Red Hat Bugzilla – Full Text Bug Listing
|Summary:||Null-pointer race in glusterfs_mgmt_init|
|Product:||[Community] GlusterFS||Reporter:||Jeff Darcy <jdarcy>|
|Component:||glusterd||Assignee:||Amar Tumballi <amarts>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:|
|Version:||mainline||CC:||gluster-bugs, rabhat, vijay, vraman|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Jeff Darcy 2011-07-20 15:14:08 EDT
I noticed during the development of the transport-multithreading patch (now part of the SSL-transport patch) that glusterfs_mgmt_init calls rpc_clnt_register_notify with mgmt_rpc_notify as an argument before it sets ctx->mgmt to a non-null value. That is incorrect, because mgmt_rpc_notify does try to dereference through that pointer. In my case it was being called immediately, and crashing on the null dereference. Moving the assignment in glusterfs_mgmt_init up a few lines seems correct, and resolved the issue.
Comment 1 Anand Avati 2011-07-28 04:16:16 EDT
CHANGE: http://review.gluster.com/77 (this is required because if 'CONNECT' event comes before the clnt_start()) merged in master by Anand Avati (email@example.com)
Comment 2 Amar Tumballi 2011-07-28 04:49:21 EDT
Fix committed to only master branch. For other branch, we can backport it if we see some issues.
Comment 3 Raghavendra Bhat 2011-08-22 00:52:13 EDT
/* This value should be set before doing the 'rpc_clnt_start()' as the notify function uses this variable */ ctx->mgmt = rpc; The above piece of code ensures that ctx->mgmt is being set to a non NULL value.