cluster/dht: Fix memory corruption while accessing regex stored in

private If reconfigure is executed parallely (or concurrently with dht_init), there are races that can corrupt memory. One such race is modification of regexes stored in conf (conf->rsync_regex_valid and conf->extra_regex_valid) through dht_init_regex. With change [1], reconfigure codepath can get executed parallely (with itself or with dht_init) and this fix is needed. Also, a reconfigure can race with any thread doing dht_layout_search, resulting in dht_layout_search accessing regex freed up by reconfigure (like in bz 1399134). [1] http://review.gluster.org/15046 Change-Id: I039422a65374cf0ccbe0073441f0e8c442ebf830 BUG: 1399134 Signed-off-by: Raghavendra G <rgowdapp@redhat.com> Reviewed-on: http://review.gluster.org/15945 Smoke: Gluster Build System <jenkins@build.gluster.org> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> Reviewed-by: N Balachandran <nbalacha@redhat.com> CentOS-regression: Gluster Build System <jenkins@build.gluster.org> Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com>
author: Raghavendra G <rgowdapp@redhat.com> 2016-11-08 12:09:57 +0530
committer: Shyamsundar Ranganathan <srangana@redhat.com> 2016-12-08 09:56:41 -0800
commit: 64451d0f25e7cc7aafc1b6589122648281e4310a (patch)
tree: c3eba861ae8124ac20217927cf0719ec5d3d0b18 /xlators/cluster/dht/src/dht-hashfn.c
parent: 58a58e706da73ee751b7cd98c23e6675667fefdb (diff)
1 files changed, 33 insertions, 21 deletions
diff --git a/xlators/cluster/dht/src/dht-hashfn.c b/xlators/cluster/dht/src/dht-hashfn.c
index 66e3ede736b..f8e614a40aa 100644
--- a/xlators/cluster/dht/src/dht-hashfn.c
+++ b/xlators/cluster/dht/src/dht-hashfn.c
@@ -41,12 +41,16 @@ dht_hash_compute_internal (int type, const char *name, uint32_t *hash_p)
 
 static
 gf_boolean_t
-dht_munge_name (const char *original, char *modified, size_t len, regex_t *re)
+dht_munge_name (const char *original, char *modified,
+                size_t len, regex_t *re)
 {
-        regmatch_t      matches[2];
-        size_t          new_len;
+        regmatch_t  matches[2] = {{0}, };
+        size_t      new_len    = 0;
+        int         ret        = 0;
 
-        if (regexec(re,original,2,matches,0) != REG_NOMATCH) {
+        ret = regexec(re, original, 2, matches, 0);
+
+        if (ret != REG_NOMATCH) {
                 if (matches[1].rm_so != -1) {
                         new_len = matches[1].rm_eo - matches[1].rm_so;
                         /* Equal would fail due to the NUL at the end. */
@@ -60,7 +64,7 @@ dht_munge_name (const char *original, char *modified, size_t len, regex_t *re)
         }
 
         /* This is guaranteed safe because of how the dest was allocated. */
-        strcpy(modified,original);
+        strcpy(modified, original);
         return _gf_false;
 }
 
@@ -68,28 +72,36 @@ int
 dht_hash_compute (xlator_t *this, int type, const char *name, uint32_t *hash_p)
 {
         char            *rsync_friendly_name    = NULL;
-        dht_conf_t      *priv                   = this->private;
+        dht_conf_t      *priv                   = NULL;
         size_t           len                    = 0;
         gf_boolean_t     munged                 = _gf_false;
 
-        if (priv->extra_regex_valid) {
-                len = strlen(name) + 1;
-                rsync_friendly_name = alloca(len);
-                munged = dht_munge_name (name, rsync_friendly_name, len,
-                                         &priv->extra_regex);
-        }
+        priv = this->private;
 
-        if (!munged && priv->rsync_regex_valid) {
-                len = strlen(name) + 1;
-                rsync_friendly_name = alloca(len);
-                gf_msg_trace (this->name, 0, "trying regex for %s", name);
-                munged = dht_munge_name (name, rsync_friendly_name, len,
-                                         &priv->rsync_regex);
-                if (munged) {
-                        gf_msg_debug (this->name, 0,
-                                      "munged down to %s", rsync_friendly_name);
+        LOCK (&priv->lock);
+        {
+                if (priv->extra_regex_valid) {
+                        len = strlen(name) + 1;
+                        rsync_friendly_name = alloca(len);
+                        munged = dht_munge_name (name, rsync_friendly_name, len,
+                                                 &priv->extra_regex);
+                }
+
+                if (!munged && priv->rsync_regex_valid) {
+                        len = strlen(name) + 1;
+                        rsync_friendly_name = alloca(len);
+                        gf_msg_trace (this->name, 0, "trying regex for %s",
+                                      name);
+                        munged = dht_munge_name (name, rsync_friendly_name, len,
+                                                 &priv->rsync_regex);
+                        if (munged) {
+                                gf_msg_debug (this->name, 0,
+                                              "munged down to %s",
+                                              rsync_friendly_name);
+                        }
                 }
         }
+        UNLOCK (&priv->lock);
 
         if (!munged) {
                 rsync_friendly_name = (char *)name;
author	Raghavendra G <rgowdapp@redhat.com>	2016-11-08 12:09:57 +0530
committer	Shyamsundar Ranganathan <srangana@redhat.com>	2016-12-08 09:56:41 -0800
commit	64451d0f25e7cc7aafc1b6589122648281e4310a (patch)
tree	c3eba861ae8124ac20217927cf0719ec5d3d0b18 /xlators/cluster/dht/src/dht-hashfn.c
parent	58a58e706da73ee751b7cd98c23e6675667fefdb (diff)