Bug 764939 (GLUSTER-3207)

Summary: Null-pointer race in glusterfs_mgmt_init
Product: [Community] GlusterFS Reporter: Jeff Darcy <jdarcy>
Component: glusterdAssignee: Amar Tumballi <amarts>
Severity: medium Docs Contact:
Priority: medium    
Version: mainlineCC: gluster-bugs, rabhat, vijay, vraman
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: master Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Jeff Darcy 2011-07-20 15:14:08 EDT
I noticed during the development of the transport-multithreading patch (now part of the SSL-transport patch) that glusterfs_mgmt_init calls rpc_clnt_register_notify with mgmt_rpc_notify as an argument before it sets ctx->mgmt to a non-null value.  That is incorrect, because mgmt_rpc_notify does try to dereference through that pointer.  In my case it was being called immediately, and crashing on the null dereference.  Moving the assignment in glusterfs_mgmt_init up a few lines seems correct, and resolved the issue.
Comment 1 Anand Avati 2011-07-28 04:16:16 EDT
CHANGE: http://review.gluster.com/77 (this is required because if 'CONNECT' event comes before the clnt_start()) merged in master by Anand Avati (avati@gluster.com)
Comment 2 Amar Tumballi 2011-07-28 04:49:21 EDT
Fix committed to only master branch. For other branch, we can backport it if we see some issues.
Comment 3 Raghavendra Bhat 2011-08-22 00:52:13 EDT
        /* This value should be set before doing the 'rpc_clnt_start()' as                                                                    
           the notify function uses this variable */
	ctx->mgmt = rpc;

The above piece of code ensures that ctx->mgmt is being set to a non NULL value.