr[i], NULL); + if (!--call_count) + break; } new_frame = NULL; out: -- cgit