Re: [libvirt] [PATCHv3 0/6] Fix memory corruption/crash in the connection close callback
On 04/08/2013 02:42 PM, Eric Blake wrote:
On 03/31/2013 10:20 AM, Peter Krempa wrote:
> This series fixes the crash resulting from a race condition in the connection
> close callback. To observe the crash apply the first patch only. To verify that
> the patchset fixes the crash please apply all but 2/6 and verify using virsh.
> 2/6 fixes the crash in a redundant way in case the close callback is used. In
> the case it isn't 2/6 itself can't fix the issue.
>
> For a better explanation of this problem please see the description in 6/6.
>
> Peter Krempa (4):
> DO NOT APPLY UPSTREAM: Close callback race corruption crash
> reproducer.
For the record, I'm currently trying to investigate where this race was
first introduced, to make it easier to state how far back this series
must be backported...
Looks like it has been present since close connection callbacks were
first added around commit b1029b6f, Jul 2012 (version 0.10.0). I just
confirmed that adding patch 1/6 on top of 0.10.0 reliably caused the
same valgrind detection of use-after-free. v0.9.13 is immune because it
predates close callbacks.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 621 bytes)