From 3c7d6fcaff330ff0f18e776da84ed836bf580d45 Mon Sep 17 00:00:00 2001 From: vjpai Date: Mon, 22 Sep 2014 12:19:37 -0700 Subject: Fix race caused by event_active There is a race between manual event_active and natural event activation. If both happen at the same time on the same FD, they would both be protected by the same event base lock except for 1 LoC where the fields of struct event are read without any kind of lock. This commit does those reads into local variables inside the lock and then invokes the callback with those local arguments outside the lock. In 2.0-stable, none of this is inside the lock; in HEAD, only the callback is read inside the lock. This gets the callback and all 3 arguments inside the lock before calling it outside the lock. --- event.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/event.c b/event.c index a979f1f2..fab419af 100644 --- a/event.c +++ b/event.c @@ -1256,6 +1256,14 @@ done: static inline void event_persist_closure(struct event_base *base, struct event *ev) { + // Define our callback, we use this to store our callback before it's executed + void (*evcb_callback)(evutil_socket_t, short, void *); + + // Other fields of *ev that must be stored before executing + evutil_socket_t evcb_fd; + short evcb_res; + void *evcb_arg; + /* reschedule the persistent event if we have a timeout. */ if (ev->ev_io_timeout.tv_sec || ev->ev_io_timeout.tv_usec) { /* If there was a timeout, we want it to run at an interval of @@ -1297,8 +1305,18 @@ event_persist_closure(struct event_base *base, struct event *ev) run_at.tv_usec |= usec_mask; event_add_internal(ev, &run_at, 1); } - EVBASE_RELEASE_LOCK(base, th_base_lock); - (*ev->ev_callback)(ev->ev_fd, ev->ev_res, ev->ev_arg); + + // Save our callback before we release the lock + evcb_callback = ev->ev_callback; + evcb_fd = ev->ev_fd; + evcb_res = ev->ev_res; + evcb_arg = ev->ev_arg; + + // Release the lock + EVBASE_RELEASE_LOCK(base, th_base_lock); + + // Execute the callback + (evcb_callback)(evcb_fd, evcb_res, evcb_arg); } /* -- cgit v1.2.1