299302574e
Resolves: bz#1589279 bz#1598384 bz#1599362 bz#1599998 bz#1600790 Resolves: bz#1601331 bz#1603103 Signed-off-by: Milind Changire <mchangir@redhat.com>
68 lines
2.4 KiB
Diff
68 lines
2.4 KiB
Diff
From 76823d120518528c4edad4af6f4c1cdd50f5b398 Mon Sep 17 00:00:00 2001
|
|
From: Mohit Agrawal <moagrawal@redhat.com>
|
|
Date: Tue, 24 Jul 2018 14:48:35 +0530
|
|
Subject: [PATCH 332/333] rpc: rpc_clnt_connection_cleanup is crashed due to
|
|
double free
|
|
|
|
Problem: gfapi client is getting crashed in rpc_clnt_connection_cleanup
|
|
at the time of destroying saved_frames
|
|
|
|
Solution: gfapi client is getting crashed because saved_frame ptr is
|
|
already freed in rpc_clnt_destroy.To avoid the same update
|
|
code in rpc_clnt_destroy
|
|
|
|
> Change-Id: Id8cce102b49f26cfd86ef88257032ed98f43192b
|
|
> fixes: bz#1607783
|
|
> (cherry picked from commit abd7b1393294d29eef6913e7f93ab76040c90428)
|
|
> (Reviewed on upstream link https://review.gluster.org/#/c/20557/)
|
|
|
|
Change-Id: Id3200e36acc1c49a8f5d39a1cc5053864899754c
|
|
BUG: 1600790
|
|
Signed-off-by: Mohit Agrawal <moagrawal@redhat.com>
|
|
Reviewed-on: https://code.engineering.redhat.com/gerrit/145377
|
|
Tested-by: Mohit Agrawal <moagrawa@redhat.com>
|
|
Reviewed-by: Niels de Vos <ndevos@redhat.com>
|
|
Tested-by: RHGS Build Bot <nigelb@redhat.com>
|
|
---
|
|
rpc/rpc-lib/src/rpc-clnt.c | 20 +++++++++++++++++---
|
|
1 file changed, 17 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/rpc/rpc-lib/src/rpc-clnt.c b/rpc/rpc-lib/src/rpc-clnt.c
|
|
index 1ea8099..fd7e3ec 100644
|
|
--- a/rpc/rpc-lib/src/rpc-clnt.c
|
|
+++ b/rpc/rpc-lib/src/rpc-clnt.c
|
|
@@ -1771,13 +1771,27 @@ rpc_clnt_trigger_destroy (struct rpc_clnt *rpc)
|
|
static void
|
|
rpc_clnt_destroy (struct rpc_clnt *rpc)
|
|
{
|
|
- rpcclnt_cb_program_t *program = NULL;
|
|
- rpcclnt_cb_program_t *tmp = NULL;
|
|
+ rpcclnt_cb_program_t *program = NULL;
|
|
+ rpcclnt_cb_program_t *tmp = NULL;
|
|
+ struct saved_frames *saved_frames = NULL;
|
|
+ rpc_clnt_connection_t *conn = NULL;
|
|
|
|
if (!rpc)
|
|
return;
|
|
|
|
- saved_frames_destroy (rpc->conn.saved_frames);
|
|
+ conn = &rpc->conn;
|
|
+ /* Access saved_frames in critical-section to avoid
|
|
+ crash in rpc_clnt_connection_cleanup at the time
|
|
+ of destroying saved frames
|
|
+ */
|
|
+ pthread_mutex_lock (&conn->lock);
|
|
+ {
|
|
+ saved_frames = conn->saved_frames;
|
|
+ conn->saved_frames = NULL;
|
|
+ }
|
|
+ pthread_mutex_unlock (&conn->lock);
|
|
+
|
|
+ saved_frames_destroy (saved_frames);
|
|
pthread_mutex_destroy (&rpc->lock);
|
|
pthread_mutex_destroy (&rpc->conn.lock);
|
|
|
|
--
|
|
1.8.3.1
|
|
|