From 2f6b222476a6ca0e5d96946876e1a53eccad9fe7 Mon Sep 17 00:00:00 2001
From: Raghavendra G <raghavendra@gluster.com>
Date: Tue, 4 May 2010 02:28:11 +0000
Subject: performance/read-ahead: don't set ra_file in fd->ctx unless all
 memebers of ra_file is initialized

- If ptr to ra_file is set in fd->ctx even before initializing all its
    members, A race condition may occur b/w a thread executing ra_fstat,
    ra_readv etc (where all files open on the same inode are flushed) and
    the thread doing initialization of ra_file (in ra_open_cbk or
    ra_create_cbk). Because of this race-condition, flush_region might be
    called on an uninitialized ra_file, thereby causing crash.

Signed-off-by: Raghavendra G <raghavendra@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>

BUG: 868 (crash in ra_fstat)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=868
---
 xlators/performance/read-ahead/src/read-ahead.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

(limited to 'xlators')

diff --git a/xlators/performance/read-ahead/src/read-ahead.c b/xlators/performance/read-ahead/src/read-ahead.c
index 8e140d82147..e4c1ab2dab0 100644
--- a/xlators/performance/read-ahead/src/read-ahead.c
+++ b/xlators/performance/read-ahead/src/read-ahead.c
@@ -68,8 +68,6 @@ ra_open_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
 		goto unwind;
 	}
 
-	ret = fd_ctx_set (fd, this, (uint64_t)(long)file);
-
 	/* If mandatory locking has been enabled on this file,
 	   we disable caching on it */
 
@@ -110,9 +108,16 @@ ra_open_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
 		file->page_count = 1;
 	}
 
-        frame->local = NULL;
+	ret = fd_ctx_set (fd, this, (uint64_t)(long)file);
+        if (ret == -1) {
+                ra_file_destroy (file);
+                op_ret = -1;
+                op_errno = ENOMEM;
+        }
 
 unwind:
+        frame->local = NULL;
+
 	STACK_UNWIND_STRICT (open, frame, op_ret, op_errno, fd);
 
 	return 0;
@@ -144,8 +149,6 @@ ra_create_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
 		goto unwind;
 	}
 
-	ret = fd_ctx_set (fd, this, (uint64_t)(long)file);
-
 	/* If mandatory locking has been enabled on this file,
 	   we disable caching on it */
 
@@ -179,6 +182,13 @@ ra_create_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
 	file->page_size = conf->page_size;
 	pthread_mutex_init (&file->file_lock, NULL);
 
+	ret = fd_ctx_set (fd, this, (uint64_t)(long)file);
+        if (ret == -1) {
+                ra_file_destroy (file);
+                op_ret = -1;
+                op_errno = ENOMEM;
+        }
+
 unwind:
 	STACK_UNWIND_STRICT (create, frame, op_ret, op_errno, fd, inode, buf,
                              preparent, postparent);
-- 
cgit