diff options
author | Signed-off-by: Susant Sahani <ssahani@redhat.com> | 2013-11-25 14:09:04 -0500 |
---|---|---|
committer | Steve Dickson <steved@redhat.com> | 2013-11-25 14:10:49 -0500 |
commit | 2fb4a883262ecf32d54acda9ff9b96b4a1913a1a (patch) | |
tree | e292db7054c1861f6baf59feb8fadad882b52e6c | |
parent | 514c713abc2ed83e551befa8e0273fb913030448 (diff) | |
download | ti-rpc-2fb4a883262ecf32d54acda9ff9b96b4a1913a1a.tar.gz |
Race in Race in clnt_vc_createlibtirpc-0-2-4-rc3
The function clnt_create is *not* thread safe. Race conditions in the
function clnt_vc_create that accesses static data disrupt, which is
*not* protected by any mutex. When more than one thread access it
it has become a nonlocal side effect . This race conditions can lead to
undesired behaviour . By introducing the mutex disrupt_lock
the function clnt_vc_create is serialized
Signed-off-by: Susant Sahani <ssahani@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
-rw-r--r-- | src/clnt_vc.c | 5 | ||||
-rw-r--r-- | src/mt_misc.c | 3 |
2 files changed, 8 insertions, 0 deletions
diff --git a/src/clnt_vc.c b/src/clnt_vc.c index 2eab9e4..61264d4 100644 --- a/src/clnt_vc.c +++ b/src/clnt_vc.c @@ -133,6 +133,7 @@ struct ct_data { * should be the first thing fixed. One step at a time. */ static int *vc_fd_locks; +extern pthread_mutex_t disrupt_lock; extern mutex_t clnt_fd_lock; static cond_t *vc_cv; #define release_fd_lock(fd, mask) { \ @@ -179,8 +180,10 @@ clnt_vc_create(fd, raddr, prog, vers, sendsz, recvsz) socklen_t slen; struct __rpc_sockinfo si; + mutex_lock(&disrupt_lock); if (disrupt == 0) disrupt = (u_int32_t)(long)raddr; + mutex_unlock(&disrupt_lock); cl = (CLIENT *)mem_alloc(sizeof (*cl)); ct = (struct ct_data *)mem_alloc(sizeof (*ct)); @@ -270,7 +273,9 @@ clnt_vc_create(fd, raddr, prog, vers, sendsz, recvsz) * Initialize call message */ (void)gettimeofday(&now, NULL); + mutex_lock(&disrupt_lock); call_msg.rm_xid = ((u_int32_t)++disrupt) ^ __RPC_GETXID(&now); + mutex_unlock(&disrupt_lock); call_msg.rm_direction = CALL; call_msg.rm_call.cb_rpcvers = RPC_MSG_VERSION; call_msg.rm_call.cb_prog = (u_int32_t)prog; diff --git a/src/mt_misc.c b/src/mt_misc.c index ddbb0a5..d459dec 100644 --- a/src/mt_misc.c +++ b/src/mt_misc.c @@ -97,6 +97,9 @@ pthread_mutex_t nc_db_lock = PTHREAD_MUTEX_INITIALIZER; /* protects static port and startport (bindresvport.c) */ pthread_mutex_t port_lock = PTHREAD_MUTEX_INITIALIZER; +/* protects static disrupt (clnt_vc.c) */ +pthread_mutex_t disrupt_lock = PTHREAD_MUTEX_INITIALIZER; + #undef rpc_createerr struct rpc_createerr rpc_createerr; |