diff options
Diffstat (limited to '0463-cluster-ec-Change-handling-of-heal-failure-to-avoid-.patch')
| -rw-r--r-- | 0463-cluster-ec-Change-handling-of-heal-failure-to-avoid-.patch | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/0463-cluster-ec-Change-handling-of-heal-failure-to-avoid-.patch b/0463-cluster-ec-Change-handling-of-heal-failure-to-avoid-.patch new file mode 100644 index 0000000..b47cdd1 --- /dev/null +++ b/0463-cluster-ec-Change-handling-of-heal-failure-to-avoid-.patch @@ -0,0 +1,87 @@ +From 7d87933f648092ae55d57a96fd06e3df975d764c Mon Sep 17 00:00:00 2001 +From: Ashish Pandey <aspandey@redhat.com> +Date: Tue, 18 Aug 2020 10:33:48 +0530 +Subject: [PATCH 463/465] cluster/ec: Change handling of heal failure to avoid + crash + +Problem: +ec_getxattr_heal_cbk was called with NULL as second argument +in case heal was failing. +This function was dereferencing "cookie" argument which caused crash. + +Solution: +Cookie is changed to carry the value that was supposed to be +stored in fop->data, so even in the case when fop is NULL in error +case, there won't be any NULL dereference. + +Thanks to Xavi for the suggestion about the fix. + +>Upstream patch: https://review.gluster.org/#/c/glusterfs/+/23050/ +>fixes: bz#1729085 + +Change-Id: I0798000d5cadb17c3c2fbfa1baf77033ffc2bb8c +BUG: 1852736 +Reviewed-on: https://code.engineering.redhat.com/gerrit/209012 +Tested-by: Ashish Pandey <aspandey@redhat.com> +Tested-by: RHGS Build Bot <nigelb@redhat.com> +Reviewed-by: Xavi Hernandez Juan <xhernandez@redhat.com> +--- + xlators/cluster/ec/src/ec-heal.c | 11 ++++++----- + xlators/cluster/ec/src/ec-inode-read.c | 4 ++-- + 2 files changed, 8 insertions(+), 7 deletions(-) + +diff --git a/xlators/cluster/ec/src/ec-heal.c b/xlators/cluster/ec/src/ec-heal.c +index 7d25853..6e6948b 100644 +--- a/xlators/cluster/ec/src/ec-heal.c ++++ b/xlators/cluster/ec/src/ec-heal.c +@@ -1966,7 +1966,7 @@ ec_manager_heal_block(ec_fop_data_t *fop, int32_t state) + + case EC_STATE_REPORT: + if (fop->cbks.heal) { +- fop->cbks.heal(fop->req_frame, fop, fop->xl, 0, 0, ++ fop->cbks.heal(fop->req_frame, fop->data, fop->xl, 0, 0, + (heal->good | heal->bad), heal->good, heal->bad, + 0, NULL); + } +@@ -2022,10 +2022,11 @@ ec_heal_block_done(call_frame_t *frame, void *cookie, xlator_t *this, + uintptr_t good, uintptr_t bad, uint32_t pending, + dict_t *xdata) + { +- ec_fop_data_t *fop = cookie; +- ec_heal_t *heal = fop->data; ++ ec_heal_t *heal = cookie; + +- fop->heal = NULL; ++ if (heal->fop) { ++ heal->fop->heal = NULL; ++ } + heal->fop = NULL; + heal->error = op_ret < 0 ? op_errno : 0; + syncbarrier_wake(heal->data); +@@ -2669,7 +2670,7 @@ ec_heal_do(xlator_t *this, void *data, loc_t *loc, int32_t partial) + out: + ec_reset_entry_healing(fop); + if (fop->cbks.heal) { +- fop->cbks.heal(fop->req_frame, fop, fop->xl, op_ret, op_errno, ++ fop->cbks.heal(fop->req_frame, fop->data, fop->xl, op_ret, op_errno, + ec_char_array_to_mask(participants, ec->nodes), + mgood & good, mbad & bad, pending, NULL); + } +diff --git a/xlators/cluster/ec/src/ec-inode-read.c b/xlators/cluster/ec/src/ec-inode-read.c +index e82e8f6..c50d0ad 100644 +--- a/xlators/cluster/ec/src/ec-inode-read.c ++++ b/xlators/cluster/ec/src/ec-inode-read.c +@@ -396,8 +396,8 @@ ec_getxattr_heal_cbk(call_frame_t *frame, void *cookie, xlator_t *xl, + uintptr_t good, uintptr_t bad, uint32_t pending, + dict_t *xdata) + { +- ec_fop_data_t *fop = cookie; +- fop_getxattr_cbk_t func = fop->data; ++ fop_getxattr_cbk_t func = cookie; ++ + ec_t *ec = xl->private; + dict_t *dict = NULL; + char *str; +-- +1.8.3.1 + |