mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-22 20:45:18 +00:00
Fix race in ref counting when handling RPC jobs
When an incoming RPC message is ready for processing, virNetServerClientDispatchRead() will invoke the 'dispatchFunc' callback. This is set to virNetServerDispatchNewMessage This function puts the message + client in a queue for processing by the thread pool. The thread pool worker function is virNetServerHandleJob The first thing this does is acquire an extra reference on the 'client'. Unfortunately, between the time the message+client are put on the thread pool queue, and the time the worker runs, the client object may have had its last reference removed. We clearly need to add the reference to the client object before putting the client on the processing queue * src/rpc/virnetserverclient.c: Add a reference to the client when invoking the dispatch function * src/rpc/virnetserver.c: Don't acquire a reference to the client when in the worker thread
This commit is contained in:
parent
652e55b7a5
commit
0302391ee6
@ -131,8 +131,6 @@ static void virNetServerHandleJob(void *jobOpaque, void *opaque)
|
||||
virNetServerProgramPtr prog = NULL;
|
||||
size_t i;
|
||||
|
||||
virNetServerClientRef(job->client);
|
||||
|
||||
virNetServerLock(srv);
|
||||
VIR_DEBUG("server=%p client=%p message=%p",
|
||||
srv, job->client, job->msg);
|
||||
|
@ -763,10 +763,12 @@ readmore:
|
||||
|
||||
/* Send off to for normal dispatch to workers */
|
||||
if (msg) {
|
||||
client->refs++;
|
||||
if (!client->dispatchFunc ||
|
||||
client->dispatchFunc(client, msg, client->dispatchOpaque) < 0) {
|
||||
virNetMessageFree(msg);
|
||||
client->wantClose = true;
|
||||
client->refs--;
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user