From 147b3871180a699a642767d0cc0ea00fa69a33c8 Mon Sep 17 00:00:00 2001
From: Ravishankar N <ravishankar@redhat.com>
Date: Wed, 11 Mar 2015 16:41:06 +0530
Subject: afr: exit out of stack winds in for loops if call_count is zero

....in order to avoid a race where the fop cbk frees the frame's local
variables and the fop tries to access it at a later point in time.

Change-Id: I91d2696e5e183c61ea1368b3a538f9ed7f3851de
BUG: 1200764
Signed-off-by: Ravishankar N <ravishankar@redhat.com>
Reviewed-on: http://review.gluster.org/9856
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: pranith karampuri <pranith.k@gmail.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
---
 xlators/cluster/afr/src/afr-dir-write.c        | 4 ++++
 xlators/cluster/afr/src/afr-open.c             | 4 ++++
 xlators/cluster/afr/src/afr-self-heal-common.c | 2 ++
 xlators/cluster/afr/src/afr-self-heal-data.c   | 6 ++++--
 xlators/cluster/afr/src/afr-self-heal-entry.c  | 4 ++--
 5 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/xlators/cluster/afr/src/afr-dir-write.c b/xlators/cluster/afr/src/afr-dir-write.c
index f996181cd2e..3bf9facd610 100644
--- a/xlators/cluster/afr/src/afr-dir-write.c
+++ b/xlators/cluster/afr/src/afr-dir-write.c
@@ -147,6 +147,7 @@ afr_mark_new_entry_changelog (call_frame_t *frame, xlator_t *this)
         afr_private_t *priv       = NULL;
         dict_t        **xattr     = NULL;
         int32_t       **changelog = NULL;
+        int           call_count  = -1;
         int           i           = 0;
         GF_UNUSED int op_errno    = 0;
 
@@ -186,6 +187,7 @@ afr_mark_new_entry_changelog (call_frame_t *frame, xlator_t *this)
         uuid_copy (new_local->loc.gfid, local->cont.dir_fop.buf.ia_gfid);
         new_local->loc.inode = inode_ref (local->cont.dir_fop.inode);
         new_local->call_count = local->success_count;
+        call_count = new_local->call_count;
 
         for (i = 0; i < priv->child_count; i++) {
                 if (local->child_errno[i])
@@ -197,6 +199,8 @@ afr_mark_new_entry_changelog (call_frame_t *frame, xlator_t *this)
                                    priv->children[i]->fops->xattrop,
                                    &new_local->loc, GF_XATTROP_ADD_ARRAY,
                                    xattr[i], NULL);
+                if (!--call_count)
+                        break;
         }
         new_frame = NULL;
 out:
diff --git a/xlators/cluster/afr/src/afr-open.c b/xlators/cluster/afr/src/afr-open.c
index ccfd655eebb..9e49857508a 100644
--- a/xlators/cluster/afr/src/afr-open.c
+++ b/xlators/cluster/afr/src/afr-open.c
@@ -304,6 +304,7 @@ afr_fix_open (xlator_t *this, fd_t *fd, size_t need_open_count, int *need_open)
         int           ret      = -1;
         int32_t       op_errno = 0;
         afr_fd_ctx_t  *fd_ctx  = NULL;
+        int call_count         = -1;
 
         priv  = this->private;
 
@@ -335,6 +336,7 @@ afr_fix_open (xlator_t *this, fd_t *fd, size_t need_open_count, int *need_open)
 
         local->fd = fd_ref (fd);
         local->call_count = need_open_count;
+        call_count = need_open_count;
 
         gf_log (this->name, GF_LOG_DEBUG, "need open count: %zd",
                 need_open_count);
@@ -367,6 +369,8 @@ afr_fix_open (xlator_t *this, fd_t *fd, size_t need_open_count, int *need_open)
                                            fd_ctx->flags & (~O_TRUNC),
                                            local->fd, NULL);
                 }
+                if (!--call_count)
+                        break;
 
         }
         op_errno = 0;
diff --git a/xlators/cluster/afr/src/afr-self-heal-common.c b/xlators/cluster/afr/src/afr-self-heal-common.c
index 0e031f39ebb..ec1a47f4e58 100644
--- a/xlators/cluster/afr/src/afr-self-heal-common.c
+++ b/xlators/cluster/afr/src/afr-self-heal-common.c
@@ -2679,6 +2679,8 @@ afr_sh_erase_pending (call_frame_t *frame, xlator_t *this,
                                            GF_XATTROP_ADD_ARRAY, erase_xattr[i],
                                            NULL);
                 }
+                if (!--call_count)
+                        break;
         }
 
         ret = 0;
diff --git a/xlators/cluster/afr/src/afr-self-heal-data.c b/xlators/cluster/afr/src/afr-self-heal-data.c
index f85e7247be4..d7c112d132f 100644
--- a/xlators/cluster/afr/src/afr-self-heal-data.c
+++ b/xlators/cluster/afr/src/afr-self-heal-data.c
@@ -497,6 +497,8 @@ afr_sh_data_fsync (call_frame_t *frame, xlator_t *this)
                                    (void *) (long) i, priv->children[i],
                                    priv->children[i]->fops->fsync,
                                    sh->healing_fd, 1, NULL);
+                if (!--call_count)
+                        break;
         }
 
         return 0;
@@ -1225,9 +1227,9 @@ afr_sh_data_fstat (call_frame_t *frame, xlator_t *this)
                                    priv->children[child],
                                    priv->children[child]->fops->fstat,
                                    sh->healing_fd, NULL);
-                --call_count;
+                if (!--call_count)
+                        break;
         }
-        GF_ASSERT (!call_count);
 out:
         GF_FREE (fstat_children);
         return 0;
diff --git a/xlators/cluster/afr/src/afr-self-heal-entry.c b/xlators/cluster/afr/src/afr-self-heal-entry.c
index 95398ccc5de..aa4aa4de5c3 100644
--- a/xlators/cluster/afr/src/afr-self-heal-entry.c
+++ b/xlators/cluster/afr/src/afr-self-heal-entry.c
@@ -982,9 +982,9 @@ afr_sh_entry_impunge_setattr (call_frame_t *impunge_frame, xlator_t *this)
                                    priv->children[i]->fops->setattr,
                                    &impunge_local->loc,
                                    &impunge_sh->entrybuf, valid, NULL);
-                call_count--;
+                if (!--call_count)
+                        break;
         }
-        GF_ASSERT (!call_count);
         return 0;
 out:
         if (setattr_frame)
-- 
cgit