Bug 1346751

Summary: Unsafe access to inode->fd_list
Product: [Community] GlusterFS Reporter: Xavi Hernandez <jahernan>
Component: distributeAssignee: Xavi Hernandez <jahernan>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.7.11CC: bugs, pkarampu
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: glusterfs-3.7.12 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1344340 Environment:
Last Closed: 2016-06-28 12:20:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1344340    
Bug Blocks:    

Description Xavi Hernandez 2016-06-15 09:55:39 UTC 
+++ This bug was initially created as a clone of Bug #1344340 +++

Description of problem:

Access to inode->fd_list should be done while being protected with inode->lock. All fd got from the list should be referenced before releasing the lock if they are used later.

Version-Release number of selected component (if applicable): mainline


How reproducible:

Steps to Reproduce:
1. 
2.
3.

Actual results:


Expected results:


Additional info:

--- Additional comment from Vijay Bellur on 2016-06-09 17:13:09 CEST ---

REVIEW: http://review.gluster.org/14682 (cluster/dht: Fix unsafe iteration on inode->fd_list) posted (#1) for review on master by Xavier Hernandez (xhernandez)

--- Additional comment from Vijay Bellur on 2016-06-09 17:38:46 CEST ---

REVIEW: http://review.gluster.org/14682 (cluster/dht: Fix unsafe iteration on inode->fd_list) posted (#2) for review on master by Xavier Hernandez (xhernandez)

--- Additional comment from Vijay Bellur on 2016-06-15 11:04:35 CEST ---

COMMIT: http://review.gluster.org/14682 committed in master by Raghavendra G (rgowdapp) 
------
commit 4c08d36e7c6f189499f2340eb529b7f4ceff57f6
Author: Xavier Hernandez <xhernandez>
Date:   Thu Jun 9 16:53:19 2016 +0200

    cluster/dht: Fix unsafe iteration on inode->fd_list
    
    When DHT traverses the inode->fd_list, it does that in an unsafe
    way that can generate races with fd_unref() called from other threads.
    
    This patch fixes this problem taking the inode->lock and adding a
    reference to the fd while it's being used outside of the mutex
    protected region.
    
    A minor change in storage/posix has been done to also access the
    inode->fd_list in a safe way.
    
    Change-Id: I10d469ca6a8f76e950a8c9779ae9c8b70f88ef93
    BUG: 1344340
    Signed-off-by: Xavier Hernandez <xhernandez>
    Reviewed-on: http://review.gluster.org/14682
    CentOS-regression: Gluster Build System <jenkins.org>
    Smoke: Gluster Build System <jenkins.org>
    NetBSD-regression: NetBSD Build System <jenkins.org>
    Reviewed-by: Raghavendra G <rgowdapp>
Comment 1 Vijay Bellur 2016-06-15 10:00:34 UTC 
REVIEW: http://review.gluster.org/14734 (cluster/dht: Fix unsafe iteration on inode->fd_list) posted (#1) for review on release-3.7 by Xavier Hernandez (xhernandez)
Comment 2 Vijay Bellur 2016-06-24 10:20:08 UTC 
COMMIT: http://review.gluster.org/14734 committed in release-3.7 by Kaushal M (kaushal) 
------
commit ed16cfb0455e41ee39addf6b3cdacdbe0d98308a
Author: Xavier Hernandez <xhernandez>
Date:   Thu Jun 9 16:53:19 2016 +0200

    cluster/dht: Fix unsafe iteration on inode->fd_list
    
    When DHT traverses the inode->fd_list, it does that in an unsafe
    way that can generate races with fd_unref() called from other threads.
    
    This patch fixes this problem taking the inode->lock and adding a
    reference to the fd while it's being used outside of the mutex
    protected region.
    
    A minor change in storage/posix has been done to also access the
    inode->fd_list in a safe way.
    
    Backport of:
    > Change-Id: I10d469ca6a8f76e950a8c9779ae9c8b70f88ef93
    > BUG: 1344340
    > Signed-off-by: Xavier Hernandez <xhernandez>
    > Reviewed-on: http://review.gluster.org/14682
    > CentOS-regression: Gluster Build System <jenkins.org>
    > Smoke: Gluster Build System <jenkins.org>
    > NetBSD-regression: NetBSD Build System <jenkins.org>
    > Reviewed-by: Raghavendra G <rgowdapp>
    
    Change-Id: I10d469ca6a8f76e950a8c9779ae9c8b70f88ef93
    BUG: 1346751
    Signed-off-by: Xavier Hernandez <xhernandez>
    Reviewed-on: http://review.gluster.org/14734
    Smoke: Gluster Build System <jenkins.org>
    NetBSD-regression: NetBSD Build System <jenkins.org>
    CentOS-regression: Gluster Build System <jenkins.org>
    Reviewed-by: Raghavendra G <rgowdapp>
Comment 3 Kaushal 2016-06-28 12:20:15 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.12, please open a new bug report.

glusterfs-3.7.12 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] https://www.gluster.org/pipermail/gluster-devel/2016-June/049918.html
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user