CTDB: Small patch set fixing memory leak and other things for ctdb_daemon_read_cb

Swen Schillig swen at vnet.ibm.com
Mon Mar 19 09:33:25 UTC 2018 

On Mon, 2018-03-19 at 14:35 +1100, Martin Schwenke via samba-technical
wrote:
> On Fri, 16 Mar 2018 11:50:27 +0100, Swen Schillig <swen at vnet.ibm.com>
> wrote:
> 
> > On Fri, 2018-03-16 at 20:46 +1100, Martin Schwenke wrote:
> > > On Tue, 13 Mar 2018 10:06:56 +0100, Swen Schillig via samba-
> > > technical
> > > <samba-technical at lists.samba.org> wrote:
> > >   
> > > > The attached file contains 3 small patches fixing a memory
> > > > leak,
> > > > removes not require checks and is cleaning up the code for
> > > > column
> > > > length, function call formatting and using the right logging
> > > > macros.  
> > > 
> > > For the 1st commit, the commit message says:
> > > 
> > >   Within ctdb_daemon_read_cb the provided data is checked for
> > > sanity,
> > >   e.g. correct size and content. This is not required because it
> > > was
> > >   done already by the caller.
> > > 
> > > You might as well name the caller.
> > > 
> > > I assume you mean queue_process() in
> > > ctdb/common/ctdb_io.c.  However,
> > > I
> > > don't see where that function confirms that it has read a full
> > > header.  
> > 
> > That is the pkt_size,
> > we do 
> > 	pkt_size = *(uint32_t *)queue->buffer.data;
> > and
> >  	if (queue->buffer.length < pkt_size) {
> > 		...
> > 		return;
> > 	}
> > in queue_process before we're calling the callback.
> > which is the same as 
> >  	hdr = (struct ctdb_req_header *)data;
> > 	if (cnt != hdr->length) 
> > having struct ctdb_req_header as
> > 	struct ctdb_req_header {
> > 		uint32_t length;
> > 		...
> > 	}
> 
> It isn't the same.  :-(
You're right.
I need to add that one check back.

> 
> You are correct in saying that queue_process() ensures that it always
> passes a complete packet to the callback, based on the packet length
> at the beginning of the packet.  queue_process() doesn't check that
> the
> packet length is reasonable.

> 
> I think you're assuming that any packet being read is long enough to
> contain a valid header.  What happens if something sends a short
> packet
> that is less than the length of a header?  It is true that this
> shouldn't happen.  However, if it does happen (due to a bug
> elsewhere)
> then ctdb_daemon_read_cb() casts the short packet to a header struct
> and potentially accesses fields beyond the end of the packet.
> 
> So, I don't think you can remove that check without some very careful
> thinking and justification. 
> 
> > > In the 2nd commit, since the debug message is very generic and is
> > > meant
> > > for debugging, please use DBG_DEBUG(), since this logs the
> > > function
> > > name, instead of D_DEBUG().  
> > 
> > I only learned recently, that I should replace those "old-
> > fashioned"
> > macros by the newer-/shorter-ones as they do include the name
> > already.
> > ...and if you're looking at 
> > 
> > #define D_DEBUG(...)		DEBUG(DBGLVL_DEBUG,	(__V
> > A_ARGS__))
> > and 
> > #define DEBUG( level, body ) \
> >   (void)( ((level) <= MAX_DEBUG_LEVEL) && \
> > 	  unlikely(DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))		
> > \
> >        && (dbghdrclass( level, DBGC_CLASS, __location__,
> > __FUNCTION__ )) \
> >        && (dbgtext body) )
> > 
> > this seems to be the case, right ?
> 
> Please read dbghdrclass() and ctdb/common/logging.c.
> 
> peace & happiness,
> martin

Removed the cleanup.

Please have a look again.

Thanks in advance.

Cheers Swen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ctdb_daemon_read_cb.patch
Type: text/x-patch
Size: 2996 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180319/2e8f2893/ctdb_daemon_read_cb.bin>

More information about the samba-technical mailing list