cluster: RHEL5 - clogd: Fix bug 484968 - segfault in clogd

[Jonathan Brassow]

Gitweb:        http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=c9d6207f212f900f66c9c6990462bae328ede121
Commit:        c9d6207f212f900f66c9c6990462bae328ede121
Parent:        337f12b719cb5dfb279317d2d111954c5c5c0416
Author:        Jonathan Brassow <jbrassow@redhat.com>
AuthorDate:    Tue Feb 10 16:11:43 2009 -0600
Committer:     Jonathan Brassow <jbrassow@redhat.com>
CommitterDate: Tue Feb 10 16:11:43 2009 -0600

clogd: Fix bug 484968 - segfault in clogd

If a mirror was started and then suspended very shortly after,
the list of pent-up requests waiting for a checkpoint would be freed.
If one of those requests was POSTSUSPEND, it would be processed and
would also try to free the list of pent-up requests.  Since this action
was nested, the outer function would segfault because the list it was
processing was free out from under it.

Frequency of this is rare.
---
 cmirror/src/cluster.c |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/cmirror/src/cluster.c b/cmirror/src/cluster.c
index d4ee730..e43edbe 100644
--- a/cmirror/src/cluster.c
+++ b/cmirror/src/cluster.c
@@ -1444,6 +1444,7 @@ static void abort_startup(struct clog_cpg *del)
 static int _destroy_cluster_cpg(struct clog_cpg *del)
 {
 	int r;
+	int state;
 	
 	LOG_COND(log_resend_requests, "[%s] I am leaving.2.....",
 		 SHORT_UUID(del->name.value));
@@ -1455,10 +1456,17 @@ static int _destroy_cluster_cpg(struct clog_cpg *del)
 	 */
 	do_checkpoints(del);
 
+	state = del->state;
+
 	del->cpg_state = INVALID;
 	del->state = LEAVING;
 
-	if (!list_empty(&del->startup_list))
+	/*
+	 * If the state is VALID, we might be processing the
+	 * startup list.  If so, we certainly don't want to
+	 * clear the startup_list here by calling abort_startup
+	 */
+	if (!list_empty(&del->startup_list) && (state != VALID))
 		abort_startup(del);
 
 	r = cpg_leave(del->handle, &del->name);