[Bugs] [Bug 1195120] DHT + epoll : client crashed
bugzilla at redhat.com
bugzilla at redhat.com
Thu Feb 26 07:15:26 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1195120
--- Comment #3 from Anand Avati <aavati at redhat.com> ---
COMMIT: http://review.gluster.org/9729 committed in master by Raghavendra G
(rgowdapp at redhat.com)
------
commit 2a60854e8360309347236852989d520a04975e9c
Author: Raghavendra G <rgowdapp at redhat.com>
Date: Tue Feb 24 10:25:16 2015 +0530
cluster/dht: serialize execution of dht_discover_complete and
STACK_DESTROY (frame).
In the current code, dht_discover_complete can be invoked because of:
1. attempt_unwind is true
2. we are processing reply from the last subvolume
In scenario 1, following race is possible:
T1: calls dht_frame_return.
T2: calls dht_frame_return. This happens to be last call and hence it
invokes dht_discover_complete, goes ahead and destroys frame
T1: since attempt_unwind is true, calls
dht_discover_complete. However, since frame is already freed, call
to dht_discover_complete can result in a crash.
The fix is to make sure that destruction of the frame is done only by
the thread executing dht_discover_complete.
Change-Id: I45765b90c4a9d0af0b33f8911b564d99e12d099e
BUG: 1195120
Signed-off-by: Raghavendra G <rgowdapp at redhat.com>
Reviewed-on: http://review.gluster.org/9729
Tested-by: Gluster Build System <jenkins at build.gluster.com>
Reviewed-by: Shyamsundar Ranganathan <srangana at redhat.com>
Reviewed-by: N Balachandran <nbalacha at redhat.com>
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
More information about the Bugs
mailing list