From 63bd03660e88fe2aab59b0c3d86e079855cf87c1 Mon Sep 17 00:00:00 2001
From: vmallika <vmallika@redhat.com>
Date: Thu, 13 Aug 2015 14:11:59 +0530
Subject: [PATCH 257/279] quota/marker: contribution with list_del can cause mem corruption

This is a backport of http://review.gluster.org/11706

There is a possibility that contribution is removed twice from list
during unlink operation (with hard links) or during rename operation

Use list_del_init for a thread safe deltion of member from list

> Change-Id: Iff5e0c03cc8f0ed85da0db1739b84b695abf9ea6
> BUG: 1244109
> Signed-off-by: vmallika <vmallika@redhat.com>
> Reviewed-on: http://review.gluster.org/11706
> Tested-by: Gluster Build System <jenkins@build.gluster.com>
> Tested-by: NetBSD Build System <jenkins@build.gluster.org>
> Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com>
> Reviewed-by: Raghavendra G <rgowdapp@redhat.com>

BUG: 1236672
Change-Id: Ic40d7342039a0512345418ab146d67682b87be21
Signed-off-by: vmallika <vmallika@redhat.com>
Reviewed-on: https://code.engineering.redhat.com/gerrit/55061
Reviewed-by: Raghavendra Gowdappa <rgowdapp@redhat.com>
Tested-by: Raghavendra Gowdappa <rgowdapp@redhat.com>
---
 xlators/features/marker/src/marker-quota-helper.h |   16 ++++++++--------
 xlators/features/marker/src/marker-quota.c        |    2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/xlators/features/marker/src/marker-quota-helper.h b/xlators/features/marker/src/marker-quota-helper.h
index f69447b..1f9faf5 100644
--- a/xlators/features/marker/src/marker-quota-helper.h
+++ b/xlators/features/marker/src/marker-quota-helper.h
@@ -18,14 +18,14 @@
 
 #include "marker.h"
 
-#define QUOTA_FREE_CONTRIBUTION_NODE(ctx, _contribution)          \
-        do {                                                      \
-                LOCK (&ctx->lock);                                \
-                {                                                 \
-                        list_del (&_contribution->contri_list);   \
-                        GF_REF_PUT (_contribution);               \
-                }                                                 \
-                UNLOCK (&ctx->lock);                              \
+#define QUOTA_FREE_CONTRIBUTION_NODE(ctx, _contribution)             \
+        do {                                                         \
+                LOCK (&ctx->lock);                                   \
+                {                                                    \
+                        list_del_init (&_contribution->contri_list); \
+                        GF_REF_PUT (_contribution);                  \
+                }                                                    \
+                UNLOCK (&ctx->lock);                                 \
         } while (0)
 
 #define QUOTA_SAFE_INCREMENT(lock, var)                 \
diff --git a/xlators/features/marker/src/marker-quota.c b/xlators/features/marker/src/marker-quota.c
index ca59c1b..f65ed77 100644
--- a/xlators/features/marker/src/marker-quota.c
+++ b/xlators/features/marker/src/marker-quota.c
@@ -4178,7 +4178,7 @@ mq_forget (xlator_t *this, quota_inode_ctx_t *ctx)
 
         list_for_each_entry_safe (contri, next, &ctx->contribution_head,
                                   contri_list) {
-                list_del (&contri->contri_list);
+                list_del_init (&contri->contri_list);
                 GF_REF_PUT (contri);
         }
 
-- 
1.7.1