performance/read-ahead: don't set ra_file in fd->ctx unless all memebers of ra_file is initialized

- If ptr to ra_file is set in fd->ctx even before initializing all its members, A race condition may occur b/w a thread executing ra_fstat, ra_readv etc (where all files open on the same inode are flushed) and the thread doing initialization of ra_file (in ra_open_cbk or ra_create_cbk). Because of this race-condition, flush_region might be called on an uninitialized ra_file, thereby causing crash. Signed-off-by: Raghavendra G <raghavendra@gluster.com> Signed-off-by: Anand V. Avati <avati@dev.gluster.com> BUG: 868 (crash in ra_fstat) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=868
2010-05-04 02:29:22 +00:00 · 2010-05-04 02:29:22 +00:00 · 3954ddddfe
commit 3954ddddfe
parent bb4955c4e1
1 changed files with 15 additions and 5 deletions
--- a/xlators/performance/read-ahead/src/read-ahead.c
+++ b/xlators/performance/read-ahead/src/read-ahead.c
@ -68,8 +68,6 @@ ra_open_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
 		goto unwind;
 	}

-	ret = fd_ctx_set (fd, this, (uint64_t)(long)file);
-
 	/* If O_DIRECT open, we disable caching on it */

 	if ((fd->flags & O_DIRECT) || ((fd->flags & O_ACCMODE) == O_WRONLY))
@ -104,9 +102,16 @@ ra_open_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
 		file->page_count = 1;
 	}

+	ret = fd_ctx_set (fd, this, (uint64_t)(long)file);
+        if (ret == -1) {
+                ra_file_destroy (file);
+                op_ret = -1;
+                op_errno = ENOMEM;
+        }
+        
+unwind:
        frame->local = NULL;

-unwind:
 	STACK_UNWIND_STRICT (open, frame, op_ret, op_errno, fd);

 	return 0;
@ -138,8 +143,6 @@ ra_create_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
 		goto unwind;
 	}

-	ret = fd_ctx_set (fd, this, (uint64_t)(long)file);
-
 	/* If O_DIRECT open, we disable caching on it */

 	if ((fd->flags & O_DIRECT) || ((fd->flags & O_ACCMODE) == O_WRONLY))
@ -167,6 +170,13 @@ ra_create_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
 	file->page_size = conf->page_size;
 	pthread_mutex_init (&file->file_lock, NULL);

+	ret = fd_ctx_set (fd, this, (uint64_t)(long)file);
+        if (ret == -1) {
+                ra_file_destroy (file);
+                op_ret = -1;
+                op_errno = ENOMEM;
+        }
+
 unwind:
 	STACK_UNWIND_STRICT (create, frame, op_ret, op_errno, fd, inode, buf,
                             preparent, postparent);