libgfapi: Gracefully exit when glfd is invalid

When glfs_* methods operating on glfd are invoked after calling
glfs_close(), the program segfaults inside __GLFS_ENTRY_VALIDATE_FD
trying to deference glfd->fd->inode which is invalid.

Also, returning EBADF seemed more specific than EINVAL.

BUG: 1221008
Change-Id: I13a92dca52da9a300252b69e026581b3a9e931fd
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/10759
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com>

3 files changed, 7 insertions, 5 deletions

diff --git a/api/src/glfs-internal.h b/api/src/glfs-internal.h
index 3f8ac92ac7e..ff8ace9cbb8 100644
--- a/api/src/glfs-internal.h
+++ b/api/src/glfs-internal.h
@@ -268,8 +268,8 @@ do {                                                                \
 
 #define __GLFS_ENTRY_VALIDATE_FD(glfd, label)                       \
 do {                                                                \
-        if (!glfd) {                                                \
-                errno = EINVAL;                                     \
+        if (!glfd || !glfd->fd || !glfd->fd->inode) {               \
+                errno = EBADF;                                      \
                 goto label;                                         \
         }                                                           \
         old_THIS = THIS;                                            \
diff --git a/api/src/glfs.c b/api/src/glfs.c
index fc392947e1e..490dbde9c1e 100644
--- a/api/src/glfs.c
+++ b/api/src/glfs.c
@@ -555,8 +555,10 @@ glfs_fd_destroy (struct glfs_fd *glfd)
 	}
 	glfs_unlock (glfd->fs);
 
-	if (glfd->fd)
-		fd_unref (glfd->fd);
+        if (glfd->fd) {
+                fd_unref (glfd->fd);
+                glfd->fd = NULL;
+        }
 
 	GF_FREE (glfd->readdirbuf);
 
diff --git a/libglusterfs/src/fd.c b/libglusterfs/src/fd.c
index af0d66da1ec..0b1229aac7e 100644
--- a/libglusterfs/src/fd.c
+++ b/libglusterfs/src/fd.c
@@ -533,7 +533,7 @@ fd_destroy (fd_t *fd)
         }
         UNLOCK (&fd->inode->lock);
         inode_unref (fd->inode);
-        fd->inode = (inode_t *)0xaaaaaaaa;
+        fd->inode = NULL;
         fd_lk_ctx_unref (fd->lk_ctx);
         mem_put (fd);
 out: