liyinshu has uploaded this change for review.

View Change

Fix crash at inc/dec_state_t_ref

If state's ref count is 1, reproduce crash as follows:
thread1: nfs4_op_close.c:180 inc ref to 2.
thread2: nfs4_op_lock:178 inc ref to 3.
thread1: nfs4_op_close.c:306 dec ref to 2.
thread1: nfs4_op_close.c:336 dec ref to 1.
thread2: nfs4_op_lock.c:742 dec ref to 0 and free this state.
thread3: nfs4_op_read.c:465 inc ref of this freed state.
So get openstate from hashtable every time.

Change-Id: Ib5782c6cab422df1131748dfd552ff38dbb9d8c3
Signed-off-by: liyinshu <liyinshu@bytedance.com>
---
M src/FSAL/commonlib.c
M src/Protocols/NFS/nfs4_op_allocate.c
M src/Protocols/NFS/nfs4_op_lock.c
M src/Protocols/NFS/nfs4_op_read.c
M src/Protocols/NFS/nfs4_op_setattr.c
M src/Protocols/NFS/nfs4_op_write.c
M src/SAL/nfs4_state.c
M src/include/FSAL/fsal_commonlib.h
M src/include/sal_data.h
9 files changed, 85 insertions(+), 41 deletions(-)

git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/08/542008/1

To view, visit change 542008. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: ffilz/nfs-ganesha
Gerrit-Branch: next
Gerrit-Change-Id: Ib5782c6cab422df1131748dfd552ff38dbb9d8c3
Gerrit-Change-Number: 542008
Gerrit-PatchSet: 1
Gerrit-Owner: liyinshu <liyinshu@bytedance.com>
Gerrit-MessageType: newchange