[PATCH] Version 2: Patchset for bug #10344 - SessionLogoff on a signed connection with an outstanding notify request crashes smbd.
Jeremy Allison
jra at samba.org
Wed Mar 12 09:52:04 MDT 2014
On Wed, Mar 12, 2014 at 10:53:20AM +0100, Andreas Schneider wrote:
> On Tuesday 11 March 2014 14:34:42 you wrote:
> > On Tue, Mar 11, 2014 at 01:59:08PM -0700, Jeremy Allison wrote:
> > > Sorry - this is a really long reply. But it covers
> > > a lot of ground (and I think I've found a bug in
> > > metze.diff also - more on that below).
> > >
> > > Metze if you want to jump to the bug in the logic
> > > in your patch just search for :
> > >
> > > ******METZE***BUG***ALERT***********
> > >
> > > below :-).
> >
> > OK, I'm wrong. Sorry. I went through
> > lib/tevent/tevent_queue.c again really
> > carefully (yet again... :-) and I had
> > missed the case that when struct tevent_queue_entry *e
> > is removed in the tevent_queue_entry_destructor() the
> > trigger called is that of the
> > new head of the list, q->list,
> > *not* the next pointer of the
> > deleted event e->next.
> >
> > So it *IS* going to wait for all of
> > them to be done without an implicit
> > ordering.
> >
> > Sorry for the noise :-). Does
> > make my point about how opaque
> > the internals of lib/tevent/tevent_queue.c
> > are though !
>
> If such details are not in the documentation of tevent, please add it!!!
The tevent wait queue docs are ok, what
gave me immense trouble is the use of it
in Metze's patch. I'm not going as far
as to say it's actual *abuse* of the API,
but let's just say I realized in the
shower this morning that the ordering
issue only works as a side-effect of
having no trigger callbacks on the
blocking calls :-).
For example:
Imagine a wait queue with
"objects" waiting :
1 -> 2 -> 3 -> 4
Now objects 1,2,3 can complete
in any order (i.e. not in the order
1, 2, 3) - but the trigger
functions will only be called
in the order 1 -> 2 -> 3 (which
is the essense of a queue of
course). So this only works
because there are no trigger
functions that actually have
any effect added on objects
1, 2 or 3.
Object 4 has an actual trigger
function that completes the
wait, and this of course is
guarenteed to be called last
so it all works.
I think this is.... a confusing
use of the API.. would be the correct
term :-).
Jeremy.
More information about the samba-technical
mailing list