From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 3338 invoked by alias); 10 Feb 2009 22:13:57 -0000 Received: (qmail 3331 invoked by alias); 10 Feb 2009 22:13:57 -0000 X-SWARE-Spam-Status: No, hits=-1.4 required=5.0 tests=AWL,BAYES_00,SPF_HELO_PASS X-Spam-Status: No, hits=-1.4 required=5.0 tests=AWL,BAYES_00,SPF_HELO_PASS X-Spam-Check-By: sourceware.org X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on bastion.fedora.phx.redhat.com Subject: cluster: RHEL5 - clogd: Fix bug 484968 - segfault in clogd To: cluster-cvs-relay@redhat.com X-Project: Cluster Project X-Git-Module: cluster.git X-Git-Refname: refs/heads/RHEL5 X-Git-Reftype: branch X-Git-Oldrev: 337f12b719cb5dfb279317d2d111954c5c5c0416 X-Git-Newrev: c9d6207f212f900f66c9c6990462bae328ede121 From: Jonathan Brassow Message-Id: <20090210221335.DE20B12011A@lists.fedorahosted.org> Date: Tue, 10 Feb 2009 22:13:00 -0000 X-Scanned-By: MIMEDefang 2.58 on 172.16.52.254 Mailing-List: contact cluster-cvs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: cluster-cvs-owner@sourceware.org X-SW-Source: 2009-q1/txt/msg00405.txt.bz2 Gitweb: http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=c9d6207f212f900f66c9c6990462bae328ede121 Commit: c9d6207f212f900f66c9c6990462bae328ede121 Parent: 337f12b719cb5dfb279317d2d111954c5c5c0416 Author: Jonathan Brassow AuthorDate: Tue Feb 10 16:11:43 2009 -0600 Committer: Jonathan Brassow CommitterDate: Tue Feb 10 16:11:43 2009 -0600 clogd: Fix bug 484968 - segfault in clogd If a mirror was started and then suspended very shortly after, the list of pent-up requests waiting for a checkpoint would be freed. If one of those requests was POSTSUSPEND, it would be processed and would also try to free the list of pent-up requests. Since this action was nested, the outer function would segfault because the list it was processing was free out from under it. Frequency of this is rare. --- cmirror/src/cluster.c | 10 +++++++++- 1 files changed, 9 insertions(+), 1 deletions(-) diff --git a/cmirror/src/cluster.c b/cmirror/src/cluster.c index d4ee730..e43edbe 100644 --- a/cmirror/src/cluster.c +++ b/cmirror/src/cluster.c @@ -1444,6 +1444,7 @@ static void abort_startup(struct clog_cpg *del) static int _destroy_cluster_cpg(struct clog_cpg *del) { int r; + int state; LOG_COND(log_resend_requests, "[%s] I am leaving.2.....", SHORT_UUID(del->name.value)); @@ -1455,10 +1456,17 @@ static int _destroy_cluster_cpg(struct clog_cpg *del) */ do_checkpoints(del); + state = del->state; + del->cpg_state = INVALID; del->state = LEAVING; - if (!list_empty(&del->startup_list)) + /* + * If the state is VALID, we might be processing the + * startup list. If so, we certainly don't want to + * clear the startup_list here by calling abort_startup + */ + if (!list_empty(&del->startup_list) && (state != VALID)) abort_startup(del); r = cpg_leave(del->handle, &del->name);