ctdb-recoverd: Free cluster mutex handler on failure to take lock

If nested events occur while the file descriptor handler is still
active then chaos can ensue.  For example, if a node is banned and the
lock is explicitly cancelled (e.g. due to election loss) then
double-talloc-free()s abound.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

diff --git a/ctdb/server/ctdb_recoverd.c b/ctdb/server/ctdb_recoverd.c
index 578127a4514755705c4b5c6eff10fe6c1f2fc086..a63021e4d8b69ae26575b55d2c5a77125876d19e 100644 (file)
--- a/ctdb/server/ctdb_recoverd.c
+++ b/ctdb/server/ctdb_recoverd.c
@@ -897,6 +897,16 @@ static void take_reclock_handler(char status,
        struct ctdb_recovery_lock_handle *s =
                (struct ctdb_recovery_lock_handle *) private_data;
 
+       s->locked = (status == '0') ;
+
+       /*
+        * If unsuccessful then ensure the process has exited and that
+        * the file descriptor event handler has been cancelled
+        */
+       if (! s->locked) {
+               TALLOC_FREE(s->h);
+       }
+
        switch (status) {
        case '0':
                s->latency = latency;
@@ -912,7 +922,6 @@ static void take_reclock_handler(char status,
        }
 
        s->done = true;
-       s->locked = (status == '0') ;
 }
 
 static void force_election(struct ctdb_recoverd *rec,