The branch, v3-6-test has been updated via b4abc44 s3-aio-fork: Fix a segfault in vfs_aio_fork via ee81564 s3-aio-fork: Fix aio_suspend event hierarchy from ad6d518 docs-xml: fix default name resolve order (fix bug #7564)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log ----------------------------------------------------------------- commit b4abc44a370b8196c72d58a2ed4d8c9bcbc49d17 Author: Volker Lendecke <v...@samba.org> Date: Sat Mar 31 13:37:20 2012 +0200 s3-aio-fork: Fix a segfault in vfs_aio_fork aio_suspend does not signal the main process with a signal, it just waits. The aio_fork module does not use the signal at all, it directly calls back into the main smbd by calling smbd_aio_complete_aio_ex. This is an abstraction violation, but the alternative would have been to use signals where they are not needed. However, in wait_for_aio_completion this bites us: With aio_fork we call handle_aio_completed twice on the same aio_ex struct: Once from the call to handle_aio_completion within the aio_fork module and once from the code in wait_for_aio_completion. This patch fixes it in a pretty bad way by introducing flag variables and more state. But the mid-term plan is to replace the posix aio calls from the vfs and do pread_send/recv and pwrite_send/recv at the vfs layer, so this will significantly change anyway. Thanks to Kirill Malkin <kirill.mal...@starboardstorage.com> for reporting this crash! The last 2 patches address bug #8836 (aio_fork segfaults on "smbcontrol close-share"). commit ee81564123be5e21b87e7003b51467180c3fdcb5 Author: Volker Lendecke <v...@samba.org> Date: Sat Mar 31 13:34:42 2012 +0200 s3-aio-fork: Fix aio_suspend event hierarchy We end up here multiple times. There's no real point putting the events into the child struct, at the end of this routine we need to free them anyway. ----------------------------------------------------------------------- Summary of changes: source3/modules/vfs_aio_fork.c | 32 ++++++++++++++++---------------- 1 files changed, 16 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_aio_fork.c b/source3/modules/vfs_aio_fork.c index 7f6a021..4891cd2 100644 --- a/source3/modules/vfs_aio_fork.c +++ b/source3/modules/vfs_aio_fork.c @@ -101,6 +101,8 @@ struct aio_child { bool dont_delete; /* Marked as in use since last cleanup */ bool cancelled; bool read_cmd; + bool called_from_suspend; + bool completion_done; }; struct aio_child_list { @@ -432,6 +434,10 @@ static void handle_aio_completion(struct event_context *event_ctx, child->retval.size); } + if (child->called_from_suspend) { + child->completion_done = true; + return; + } aio_ex = (struct aio_extra *)child->aiocb->aio_sigevent.sigev_value.sival_ptr; smbd_aio_complete_aio_ex(aio_ex); TALLOC_FREE(aio_ex); @@ -827,6 +833,8 @@ static int aio_fork_suspend(struct vfs_handle_struct *handle, */ for (child = children->children; child != NULL; child = child->next) { + struct tevent_fd *event; + if (child->aiocb == NULL) { continue; } @@ -841,18 +849,16 @@ static int aio_fork_suspend(struct vfs_handle_struct *handle, continue; } - /* We're never using this event on the - * main event context again... */ - TALLOC_FREE(child->sock_event); + event = event_add_fd(ev, + frame, + child->sockfd, + EVENT_FD_READ, + handle_aio_completion, + child); - child->sock_event = event_add_fd(ev, - child, - child->sockfd, - EVENT_FD_READ, - handle_aio_completion, - child); + child->called_from_suspend = true; - while (1) { + while (!child->completion_done) { if (tevent_loop_once(ev) == -1) { goto out; } @@ -861,12 +867,6 @@ static int aio_fork_suspend(struct vfs_handle_struct *handle, errno = EAGAIN; goto out; } - - /* We set child->aiocb to NULL in our hooked - * AIO_RETURN(). */ - if (child->aiocb == NULL) { - break; - } } } } -- Samba Shared Repository