From 6750f6bb329b70733d1673fb8c95d3e4a5d514d6 Mon Sep 17 00:00:00 2001
From: N Balachandran <nbalacha@redhat.com>
Date: Wed, 19 Jul 2017 21:44:55 +0530
Subject: [PATCH 571/576] cluster/dht: Fixed crash in dht_rmdir_is_subvol_empty
The local->call_cnt was being accessed and updated inside
the loop where the entries were being processed and the calls
were being wound.
This could end up in a scenario where the local->call_cnt became
0 before the processing was complete causing the crash when the
next entry was being processed.
> BUG: 1472949
> Signed-off-by: N Balachandran <nbalacha@redhat.com>
> Reviewed-on: https://review.gluster.org/17825
> Smoke: Gluster Build System <jenkins@build.gluster.org>
> CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
> Reviewed-by: Jeff Darcy <jeff@pl.atyp.us>
> Reviewed-by: Amar Tumballi <amarts@redhat.com>
> Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com>
Change-Id: I930f61f1a1d1948f90d4e58e80b7d6680cf27f2f
BUG: 1471918
Signed-off-by: N Balachandran <nbalacha@redhat.com>
Reviewed-on: https://code.engineering.redhat.com/gerrit/113509
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
---
xlators/cluster/dht/src/dht-common.c | 47 ++++++++++++++++++++++++++----------
1 file changed, 34 insertions(+), 13 deletions(-)
diff --git a/xlators/cluster/dht/src/dht-common.c b/xlators/cluster/dht/src/dht-common.c
index aebea2f..55106fa 100644
--- a/xlators/cluster/dht/src/dht-common.c
+++ b/xlators/cluster/dht/src/dht-common.c
@@ -8330,6 +8330,7 @@ dht_rmdir_linkfile_unlink_cbk (call_frame_t *frame, void *cookie, xlator_t *this
}
this_call_cnt = dht_frame_return (readdirp_frame);
+
if (is_last_call (this_call_cnt))
dht_rmdir_readdirp_do (readdirp_frame, this);
@@ -8390,8 +8391,9 @@ dht_rmdir_lookup_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
err:
this_call_cnt = dht_frame_return (readdirp_frame);
- if (is_last_call (this_call_cnt))
+ if (is_last_call (this_call_cnt)) {
dht_rmdir_readdirp_do (readdirp_frame, this);
+ }
DHT_STACK_DESTROY (frame);
return 0;
@@ -8499,7 +8501,10 @@ dht_rmdir_is_subvol_empty (call_frame_t *frame, xlator_t *this,
dict_t *xattrs = NULL;
dht_conf_t *conf = this->private;
xlator_t *subvol = NULL;
- char gfid[GF_UUID_BUF_SIZE] = {0};
+ char gfid[GF_UUID_BUF_SIZE] = {0};
+ int count = 0;
+ gf_boolean_t unwind = _gf_false;
+
local = frame->local;
@@ -8510,7 +8515,7 @@ dht_rmdir_is_subvol_empty (call_frame_t *frame, xlator_t *this,
continue;
if (check_is_linkfile (NULL, (&trav->d_stat), trav->dict,
conf->link_xattr_name)) {
- ret++;
+ count++;
continue;
}
@@ -8540,16 +8545,17 @@ dht_rmdir_is_subvol_empty (call_frame_t *frame, xlator_t *this,
return -1;
}
+ local->call_cnt = count;
+ ret = 0;
+
list_for_each_entry (trav, &entries->list, list) {
if (strcmp (trav->d_name, ".") == 0)
continue;
if (strcmp (trav->d_name, "..") == 0)
continue;
- lookup_frame = NULL;
- lookup_local = NULL;
-
lookup_frame = copy_frame (frame);
+
if (!lookup_frame) {
/* out of memory, let the rmdir fail
(as non-empty, unfortunately) */
@@ -8578,13 +8584,6 @@ dht_rmdir_is_subvol_empty (call_frame_t *frame, xlator_t *this,
"looking up %s on subvolume %s, gfid = %s",
lookup_local->loc.path, src->name, gfid);
- LOCK (&frame->lock);
- {
- /* Increment the call count for the readdir frame */
- local->call_cnt++;
- }
- UNLOCK (&frame->lock);
-
subvol = dht_linkfile_subvol (this, NULL, &trav->d_stat,
trav->dict);
if (!subvol) {
@@ -8614,6 +8613,9 @@ dht_rmdir_is_subvol_empty (call_frame_t *frame, xlator_t *this,
&lookup_local->loc, xattrs);
}
ret++;
+
+ lookup_frame = NULL;
+ lookup_local = NULL;
}
if (xattrs)
@@ -8626,6 +8628,25 @@ err:
if (lookup_frame)
DHT_STACK_DESTROY (lookup_frame);
+
+ /* Handle the case where the wound calls have unwound before the
+ * loop processing is done
+ */
+
+ LOCK (&frame->lock);
+ {
+ local->op_ret = -1;
+ local->op_errno = ENOTEMPTY;
+
+ local->call_cnt -= (count - ret);
+ if (!local->call_cnt)
+ unwind = _gf_true;
+ }
+ UNLOCK (&frame->lock);
+
+ if (!unwind) {
+ return ret;
+ }
return 0;
}
--
1.8.3.1