diff options
author | Atin Mukherjee <amukherj@redhat.com> | 2016-02-11 15:37:08 +0530 |
---|---|---|
committer | Raghavendra G <rgowdapp@redhat.com> | 2016-02-22 10:07:05 -0800 |
commit | 663d1a5eed5a8aef6cfad4710e16d21740bf0da8 (patch) | |
tree | dbdf278a60a3dbdeef4755b5082b5b4780dd76b6 /rpc/rpc-lib/src/rpcsvc.c | |
parent | 62db11fa017004aa6cb1d91ec6b0117ac3e96a13 (diff) |
rpc : build_prog_details should iterate program list inside critical section
While I was analyzing a glusterd crash from free_prog_details, a code
walkthrough detects that we iterate over the rpc svc program list without been
inside the criticial section. This opens up a possibility of a crash when there
is a concurrent writer updating the same list. Solution is to read the list
inside lock.
Change-Id: Ib4b4b0022a9535e139cd3c00574aab23f07aa9d2
BUG: 1306560
Signed-off-by: Atin Mukherjee <amukherj@redhat.com>
Reviewed-on: http://review.gluster.org/13428
Smoke: Gluster Build System <jenkins@build.gluster.com>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
CentOS-regression: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Diffstat (limited to 'rpc/rpc-lib/src/rpcsvc.c')
-rw-r--r-- | rpc/rpc-lib/src/rpcsvc.c | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c index 6955d1ad328..f4cff12762f 100644 --- a/rpc/rpc-lib/src/rpcsvc.c +++ b/rpc/rpc-lib/src/rpcsvc.c @@ -1904,21 +1904,28 @@ build_prog_details (rpcsvc_request_t *req, gf_dump_rsp *rsp) if (!req || !req->trans || !req->svc) goto out; - list_for_each_entry (program, &req->svc->programs, program) { - prog = GF_CALLOC (1, sizeof (*prog), 0); - if (!prog) - goto out; - prog->progname = program->progname; - prog->prognum = program->prognum; - prog->progver = program->progver; - if (!rsp->prog) - rsp->prog = prog; + pthread_mutex_lock (&req->svc->rpclock); + { + list_for_each_entry (program, &req->svc->programs, program) { + prog = GF_CALLOC (1, sizeof (*prog), 0); + if (!prog) + goto unlock; + + prog->progname = program->progname; + prog->prognum = program->prognum; + prog->progver = program->progver; + + if (!rsp->prog) + rsp->prog = prog; + if (prev) + prev->next = prog; + prev = prog; + } if (prev) - prev->next = prog; - prev = prog; + ret = 0; } - if (prev) - ret = 0; +unlock: + pthread_mutex_unlock (&req->svc->rpclock); out: return ret; } |