From 7d87933f648092ae55d57a96fd06e3df975d764c Mon Sep 17 00:00:00 2001

From: Ashish Pandey <aspandey@redhat.com>

Date: Tue, 18 Aug 2020 10:33:48 +0530

Subject: [PATCH 463/465] cluster/ec: Change handling of heal failure to avoid

 crash

Problem:

ec_getxattr_heal_cbk was called with NULL as second argument

in case heal was failing.

This function was dereferencing "cookie" argument which caused crash.

Solution:

Cookie is changed to carry the value that was supposed to be

stored in fop->data, so even in the case when fop is NULL in error

case, there won't be any NULL dereference.

Thanks to Xavi for the suggestion about the fix.

>Upstream patch: https://review.gluster.org/#/c/glusterfs/+/23050/

>fixes: bz#1729085

Change-Id: I0798000d5cadb17c3c2fbfa1baf77033ffc2bb8c

BUG: 1852736

Reviewed-on: https://code.engineering.redhat.com/gerrit/209012

Tested-by: Ashish Pandey <aspandey@redhat.com>

Tested-by: RHGS Build Bot <nigelb@redhat.com>

Reviewed-by: Xavi Hernandez Juan <xhernandez@redhat.com>

---

 xlators/cluster/ec/src/ec-heal.c       | 11 ++++++-----

 xlators/cluster/ec/src/ec-inode-read.c |  4 ++--

 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/xlators/cluster/ec/src/ec-heal.c b/xlators/cluster/ec/src/ec-heal.c

index 7d25853..6e6948b 100644

--- a/xlators/cluster/ec/src/ec-heal.c

+++ b/xlators/cluster/ec/src/ec-heal.c

@@ -1966,7 +1966,7 @@ ec_manager_heal_block(ec_fop_data_t *fop, int32_t state)

         case EC_STATE_REPORT:

             if (fop->cbks.heal) {

-                fop->cbks.heal(fop->req_frame, fop, fop->xl, 0, 0,

+                fop->cbks.heal(fop->req_frame, fop->data, fop->xl, 0, 0,

                                (heal->good | heal->bad), heal->good, heal->bad,

                                0, NULL);

             }

@@ -2022,10 +2022,11 @@ ec_heal_block_done(call_frame_t *frame, void *cookie, xlator_t *this,

                    uintptr_t good, uintptr_t bad, uint32_t pending,

                    dict_t *xdata)

 {

-    ec_fop_data_t *fop = cookie;

-    ec_heal_t *heal = fop->data;

+    ec_heal_t *heal = cookie;

-    fop->heal = NULL;

+    if (heal->fop) {

+        heal->fop->heal = NULL;

+    }

     heal->fop = NULL;

     heal->error = op_ret < 0 ? op_errno : 0;

     syncbarrier_wake(heal->data);

@@ -2669,7 +2670,7 @@ ec_heal_do(xlator_t *this, void *data, loc_t *loc, int32_t partial)

 out:

     ec_reset_entry_healing(fop);

     if (fop->cbks.heal) {

-        fop->cbks.heal(fop->req_frame, fop, fop->xl, op_ret, op_errno,

+        fop->cbks.heal(fop->req_frame, fop->data, fop->xl, op_ret, op_errno,

                        ec_char_array_to_mask(participants, ec->nodes),

                        mgood & good, mbad & bad, pending, NULL);

     }

diff --git a/xlators/cluster/ec/src/ec-inode-read.c b/xlators/cluster/ec/src/ec-inode-read.c

index e82e8f6..c50d0ad 100644

--- a/xlators/cluster/ec/src/ec-inode-read.c

+++ b/xlators/cluster/ec/src/ec-inode-read.c

@@ -396,8 +396,8 @@ ec_getxattr_heal_cbk(call_frame_t *frame, void *cookie, xlator_t *xl,

                      uintptr_t good, uintptr_t bad, uint32_t pending,

                      dict_t *xdata)

 {

-    ec_fop_data_t *fop = cookie;

-    fop_getxattr_cbk_t func = fop->data;

+    fop_getxattr_cbk_t func = cookie;

+

     ec_t *ec = xl->private;

     dict_t *dict = NULL;

     char *str;

-- 

1.8.3.1