|
Packit Service |
150ff0 |
From cddd253c5e3f0a7c3b91c35cea8ad1921cb43b98 Mon Sep 17 00:00:00 2001
|
|
Packit Service |
150ff0 |
From: Kinglong Mee <kinglongmee@gmail.com>
|
|
Packit Service |
150ff0 |
Date: Thu, 18 Jul 2019 11:43:01 +0800
|
|
Packit Service |
150ff0 |
Subject: [PATCH 454/456] features/locks: avoid use after freed of frame for
|
|
Packit Service |
150ff0 |
blocked lock
|
|
Packit Service |
150ff0 |
|
|
Packit Service |
150ff0 |
The fop contains blocked lock may use freed frame info when other
|
|
Packit Service |
150ff0 |
unlock fop has unwind the blocked lock.
|
|
Packit Service |
150ff0 |
|
|
Packit Service |
150ff0 |
Because the blocked lock is added to block list in inode lock(or
|
|
Packit Service |
150ff0 |
other lock), after that, when out of the inode lock, the fop
|
|
Packit Service |
150ff0 |
contains the blocked lock should not use it.
|
|
Packit Service |
150ff0 |
|
|
Packit Service |
150ff0 |
Upstream Patch - https://review.gluster.org/#/c/glusterfs/+/23155/
|
|
Packit Service |
150ff0 |
|
|
Packit Service |
150ff0 |
>Change-Id: Icb309a1cc78380dc982b26d50c18d67e4f2c8915
|
|
Packit Service |
150ff0 |
>fixes: bz#1737291
|
|
Packit Service |
150ff0 |
>Signed-off-by: Kinglong Mee <mijinlong@horiscale.com>
|
|
Packit Service |
150ff0 |
|
|
Packit Service |
150ff0 |
Change-Id: Icb309a1cc78380dc982b26d50c18d67e4f2c8915
|
|
Packit Service |
150ff0 |
BUG: 1812789
|
|
Packit Service |
150ff0 |
Reviewed-on: https://code.engineering.redhat.com/gerrit/206465
|
|
Packit Service |
150ff0 |
Tested-by: RHGS Build Bot <nigelb@redhat.com>
|
|
Packit Service |
150ff0 |
Reviewed-by: Xavi Hernandez Juan <xhernandez@redhat.com>
|
|
Packit Service |
150ff0 |
---
|
|
Packit Service |
150ff0 |
xlators/features/locks/src/common.c | 4 ++++
|
|
Packit Service |
150ff0 |
xlators/features/locks/src/entrylk.c | 4 ++--
|
|
Packit Service |
150ff0 |
xlators/features/locks/src/inodelk.c | 7 +++++--
|
|
Packit Service |
150ff0 |
xlators/features/locks/src/posix.c | 5 +++--
|
|
Packit Service |
150ff0 |
xlators/features/locks/src/reservelk.c | 2 --
|
|
Packit Service |
150ff0 |
5 files changed, 14 insertions(+), 8 deletions(-)
|
|
Packit Service |
150ff0 |
|
|
Packit Service |
150ff0 |
diff --git a/xlators/features/locks/src/common.c b/xlators/features/locks/src/common.c
|
|
Packit Service |
150ff0 |
index 6e7fb4b..1406e70 100644
|
|
Packit Service |
150ff0 |
--- a/xlators/features/locks/src/common.c
|
|
Packit Service |
150ff0 |
+++ b/xlators/features/locks/src/common.c
|
|
Packit Service |
150ff0 |
@@ -1080,6 +1080,10 @@ pl_setlk(xlator_t *this, pl_inode_t *pl_inode, posix_lock_t *lock,
|
|
Packit Service |
150ff0 |
lock->fl_type == F_UNLCK ? "Unlock" : "Lock",
|
|
Packit Service |
150ff0 |
lock->client_pid, lkowner_utoa(&lock->owner),
|
|
Packit Service |
150ff0 |
lock->user_flock.l_start, lock->user_flock.l_len);
|
|
Packit Service |
150ff0 |
+
|
|
Packit Service |
150ff0 |
+ pl_trace_block(this, lock->frame, NULL, NULL, F_SETLKW,
|
|
Packit Service |
150ff0 |
+ &lock->user_flock, NULL);
|
|
Packit Service |
150ff0 |
+
|
|
Packit Service |
150ff0 |
lock->blocked = 1;
|
|
Packit Service |
150ff0 |
__insert_lock(pl_inode, lock);
|
|
Packit Service |
150ff0 |
ret = -1;
|
|
Packit Service |
150ff0 |
diff --git a/xlators/features/locks/src/entrylk.c b/xlators/features/locks/src/entrylk.c
|
|
Packit Service |
150ff0 |
index ced5eca..93c649c 100644
|
|
Packit Service |
150ff0 |
--- a/xlators/features/locks/src/entrylk.c
|
|
Packit Service |
150ff0 |
+++ b/xlators/features/locks/src/entrylk.c
|
|
Packit Service |
150ff0 |
@@ -552,6 +552,8 @@ __lock_blocked_add(xlator_t *this, pl_inode_t *pinode, pl_dom_list_t *dom,
|
|
Packit Service |
150ff0 |
gf_msg_trace(this->name, 0, "Blocking lock: {pinode=%p, basename=%s}",
|
|
Packit Service |
150ff0 |
pinode, lock->basename);
|
|
Packit Service |
150ff0 |
|
|
Packit Service |
150ff0 |
+ entrylk_trace_block(this, lock->frame, NULL, NULL, NULL, lock->basename,
|
|
Packit Service |
150ff0 |
+ ENTRYLK_LOCK, lock->type);
|
|
Packit Service |
150ff0 |
out:
|
|
Packit Service |
150ff0 |
return -EAGAIN;
|
|
Packit Service |
150ff0 |
}
|
|
Packit Service |
150ff0 |
@@ -932,8 +934,6 @@ out:
|
|
Packit Service |
150ff0 |
op_ret, op_errno);
|
|
Packit Service |
150ff0 |
unwind:
|
|
Packit Service |
150ff0 |
STACK_UNWIND_STRICT(entrylk, frame, op_ret, op_errno, NULL);
|
|
Packit Service |
150ff0 |
- } else {
|
|
Packit Service |
150ff0 |
- entrylk_trace_block(this, frame, volume, fd, loc, basename, cmd, type);
|
|
Packit Service |
150ff0 |
}
|
|
Packit Service |
150ff0 |
|
|
Packit Service |
150ff0 |
if (pcontend != NULL) {
|
|
Packit Service |
150ff0 |
diff --git a/xlators/features/locks/src/inodelk.c b/xlators/features/locks/src/inodelk.c
|
|
Packit Service |
150ff0 |
index a9c42f1..24dee49 100644
|
|
Packit Service |
150ff0 |
--- a/xlators/features/locks/src/inodelk.c
|
|
Packit Service |
150ff0 |
+++ b/xlators/features/locks/src/inodelk.c
|
|
Packit Service |
150ff0 |
@@ -420,6 +420,8 @@ __lock_blocked_add(xlator_t *this, pl_dom_list_t *dom, pl_inode_lock_t *lock,
|
|
Packit Service |
150ff0 |
lkowner_utoa(&lock->owner), lock->user_flock.l_start,
|
|
Packit Service |
150ff0 |
lock->user_flock.l_len);
|
|
Packit Service |
150ff0 |
|
|
Packit Service |
150ff0 |
+ pl_trace_block(this, lock->frame, NULL, NULL, F_SETLKW, &lock->user_flock,
|
|
Packit Service |
150ff0 |
+ lock->volume);
|
|
Packit Service |
150ff0 |
out:
|
|
Packit Service |
150ff0 |
return -EAGAIN;
|
|
Packit Service |
150ff0 |
}
|
|
Packit Service |
150ff0 |
@@ -959,6 +961,7 @@ pl_common_inodelk(call_frame_t *frame, xlator_t *this, const char *volume,
|
|
Packit Service |
150ff0 |
int ret = -1;
|
|
Packit Service |
150ff0 |
GF_UNUSED int dict_ret = -1;
|
|
Packit Service |
150ff0 |
int can_block = 0;
|
|
Packit Service |
150ff0 |
+ short lock_type = 0;
|
|
Packit Service |
150ff0 |
pl_inode_t *pinode = NULL;
|
|
Packit Service |
150ff0 |
pl_inode_lock_t *reqlock = NULL;
|
|
Packit Service |
150ff0 |
pl_dom_list_t *dom = NULL;
|
|
Packit Service |
150ff0 |
@@ -1024,13 +1027,13 @@ pl_common_inodelk(call_frame_t *frame, xlator_t *this, const char *volume,
|
|
Packit Service |
150ff0 |
/* fall through */
|
|
Packit Service |
150ff0 |
|
|
Packit Service |
150ff0 |
case F_SETLK:
|
|
Packit Service |
150ff0 |
+ lock_type = flock->l_type;
|
|
Packit Service |
150ff0 |
memcpy(&reqlock->user_flock, flock, sizeof(struct gf_flock));
|
|
Packit Service |
150ff0 |
ret = pl_inode_setlk(this, ctx, pinode, reqlock, can_block, dom,
|
|
Packit Service |
150ff0 |
inode);
|
|
Packit Service |
150ff0 |
|
|
Packit Service |
150ff0 |
if (ret < 0) {
|
|
Packit Service |
150ff0 |
- if ((can_block) && (F_UNLCK != flock->l_type)) {
|
|
Packit Service |
150ff0 |
- pl_trace_block(this, frame, fd, loc, cmd, flock, volume);
|
|
Packit Service |
150ff0 |
+ if ((can_block) && (F_UNLCK != lock_type)) {
|
|
Packit Service |
150ff0 |
goto out;
|
|
Packit Service |
150ff0 |
}
|
|
Packit Service |
150ff0 |
gf_log(this->name, GF_LOG_TRACE, "returning EAGAIN");
|
|
Packit Service |
150ff0 |
diff --git a/xlators/features/locks/src/posix.c b/xlators/features/locks/src/posix.c
|
|
Packit Service |
150ff0 |
index 50f1265..7887b82 100644
|
|
Packit Service |
150ff0 |
--- a/xlators/features/locks/src/posix.c
|
|
Packit Service |
150ff0 |
+++ b/xlators/features/locks/src/posix.c
|
|
Packit Service |
150ff0 |
@@ -2557,6 +2557,7 @@ pl_lk(call_frame_t *frame, xlator_t *this, fd_t *fd, int32_t cmd,
|
|
Packit Service |
150ff0 |
uint32_t lk_flags = 0;
|
|
Packit Service |
150ff0 |
posix_locks_private_t *priv = this->private;
|
|
Packit Service |
150ff0 |
pl_local_t *local = NULL;
|
|
Packit Service |
150ff0 |
+ short lock_type = 0;
|
|
Packit Service |
150ff0 |
|
|
Packit Service |
150ff0 |
int ret = dict_get_uint32(xdata, GF_LOCK_MODE, &lk_flags);
|
|
Packit Service |
150ff0 |
if (ret == 0) {
|
|
Packit Service |
150ff0 |
@@ -2701,6 +2702,7 @@ pl_lk(call_frame_t *frame, xlator_t *this, fd_t *fd, int32_t cmd,
|
|
Packit Service |
150ff0 |
case F_SETLK:
|
|
Packit Service |
150ff0 |
reqlock->frame = frame;
|
|
Packit Service |
150ff0 |
reqlock->this = this;
|
|
Packit Service |
150ff0 |
+ lock_type = flock->l_type;
|
|
Packit Service |
150ff0 |
|
|
Packit Service |
150ff0 |
pthread_mutex_lock(&pl_inode->mutex);
|
|
Packit Service |
150ff0 |
{
|
|
Packit Service |
150ff0 |
@@ -2738,8 +2740,7 @@ pl_lk(call_frame_t *frame, xlator_t *this, fd_t *fd, int32_t cmd,
|
|
Packit Service |
150ff0 |
|
|
Packit Service |
150ff0 |
ret = pl_setlk(this, pl_inode, reqlock, can_block);
|
|
Packit Service |
150ff0 |
if (ret == -1) {
|
|
Packit Service |
150ff0 |
- if ((can_block) && (F_UNLCK != flock->l_type)) {
|
|
Packit Service |
150ff0 |
- pl_trace_block(this, frame, fd, NULL, cmd, flock, NULL);
|
|
Packit Service |
150ff0 |
+ if ((can_block) && (F_UNLCK != lock_type)) {
|
|
Packit Service |
150ff0 |
goto out;
|
|
Packit Service |
150ff0 |
}
|
|
Packit Service |
150ff0 |
gf_log(this->name, GF_LOG_DEBUG, "returning EAGAIN");
|
|
Packit Service |
150ff0 |
diff --git a/xlators/features/locks/src/reservelk.c b/xlators/features/locks/src/reservelk.c
|
|
Packit Service |
150ff0 |
index 51076d7..604691f 100644
|
|
Packit Service |
150ff0 |
--- a/xlators/features/locks/src/reservelk.c
|
|
Packit Service |
150ff0 |
+++ b/xlators/features/locks/src/reservelk.c
|
|
Packit Service |
150ff0 |
@@ -312,8 +312,6 @@ grant_blocked_lock_calls(xlator_t *this, pl_inode_t *pl_inode)
|
|
Packit Service |
150ff0 |
ret = pl_setlk(this, pl_inode, lock, can_block);
|
|
Packit Service |
150ff0 |
if (ret == -1) {
|
|
Packit Service |
150ff0 |
if (can_block) {
|
|
Packit Service |
150ff0 |
- pl_trace_block(this, lock->frame, fd, NULL, cmd,
|
|
Packit Service |
150ff0 |
- &lock->user_flock, NULL);
|
|
Packit Service |
150ff0 |
continue;
|
|
Packit Service |
150ff0 |
} else {
|
|
Packit Service |
150ff0 |
gf_log(this->name, GF_LOG_DEBUG, "returning EAGAIN");
|
|
Packit Service |
150ff0 |
--
|
|
Packit Service |
150ff0 |
1.8.3.1
|
|
Packit Service |
150ff0 |
|