mirror of
https://github.com/samba-team/samba.git
synced 2024-12-27 03:21:53 +03:00
1828011317
We protect setting tctx->event_ctx=NULL with tctx->event_ctx_mutex. But in _tevent_threaded_schedule_immediate we have the classic TOCTOU race: After we checked "ev==NULL", looking at tevent_common_context_destructor the event context can go after _tevent_threaded_schedule_immediate checked. We need to serialize things a bit by keeping tctx->event_ctx_mutex locked while we reference "ev", in particular in the DLIST_ADD_END(ev->scheduled_immediates,im); I think the locking hierarchy is still maintained, tevent_atfork_prepare() first locks all the tctx locks, and then the scheduled_mutex. Also, I don't think this will impact parallelism too badly: event_ctx_mutex is only used to protect setting tctx->ev. Found by staring at code while fixing the FreeBSD memleak due to not destroying scheduled_mutex. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jun 9 00:45:26 CEST 2017 on sn-devel-144 |
||
|---|---|---|
| .. | ||
| ABI | ||
| doc | ||
| bindings.py | ||
| configure | ||
| doxy.config | ||
| echo_server.c | ||
| Makefile | ||
| pytevent.c | ||
| testsuite.c | ||
| tevent_debug.c | ||
| tevent_epoll.c | ||
| tevent_fd.c | ||
| tevent_immediate.c | ||
| tevent_internal.h | ||
| tevent_liboop.c | ||
| tevent_poll.c | ||
| tevent_port.c | ||
| tevent_queue.c | ||
| tevent_req.c | ||
| tevent_select.c | ||
| tevent_signal.c | ||
| tevent_standard.c | ||
| tevent_threads.c | ||
| tevent_timed.c | ||
| tevent_util.c | ||
| tevent_util.h | ||
| tevent_wakeup.c | ||
| tevent.c | ||
| tevent.h | ||
| tevent.pc.in | ||
| tevent.py | ||
| wscript | ||