From f99dbbd153c208351e9ffa3adea02815362cf0b6 Mon Sep 17 00:00:00 2001
From: Mykola Golub <mgolub@mirantis.com>
Date: Tue, 27 Sep 2016 16:43:50 +0300
Subject: [PATCH] librbd: potential null pointer dereference when requesting
 exclusive lock

m_require_lock_on_read should be cleared when holding owner_lock.

For safety, also check that exclusive_lock is not null.

Signed-off-by: Mykola Golub <mgolub@mirantis.com>
---
 src/librbd/AioImageRequestWQ.cc | 5 +++--
 src/librbd/ExclusiveLock.cc     | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/librbd/AioImageRequestWQ.cc b/src/librbd/AioImageRequestWQ.cc
index 062db1b0fcd4..52fdd8d6d857 100644
--- a/src/librbd/AioImageRequestWQ.cc
+++ b/src/librbd/AioImageRequestWQ.cc
@@ -439,8 +439,9 @@ void AioImageRequestWQ::queue(AioImageRequest<> *req) {
 
   assert(m_image_ctx.owner_lock.is_locked());
   bool write_op = req->is_write_op();
-  bool lock_required = (write_op && is_lock_required()) ||
-    (!write_op && m_require_lock_on_read);
+  bool lock_required = (m_image_ctx.exclusive_lock != nullptr &&
+                        ((write_op && is_lock_required()) ||
+                          (!write_op && m_require_lock_on_read)));
 
   if (lock_required && !m_image_ctx.get_exclusive_lock_policy()->may_auto_request_lock()) {
     lderr(cct) << "op requires exclusive lock" << dendl;
diff --git a/src/librbd/ExclusiveLock.cc b/src/librbd/ExclusiveLock.cc
index 1d6b44bf8e11..48ecbf850f57 100644
--- a/src/librbd/ExclusiveLock.cc
+++ b/src/librbd/ExclusiveLock.cc
@@ -687,6 +687,7 @@ void ExclusiveLock<I>::handle_shutdown_released(int r) {
 
   {
     RWLock::WLocker owner_locker(m_image_ctx.owner_lock);
+    m_image_ctx.aio_work_queue->clear_require_lock_on_read();
     m_image_ctx.exclusive_lock = nullptr;
   }
 
@@ -694,7 +695,6 @@ void ExclusiveLock<I>::handle_shutdown_released(int r) {
     lderr(cct) << "failed to shut down exclusive lock: " << cpp_strerror(r)
                << dendl;
   } else {
-    m_image_ctx.aio_work_queue->clear_require_lock_on_read();
     m_image_ctx.aio_work_queue->unblock_writes();
   }
 
@@ -709,10 +709,10 @@ void ExclusiveLock<I>::handle_shutdown(int r) {
 
   {
     RWLock::WLocker owner_locker(m_image_ctx.owner_lock);
+    m_image_ctx.aio_work_queue->clear_require_lock_on_read();
     m_image_ctx.exclusive_lock = nullptr;
   }
 
-  m_image_ctx.aio_work_queue->clear_require_lock_on_read();
   m_image_ctx.aio_work_queue->unblock_writes();
   m_image_ctx.image_watcher->flush(util::create_context_callback<
     ExclusiveLock<I>, &ExclusiveLock<I>::complete_shutdown>(this));
-- 
2.47.3