RHEL6 init.d script (was Re: Initscript Debian Wheezy)

Andrew Bartlett abartlet at samba.org
Fri Sep 7 17:00:27 MDT 2012 

On Fri, 2012-09-07 at 15:50 -0700, Jeremy Allison wrote:
> On Sat, Sep 08, 2012 at 12:33:51AM +0200, Stefan (metze) Metzmacher wrote:
> > Am 07.09.2012 01:33, schrieb Jeremy Allison:
> > > On Thu, Sep 06, 2012 at 12:08:41PM -0700, David Rivera wrote:
> > >> Did you check out the output from gdb_backtrace?  http://pastebin.com/Kjymcckg
> > >> Or is this not enough?
> > > 
> > > Can you test the following patch against the last released
> > > code (or current master) and let me know if it fixes the
> > > crash ? I think it should, if I figured out the memory
> > > chains correctly.
> > 
> > Hi Jeremy,
> > 
> > the destructor should also set
> > state->pp_self_ref = NULL
> > otherwise still have the same problem.
> 
> I don't see that. pp_self_ref is allocated
> as a child of state->session.
> 
> When we exist sessionsetup with success,
> we want to keep the session so we call
> TALLOC_FREE(state->pp_self_ref), which
> frees the memory pointed to by state->pp_self_ref
> and calls the destructor which then sets
> (*pp_state)->session = NULL, and then sets
> state->pp_self_ref = NULL (but that's
> not required, as it's not looked at
> again).
> 
> If we're exiting on an error from
> the sessionsetup and we want to
> delete the session, we eventually
> end up in smbd_smb2_session_setup_state_destructor(),
> which calls TALLOC_FREE(state->session), which
> will call pp_self_ref_destructor() as
> the memory pointed to by state->pp_self_ref
> is a child of state->session. But
> at that point state still exists
> (we're inside it's destructor)
> so it's ok to set (*pp_state)->session = NULL.
> 
> If we get terminated whilst the
> sessionsetup is still in flight
> then when the state->session is
> deleted from exit_server again
> state still exists so it's safe
> to call the pp_self_ref_destructor()
> and set (*pp_state)->session = NULL.
> 
> Let me know how you think the
> memory error can still happen.

Can we make sure we get an smbtorture test for this?  This looks subtle
enough to be quite annoying if we we trip up on this in a later
re-factor. 

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list