From 82f547f17f496a2d0b6f5e3782730e46e16d1f2c Mon Sep 17 00:00:00 2001 From: Jason Dillaman Date: Fri, 26 Feb 2016 13:09:59 -0500 Subject: [PATCH] librados: aio watch/unwatch/notify now uses completion objver A local variable was used for an async callback operation, resulting in the potential for memory corruption. Signed-off-by: Jason Dillaman --- src/librados/IoCtxImpl.cc | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/librados/IoCtxImpl.cc b/src/librados/IoCtxImpl.cc index f5f47b4447537..effa1a35650da 100644 --- a/src/librados/IoCtxImpl.cc +++ b/src/librados/IoCtxImpl.cc @@ -1307,8 +1307,6 @@ int librados::IoCtxImpl::aio_watch(const object_t& oid, Context *oncomplete = new C_aio_linger_Complete(c, linger_op, false); ::ObjectOperation wr; - version_t objver; - *handle = linger_op->get_cookie(); linger_op->watch_context = new WatchInfo(this, oid, ctx, ctx2); @@ -1317,7 +1315,7 @@ int librados::IoCtxImpl::aio_watch(const object_t& oid, bufferlist bl; objecter->linger_watch(linger_op, wr, snapc, ceph::real_clock::now(), bl, - oncomplete, &objver); + oncomplete, &c->objver); return 0; } @@ -1366,14 +1364,13 @@ int librados::IoCtxImpl::aio_unwatch(uint64_t cookie, AioCompletionImpl *c) c->io = this; Objecter::LingerOp *linger_op = reinterpret_cast(cookie); Context *oncomplete = new C_aio_linger_Complete(c, linger_op, true); - version_t ver = 0; ::ObjectOperation wr; prepare_assert_ops(&wr); wr.watch(cookie, CEPH_OSD_WATCH_OP_UNWATCH); objecter->mutate(linger_op->target.base_oid, oloc, wr, snapc, ceph::real_clock::now(client->cct), 0, NULL, - oncomplete, &ver); + oncomplete, &c->objver); return 0; } @@ -1457,7 +1454,7 @@ int librados::IoCtxImpl::aio_notify(const object_t& oid, AioCompletionImpl *c, // Issue RADOS op objecter->linger_notify(linger_op, rd, snap_seq, inbl, NULL, - onack, NULL); + onack, &c->objver); return 0; } -- 2.39.5