From: Jeff Layton <jlayton@redhat.com>
Date: Wed, 30 Nov 2016 12:37:52 +0000 (-0500)
Subject: client: fix some potential locking problems in InodeRef handling
X-Git-Tag: v11.1.0~102^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=2d02d2c95af9aed31a8579a2245b759f57b3a193;p=ceph.git

client: fix some potential locking problems in InodeRef handling

As Zheng points out, declaring an InodeRef before you take the mutex
means that its destructor gets called after the mutex has already been
released. Handling the refcount however, requires that you hold the
mutex so this could cause refcount leaks if two threads do a
load/decrement/store at the same time. Reverse the order.

Adding a fixes line here for the currently reported bug, but it's
not yet clear whether this will fix it.

Fixes: http://tracker.ceph.com/issues/17982
Signed-off-by: Jeff Layton <jlayton@redhat.com>
---

diff --git a/src/client/Client.cc b/src/client/Client.cc
index bc246f7adf6d..87e0d2646805 100644
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -11927,8 +11927,8 @@ int Client::ll_create(Inode *parent, const char *name, mode_t mode,
 		      int flags, struct stat *attr, Inode **outp, Fh **fhp,
 		      const UserPerm& perms)
 {
-  InodeRef in;
   Mutex::Locker lock(client_lock);
+  InodeRef in;
 
   int r = _ll_create(parent, name, mode, flags, &in, CEPH_STAT_CAP_INODE_ALL,
 		      fhp, perms);
@@ -11954,8 +11954,8 @@ int Client::ll_createx(Inode *parent, const char *name, mode_t mode,
 			const UserPerm& perms)
 {
   unsigned caps = statx_to_mask(lflags, want);
-  InodeRef in;
   Mutex::Locker lock(client_lock);
+  InodeRef in;
 
   int r = _ll_create(parent, name, mode, oflags, &in, caps, fhp, perms);
   if (r >= 0) {