andy/glusterfs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

cluster/dht: Fix crash in dht rmdir

Browse Source 
Using local->call_cnt to check STACK_WINDs can
cause dht_rmdir_do to be called erroneously if
dht_rmdir_readdirp_cbk unwinds before we check if
local->call_cnt is zero in dht_rmdir_opendir_cbk.
This can cause frame corruptions and crashes.

Thanks to Shyam (srangana@redhat.com) for the
analysis.

Change-Id: I5362cf78f97f21b3fade0b9e94d492002a8d4a11
BUG: 1451083
Signed-off-by: N Balachandran <nbalacha@redhat.com>
Reviewed-on: https://review.gluster.org/17305
Smoke: Gluster Build System <jenkins@build.gluster.org>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com>
This commit is contained in:
N Balachandran 2017-05-16 10:26:25 +05:30 committed by Shyamsundar Ranganathan
parent 9d70343977
commit 6f7d55c9d5
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
xlators/cluster/dht/src/dht-common.c
View File

@ -8519,6 +8519,7 @@ dht_rmdir_opendir_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
char gfid[GF_UUID_BUF_SIZE] = {0};
dht_local_t *readdirp_local = NULL;
call_frame_t *readdirp_frame = NULL;
int cnt = 0;
local = frame->local;
prev = cookie;
@ -8561,7 +8562,7 @@ dht_rmdir_opendir_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
"%s: Failed to set dictionary value:key = %s",
local->loc.path, conf->link_xattr_name);
local->call_cnt = conf->subvolume_cnt;
cnt = local->call_cnt = conf->subvolume_cnt;
/* Create a separate frame per subvol as we might need
@ -8574,7 +8575,9 @@ dht_rmdir_opendir_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
readdirp_frame = copy_frame (frame);
if (!readdirp_frame) {
local->call_cnt--;
cnt--;
/* Reduce the local->call_cnt as well */
dht_frame_return (frame);
continue;
}
@ -8583,7 +8586,9 @@ dht_rmdir_opendir_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
if (!readdirp_local) {
DHT_STACK_DESTROY (readdirp_frame);
local->call_cnt--;
cnt--;
/* Reduce the local->call_cnt as well */
dht_frame_return (frame);
continue;
}
readdirp_local->main_frame = frame;
@ -8603,7 +8608,8 @@ dht_rmdir_opendir_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
dict_unref (dict);
/* Could not wind readdirp to any subvol */
if (!local->call_cnt)
if (!cnt)
goto err;
return 0;