Bug 1344340

Summary: Unsafe access to inode->fd_list
Product: [Community] GlusterFS Reporter: Xavi Hernandez <jahernan>
Component: distributeAssignee: Xavi Hernandez <jahernan>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: unspecified    
Version: mainlineCC: bugs, pkarampu
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: glusterfs-3.9.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1346750 1346751 (view as bug list) Environment:
Last Closed: 2016-11-23 07:21:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1346750, 1346751    

Description Xavi Hernandez 2016-06-09 12:48:36 UTC 
Description of problem:

Access to inode->fd_list should be done while being protected with inode->lock. All fd got from the list should be referenced before releasing the lock if they are used later.

Version-Release number of selected component (if applicable): mainline


How reproducible:

Steps to Reproduce:
1. 
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Vijay Bellur 2016-06-09 15:13:09 UTC 
REVIEW: http://review.gluster.org/14682 (cluster/dht: Fix unsafe iteration on inode->fd_list) posted (#1) for review on master by Xavier Hernandez (xhernandez)
Comment 2 Vijay Bellur 2016-06-09 15:38:46 UTC 
REVIEW: http://review.gluster.org/14682 (cluster/dht: Fix unsafe iteration on inode->fd_list) posted (#2) for review on master by Xavier Hernandez (xhernandez)
Comment 3 Vijay Bellur 2016-06-15 09:04:35 UTC 
COMMIT: http://review.gluster.org/14682 committed in master by Raghavendra G (rgowdapp) 
------
commit 4c08d36e7c6f189499f2340eb529b7f4ceff57f6
Author: Xavier Hernandez <xhernandez>
Date:   Thu Jun 9 16:53:19 2016 +0200

    cluster/dht: Fix unsafe iteration on inode->fd_list
    
    When DHT traverses the inode->fd_list, it does that in an unsafe
    way that can generate races with fd_unref() called from other threads.
    
    This patch fixes this problem taking the inode->lock and adding a
    reference to the fd while it's being used outside of the mutex
    protected region.
    
    A minor change in storage/posix has been done to also access the
    inode->fd_list in a safe way.
    
    Change-Id: I10d469ca6a8f76e950a8c9779ae9c8b70f88ef93
    BUG: 1344340
    Signed-off-by: Xavier Hernandez <xhernandez>
    Reviewed-on: http://review.gluster.org/14682
    CentOS-regression: Gluster Build System <jenkins.org>
    Smoke: Gluster Build System <jenkins.org>
    NetBSD-regression: NetBSD Build System <jenkins.org>
    Reviewed-by: Raghavendra G <rgowdapp>