From: Volker Lendecke Date: Thu, 7 Dec 2017 19:53:18 +0000 (+0100) Subject: vfs_aio_fork: Fix a crash in aio_fork X-Git-Tag: talloc-2.1.11~249 X-Git-Url: http://git.samba.org/samba.git/?p=nivanova%2Fsamba-autobuild%2F.git;a=commitdiff_plain;h=f2dcec97a897cd54c9d71fcd91e76da518b1e98e;ds=sidebyside vfs_aio_fork: Fix a crash in aio_fork Since the introduction of the vfs_aio_fork:erratic_testing_mode this crashed reliably, as we had two different structs behind SMB_VFS_HANDLE_SET_DATA. I had always believed that due to the fact that we have specific aio_fork tests in our autobuild, this would have been tested. But it was not, because the share definition missed the the "aio read/write size = 1" to actually use the async code in vfs_aio_fork. Signed-off-by: Volker Lendecke Reviewed-by: Andreas Schneider --- diff --git a/source3/modules/vfs_aio_fork.c b/source3/modules/vfs_aio_fork.c index 4069d935d24..3eaa26774f5 100644 --- a/source3/modules/vfs_aio_fork.c +++ b/source3/modules/vfs_aio_fork.c @@ -41,8 +41,11 @@ #define MAP_FILE 0 #endif +struct aio_child_list; + struct aio_fork_config { bool erratic_testing_mode; + struct aio_child_list *children; }; struct mmap_area { @@ -149,11 +152,6 @@ struct aio_child_list { struct tevent_timer *cleanup_event; }; -static void free_aio_children(void **p) -{ - TALLOC_FREE(*p); -} - static ssize_t read_fd(int fd, void *ptr, size_t nbytes, int *recvfd) { struct iovec iov[1]; @@ -267,19 +265,19 @@ static void aio_child_cleanup(struct tevent_context *event_ctx, static struct aio_child_list *init_aio_children(struct vfs_handle_struct *handle) { - struct aio_child_list *data = NULL; + struct aio_fork_config *config; + struct aio_child_list *children; - if (SMB_VFS_HANDLE_TEST_DATA(handle)) { - SMB_VFS_HANDLE_GET_DATA(handle, data, struct aio_child_list, - return NULL); - } + SMB_VFS_HANDLE_GET_DATA(handle, config, struct aio_fork_config, + return NULL); - if (data == NULL) { - data = talloc_zero(NULL, struct aio_child_list); - if (data == NULL) { + if (config->children == NULL) { + config->children = talloc_zero(config, struct aio_child_list); + if (config->children == NULL) { return NULL; } } + children = config->children; /* * Regardless of whether the child_list had been around or not, make @@ -287,22 +285,18 @@ static struct aio_child_list *init_aio_children(struct vfs_handle_struct *handle * delete itself when it finds that no children are around anymore. */ - if (data->cleanup_event == NULL) { - data->cleanup_event = tevent_add_timer(server_event_context(), data, - timeval_current_ofs(30, 0), - aio_child_cleanup, data); - if (data->cleanup_event == NULL) { - TALLOC_FREE(data); + if (children->cleanup_event == NULL) { + children->cleanup_event = + tevent_add_timer(server_event_context(), children, + timeval_current_ofs(30, 0), + aio_child_cleanup, children); + if (children->cleanup_event == NULL) { + TALLOC_FREE(config->children); return NULL; } } - if (!SMB_VFS_HANDLE_TEST_DATA(handle)) { - SMB_VFS_HANDLE_SET_DATA(handle, data, free_aio_children, - struct aio_child_list, return False); - } - - return data; + return children; } static void aio_child_loop(int sockfd, struct mmap_area *map)