From 6750f6bb329b70733d1673fb8c95d3e4a5d514d6 Mon Sep 17 00:00:00 2001

From: N Balachandran <nbalacha@redhat.com>

Date: Wed, 19 Jul 2017 21:44:55 +0530

Subject: [PATCH 571/576] cluster/dht: Fixed crash in dht_rmdir_is_subvol_empty

The local->call_cnt was being accessed and updated inside

the loop where the entries were being processed and the calls

were being wound.

This could end up in a scenario where the local->call_cnt became

0 before the processing was complete causing the crash when the

next entry was being processed.

> BUG: 1472949

> Signed-off-by: N Balachandran <nbalacha@redhat.com>

> Reviewed-on: https://review.gluster.org/17825

> Smoke: Gluster Build System <jenkins@build.gluster.org>

> CentOS-regression: Gluster Build System <jenkins@build.gluster.org>

> Reviewed-by: Jeff Darcy <jeff@pl.atyp.us>

> Reviewed-by: Amar Tumballi <amarts@redhat.com>

> Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com>

Change-Id: I930f61f1a1d1948f90d4e58e80b7d6680cf27f2f

BUG: 1471918

Signed-off-by: N Balachandran <nbalacha@redhat.com>

Reviewed-on: https://code.engineering.redhat.com/gerrit/113509

Reviewed-by: Atin Mukherjee <amukherj@redhat.com>

---

 xlators/cluster/dht/src/dht-common.c | 47 ++++++++++++++++++++++++++----------

 1 file changed, 34 insertions(+), 13 deletions(-)

diff --git a/xlators/cluster/dht/src/dht-common.c b/xlators/cluster/dht/src/dht-common.c

index aebea2f..55106fa 100644

--- a/xlators/cluster/dht/src/dht-common.c

+++ b/xlators/cluster/dht/src/dht-common.c

@@ -8330,6 +8330,7 @@ dht_rmdir_linkfile_unlink_cbk (call_frame_t *frame, void *cookie, xlator_t *this

         }

         this_call_cnt = dht_frame_return (readdirp_frame);

+

         if (is_last_call (this_call_cnt))

                 dht_rmdir_readdirp_do (readdirp_frame, this);

@@ -8390,8 +8391,9 @@ dht_rmdir_lookup_cbk (call_frame_t *frame, void *cookie, xlator_t *this,

 err:

         this_call_cnt = dht_frame_return (readdirp_frame);

-        if (is_last_call (this_call_cnt))

+        if (is_last_call (this_call_cnt)) {

                 dht_rmdir_readdirp_do (readdirp_frame, this);

+        }

         DHT_STACK_DESTROY (frame);

         return 0;

@@ -8499,7 +8501,10 @@ dht_rmdir_is_subvol_empty (call_frame_t *frame, xlator_t *this,

         dict_t             *xattrs       = NULL;

         dht_conf_t         *conf         = this->private;

         xlator_t           *subvol       = NULL;

-        char               gfid[GF_UUID_BUF_SIZE] = {0};

+        char                gfid[GF_UUID_BUF_SIZE] = {0};

+        int                 count        = 0;

+        gf_boolean_t        unwind        = _gf_false;

+

         local = frame->local;

@@ -8510,7 +8515,7 @@ dht_rmdir_is_subvol_empty (call_frame_t *frame, xlator_t *this,

                         continue;

                 if (check_is_linkfile (NULL, (&trav->d_stat), trav->dict,

                                               conf->link_xattr_name)) {

-                        ret++;

+                        count++;

                         continue;

                 }

@@ -8540,16 +8545,17 @@ dht_rmdir_is_subvol_empty (call_frame_t *frame, xlator_t *this,

                 return -1;

         }

+        local->call_cnt = count;

+        ret = 0;

+

         list_for_each_entry (trav, &entries->list, list) {

                 if (strcmp (trav->d_name, ".") == 0)

                         continue;

                 if (strcmp (trav->d_name, "..") == 0)

                         continue;

-                lookup_frame = NULL;

-                lookup_local = NULL;

-

                 lookup_frame = copy_frame (frame);

+

                 if (!lookup_frame) {

                         /* out of memory, let the rmdir fail

                            (as non-empty, unfortunately) */

@@ -8578,13 +8584,6 @@ dht_rmdir_is_subvol_empty (call_frame_t *frame, xlator_t *this,

                               "looking up %s on subvolume %s, gfid = %s",

                               lookup_local->loc.path, src->name, gfid);

-                LOCK (&frame->lock);

-                {

-                        /* Increment the call count for the readdir frame */

-                        local->call_cnt++;

-                }

-                UNLOCK (&frame->lock);

-

                 subvol = dht_linkfile_subvol (this, NULL, &trav->d_stat,

                                               trav->dict);

                 if (!subvol) {

@@ -8614,6 +8613,9 @@ dht_rmdir_is_subvol_empty (call_frame_t *frame, xlator_t *this,

                                     &lookup_local->loc, xattrs);

                 }

                 ret++;

+

+                lookup_frame = NULL;

+                lookup_local = NULL;

         }

         if (xattrs)

@@ -8626,6 +8628,25 @@ err:

         if (lookup_frame)

                 DHT_STACK_DESTROY (lookup_frame);

+

+        /* Handle the case where the wound calls have unwound before the

+         * loop processing is done

+         */

+

+        LOCK (&frame->lock);

+        {

+                local->op_ret = -1;

+                local->op_errno = ENOTEMPTY;

+

+                local->call_cnt -= (count - ret);

+                if (!local->call_cnt)

+                        unwind = _gf_true;

+        }

+        UNLOCK (&frame->lock);

+

+        if (!unwind) {

+                return ret;

+        }

         return 0;

 }

-- 

1.8.3.1