rpms / glusterfs

Clone
Source Code
GIT

Blame SOURCES/0332-rpc-rpc_clnt_connection_cleanup-is-crashed-due-to-do.patch

c4 c5 c5-plus c6 c6-plus c6-sig-storage-gluster-5 c6-sig-storage-gluster-6 c6-sig-storage-gluster-7 c7 c7-alt c7-atomic c7-beta c7-sig-storage-gluster-5 c7-sig-storage-gluster-6 c7-sig-storage-gluster-7 c7-sig-storage-gluster-8 c7-sig-storage-gluster-9 c8 c8-beta c8-sig-storage-gluster-10 c8-sig-storage-gluster-6 c8-sig-storage-gluster-7 c8-sig-storage-gluster-8 c8-sig-storage-gluster-9 c8s c8s-sig-storage-gluster-10 c8s-sig-storage-gluster-11 c8s-sig-storage-gluster-8 c8s-sig-storage-gluster-9 c9 c9-beta c9s-sig-storage-gluster-10 c9s-sig-storage-gluster-11 c9s-sig-storage-gluster-9
  1.   a77c870f7cd1649737b101ef3a04bf44f63f8969
  2.   SOURCES
  3.   0332-rpc-rpc_clnt_connection_cleanup-is-crashed-due-to-do.patch
Blob History Raw
a3470f 
From 76823d120518528c4edad4af6f4c1cdd50f5b398 Mon Sep 17 00:00:00 2001
a3470f 
From: Mohit Agrawal <moagrawal@redhat.com>
a3470f 
Date: Tue, 24 Jul 2018 14:48:35 +0530
a3470f 
Subject: [PATCH 332/333] rpc: rpc_clnt_connection_cleanup is crashed due to
a3470f 
 double free
a3470f
a3470f 
Problem: gfapi client is getting crashed in rpc_clnt_connection_cleanup
a3470f 
         at the time of destroying saved_frames
a3470f
a3470f 
Solution: gfapi client is getting crashed because saved_frame ptr is
a3470f 
          already freed in rpc_clnt_destroy.To avoid the same update
a3470f 
          code in rpc_clnt_destroy
a3470f
a3470f 
> Change-Id: Id8cce102b49f26cfd86ef88257032ed98f43192b
a3470f 
> fixes: bz#1607783
a3470f 
> (cherry picked from commit abd7b1393294d29eef6913e7f93ab76040c90428)
a3470f 
> (Reviewed on upstream link https://review.gluster.org/#/c/20557/)
a3470f
a3470f 
Change-Id: Id3200e36acc1c49a8f5d39a1cc5053864899754c
a3470f 
BUG: 1600790
a3470f 
Signed-off-by: Mohit Agrawal <moagrawal@redhat.com>
a3470f 
Reviewed-on: https://code.engineering.redhat.com/gerrit/145377
a3470f 
Tested-by: Mohit Agrawal <moagrawa@redhat.com>
a3470f 
Reviewed-by: Niels de Vos <ndevos@redhat.com>
a3470f 
Tested-by: RHGS Build Bot <nigelb@redhat.com>
a3470f 
---
a3470f 
 rpc/rpc-lib/src/rpc-clnt.c | 20 +++++++++++++++++---
a3470f 
 1 file changed, 17 insertions(+), 3 deletions(-)
a3470f
a3470f 
diff --git a/rpc/rpc-lib/src/rpc-clnt.c b/rpc/rpc-lib/src/rpc-clnt.c
a3470f 
index 1ea8099..fd7e3ec 100644
a3470f 
--- a/rpc/rpc-lib/src/rpc-clnt.c
a3470f 
+++ b/rpc/rpc-lib/src/rpc-clnt.c
a3470f 
@@ -1771,13 +1771,27 @@ rpc_clnt_trigger_destroy (struct rpc_clnt *rpc)
a3470f 
 static void
a3470f 
 rpc_clnt_destroy (struct rpc_clnt *rpc)
a3470f 
 {
a3470f 
-        rpcclnt_cb_program_t *program = NULL;
a3470f 
-        rpcclnt_cb_program_t *tmp = NULL;
a3470f 
+        rpcclnt_cb_program_t   *program = NULL;
a3470f 
+        rpcclnt_cb_program_t   *tmp = NULL;
a3470f 
+        struct saved_frames    *saved_frames = NULL;
a3470f 
+        rpc_clnt_connection_t  *conn = NULL;
a3470f
a3470f 
         if (!rpc)
a3470f 
                 return;
a3470f
a3470f 
-        saved_frames_destroy (rpc->conn.saved_frames);
a3470f 
+        conn = &rpc->conn;
a3470f 
+        /* Access saved_frames in critical-section to avoid
a3470f 
+           crash in rpc_clnt_connection_cleanup at the time
a3470f 
+           of destroying saved frames
a3470f 
+        */
a3470f 
+        pthread_mutex_lock (&conn->lock);
a3470f 
+        {
a3470f 
+                saved_frames = conn->saved_frames;
a3470f 
+                conn->saved_frames = NULL;
a3470f 
+        }
a3470f 
+        pthread_mutex_unlock (&conn->lock);
a3470f 
+
a3470f 
+        saved_frames_destroy (saved_frames);
a3470f 
         pthread_mutex_destroy (&rpc->lock);
a3470f 
         pthread_mutex_destroy (&rpc->conn.lock);
a3470f
a3470f 
--
a3470f 
1.8.3.1
a3470f

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation