diff options
author | Attila Kovacs <attila.kovacs@cfa.harvard.edu> | 2022-07-26 15:24:01 -0400 |
---|---|---|
committer | Steve Dickson <steved@redhat.com> | 2022-07-26 15:26:49 -0400 |
commit | 3f2a5459fb00c2f529d68a4a0fd7f367a77fa65a (patch) | |
tree | b4d4f3e1b4ce227c7c0051d9fcfe107894c254fa /src/clnt_fd_locks.h | |
parent | 7a6651a31038cb19807524d0422e09271c5ffec9 (diff) | |
download | ti-rpc-3f2a5459fb00c2f529d68a4a0fd7f367a77fa65a.tar.gz |
thread safe clnt destruction.
If clnt_dg_destroy() or clnt_vc_destroy() is awoken with other blocked
operations pending (such as clnt_*_call(), clnt_*_control(), or
clnt_*_freeres()) but no active operation currently being executed, then the
client gets destroyed. Then, as the other blocked operations get subsequently
awoken, they will try operate on an invalid client handle, potentially causing
unpredictable behavior and stack corruption.
Signed-off-by: Attila Kovacs <attipaci@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Diffstat (limited to 'src/clnt_fd_locks.h')
-rw-r--r-- | src/clnt_fd_locks.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/clnt_fd_locks.h b/src/clnt_fd_locks.h index 359f995..6ba62cb 100644 --- a/src/clnt_fd_locks.h +++ b/src/clnt_fd_locks.h @@ -50,6 +50,7 @@ static unsigned int fd_locks_prealloc = 0; /* per-fd lock */ struct fd_lock_t { bool_t active; + int pending; /* Number of pending operations on fd */ cond_t cv; }; typedef struct fd_lock_t fd_lock_t; @@ -180,6 +181,7 @@ fd_lock_t* fd_lock_create(int fd, fd_locks_t *fd_locks) { item->fd = fd; item->refs = 1; item->fd_lock.active = FALSE; + item->fd_lock.pending = 0; cond_init(&item->fd_lock.cv, 0, (void *) 0); TAILQ_INSERT_HEAD(list, item, link); } else { |