summaryrefslogtreecommitdiff
path: root/lib/tevent
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2017-11-10 21:22:26 +0100
committerKarolin Seeger <kseeger@samba.org>2017-11-13 13:54:56 +0100
commit5ec68b2e44e5c0c4e6fae362c7e36ad99124faa8 (patch)
treefc526df32a9fb1b0257f83c1ee5f614bef5eb6e3 /lib/tevent
parentd41af5d03dd7f8375e1295001d920007c113143c (diff)
downloadsamba-5ec68b2e44e5c0c4e6fae362c7e36ad99124faa8.tar.gz
tevent: Fix a race condition
We can't rely on tctx to exist after we unlocked the mutex. It took a while, but this does lead to data corruption. If *tctx is replaced with something where tctx->wakeup_fd points to a real, existing file descriptor, we're screwed. And by screwed, this means file corruption on disk. Again. I am not tall enough for this business. http://bholley.net/blog/2015/must-be-this-tall-to-write-multi-threaded-code.html BUG: https://bugzilla.samba.org/show_bug.cgi?id=13130 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Nov 11 03:20:09 CET 2017 on sn-devel-144 (cherry picked from commit 20cfcb7dbc5dd099384b76a76e3d35cf627100b6) Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-7-test): Mon Nov 13 13:54:56 CET 2017 on sn-devel-144
Diffstat (limited to 'lib/tevent')
-rw-r--r--lib/tevent/tevent_threads.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/tevent/tevent_threads.c b/lib/tevent/tevent_threads.c
index 4d1a8805181..2e83f1b66c2 100644
--- a/lib/tevent/tevent_threads.c
+++ b/lib/tevent/tevent_threads.c
@@ -451,7 +451,7 @@ void _tevent_threaded_schedule_immediate(struct tevent_threaded_context *tctx,
{
#ifdef HAVE_PTHREAD
struct tevent_context *ev;
- int ret;
+ int ret, wakeup_fd;
ret = pthread_mutex_lock(&tctx->event_ctx_mutex);
if (ret != 0) {
@@ -495,6 +495,8 @@ void _tevent_threaded_schedule_immediate(struct tevent_threaded_context *tctx,
abort();
}
+ wakeup_fd = tctx->wakeup_fd;
+
ret = pthread_mutex_unlock(&tctx->event_ctx_mutex);
if (ret != 0) {
abort();
@@ -510,7 +512,7 @@ void _tevent_threaded_schedule_immediate(struct tevent_threaded_context *tctx,
* than a noncontended one. So I'd opt for the lower footprint
* initially. Maybe we have to change that later.
*/
- tevent_common_wakeup_fd(tctx->wakeup_fd);
+ tevent_common_wakeup_fd(wakeup_fd);
#else
/*
* tevent_threaded_context_create() returned NULL with ENOSYS...