RHEL6 init.d script (was Re: Initscript Debian Wheezy)
Jeremy Allison
jra at samba.org
Fri Sep 7 16:50:49 MDT 2012
On Sat, Sep 08, 2012 at 12:33:51AM +0200, Stefan (metze) Metzmacher wrote:
> Am 07.09.2012 01:33, schrieb Jeremy Allison:
> > On Thu, Sep 06, 2012 at 12:08:41PM -0700, David Rivera wrote:
> >> Did you check out the output from gdb_backtrace? http://pastebin.com/Kjymcckg
> >> Or is this not enough?
> >
> > Can you test the following patch against the last released
> > code (or current master) and let me know if it fixes the
> > crash ? I think it should, if I figured out the memory
> > chains correctly.
>
> Hi Jeremy,
>
> the destructor should also set
> state->pp_self_ref = NULL
> otherwise still have the same problem.
I don't see that. pp_self_ref is allocated
as a child of state->session.
When we exist sessionsetup with success,
we want to keep the session so we call
TALLOC_FREE(state->pp_self_ref), which
frees the memory pointed to by state->pp_self_ref
and calls the destructor which then sets
(*pp_state)->session = NULL, and then sets
state->pp_self_ref = NULL (but that's
not required, as it's not looked at
again).
If we're exiting on an error from
the sessionsetup and we want to
delete the session, we eventually
end up in smbd_smb2_session_setup_state_destructor(),
which calls TALLOC_FREE(state->session), which
will call pp_self_ref_destructor() as
the memory pointed to by state->pp_self_ref
is a child of state->session. But
at that point state still exists
(we're inside it's destructor)
so it's ok to set (*pp_state)->session = NULL.
If we get terminated whilst the
sessionsetup is still in flight
then when the state->session is
deleted from exit_server again
state still exists so it's safe
to call the pp_self_ref_destructor()
and set (*pp_state)->session = NULL.
Let me know how you think the
memory error can still happen.
Jeremy.
More information about the samba-technical
mailing list