rpms / glusterfs

Clone
Source Code
GIT

Blame SOURCES/0540-cluster-dht-Fix-crash-in-dht_rename_lock_cbk.patch

c4 c5 c5-plus c6 c6-plus c6-sig-storage-gluster-5 c6-sig-storage-gluster-6 c6-sig-storage-gluster-7 c7 c7-alt c7-atomic c7-beta c7-sig-storage-gluster-5 c7-sig-storage-gluster-6 c7-sig-storage-gluster-7 c7-sig-storage-gluster-8 c7-sig-storage-gluster-9 c8 c8-beta c8-sig-storage-gluster-10 c8-sig-storage-gluster-6 c8-sig-storage-gluster-7 c8-sig-storage-gluster-8 c8-sig-storage-gluster-9 c8s c8s-sig-storage-gluster-10 c8s-sig-storage-gluster-11 c8s-sig-storage-gluster-8 c8s-sig-storage-gluster-9 c9 c9-beta c9s-sig-storage-gluster-10 c9s-sig-storage-gluster-11 c9s-sig-storage-gluster-9
  1.   21ab4eb9afa5ab596d11382126a3f8dfce0fddb3
  2.   SOURCES
  3.   0540-cluster-dht-Fix-crash-in-dht_rename_lock_cbk.patch
Blob History Raw
21ab4e 
From b3250767f749a6289e181c72340e170978622314 Mon Sep 17 00:00:00 2001
21ab4e 
From: N Balachandran <nbalacha@redhat.com>
21ab4e 
Date: Thu, 29 Jun 2017 10:52:37 +0530
21ab4e 
Subject: [PATCH 540/557] cluster:dht Fix crash in dht_rename_lock_cbk
21ab4e
21ab4e 
Use a local variable to store the call count
21ab4e 
in the STACK_WIND for loop. Using frame->local
21ab4e 
is dangerous as it could be freed while the loop
21ab4e 
is still being processed
21ab4e
21ab4e 
> BUG: 1466863
21ab4e 
> Signed-off-by: N Balachandran <nbalacha@redhat.com>
21ab4e 
> Reviewed-on: https://review.gluster.org/17665
21ab4e 
> Smoke: Gluster Build System <jenkins@build.gluster.org>
21ab4e 
> Reviewed-by: Jeff Darcy <jeff@pl.atyp.us>
21ab4e 
> CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
21ab4e 
Change-Id: Ie65cdcfb7868509b4a83bc2a5b5d6304eabfbc8e
21ab4e 
BUG: 1466321
21ab4e 
Signed-off-by: N Balachandran <nbalacha@redhat.com>
21ab4e 
Reviewed-on: https://code.engineering.redhat.com/gerrit/111061
21ab4e 
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
21ab4e 
---
21ab4e 
 xlators/cluster/dht/src/dht-rename.c | 6 ++++--
21ab4e 
 1 file changed, 4 insertions(+), 2 deletions(-)
21ab4e
21ab4e 
diff --git a/xlators/cluster/dht/src/dht-rename.c b/xlators/cluster/dht/src/dht-rename.c
21ab4e 
index 3cd400f..e33c1e4 100644
21ab4e 
--- a/xlators/cluster/dht/src/dht-rename.c
21ab4e 
+++ b/xlators/cluster/dht/src/dht-rename.c
21ab4e 
@@ -1389,6 +1389,8 @@ dht_rename_lock_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
21ab4e 
         dict_t      *xattr_req                  = NULL;
21ab4e 
         dht_conf_t  *conf                       = NULL;
21ab4e 
         int          i                          = 0;
21ab4e 
+        int          count                      = 0;
21ab4e 
+
21ab4e
21ab4e 
         local = frame->local;
21ab4e 
         conf = this->private;
21ab4e 
@@ -1428,7 +1430,7 @@ dht_rename_lock_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
21ab4e 
                 goto done;
21ab4e 
         }
21ab4e
21ab4e 
-        local->call_cnt = local->lock.lk_count;
21ab4e 
+        count = local->call_cnt = local->lock.lk_count;
21ab4e
21ab4e 
         /* Why not use local->lock.locks[?].loc for lookup post lock phase
21ab4e 
          * ---------------------------------------------------------------
21ab4e 
@@ -1447,7 +1449,7 @@ dht_rename_lock_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
21ab4e 
          * exists with the name that the client requested with.
21ab4e 
          * */
21ab4e
21ab4e 
-        for (i = 0; i < local->lock.lk_count; i++) {
21ab4e 
+        for (i = 0; i < count; i++) {
21ab4e 
                 STACK_WIND_COOKIE (frame, dht_rename_lookup_cbk, (void *)(long)i
21ab4e 
                                    , local->lock.locks[i]->xl,
21ab4e 
                                    local->lock.locks[i]->xl->fops->lookup,
21ab4e 
--
21ab4e 
1.8.3.1
21ab4e

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation