mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-11-02 11:21:12 +00:00
d8d4aa01d8
Despite the comment stating virNetClientIncomingEvent handler should never be called with either client->haveTheBuck or client->wantClose set, there is a sequence of events that may lead to both booleans being true when virNetClientIncomingEvent is called. However, when that happens, we must not immediately close the socket as there are other threads waiting for the buck and they would cause SIGSEGV once they are woken up after the socket was closed. Another thing is we should clear all remaining calls in the queue after closing the socket. The situation that can lead to the crash involves three threads, one of them running event loop and the other two calling libvirt APIs. The event loop thread detects an event on client->sock and calls virNetClientIncomingEvent handler. But before the handler gets a chance to lock client, the other two threads (T1 and T2) start calling some APIs. T1 gets the buck and detects EOF on client->sock while processing its RPC call. Since T2 is waiting for its own call, T1 passes the buck on to it and unlocks client. But before T2 gets the signal, the event loop thread wakes up, does its job and closes client->sock. The crash happens when T2 actually wakes up and tries to do its job using a closed client->sock. |
||
|---|---|---|
| .. | ||
| gendispatch.pl | ||
| genprotocol.pl | ||
| gensystemtap.pl | ||
| virkeepalive.c | ||
| virkeepalive.h | ||
| virkeepaliveprotocol.x | ||
| virnetclient.c | ||
| virnetclient.h | ||
| virnetclientprogram.c | ||
| virnetclientprogram.h | ||
| virnetclientstream.c | ||
| virnetclientstream.h | ||
| virnetmessage.c | ||
| virnetmessage.h | ||
| virnetprotocol.x | ||
| virnetsaslcontext.c | ||
| virnetsaslcontext.h | ||
| virnetserver.c | ||
| virnetserver.h | ||
| virnetserverclient.c | ||
| virnetserverclient.h | ||
| virnetservermdns.c | ||
| virnetservermdns.h | ||
| virnetserverprogram.c | ||
| virnetserverprogram.h | ||
| virnetserverservice.c | ||
| virnetserverservice.h | ||
| virnetsocket.c | ||
| virnetsocket.h | ||
| virnetsshsession.c | ||
| virnetsshsession.h | ||
| virnettlscontext.c | ||
| virnettlscontext.h | ||