From 0acd0b45e5ee22eb5bb35c21093136b3b062744f Mon Sep 17 00:00:00 2001
From: vmallika <vmallika@redhat.com>
Date: Fri, 17 Jul 2015 12:50:59 +0530
Subject: quota/marker: contribution with list_del can cause mem corruption

There is a possibility that contribution is removed twice from list
during unlink operation (with hard links) or during rename operation

Use list_del_init for a thread safe deltion of member from list

Change-Id: Iff5e0c03cc8f0ed85da0db1739b84b695abf9ea6
BUG: 1244109
Signed-off-by: vmallika <vmallika@redhat.com>
Reviewed-on: http://review.gluster.org/11706
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
---
 xlators/features/marker/src/marker-quota-helper.h | 16 ++++++++--------
 xlators/features/marker/src/marker-quota.c        |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

(limited to 'xlators/features')

diff --git a/xlators/features/marker/src/marker-quota-helper.h b/xlators/features/marker/src/marker-quota-helper.h
index 7450a6e3604..bf417aa8241 100644
--- a/xlators/features/marker/src/marker-quota-helper.h
+++ b/xlators/features/marker/src/marker-quota-helper.h
@@ -13,14 +13,14 @@
 
 #include "marker.h"
 
-#define QUOTA_FREE_CONTRIBUTION_NODE(ctx, _contribution)          \
-        do {                                                      \
-                LOCK (&ctx->lock);                                \
-                {                                                 \
-                        list_del (&_contribution->contri_list);   \
-                        GF_REF_PUT (_contribution);               \
-                }                                                 \
-                UNLOCK (&ctx->lock);                              \
+#define QUOTA_FREE_CONTRIBUTION_NODE(ctx, _contribution)             \
+        do {                                                         \
+                LOCK (&ctx->lock);                                   \
+                {                                                    \
+                        list_del_init (&_contribution->contri_list); \
+                        GF_REF_PUT (_contribution);                  \
+                }                                                    \
+                UNLOCK (&ctx->lock);                                 \
         } while (0)
 
 #define QUOTA_SAFE_INCREMENT(lock, var)                 \
diff --git a/xlators/features/marker/src/marker-quota.c b/xlators/features/marker/src/marker-quota.c
index a5ef0bb2321..52b930fb438 100644
--- a/xlators/features/marker/src/marker-quota.c
+++ b/xlators/features/marker/src/marker-quota.c
@@ -4173,7 +4173,7 @@ mq_forget (xlator_t *this, quota_inode_ctx_t *ctx)
 
         list_for_each_entry_safe (contri, next, &ctx->contribution_head,
                                   contri_list) {
-                list_del (&contri->contri_list);
+                list_del_init (&contri->contri_list);
                 GF_REF_PUT (contri);
         }
 
-- 
cgit