The Samba-Bugzilla – Attachment 17722 Details for
Bug 15280
irpc_destructor may crash during shutdown
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
fix for 4.16 and 4.17, cherry-picked from master
fix-bug-15280.patch (text/plain), 2.81 KB, created by
Björn Baumbach
on 2023-01-09 16:10:49 UTC
(
hide
)
Description:
fix for 4.16 and 4.17, cherry-picked from master
Filename:
MIME Type:
Creator:
Björn Baumbach
Created:
2023-01-09 16:10:49 UTC
Size:
2.81 KB
patch
obsolete
>From 30634e680d27d90a80a05bb3a88cce89cb602861 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Sat, 31 Dec 2022 01:24:57 +0100 >Subject: [PATCH] s4:lib/messaging: fix interaction between > imessaging_context_destructor and irpc_destructor > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15280 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >(cherry picked from commit 0d096931196524a2d1bf59470bc629dc9231131e) >--- > source4/lib/messaging/messaging.c | 13 +++++++++++++ > source4/lib/messaging/messaging_internal.h | 3 +++ > 2 files changed, 16 insertions(+) > >diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c >index 8603c167ad4..67b0366423a 100644 >--- a/source4/lib/messaging/messaging.c >+++ b/source4/lib/messaging/messaging.c >@@ -48,6 +48,7 @@ > a pending irpc call > */ > struct irpc_request { >+ struct irpc_request *prev, *next; > struct imessaging_context *msg_ctx; > int callid; > struct { >@@ -400,6 +401,16 @@ NTSTATUS imessaging_process_cleanup( > > static int imessaging_context_destructor(struct imessaging_context *msg) > { >+ struct irpc_request *irpc = NULL; >+ struct irpc_request *next = NULL; >+ >+ for (irpc = msg->requests; irpc != NULL; irpc = next) { >+ next = irpc->next; >+ >+ DLIST_REMOVE(msg->requests, irpc); >+ irpc->callid = -1; >+ } >+ > DLIST_REMOVE(msg_ctxs, msg); > TALLOC_FREE(msg->msg_dgm_ref); > return 0; >@@ -1035,6 +1046,7 @@ failed: > static int irpc_destructor(struct irpc_request *irpc) > { > if (irpc->callid != -1) { >+ DLIST_REMOVE(irpc->msg_ctx->requests, irpc); > idr_remove(irpc->msg_ctx->idr, irpc->callid); > if (irpc->msg_ctx->discard_incoming) { > SMB_ASSERT(irpc->msg_ctx->num_incoming_listeners > 0); >@@ -1238,6 +1250,7 @@ static struct tevent_req *irpc_bh_raw_call_send(TALLOC_CTX *mem_ctx, > /* make sure we accept incoming messages */ > SMB_ASSERT(state->irpc->msg_ctx->num_incoming_listeners < UINT64_MAX); > state->irpc->msg_ctx->num_incoming_listeners += 1; >+ DLIST_ADD_END(state->irpc->msg_ctx->requests, state->irpc); > talloc_set_destructor(state->irpc, irpc_destructor); > > /* setup the header */ >diff --git a/source4/lib/messaging/messaging_internal.h b/source4/lib/messaging/messaging_internal.h >index ac254c22631..6281bda82a9 100644 >--- a/source4/lib/messaging/messaging_internal.h >+++ b/source4/lib/messaging/messaging_internal.h >@@ -19,6 +19,8 @@ > along with this program. If not, see <http://www.gnu.org/licenses/>. > */ > >+struct irpc_request; >+ > struct imessaging_context { > struct imessaging_context *prev, *next; > struct tevent_context *ev; >@@ -30,6 +32,7 @@ struct imessaging_context { > struct idr_context *dispatch_tree; > struct irpc_list *irpc; > struct idr_context *idr; >+ struct irpc_request *requests; > struct server_id_db *names; > struct timeval start_time; > void *msg_dgm_ref; >-- >2.34.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
slow
:
review+
Actions:
View
Attachments on
bug 15280
: 17722