From 0c2d25956b022cb61f0b62873c97b7346ef7c4c3 Mon Sep 17 00:00:00 2001
From: N Balachandran <nbalacha@redhat.com>
Date: Wed, 25 Sep 2019 19:50:27 +0530
Subject: perf/write-behind: Clear frame->local on conflict error

WB saves the wb_inode in frame->local for the truncate and
ftruncate fops. This value is not cleared in case of error
on a conflicting write request. FRAME_DESTROY finds a non-null
frame->local and tries to free it using mem_put. However,
wb_inode is allocated using GF_CALLOC, causing the
process to crash.

credit: vpolakis@gmail.com

Change-Id: I217f61470445775e05145aebe44c814731c1b8c5
Fixes: bz#1753592
Signed-off-by: N Balachandran <nbalacha@redhat.com>
---
 xlators/performance/write-behind/src/write-behind.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'xlators/performance')

diff --git a/xlators/performance/write-behind/src/write-behind.c b/xlators/performance/write-behind/src/write-behind.c
index aade1c9c563..ab6b76cace8 100644
--- a/xlators/performance/write-behind/src/write-behind.c
+++ b/xlators/performance/write-behind/src/write-behind.c
@@ -1522,6 +1522,10 @@ __wb_handle_failed_conflict(wb_request_t *req, wb_request_t *conflict,
              */
             req->op_ret = -1;
             req->op_errno = conflict->op_errno;
+            if ((req->stub->fop == GF_FOP_TRUNCATE) ||
+                (req->stub->fop == GF_FOP_FTRUNCATE)) {
+                req->stub->frame->local = NULL;
+            }
 
             list_del_init(&req->todo);
             list_add_tail(&req->winds, tasks);
-- 
cgit