[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5273-gc9df9c6

Karolin Seeger kseeger at samba.org
Wed May 27 07:54:31 GMT 2009


The branch, v3-3-test has been updated
       via  c9df9c68da21610d9c32a57e24f45d36ebe432c5 (commit)
      from  7434898b10a5c5780bd015b7bdca3eaa7a2b5475 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit c9df9c68da21610d9c32a57e24f45d36ebe432c5
Author: Volker Lendecke <vl at samba.org>
Date:   Sun May 24 18:57:13 2009 +0200

    Fix a race condition in winbind leading to a panic
    
    In winbind, we do multiple events in one select round. This needs fixing, but
    as long as we're still using it, for efficiency reasons we need to do that.
    
    What can happen is the following: We have outgoing data pending for a client,
    thus
    
    	state->fd_event.flags == EVENT_FD_WRITE
    
    Now a new client comes in, we go through the list of clients to find an idle
    one. The detection for idle clients in remove_idle_client does not take the
    pending data into account. We close the socket that has pending outgoing data,
    the accept(2) one syscall later gives us the same socket.
    
    In new_connection(), we do a setup_async_read, setting up a read fde. The
    select from before however had found the socket (that we had already closed!!)
    to be writable. In rw_callback we only want to see a readable flag, and we
    panic in the SMB_ASSERT(flags == EVENT_FD_READ).
    
    Found using
    
    bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient
    
    Volker
    
    (commit 68c5c6df in master)

-----------------------------------------------------------------------

Summary of changes:
 source/winbindd/winbindd.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/winbindd/winbindd.c b/source/winbindd/winbindd.c
index f333e37..9005e67 100644
--- a/source/winbindd/winbindd.c
+++ b/source/winbindd/winbindd.c
@@ -778,6 +778,7 @@ static bool remove_idle_client(void)
 
 	for (state = winbindd_client_list(); state; state = state->next) {
 		if (state->response.result != WINBINDD_PENDING &&
+		    state->fd_event.flags == EVENT_FD_READ &&
 		    !state->getpwent_state && !state->getgrent_state) {
 			nidle++;
 			if (!last_access || state->last_access < last_access) {


-- 
Samba Shared Repository


More information about the samba-cvs mailing list