summaryrefslogtreecommitdiff
path: root/source3/lib/messages_ctdb.c
Commit message (Collapse)AuthorAgeFilesLines
* s3/lib: Prevent use after free of messaging_ctdb_fde_ev structsNoel Power2023-01-261-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In a cluster setup samba-bgqd async callback cups_pcap_load_async can access messaging_ctdb_fde_ev associated with already destructed global_ctdb_ctx_destructor ==26053== Invalid read of size 8 ==26053== at 0x71692E1: messaging_ctdb_fde_ev_destructor (messages_ctdb.c:181) ==26053== by 0x40B2309: _tc_free_internal (talloc.c:1158) ==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669) ==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184) ==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669) ==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184) ==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248) ==26053== by 0x40B3963: _talloc_free (talloc.c:1792) ==26053== by 0x4056BCA: tevent_req_received (tevent_req.c:301) ==26053== by 0x405673D: tevent_req_destructor (tevent_req.c:135) ==26053== by 0x40B2309: _tc_free_internal (talloc.c:1158) ==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669) ==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184) ==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248) ==26053== by 0x40B3963: _talloc_free (talloc.c:1792) ==26053== by 0x1384EF: cups_pcap_load_async (print_cups.c:507) ==26053== by 0x13894B: cups_cache_reload (print_cups.c:602) ==26053== by 0x1373AE: pcap_cache_reload (pcap.c:140) ==26053== by 0x1369D2: register_printing_bq_handlers (queue_process.c:323) ==26053== by 0x122AD6: main (samba-bgqd.c:316) ==26053== Address 0xed64d48 is 120 bytes inside a block of size 128 free'd ==26053== at 0x4C370EB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==26053== by 0x40B25E1: _tc_free_internal (talloc.c:1222) ==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248) ==26053== by 0x40B3963: _talloc_free (talloc.c:1792) ==26053== by 0x71691F6: messaging_ctdb_destroy (messages_ctdb.c:141) ==26053== by 0x7169C21: msg_ctdb_ref_destructor (messages_ctdb_ref.c:142) ==26053== by 0x40B2309: _tc_free_internal (talloc.c:1158) ==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669) ==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184) ==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248) ==26053== by 0x40B3963: _talloc_free (talloc.c:1792) ==26053== by 0x4157380: messaging_reinit (messages.c:646) ==26053== by 0x416C01E: reinit_after_fork (util.c:488) ==26053== by 0x13844C: cups_pcap_load_async (print_cups.c:498) ==26053== by 0x13894B: cups_cache_reload (print_cups.c:602) ==26053== by 0x1373AE: pcap_cache_reload (pcap.c:140) ==26053== by 0x1369D2: register_printing_bq_handlers (queue_process.c:323) ==26053== by 0x122AD6: main (samba-bgqd.c:316) ==26053== Block was alloc'd at ==26053== at 0x4C346A4: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==26053== by 0x40B1989: __talloc_with_prefix (talloc.c:783) ==26053== by 0x40B1B23: __talloc (talloc.c:825) ==26053== by 0x40B1ECC: _talloc_named_const (talloc.c:982) ==26053== by 0x40B49C3: _talloc_zero (talloc.c:2421) ==26053== by 0x7168E68: messaging_ctdb_init (messages_ctdb.c:93) ==26053== by 0x716979D: messaging_ctdb_ref (messages_ctdb_ref.c:75) ==26053== by 0x415702A: messaging_init_internal (messages.c:563) ==26053== by 0x41572FD: messaging_init (messages.c:622) ==26053== by 0x4163ED3: global_messaging_context (global_contexts.c:62) ==26053== by 0x12273B: main (samba-bgqd.c:271) ==26053== Bug: https://bugzilla.samba.org/show_bug.cgi?id=15293 Signed-off-by: Noel Power <npower@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Thu Jan 26 16:03:49 UTC 2023 on atb-devel-224
* s3:lib/messages*: s/getpid/tevent_cached_getpidStefan Metzmacher2022-07-251-1/+1
| | | | | | | | Our messaging code is very performance critical and we should note waste time in getpid() syscalls... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Revert "s3:messages: protect against usage of wrapper tevent_context objects ↵Ralph Boehme2019-01-111-8/+0
| | | | | | | | | | | | | | | | for messaging" This reverts commit 7f2afc20e1b6397c364a98d1be006377c95e4665. See the discussion in https://lists.samba.org/archive/samba-technical/2018-December/131731.html for the reasoning behind this revert. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Revert "s3:messages: allow messaging_{dgm,ctdb}_register_tevent_context() to ↵Ralph Boehme2019-01-111-29/+9
| | | | | | | | | | | | | | | | use wrapper tevent_context" This reverts commit 660cf86639753edaa7a7a21a5b5ae207ae7d4260. See the discussion in https://lists.samba.org/archive/samba-technical/2018-December/131731.html for the reasoning behind this revert. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:messages: allow messaging_{dgm,ctdb}_register_tevent_context() to use ↵Stefan Metzmacher2018-07-111-9/+29
| | | | | | | | | wrapper tevent_context This is only allowed if the raw tevent context is already registered. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3:messages: protect against usage of wrapper tevent_context objects for ↵Stefan Metzmacher2018-07-111-0/+8
| | | | | | | | | | | | messaging This makes a lot of assumtion easier to understand and the introduction of wrapper tevent contexts will not change the existing behaviour. We'll relax this a bit in the next commits. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3:messages: check tevent_fd_get_flags() == 0 before using stale event ↵Ralph Boehme2018-04-241-2/+12
| | | | | | | | | | | | | context pointer If the event context got deleted, tevent_fd_get_flags() will return 0 for the stale fde. In that case we should not use fde_ev->ev anymore. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* messaging: Always register CTDB_SRVID_SAMBA_PROCESSVolker Lendecke2017-12-051-0/+9
| | | | | | | | This will be used to broadcast to all processes, avoiding the costly traverse of serverid.tdb. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* messages_ctdb: Add messaging_ctdb_connectionVolker Lendecke2017-07-251-0/+8
| | | | | | | | | | | | | This will be the replacement for messaging_ctdbd_connection(). This does not default to initializing messaging but panics. We just don't have correct default arguments for messaging_init. Implicit multiple messaging and event contexts is a bug also. It *might* be that some tools fail due to this, but this needs fixing in different ways. See the previous commit for smbpasswd. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* messaging: Add messaging_ctdb_init/destroyVolker Lendecke2017-07-251-0/+260
This models connecting to ctdb after the dgm code. The main point is that we should never open more than more ctdb socket for messaging. With more than one socket, we might end up with our pid registered with ctdb on more than one socket. This could lead to memory overconsumption in ctdb. ctdbd will eventually throw away messages, but they will take up space unnecessarily. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
View Lorry Controller Status