Bug 764939 - (GLUSTER-3207) Null-pointer race in glusterfs_mgmt_init
Null-pointer race in glusterfs_mgmt_init
Product: GlusterFS
Classification: Community
Component: glusterd (Show other bugs)
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Amar Tumballi
Depends On:
  Show dependency treegraph
Reported: 2011-07-20 15:14 EDT by Jeff Darcy
Modified: 2015-12-01 11:45 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions: master
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jeff Darcy 2011-07-20 15:14:08 EDT
I noticed during the development of the transport-multithreading patch (now part of the SSL-transport patch) that glusterfs_mgmt_init calls rpc_clnt_register_notify with mgmt_rpc_notify as an argument before it sets ctx->mgmt to a non-null value.  That is incorrect, because mgmt_rpc_notify does try to dereference through that pointer.  In my case it was being called immediately, and crashing on the null dereference.  Moving the assignment in glusterfs_mgmt_init up a few lines seems correct, and resolved the issue.
Comment 1 Anand Avati 2011-07-28 04:16:16 EDT
CHANGE: http://review.gluster.com/77 (this is required because if 'CONNECT' event comes before the clnt_start()) merged in master by Anand Avati (avati@gluster.com)
Comment 2 Amar Tumballi 2011-07-28 04:49:21 EDT
Fix committed to only master branch. For other branch, we can backport it if we see some issues.
Comment 3 Raghavendra Bhat 2011-08-22 00:52:13 EDT
        /* This value should be set before doing the 'rpc_clnt_start()' as                                                                    
           the notify function uses this variable */
	ctx->mgmt = rpc;

The above piece of code ensures that ctx->mgmt is being set to a non NULL value.

Note You need to log in before you can comment on or make changes to this bug.