From 318aacabbc482bcc2e1686988a77ad0bc054837e Mon Sep 17 00:00:00 2001 From: Pranith Kumar K Date: Tue, 2 Aug 2016 15:19:00 +0530 Subject: cluster/afr: copy loc before passing to syncop Problem: When io-threads is enabled on the client side, io-threads destroys the call-stub in which the loc is stored as soon as the c-stack unwinds. Because afr is creating a syncop with the address of loc passed in setxattr by the time syncop tries to access it, io-threads would have already freed the call-stub. This will lead to crash. Fix: Copy loc to frame->local and use it's address. > Reviewed-on: http://review.gluster.org/15070 > Smoke: Gluster Build System > CentOS-regression: Gluster Build System > NetBSD-regression: NetBSD Build System > Reviewed-by: Ravishankar N BUG: 1367305 Change-Id: I16987e491e24b0b4e3d868a6968e802e47c77f7a Signed-off-by: Pranith Kumar K Signed-off-by: Oleksandr Natalenko Reviewed-on: http://review.gluster.org/15168 Reviewed-by: Ravishankar N Smoke: Gluster Build System CentOS-regression: Gluster Build System NetBSD-regression: NetBSD Build System --- xlators/cluster/afr/src/afr-inode-write.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'xlators') diff --git a/xlators/cluster/afr/src/afr-inode-write.c b/xlators/cluster/afr/src/afr-inode-write.c index 04067f589a5..c8335967c04 100644 --- a/xlators/cluster/afr/src/afr-inode-write.c +++ b/xlators/cluster/afr/src/afr-inode-write.c @@ -1415,7 +1415,8 @@ afr_handle_split_brain_commands (xlator_t *this, call_frame_t *frame, } data->spb_child_index = spb_child_index; data->frame = frame; - data->loc = loc; + loc_copy (&local->loc, loc); + data->loc = &local->loc; ret = synctask_new (this->ctx->env, afr_can_set_split_brain_choice, afr_set_split_brain_choice, NULL, data); -- cgit