andy/glusterfs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

rpc: rpc_clnt_connection_cleanup is crashed due to double free

Browse Source 
Problem: gfapi client is getting crashed in rpc_clnt_connection_cleanup
         at the time of destroying saved_frames

Solution: gfapi client is getting crashed because saved_frame ptr is
          already freed in rpc_clnt_destroy.To avoid the same update
          code in rpc_clnt_destroy

Change-Id: Id8cce102b49f26cfd86ef88257032ed98f43192b
fixes: bz#1607783
Signed-off-by: Mohit Agrawal <moagrawal@redhat.com>
This commit is contained in:
Mohit Agrawal 2018-07-24 14:48:35 +05:30
parent 8ad159b2a7
commit abd7b13932
1 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
rpc/rpc-lib/src/rpc-clnt.c
View File

@ -1824,14 +1824,28 @@ rpc_clnt_trigger_destroy (struct rpc_clnt *rpc)
static void
rpc_clnt_destroy (struct rpc_clnt *rpc)
{
rpcclnt_cb_program_t *program = NULL;
rpcclnt_cb_program_t *tmp = NULL;
rpcclnt_cb_program_t *program = NULL;
rpcclnt_cb_program_t *tmp = NULL;
struct saved_frames *saved_frames = NULL;
rpc_clnt_connection_t *conn = NULL;
if (!rpc)
return;
conn = &rpc->conn;
GF_FREE (rpc->conn.name);
saved_frames_destroy (rpc->conn.saved_frames);
/* Access saved_frames in critical-section to avoid
crash in rpc_clnt_connection_cleanup at the time
of destroying saved frames
*/
pthread_mutex_lock (&conn->lock);
{
saved_frames = conn->saved_frames;
conn->saved_frames = NULL;
}
pthread_mutex_unlock (&conn->lock);
saved_frames_destroy (saved_frames);
pthread_mutex_destroy (&rpc->lock);
pthread_mutex_destroy (&rpc->conn.lock);