diff options
author | Martin Schwenke <martin@meltin.net> | 2019-01-21 16:28:28 +1100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2019-03-04 10:37:53 +0000 |
commit | fb8c3bd89959d677f481dc2684f32ec33d66d9d5 (patch) | |
tree | 85b8873eef0c35e40380cd581be23f9777309405 | |
parent | 592f02112bbb7f2a9f5fa197db85482fe9367e36 (diff) | |
download | samba-fb8c3bd89959d677f481dc2684f32ec33d66d9d5.tar.gz |
ctdb-recoverd: Free cluster mutex handler on failure to take lock
If nested events occur while the file descriptor handler is still
active then chaos can ensue. For example, if a node is banned and the
lock is explicitly cancelled (e.g. due to election loss) then
double-talloc-free()s abound.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 621658cbed5d91d7096fc208bac2ff93a1880e7d)
-rw-r--r-- | ctdb/server/ctdb_recoverd.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/ctdb/server/ctdb_recoverd.c b/ctdb/server/ctdb_recoverd.c index 673c99c3d34..20b6e44e7ae 100644 --- a/ctdb/server/ctdb_recoverd.c +++ b/ctdb/server/ctdb_recoverd.c @@ -897,6 +897,16 @@ static void take_reclock_handler(char status, struct ctdb_recovery_lock_handle *s = (struct ctdb_recovery_lock_handle *) private_data; + s->locked = (status == '0') ; + + /* + * If unsuccessful then ensure the process has exited and that + * the file descriptor event handler has been cancelled + */ + if (! s->locked) { + TALLOC_FREE(s->h); + } + switch (status) { case '0': s->latency = latency; @@ -912,7 +922,6 @@ static void take_reclock_handler(char status, } s->done = true; - s->locked = (status == '0') ; } static bool ctdb_recovery_lock(struct ctdb_recoverd *rec); |