diff options
| author | Pranith Kumar K <pkarampu@redhat.com> | 2015-11-26 09:58:39 +0530 |
|---|---|---|
| committer | Venky Shankar <vshankar@redhat.com> | 2015-11-26 20:04:47 -0800 |
| commit | 391e78cbaa727bdd274cf84d1d9683613c8cab6c (patch) | |
| tree | 977674629b7e96c2608b233f0a6891204c9cc6e7 /xlators/features/bit-rot | |
| parent | aa775565bf7302d98da66e49ed063aab1698b282 (diff) | |
features/bit-rot: Fix NULL dereference
Backport of http://review.gluster.org/12754
Problem:
By the time br_stub_worker is accessing this->private in it's
thread, 'init' may not have set 'this->private = priv'. This
leads to NULL dereference leading to brick crash.
Fix:
Set this->private before launching these threads.
BUG: 1285758
Change-Id: I8a9234c4f96b0e5ea78f5b336369ec41f5a120ef
Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
Reviewed-on: http://review.gluster.org/12764
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Diffstat (limited to 'xlators/features/bit-rot')
| -rw-r--r-- | xlators/features/bit-rot/src/stub/bit-rot-stub.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/xlators/features/bit-rot/src/stub/bit-rot-stub.c b/xlators/features/bit-rot/src/stub/bit-rot-stub.c index 12ea611aa11..39dddcd0ccc 100644 --- a/xlators/features/bit-rot/src/stub/bit-rot-stub.c +++ b/xlators/features/bit-rot/src/stub/bit-rot-stub.c @@ -159,7 +159,12 @@ init (xlator_t *this) pthread_cond_init (&priv->cond, NULL); INIT_LIST_HEAD (&priv->squeue); - ret = gf_thread_create (&priv->signth, NULL, br_stub_signth, priv); + /* Thread creations need 'this' to be passed so that THIS can be + * assigned inside the thread. So setting this->private here. + */ + this->private = priv; + + ret = gf_thread_create (&priv->signth, NULL, br_stub_signth, this); if (ret != 0) goto cleanup_lock; @@ -170,8 +175,6 @@ init (xlator_t *this) goto cleanup_lock; } - this->private = priv; - gf_msg_debug (this->name, 0, "bit-rot stub loaded"); return 0; @@ -183,6 +186,7 @@ init (xlator_t *this) mem_pool_destroy (priv->local_pool); free_priv: GF_FREE (priv); + this->private = NULL; error_return: return -1; } @@ -763,9 +767,11 @@ br_stub_perform_objsign (call_frame_t *frame, xlator_t *this, void * br_stub_signth (void *arg) { - br_stub_private_t *priv = arg; + xlator_t *this = arg; + br_stub_private_t *priv = this->private; struct br_stub_signentry *sigstub = NULL; + THIS = this; while (1) { pthread_mutex_lock (&priv->lock); { |