Re: [Qemu-devel] [PATCH] tests/vhost-user-test: Fix potential use-after-free

[David Gibson <david@gibson.dropbear.id.au>]

[-- Attachment #1: Type: text/plain, Size: 1499 bytes --]

On Wed, Dec 02, 2015 at 05:36:49AM -0500, Marc-André Lureau wrote:
> Hi
> 
> ----- Original Message -----
> > ae31fb5 "vhost-user-test: wrap server in TestServer struct" cleaned up
> > the handling of the test server in vhost-user-test.  Unfortunately it
> > introduced a subtle use-after-free if a race goes the wrong way.
> > 
> > When the server structure is freed inside test_server_free() the GThread
> > started earlier is still running inside g_main_loop_run().  That GMainLoop
> > still has handlers active which reference the server structure, so if those
> > trip before the program exits there's a use-after-free.
> > 
> > I've had difficulty reproducing this locally, but for some reason it seems
> > to trip every time on Travis builds - this has been breaking all my test
> > builds there, which is why I notced it.
> > 
> > This patch prevents the use after free.  Unfortunately it looks like there
> > are additional problems still breaking my Travis builds, but one problem
> > at a time.
> > 
> > Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> 
> The fix is on the ML for a few days, see "vhost-user-test: fix chardriver race"
> The last series of fixes is "[PATCH for-2.5 v4 0/4] vhost-user-test
> fixes"

Drat, wish I'd spotted it.  Oh well.

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]