diff options
| author | Pranith Kumar K <pkarampu@redhat.com> | 2015-05-20 23:56:17 +0530 |
|---|---|---|
| committer | Pranith Kumar Karampuri <pkarampu@redhat.com> | 2015-05-21 06:08:17 -0700 |
| commit | 0910bab5e5b957e11f356d525eccccfd36d334f9 (patch) | |
| tree | 6fe365154b34dac20751191720139550d135d280 /xlators/cluster/ec/src/ec-common.c | |
| parent | a61c788de737f81b9c21b176a26e21a078176ed9 (diff) | |
cluster/ec: Fix use after free crash
ec_heal creates ec_fop_data but doesn't run ec_manager. ec_fop_data_allocate
adds this fop to ec->pending_fops, because ec_manager is not run on this heal
fop it is never removed from ec->pending_fops. When it is accessed after free
it leads to crash. It is better to not to add HEAL fops to ec->pending_fops
because we don't want graph switch to hang the mount because of a BIG
file/directory heal.
BUG: 1188145
Change-Id: I8abdc92f06e0563192300ca4abca3909efcca9c3
Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
Reviewed-on: http://review.gluster.org/10868
Reviewed-by: Xavier Hernandez <xhernandez@datalab.es>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra Bhat <raghavendra@redhat.com>
Diffstat (limited to 'xlators/cluster/ec/src/ec-common.c')
| -rw-r--r-- | xlators/cluster/ec/src/ec-common.c | 14 |
1 files changed, 0 insertions, 14 deletions
diff --git a/xlators/cluster/ec/src/ec-common.c b/xlators/cluster/ec/src/ec-common.c index 9f312e0c37c..374739ac6e0 100644 --- a/xlators/cluster/ec/src/ec-common.c +++ b/xlators/cluster/ec/src/ec-common.c @@ -1767,21 +1767,7 @@ void __ec_manager(ec_fop_data_t * fop, int32_t error) } if ((fop->state == EC_STATE_END) || (fop->state == -EC_STATE_END)) { - gf_boolean_t notify; - - LOCK(&ec->lock); - - list_del_init(&fop->pending_list); - notify = list_empty(&ec->pending_fops); - - UNLOCK(&ec->lock); - ec_fop_data_release(fop); - - if (notify) { - ec_pending_fops_completed(ec); - } - break; } |