From 02a43c125641e7fc66834723e5589e4c7329d0bd Mon Sep 17 00:00:00 2001 From: Li Wei Date: Tue, 1 Aug 2023 01:11:47 +0900 Subject: [PATCH] DAOS-13996 pool: Fix invalid D_FREE in pool_glance (#12683) pool_glance should only free map_buf if ds_pool_svc_load returns zero. The segfault might be triggered because ds_pool_svc_load returned DER_UNINIT; it is unknown that what actually happened. This patch fixes the D_FREE logic. ds_pool_svc_load does not need to free map_buf in any case. It is likely a merge error. This patch removes the unnecessary D_FREE in ds_pool_svc_load. Signed-off-by: Li Wei --- src/pool/srv_pool.c | 4 +--- src/pool/srv_pool_check.c | 7 ++++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/pool/srv_pool.c b/src/pool/srv_pool.c index 357fa67a6d3..59f5570cc45 100644 --- a/src/pool/srv_pool.c +++ b/src/pool/srv_pool.c @@ -1540,8 +1540,6 @@ ds_pool_svc_load(struct rdb_tx *tx, uuid_t uuid, rdb_path_t *root, uint32_t *glo *global_version_out = global_version; *map_buf_out = map_buf; *map_version_out = map_version; - if (rc != 0) - D_FREE(map_buf); out: return rc; } @@ -7730,4 +7728,4 @@ struct cont_svc * ds_pool_ps2cs(struct ds_pool_svc *ds_svc) { return pool_ds2svc(ds_svc)->ps_cont_svc; -} \ No newline at end of file +} diff --git a/src/pool/srv_pool_check.c b/src/pool/srv_pool_check.c index 940fbdb3df9..602d4076e12 100644 --- a/src/pool/srv_pool_check.c +++ b/src/pool/srv_pool_check.c @@ -1,5 +1,5 @@ /* - * (C) Copyright 2022 Intel Corporation. + * (C) Copyright 2022-2023 Intel Corporation. * * SPDX-License-Identifier: BSD-2-Clause-Patent */ @@ -84,7 +84,9 @@ pool_glance(uuid_t uuid, char *path, struct ds_pool_clue *clue_out) } rc = ds_pool_svc_load(&tx, uuid, &root, &global_version, &map_buf, &clue.psc_map_version); - if (rc == DER_UNINIT) { + if (rc == 0) { + D_FREE(map_buf); + } else if (rc == DER_UNINIT) { clue.psc_map_version = 0; rc = 0; } else if (rc != 0) { @@ -92,7 +94,6 @@ pool_glance(uuid_t uuid, char *path, struct ds_pool_clue *clue_out) } memcpy(clue_out->pc_svc_clue, &clue, sizeof(clue)); - D_FREE(map_buf); out_label: if (rc != 0) { D_FREE(clue_out->pc_label);