diff options
| author | Amitay Isaacs <amitay@gmail.com> | 2012-10-29 14:56:10 +1100 |
|---|---|---|
| committer | Amitay Isaacs <amitay@gmail.com> | 2013-01-09 14:39:23 +1100 |
| commit | 4a6fa39ff96e10b1f36b0656ca27ea74f20ff110 (patch) | |
| tree | 58c489a5632be6bb2f3a15c810f0dbeef79b5f86 /ctdb | |
| parent | 30299c387f3c9695afb716b3787035cf7c441333 (diff) | |
| download | samba-4a6fa39ff96e10b1f36b0656ca27ea74f20ff110.tar.gz samba-4a6fa39ff96e10b1f36b0656ca27ea74f20ff110.tar.xz samba-4a6fa39ff96e10b1f36b0656ca27ea74f20ff110.zip | |
daemon: Protect against double free of callback state while shutting down
When CTDB is shut down and monitoring has been stopped, monitor_context
gets freed and all the callback states hanging off it. This includes
callback state for current_monitor, if the current monitor event has
not yet finished. As a result, when the shutdown event is called,
current_monitor->callback state is not NULL, but it's actually freed
and it's a dangling reference.
So before executing callback function and freeing callback state check
if ctdb->monitor->monitor_context is not NULL.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
(This used to be ctdb commit 7d8546ee4353851f0543d0ca2c4c67cb0cc75aea)
Diffstat (limited to 'ctdb')
| -rw-r--r-- | ctdb/include/ctdb_private.h | 1 | ||||
| -rw-r--r-- | ctdb/server/ctdb_monitor.c | 7 | ||||
| -rw-r--r-- | ctdb/server/eventscript.c | 5 |
3 files changed, 11 insertions, 2 deletions
diff --git a/ctdb/include/ctdb_private.h b/ctdb/include/ctdb_private.h index fb541958f4a..5b519fbc682 100644 --- a/ctdb/include/ctdb_private.h +++ b/ctdb/include/ctdb_private.h @@ -1343,6 +1343,7 @@ int ctdb_repack(struct ctdb_context *ctdb, int argc, const char **argv); void ctdb_block_signal(int signum); void ctdb_unblock_signal(int signum); int32_t ctdb_monitoring_mode(struct ctdb_context *ctdb); +bool ctdb_stopped_monitoring(struct ctdb_context *ctdb); int ctdb_set_child_logging(struct ctdb_context *ctdb); void ctdb_lockdown_memory(struct ctdb_context *ctdb); diff --git a/ctdb/server/ctdb_monitor.c b/ctdb/server/ctdb_monitor.c index bc21e5bb1da..984f947a3b4 100644 --- a/ctdb/server/ctdb_monitor.c +++ b/ctdb/server/ctdb_monitor.c @@ -506,3 +506,10 @@ int32_t ctdb_monitoring_mode(struct ctdb_context *ctdb) return ctdb->monitor->monitoring_mode; } +/* + * Check if monitoring has been stopped + */ +bool ctdb_stopped_monitoring(struct ctdb_context *ctdb) +{ + return (ctdb->monitor->monitor_context == NULL ? true : false); +} diff --git a/ctdb/server/eventscript.c b/ctdb/server/eventscript.c index 6a75877bff8..762f9506fa9 100644 --- a/ctdb/server/eventscript.c +++ b/ctdb/server/eventscript.c @@ -781,8 +781,9 @@ static int ctdb_event_script_callback_v(struct ctdb_context *ctdb, if (ctdb->current_monitor) { struct ctdb_event_script_state *ms = talloc_get_type(ctdb->current_monitor, struct ctdb_event_script_state); - /* cancel it */ - if (ms->callback != NULL) { + /* Cancel current monitor callback state only if monitoring + * context ctdb->monitor->monitor_context has not been freed */ + if (ms->callback != NULL && !ctdb_stopped_monitoring(ctdb)) { ms->callback->fn(ctdb, -ECANCELED, ms->callback->private_data); talloc_free(ms->callback); } |