git.samba.org - samba.git/commit

author	Volker Lendecke <vl@samba.org>
	Wed, 22 Oct 2014 15:02:49 +0000 (15:02 +0000)
committer	Jeremy Allison <jra@samba.org>
	Thu, 23 Oct 2014 23:40:16 +0000 (01:40 +0200)
commit	c9cced03224011ad25f5fc6b7d737fb2cabd3153
tree	dcbf1ae2c86dd9654eafe05d13c833c7d073e74e	tree
parent	4b09df897803e78265fd19f6ff19be6e3d8a3944	commit \| diff

poll_funcs_tevent: Fix a valgrind error

The valgrind error happened in poll_funcs_tevent_handle_destructor in

  if (handle->ctx->refcount == 0)

handle->ctx was already gone at the time this destructor
was called. It happened because during messaging_init the
messaging_dgm subsystem was free'ed.  The unix_msg context and the
poll_funcs_tevent_context are children of messaging_dgm_context. How
was poll_funcs_tevent_handle_destructor still called? While working
on the new notify subsystem I've added some messaging_read_send
tevent_reqs, which register themselves with the dgm_context via
messaging_dgm_register_tevent_context. They were not gone yet. When
later these were also run down due to another talloc_free somewhere else,
this destructor referenced dead memory.

This code now protects the poll_funcs_tevent_handle against the
poll_funcs_tevent_context going away first with the loop

       for (h = ctx->handles; h != NULL; h = h->next) {
               h->ctx = NULL;
       }

in poll_funcs_tevent_context_destructor together with

       if (handle->ctx == NULL) {
               return 0;
       }

in poll_funcs_tevent_handle_destructor.

A side-effect of this code is that messaging_read_send request won't be
satisfied anymore after a reinit_after_fork kicked in. But I think this is the
right thing anyway: Every process should register its own message handlers
explicitly.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>