The Samba-Bugzilla – Attachment 6813 Details for
Bug 8409
f7d97868 created a new race condition
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
look (text/plain), 2.27 KB, created by
Volker Lendecke
on 2011-08-26 15:33:00 UTC
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Volker Lendecke
Created:
2011-08-26 15:33:00 UTC
Size:
2.27 KB
patch
obsolete
>From 1bc64508d08566f26ac98414cbd5a5f8749221a5 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Fri, 26 Aug 2011 16:54:18 +0200 >Subject: [PATCH] s3: Fix a winbind race leading to 100% CPU > >This fixes a race condition that leads to the winbindd_children list becoming >corrupted. It happens when on a busy winbind SIGCHLD is a bit late. > >Imagine a winbind with multiple requests in the queue for a single child. Child >dies, and before the SIGCHLD handler is called we find the socket to be dead. >wb_child_request_done is called, receiving an error from wb_simple_trans_recv. >It closes the socket. Then immediately the wb_child_request_trigger will do >another fork_domain_child before the signal handler is called. This means that >we do another fork_domain_child, we have child->sock==-1 at this point. >fork_domain_child will do a DLIST_ADD(winbindd_children, child) a second time >where the child is already part of that list. This corrupts the list. Then the >signal handler kicks in, spinning in > >for (child = winbindd_children; child != NULL; child = child->next) { > >forever. Not good. This patch makes sure that both conditions (sock==-1 and not >part of the list) for a winbindd_child struct match up. >--- > source3/winbindd/winbindd_dual.c | 5 +++-- > 1 files changed, 3 insertions(+), 2 deletions(-) > >diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c >index 1078f8d..0b4cc6e 100644 >--- a/source3/winbindd/winbindd_dual.c >+++ b/source3/winbindd/winbindd_dual.c >@@ -43,6 +43,8 @@ > extern bool override_logfile; > extern struct winbindd_methods cache_methods; > >+static struct winbindd_child *winbindd_children = NULL; >+ > /* Read some data from a client connection */ > > static NTSTATUS child_read_request(struct winbindd_cli_state *state) >@@ -171,6 +173,7 @@ static void wb_child_request_done(struct tevent_req *subreq) > */ > close(state->child->sock); > state->child->sock = -1; >+ DLIST_REMOVE(winbindd_children, state->child); > tevent_req_error(req, err); > return; > } >@@ -489,8 +492,6 @@ void setup_child(struct winbindd_domain *domain, struct winbindd_child *child, > SMB_ASSERT(child->binding_handle != NULL); > } > >-static struct winbindd_child *winbindd_children = NULL; >- > void winbind_child_died(pid_t pid) > { > struct winbindd_child *child; >-- >1.7.4.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6813">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 8409
: 6813