[Nfs-ganesha-devel] Change in ffilz/nfs-ganesha[next]: FSAL_MEM - Handle links

From Daniel Gryniewicz <dang(a)redhat.com&gt;: Daniel Gryniewicz has uploaded this change for review. ( https://review.gerrithub.io/414273 Change subject: FSAL_MEM - Handle links ...................................................................... FSAL_MEM - Handle links Links cause problems for MEM, because you have multiple references to the same object. This can result in MDCACHE having multiple entries pointing to the same sub_handle, causing use-after-free when the two entries are released. It works like this: mde_A = lookup(OLDNAME) mde_A->link(NEWNAME) fsal_remove(NEWNAME) // At this point, mde_A is unreachable fsal_remove(OLDNAME) // This creates a new handle, mde_B, pointing to sub_hdl. Then it unlink()s, then put()s, causing mde_B's ref to go to zero, calling sub_hdl->release(), and sub_hdl is freed. mde_A->put_ref() // sub_hdl was already freed, but this calls release again To fix this, implement full refcounting for FSAL_MEM handles, and increment the ref on lookup(), and dec it on release(). Change-Id: I2cfcc8f125aa8de1b7c6245389c27d20eed210e2 Signed-off-by: Daniel Gryniewicz <dang(a)redhat.com&gt; --- M src/FSAL/FSAL_MEM/mem_handle.c M src/FSAL/FSAL_MEM/mem_int.h M src/include/gsh_lttng/fsal_mem.h 3 files changed, 310 insertions(+), 74 deletions(-) git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/73/414273/1 -- To view, visit https://review.gerrithub.io/414273 To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings Gerrit-Project: ffilz/nfs-ganesha Gerrit-Branch: next Gerrit-MessageType: newchange Gerrit-Change-Id: I2cfcc8f125aa8de1b7c6245389c27d20eed210e2 Gerrit-Change-Number: 414273 Gerrit-PatchSet: 1 Gerrit-Owner: Daniel Gryniewicz <dang(a)redhat.com&gt;