summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMohit Agrawal <moagrawal@redhat.com>2018-07-24 14:48:35 +0530
committerMohit Agrawal <moagrawal@redhat.com>2018-07-25 09:54:06 +0530
commitabd7b1393294d29eef6913e7f93ab76040c90428 (patch)
treebd228c7c1b0e68d0b80f35d93392a333459a544e
parent8ad159b2a7e302320a24d1d4f5d0b90302e0f25b (diff)
rpc: rpc_clnt_connection_cleanup is crashed due to double free
Problem: gfapi client is getting crashed in rpc_clnt_connection_cleanup at the time of destroying saved_frames Solution: gfapi client is getting crashed because saved_frame ptr is already freed in rpc_clnt_destroy.To avoid the same update code in rpc_clnt_destroy Change-Id: Id8cce102b49f26cfd86ef88257032ed98f43192b fixes: bz#1607783 Signed-off-by: Mohit Agrawal <moagrawal@redhat.com>
-rw-r--r--rpc/rpc-lib/src/rpc-clnt.c20
1 files changed, 17 insertions, 3 deletions
diff --git a/rpc/rpc-lib/src/rpc-clnt.c b/rpc/rpc-lib/src/rpc-clnt.c
index 330a96837e6..232101c301e 100644
--- a/rpc/rpc-lib/src/rpc-clnt.c
+++ b/rpc/rpc-lib/src/rpc-clnt.c
@@ -1824,14 +1824,28 @@ rpc_clnt_trigger_destroy (struct rpc_clnt *rpc)
static void
rpc_clnt_destroy (struct rpc_clnt *rpc)
{
- rpcclnt_cb_program_t *program = NULL;
- rpcclnt_cb_program_t *tmp = NULL;
+ rpcclnt_cb_program_t *program = NULL;
+ rpcclnt_cb_program_t *tmp = NULL;
+ struct saved_frames *saved_frames = NULL;
+ rpc_clnt_connection_t *conn = NULL;
if (!rpc)
return;
+ conn = &rpc->conn;
GF_FREE (rpc->conn.name);
- saved_frames_destroy (rpc->conn.saved_frames);
+ /* Access saved_frames in critical-section to avoid
+ crash in rpc_clnt_connection_cleanup at the time
+ of destroying saved frames
+ */
+ pthread_mutex_lock (&conn->lock);
+ {
+ saved_frames = conn->saved_frames;
+ conn->saved_frames = NULL;
+ }
+ pthread_mutex_unlock (&conn->lock);
+
+ saved_frames_destroy (saved_frames);
pthread_mutex_destroy (&rpc->lock);
pthread_mutex_destroy (&rpc->conn.lock);