ctdb-recoverd: Free cluster mutex handler on failure to take lock

If nested events occur while the file descriptor handler is still
active then chaos can ensue.  For example, if a node is banned and the
lock is explicitly cancelled (e.g. due to election loss) then
double-talloc-free()s abound.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 621658cbed5d91d7096fc208bac2ff93a1880e7d)

diff --git a/ctdb/server/ctdb_recoverd.c b/ctdb/server/ctdb_recoverd.c
index 673c99c3d341b10b808fb84b45fd007367f01a59..20b6e44e7aef4aa4425a462df9ff140d70d5b3f3 100644 (file)
--- a/ctdb/server/ctdb_recoverd.c
+++ b/ctdb/server/ctdb_recoverd.c
@@ -897,6 +897,16 @@ static void take_reclock_handler(char status,
        struct ctdb_recovery_lock_handle *s =
                (struct ctdb_recovery_lock_handle *) private_data;
 
+       s->locked = (status == '0') ;
+
+       /*
+        * If unsuccessful then ensure the process has exited and that
+        * the file descriptor event handler has been cancelled
+        */
+       if (! s->locked) {
+               TALLOC_FREE(s->h);
+       }
+
        switch (status) {
        case '0':
                s->latency = latency;
@@ -912,7 +922,6 @@ static void take_reclock_handler(char status,
        }
 
        s->done = true;
-       s->locked = (status == '0') ;
 }
 
 static bool ctdb_recovery_lock(struct ctdb_recoverd *rec);