diff options
author | Volker Lendecke <vl@samba.org> | 2012-03-31 13:37:20 +0200 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2012-03-31 15:25:54 +0200 |
commit | 0aacdbfada46329e0ad9dacfa90041a1c7dbf3e8 (patch) | |
tree | 0146d41f2de03331c80a19c671745efa6e98381d | |
parent | 7f7c2d721d1e336a86b29fecc81f5c0e28d105dc (diff) | |
download | samba-0aacdbfada46329e0ad9dacfa90041a1c7dbf3e8.tar.gz samba-0aacdbfada46329e0ad9dacfa90041a1c7dbf3e8.tar.bz2 samba-0aacdbfada46329e0ad9dacfa90041a1c7dbf3e8.zip |
s3-aio-fork: Fix a segfault in vfs_aio_fork
aio_suspend does not signal the main process with a signal, it just waits. The
aio_fork module does not use the signal at all, it directly calls back into the
main smbd by calling smbd_aio_complete_aio_ex. This is an abstraction
violation, but the alternative would have been to use signals where they are
not needed. However, in wait_for_aio_completion this bites us: With aio_fork we
call handle_aio_completed twice on the same aio_ex struct: Once from the call
to handle_aio_completion within the aio_fork module and once from the code in
wait_for_aio_completion.
This patch fixes it in a pretty bad way by introducing flag variables and more
state. But the mid-term plan is to replace the posix aio calls from the vfs and
do pread_send/recv and pwrite_send/recv at the vfs layer, so this will
significantly change anyway.
Thanks to Kirill Malkin <kirill.malkin@starboardstorage.com> for reporting this
crash!
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Sat Mar 31 15:25:55 CEST 2012 on sn-devel-104
-rw-r--r-- | source3/modules/vfs_aio_fork.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/source3/modules/vfs_aio_fork.c b/source3/modules/vfs_aio_fork.c index 30d4b93ee7..fa3db933a3 100644 --- a/source3/modules/vfs_aio_fork.c +++ b/source3/modules/vfs_aio_fork.c @@ -101,6 +101,8 @@ struct aio_child { bool dont_delete; /* Marked as in use since last cleanup */ bool cancelled; bool read_cmd; + bool called_from_suspend; + bool completion_done; }; struct aio_child_list { @@ -432,6 +434,10 @@ static void handle_aio_completion(struct event_context *event_ctx, child->retval.size); } + if (child->called_from_suspend) { + child->completion_done = true; + return; + } aio_ex = (struct aio_extra *)child->aiocb->aio_sigevent.sigev_value.sival_ptr; smbd_aio_complete_aio_ex(aio_ex); TALLOC_FREE(aio_ex); @@ -850,7 +856,9 @@ static int aio_fork_suspend(struct vfs_handle_struct *handle, handle_aio_completion, child); - while (1) { + child->called_from_suspend = true; + + while (!child->completion_done) { if (tevent_loop_once(ev) == -1) { goto out; } @@ -859,12 +867,6 @@ static int aio_fork_suspend(struct vfs_handle_struct *handle, errno = EAGAIN; goto out; } - - /* We set child->aiocb to NULL in our hooked - * AIO_RETURN(). */ - if (child->aiocb == NULL) { - break; - } } } } |