diff options
author | Mohit Agrawal <moagrawal@redhat.com> | 2018-07-24 14:48:35 +0530 |
---|---|---|
committer | Mohit Agrawal <moagrawal@redhat.com> | 2018-07-25 09:54:06 +0530 |
commit | abd7b1393294d29eef6913e7f93ab76040c90428 (patch) | |
tree | bd228c7c1b0e68d0b80f35d93392a333459a544e | |
parent | 8ad159b2a7e302320a24d1d4f5d0b90302e0f25b (diff) |
rpc: rpc_clnt_connection_cleanup is crashed due to double free
Problem: gfapi client is getting crashed in rpc_clnt_connection_cleanup
at the time of destroying saved_frames
Solution: gfapi client is getting crashed because saved_frame ptr is
already freed in rpc_clnt_destroy.To avoid the same update
code in rpc_clnt_destroy
Change-Id: Id8cce102b49f26cfd86ef88257032ed98f43192b
fixes: bz#1607783
Signed-off-by: Mohit Agrawal <moagrawal@redhat.com>
-rw-r--r-- | rpc/rpc-lib/src/rpc-clnt.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/rpc/rpc-lib/src/rpc-clnt.c b/rpc/rpc-lib/src/rpc-clnt.c index 330a96837e6..232101c301e 100644 --- a/rpc/rpc-lib/src/rpc-clnt.c +++ b/rpc/rpc-lib/src/rpc-clnt.c @@ -1824,14 +1824,28 @@ rpc_clnt_trigger_destroy (struct rpc_clnt *rpc) static void rpc_clnt_destroy (struct rpc_clnt *rpc) { - rpcclnt_cb_program_t *program = NULL; - rpcclnt_cb_program_t *tmp = NULL; + rpcclnt_cb_program_t *program = NULL; + rpcclnt_cb_program_t *tmp = NULL; + struct saved_frames *saved_frames = NULL; + rpc_clnt_connection_t *conn = NULL; if (!rpc) return; + conn = &rpc->conn; GF_FREE (rpc->conn.name); - saved_frames_destroy (rpc->conn.saved_frames); + /* Access saved_frames in critical-section to avoid + crash in rpc_clnt_connection_cleanup at the time + of destroying saved frames + */ + pthread_mutex_lock (&conn->lock); + { + saved_frames = conn->saved_frames; + conn->saved_frames = NULL; + } + pthread_mutex_unlock (&conn->lock); + + saved_frames_destroy (saved_frames); pthread_mutex_destroy (&rpc->lock); pthread_mutex_destroy (&rpc->conn.lock); |