This is the mail archive of the cluster-cvs@sourceware.org mailing list for the cluster.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

cluster: RHEL53 - clogd: Fix for bug 471448 - clogd segfault onclusters > 10 nodes

From: Jonathan Brassow <jbrassow at fedoraproject dot org>
To: cluster-cvs-relay at redhat dot com
Date: Thu, 20 Nov 2008 17:52:56 +0000 (UTC)
Subject: cluster: RHEL53 - clogd: Fix for bug 471448 - clogd segfault onclusters > 10 nodes

Gitweb:        http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=4873624ba58cb2a922b4ae05112c99369e4cb48d
Commit:        4873624ba58cb2a922b4ae05112c99369e4cb48d
Parent:        1db4e1a3e8311ead845d2e5e8909e276e745df48
Author:        Jonathan Brassow <jbrassow@redhat.com>
AuthorDate:    Tue Nov 18 12:20:44 2008 -0600
Committer:     Jonathan Brassow <jbrassow@redhat.com>
CommitterDate: Thu Nov 20 11:52:43 2008 -0600

clogd: Fix for bug 471448 - clogd segfault on clusters > 10 nodes

clogd is segfaulting due to a corrupted checkpoint_list pointer.
The checkpoint_list pointer is being corrupted because it is
overwritten from above.  It lives in the structure 'clog_cpg',
which is:

struct clog_cpg {
 <snip>

 int checkpoints_needed;
 uint32_t checkpoint_requesters[10];
 struct checkpoint_data *checkpoint_list;
};

checkpoint_requesters is only 10 large - probably an initial chosen value that
was never properly abstracted.  So, if you have more than 11 nodes in your
cluster, and they are all entering at once, you can write to
'checkpoint_requesters[10+]' and write into the address space of
'checkpoint_list'.
---
 cmirror/src/cluster.c |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/cmirror/src/cluster.c b/cmirror/src/cluster.c
index e9b1f74..f6a2140 100644
--- a/cmirror/src/cluster.c
+++ b/cmirror/src/cluster.c
@@ -87,6 +87,8 @@ struct checkpoint_data {
 #define INVALID 0
 #define VALID   1
 #define LEAVING 2
+
+#define MAX_CHECKPOINT_REQUESTERS 10
 struct clog_cpg {
 	struct list_head list;
 
@@ -104,7 +106,7 @@ struct clog_cpg {
 	struct list_head working_list;
 
 	int checkpoints_needed;
-	uint32_t checkpoint_requesters[10];
+	uint32_t checkpoint_requesters[MAX_CHECKPOINT_REQUESTERS];
 	struct checkpoint_data *checkpoint_list;
 };
 
@@ -1082,7 +1084,8 @@ static void cpg_join_callback(struct clog_cpg *match,
 	 * FIXME: remove checkpoint_requesters/checkpoints_needed, and use
 	 * the startup_list interface exclusively
 	 */
-	if (list_empty(&match->startup_list) && (match->state == VALID)) {
+	if (list_empty(&match->startup_list) && (match->state == VALID) &&
+	    (match->checkpoints_needed < MAX_CHECKPOINT_REQUESTERS)) {
 		match->checkpoint_requesters[match->checkpoints_needed++] = joined->nodeid;
 		goto out;
 	}

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]