From 2893a79a95dc3abae4b69ccbb6a54772f5f63938 Mon Sep 17 00:00:00 2001 From: Mohammed Rafi KC Date: Mon, 3 Jul 2017 16:37:01 +0530 Subject: [PATCH 556/557] uss/svc: fix double free on xdata dictionary we were taking unref on wrong dictionary which results in wrong memory access. Back port of> >Change-Id: Ic25a6c209ecd72c9056dfcb79fabcfc650dd3c1e >BUG: 1467513 >Signed-off-by: Mohammed Rafi KC >Reviewed-on: https://review.gluster.org/17691 >CentOS-regression: Gluster Build System >Smoke: Gluster Build System >Reviewed-by: Atin Mukherjee Change-Id: Ic25a6c209ecd72c9056dfcb79fabcfc650dd3c1e BUG: 1191480 Signed-off-by: Mohammed Rafi KC Reviewed-on: https://code.engineering.redhat.com/gerrit/111808 Reviewed-by: Atin Mukherjee --- .../features/snapview-client/src/snapview-client.c | 25 ++++++++++++++++------ .../features/snapview-client/src/snapview-client.h | 3 ++- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/xlators/features/snapview-client/src/snapview-client.c b/xlators/features/snapview-client/src/snapview-client.c index efc3362..cd63bea 100644 --- a/xlators/features/snapview-client/src/snapview-client.c +++ b/xlators/features/snapview-client/src/snapview-client.c @@ -1662,14 +1662,12 @@ gf_svc_readdirp_lookup_cbk (call_frame_t *frame, void *cookie, xlator_t *this, local = frame->local; - if (local->xdata != NULL) - dict_unref (xdata); - if (op_ret) { if (op_errno == ESTALE && !local->revalidate) { local->revalidate = 1; ret = gf_svc_special_dir_revalidate_lookup (frame, - this); + this, + xdata); if (!ret) return 0; @@ -1724,7 +1722,8 @@ out: } int -gf_svc_special_dir_revalidate_lookup (call_frame_t *frame, xlator_t *this) +gf_svc_special_dir_revalidate_lookup (call_frame_t *frame, xlator_t *this, + dict_t *xdata) { svc_private_t *private = NULL; svc_local_t *local = NULL; @@ -1741,6 +1740,15 @@ gf_svc_special_dir_revalidate_lookup (call_frame_t *frame, xlator_t *this) local = frame->local; loc = &local->loc; + if (local->xdata) { + dict_unref (local->xdata); + local->xdata = NULL; + } + + if (xdata) + local->xdata = dict_ref (xdata); + + inode_unref (loc->inode); loc->inode = inode_new (loc->parent->table); if (!loc->inode) { @@ -1879,10 +1887,13 @@ gf_svc_readdir_on_special_dir (call_frame_t *frame, void *cookie, } local->cookie = cookie; - if (xdata == NULL) + if (local->xdata) { + dict_unref (local->xdata); local->xdata = NULL; - else + } + if (xdata) local->xdata = dict_ref (xdata); + STACK_WIND (frame, gf_svc_readdirp_lookup_cbk, SECOND_CHILD (this), SECOND_CHILD (this)->fops->lookup, loc, tmp_xdata); diff --git a/xlators/features/snapview-client/src/snapview-client.h b/xlators/features/snapview-client/src/snapview-client.h index e1fcb37..169974a 100644 --- a/xlators/features/snapview-client/src/snapview-client.h +++ b/xlators/features/snapview-client/src/snapview-client.h @@ -96,6 +96,7 @@ typedef enum { } inode_type_t; int -gf_svc_special_dir_revalidate_lookup (call_frame_t *frame, xlator_t *this); +gf_svc_special_dir_revalidate_lookup (call_frame_t *frame, xlator_t *this, + dict_t *xdata); #endif /* __SNAP_VIEW_CLIENT_H__ */ -- 1.8.3.1