| commit | f1577c2bc13c91ea912ae461870e470065f250c1 | |
| author | Volker Lendecke <vl@samba.org> | |
| Tue, 11 Feb 2020 21:10:32 +0000 (11 22:10 +0100) | ||
| committer | Björn Baumbach <bb@sernet.de> | |
| Tue, 18 Feb 2020 13:05:52 +0000 (18 13:05 +0000) | ||
| tree | b2597da5ed494c15febb168613cf86837716b7be | treesnapshot (tar.gz zip) |
| parent | 7209357f9ba5525a207d301b299931d6bdee9c2f | commitdiff |
lib: Fix a shutdown crash with "clustering = yes"
This is a bit confusing now, sorry for that:
register_msg_pool_usage() in the ctdb case uses
messaging_ctdb_register_tevent_context(), which talloc_reference()s
the central struct messaging_ctdb_fde_ev of the
messaging_ctdb_context. In messaging_reinit(), we talloc_free only one
of those references and allocate a new messaging_ctdb_fde_ev. The
remaining messaging_ctdb_fde_ev should have been deleted as well, but
due to the second reference this does not happen. When doing the
shutdown messaging_ctdb_fde_ev_destructor() is called twice, once on
the properly reinitialized fde_ev, and once much later on the leftover
one which references invalid data structures.
By the way, this is not a problem with talloc_reference(), this would
have happened with explicit refcounting too.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14281
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Tue Feb 18 13:05:53 UTC 2020 on sn-devel-184
This is a bit confusing now, sorry for that:
register_msg_pool_usage() in the ctdb case uses
messaging_ctdb_register_tevent_context(), which talloc_reference()s
the central struct messaging_ctdb_fde_ev of the
messaging_ctdb_context. In messaging_reinit(), we talloc_free only one
of those references and allocate a new messaging_ctdb_fde_ev. The
remaining messaging_ctdb_fde_ev should have been deleted as well, but
due to the second reference this does not happen. When doing the
shutdown messaging_ctdb_fde_ev_destructor() is called twice, once on
the properly reinitialized fde_ev, and once much later on the leftover
one which references invalid data structures.
By the way, this is not a problem with talloc_reference(), this would
have happened with explicit refcounting too.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14281
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Tue Feb 18 13:05:53 UTC 2020 on sn-devel-184
| source3/lib/messages.c | diffblobblamehistory |