[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCHv3 6/6] rpc: Fix connection close callback race condition and memory corruption/crash



On 04/05/13 04:50, Eric Blake wrote:
On 03/31/2013 10:20 AM, Peter Krempa wrote:
The last Viktor's effort to fix the race and memory corruption unfortunately
wasn't complete in the case the close callback was not registered in an
connection. At that time, the trail of event's that I'll describe later could
still happend and corrupt the memory or cause a crash of the client (including
the daemon in case of a p2p migration).


The new object - virConnectCloseCallbackData - is a lockable object that keeps
the pointers to the real user registered callback and ensures that the
connection callback is either not called if the connection was already freed or
that the connection isn't freed while this is being called.
---
  src/datatypes.c            | 55 ++++++++++++++++++++++++++++++++++++--------
  src/datatypes.h            | 22 ++++++++++++++----
  src/libvirt.c              | 29 ++++++++++++-----------
  src/remote/remote_driver.c | 57 +++++++++++++++++++++++++++-------------------
  4 files changed, 112 insertions(+), 51 deletions(-)

I've (finally) completed my stress-testing, and agree that this patch is
sufficient to avoid the race (especially when patch 1/6 is also applied
to make the race more obvious).

ACK, and let's get this applied and backported to maintenance branches
as appropriate.

Thanks I've pushed this upstream and I will post a 0.10.2 backport later.

Peter


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]