Tree - rpms/glusterfs - CentOS Git server

rpms / glusterfs

Blame SOURCES/0454-features-locks-avoid-use-after-freed-of-frame-for-bl.patch

Blob History Raw

		d84cf8	`From cddd253c5e3f0a7c3b91c35cea8ad1921cb43b98 Mon Sep 17 00:00:00 2001`
		d84cf8	`From: Kinglong Mee <kinglongmee@gmail.com>`
		d84cf8	`Date: Thu, 18 Jul 2019 11:43:01 +0800`
		d84cf8	`Subject: [PATCH 454/456] features/locks: avoid use after freed of frame for`
		d84cf8	`blocked lock`
		d84cf8
		d84cf8	`The fop contains blocked lock may use freed frame info when other`
		d84cf8	`unlock fop has unwind the blocked lock.`
		d84cf8
		d84cf8	`Because the blocked lock is added to block list in inode lock(or`
		d84cf8	`other lock), after that, when out of the inode lock, the fop`
		d84cf8	`contains the blocked lock should not use it.`
		d84cf8
		d84cf8	`Upstream Patch - https://review.gluster.org/#/c/glusterfs/+/23155/`
		d84cf8
		d84cf8	`>Change-Id: Icb309a1cc78380dc982b26d50c18d67e4f2c8915`
		d84cf8	`>fixes: bz#1737291`
		d84cf8	`>Signed-off-by: Kinglong Mee <mijinlong@horiscale.com>`
		d84cf8
		d84cf8	`Change-Id: Icb309a1cc78380dc982b26d50c18d67e4f2c8915`
		d84cf8	`BUG: 1812789`
		d84cf8	`Reviewed-on: https://code.engineering.redhat.com/gerrit/206465`
		d84cf8	`Tested-by: RHGS Build Bot <nigelb@redhat.com>`
		d84cf8	`Reviewed-by: Xavi Hernandez Juan <xhernandez@redhat.com>`
		d84cf8	`---`
		d84cf8	`xlators/features/locks/src/common.c \| 4 ++++`
		d84cf8	`xlators/features/locks/src/entrylk.c \| 4 ++--`
		d84cf8	`xlators/features/locks/src/inodelk.c \| 7 +++++--`
		d84cf8	`xlators/features/locks/src/posix.c \| 5 +++--`
		d84cf8	`xlators/features/locks/src/reservelk.c \| 2 --`
		d84cf8	`5 files changed, 14 insertions(+), 8 deletions(-)`
		d84cf8
		d84cf8	`diff --git a/xlators/features/locks/src/common.c b/xlators/features/locks/src/common.c`
		d84cf8	`index 6e7fb4b..1406e70 100644`
		d84cf8	`--- a/xlators/features/locks/src/common.c`
		d84cf8	`+++ b/xlators/features/locks/src/common.c`
		d84cf8	`@@ -1080,6 +1080,10 @@ pl_setlk(xlator_t this, pl_inode_t pl_inode, posix_lock_t *lock,`
		d84cf8	`lock->fl_type == F_UNLCK ? "Unlock" : "Lock",`
		d84cf8	`lock->client_pid, lkowner_utoa(&lock->owner),`
		d84cf8	`lock->user_flock.l_start, lock->user_flock.l_len);`
		d84cf8	`+`
		d84cf8	`+ pl_trace_block(this, lock->frame, NULL, NULL, F_SETLKW,`
		d84cf8	`+ &lock->user_flock, NULL);`
		d84cf8	`+`
		d84cf8	`lock->blocked = 1;`
		d84cf8	`__insert_lock(pl_inode, lock);`
		d84cf8	`ret = -1;`
		d84cf8	`diff --git a/xlators/features/locks/src/entrylk.c b/xlators/features/locks/src/entrylk.c`
		d84cf8	`index ced5eca..93c649c 100644`
		d84cf8	`--- a/xlators/features/locks/src/entrylk.c`
		d84cf8	`+++ b/xlators/features/locks/src/entrylk.c`
		d84cf8	`@@ -552,6 +552,8 @@ __lock_blocked_add(xlator_t this, pl_inode_t pinode, pl_dom_list_t *dom,`
		d84cf8	`gf_msg_trace(this->name, 0, "Blocking lock: {pinode=%p, basename=%s}",`
		d84cf8	`pinode, lock->basename);`
		d84cf8
		d84cf8	`+ entrylk_trace_block(this, lock->frame, NULL, NULL, NULL, lock->basename,`
		d84cf8	`+ ENTRYLK_LOCK, lock->type);`
		d84cf8	`out:`
		d84cf8	`return -EAGAIN;`
		d84cf8	`}`
		d84cf8	`@@ -932,8 +934,6 @@ out:`
		d84cf8	`op_ret, op_errno);`
		d84cf8	`unwind:`
		d84cf8	`STACK_UNWIND_STRICT(entrylk, frame, op_ret, op_errno, NULL);`
		d84cf8	`- } else {`
		d84cf8	`- entrylk_trace_block(this, frame, volume, fd, loc, basename, cmd, type);`
		d84cf8	`}`
		d84cf8
		d84cf8	`if (pcontend != NULL) {`
		d84cf8	`diff --git a/xlators/features/locks/src/inodelk.c b/xlators/features/locks/src/inodelk.c`
		d84cf8	`index a9c42f1..24dee49 100644`
		d84cf8	`--- a/xlators/features/locks/src/inodelk.c`
		d84cf8	`+++ b/xlators/features/locks/src/inodelk.c`
		d84cf8	`@@ -420,6 +420,8 @@ __lock_blocked_add(xlator_t this, pl_dom_list_t dom, pl_inode_lock_t *lock,`
		d84cf8	`lkowner_utoa(&lock->owner), lock->user_flock.l_start,`
		d84cf8	`lock->user_flock.l_len);`
		d84cf8
		d84cf8	`+ pl_trace_block(this, lock->frame, NULL, NULL, F_SETLKW, &lock->user_flock,`
		d84cf8	`+ lock->volume);`
		d84cf8	`out:`
		d84cf8	`return -EAGAIN;`
		d84cf8	`}`
		d84cf8	`@@ -959,6 +961,7 @@ pl_common_inodelk(call_frame_t frame, xlator_t this, const char *volume,`
		d84cf8	`int ret = -1;`
		d84cf8	`GF_UNUSED int dict_ret = -1;`
		d84cf8	`int can_block = 0;`
		d84cf8	`+ short lock_type = 0;`
		d84cf8	`pl_inode_t *pinode = NULL;`
		d84cf8	`pl_inode_lock_t *reqlock = NULL;`
		d84cf8	`pl_dom_list_t *dom = NULL;`
		d84cf8	`@@ -1024,13 +1027,13 @@ pl_common_inodelk(call_frame_t frame, xlator_t this, const char *volume,`
		d84cf8	`/* fall through */`
		d84cf8
		d84cf8	`case F_SETLK:`
		d84cf8	`+ lock_type = flock->l_type;`
		d84cf8	`memcpy(&reqlock->user_flock, flock, sizeof(struct gf_flock));`
		d84cf8	`ret = pl_inode_setlk(this, ctx, pinode, reqlock, can_block, dom,`
		d84cf8	`inode);`
		d84cf8
		d84cf8	`if (ret < 0) {`
		d84cf8	`- if ((can_block) && (F_UNLCK != flock->l_type)) {`
		d84cf8	`- pl_trace_block(this, frame, fd, loc, cmd, flock, volume);`
		d84cf8	`+ if ((can_block) && (F_UNLCK != lock_type)) {`
		d84cf8	`goto out;`
		d84cf8	`}`
		d84cf8	`gf_log(this->name, GF_LOG_TRACE, "returning EAGAIN");`
		d84cf8	`diff --git a/xlators/features/locks/src/posix.c b/xlators/features/locks/src/posix.c`
		d84cf8	`index 50f1265..7887b82 100644`
		d84cf8	`--- a/xlators/features/locks/src/posix.c`
		d84cf8	`+++ b/xlators/features/locks/src/posix.c`
		d84cf8	`@@ -2557,6 +2557,7 @@ pl_lk(call_frame_t frame, xlator_t this, fd_t *fd, int32_t cmd,`
		d84cf8	`uint32_t lk_flags = 0;`
		d84cf8	`posix_locks_private_t *priv = this->private;`
		d84cf8	`pl_local_t *local = NULL;`
		d84cf8	`+ short lock_type = 0;`
		d84cf8
		d84cf8	`int ret = dict_get_uint32(xdata, GF_LOCK_MODE, &lk_flags);`
		d84cf8	`if (ret == 0) {`
		d84cf8	`@@ -2701,6 +2702,7 @@ pl_lk(call_frame_t frame, xlator_t this, fd_t *fd, int32_t cmd,`
		d84cf8	`case F_SETLK:`
		d84cf8	`reqlock->frame = frame;`
		d84cf8	`reqlock->this = this;`
		d84cf8	`+ lock_type = flock->l_type;`
		d84cf8
		d84cf8	`pthread_mutex_lock(&pl_inode->mutex);`
		d84cf8	`{`
		d84cf8	`@@ -2738,8 +2740,7 @@ pl_lk(call_frame_t frame, xlator_t this, fd_t *fd, int32_t cmd,`
		d84cf8
		d84cf8	`ret = pl_setlk(this, pl_inode, reqlock, can_block);`
		d84cf8	`if (ret == -1) {`
		d84cf8	`- if ((can_block) && (F_UNLCK != flock->l_type)) {`
		d84cf8	`- pl_trace_block(this, frame, fd, NULL, cmd, flock, NULL);`
		d84cf8	`+ if ((can_block) && (F_UNLCK != lock_type)) {`
		d84cf8	`goto out;`
		d84cf8	`}`
		d84cf8	`gf_log(this->name, GF_LOG_DEBUG, "returning EAGAIN");`
		d84cf8	`diff --git a/xlators/features/locks/src/reservelk.c b/xlators/features/locks/src/reservelk.c`
		d84cf8	`index 51076d7..604691f 100644`
		d84cf8	`--- a/xlators/features/locks/src/reservelk.c`
		d84cf8	`+++ b/xlators/features/locks/src/reservelk.c`
		d84cf8	`@@ -312,8 +312,6 @@ grant_blocked_lock_calls(xlator_t this, pl_inode_t pl_inode)`
		d84cf8	`ret = pl_setlk(this, pl_inode, lock, can_block);`
		d84cf8	`if (ret == -1) {`
		d84cf8	`if (can_block) {`
		d84cf8	`- pl_trace_block(this, lock->frame, fd, NULL, cmd,`
		d84cf8	`- &lock->user_flock, NULL);`
		d84cf8	`continue;`
		d84cf8	`} else {`
		d84cf8	`gf_log(this->name, GF_LOG_DEBUG, "returning EAGAIN");`
		d84cf8	`--`
		d84cf8	`1.8.3.1`
		d84cf8

rpms / glusterfs

Source Code

Blame SOURCES/0454-features-locks-avoid-use-after-freed-of-frame-for-bl.patch