[libvirt] [PATCH] Fix possible infinite loop in remote driver
When we take out completed calls from queue we might end up in circular pointer. We don't want pointer to previous item point to element taken out. --- src/remote/remote_driver.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 9310ddf..ec10010 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -10672,8 +10672,9 @@ remoteIOEventLoop(virConnectPtr conn, */ VIR_DEBUG("Waking up sleep %d %p %p", tmp->proc_nr, tmp, priv->waitDispatch); virCondSignal(&tmp->cond); + } else { + prev = tmp; } - prev = tmp; tmp = tmp->next; } -- 1.7.4.2
On Tue, Apr 12, 2011 at 04:58:48PM +0200, Michal Privoznik wrote:
When we take out completed calls from queue we might end up in circular pointer. We don't want pointer to previous item point to element taken out. --- src/remote/remote_driver.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 9310ddf..ec10010 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -10672,8 +10672,9 @@ remoteIOEventLoop(virConnectPtr conn, */ VIR_DEBUG("Waking up sleep %d %p %p", tmp->proc_nr, tmp, priv->waitDispatch); virCondSignal(&tmp->cond); + } else { + prev = tmp; } - prev = tmp; tmp = tmp->next; }
ACK The diff context doesn't really show enough, but this is correct fix for the logic flaw Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
On 04/12/2011 09:12 AM, Daniel P. Berrange wrote:
On Tue, Apr 12, 2011 at 04:58:48PM +0200, Michal Privoznik wrote:
When we take out completed calls from queue we might end up in circular pointer. We don't want pointer to previous item point to element taken out. --- src/remote/remote_driver.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 9310ddf..ec10010 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -10672,8 +10672,9 @@ remoteIOEventLoop(virConnectPtr conn, */ VIR_DEBUG("Waking up sleep %d %p %p", tmp->proc_nr, tmp, priv->waitDispatch); virCondSignal(&tmp->cond); + } else { + prev = tmp; } - prev = tmp; tmp = tmp->next; }
ACK
The diff context doesn't really show enough, but this is correct fix for the logic flaw
I've pushed this. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org
participants (3)
-
Daniel P. Berrange -
Eric Blake -
Michal Privoznik