tevent_abort_nesting crash in idmap_ad

Jeremy Allison jra at samba.org
Fri Jun 24 16:10:04 UTC 2016


On Fri, Jun 24, 2016 at 05:56:00PM +0200, Ralph Boehme wrote:
> On Fri, Jun 24, 2016 at 05:48:24PM +0200, Volker Lendecke wrote:
> > On Fri, Jun 24, 2016 at 05:41:41PM +0200, Ralph Boehme wrote:
> > > On Fri, Jun 24, 2016 at 05:15:45PM +0200, Volker Lendecke wrote:
> > > > On Fri, Jun 24, 2016 at 04:33:12PM +0200, Ralph Boehme wrote:
> > > > > Just came across the following while running selftests that involve
> > > > > idmap_ad on a member server testenv:
> > > > > 
> > > > > idmap_ad calls into tldap which calls into gensec where it runs a
> > > > > nested tevent loop, SBT attached.
> > > > > 
> > > > > For now I added a hack to allow nested tevent loops to
> > > > > tldap_gensec_bind(), this fixes the issue.
> > > > 
> > > > Please find a better patch attached. It's a pity, but it's inevitable.
> > > > 
> > > > Review&Push appreciated!
> > > 
> > > I was able to briefly talk to metze and he suggested we wait til
> > > Monday to evaluate our options.
> > 
> > There are no options. gensec has had nested eventloops forever, and
> > it will take many months of metze's full time work to fix this. We
> > can't wait for that, this will never happen. I have tried to convince
> > the gensec masters for years that this is required, but we just have to
> > accept the fact that gensec requires nested event loops by its very core
> > design, and I am not willing to accept nested event loops in code that
> > I feel responsible for. There was one person in the world who was able
> > to debug nested event loop code, and this was Tridge. Tridge left Samba,
> > so we have nobody anymore to debug that code when bad things happen.
> > 
> > Sorry for causing this trouble, I am very disappointed with myself that I
> > let myself be caught in the trap to believe that gensec might be usable.
> > It is not.
> > 
> > Please remove this again. NOW.
> 
> your code, you insist, so be it. Pushed to autobuild.

Hang on a minute - what will break with this revert ?

Yes I know it's broken right now due to the nested
event loops in gensec, but I'd like to know what
we're losing by doing a revert here ?

Can we wait until at least next week and people have
had time to look at is before taking drastic action
like a big revert please ?

Long term of course, nested event loops Have. To. GO !



More information about the samba-technical mailing list