From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44718) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a4mIn-0003a6-Af for qemu-devel@nongnu.org; Fri, 04 Dec 2015 04:05:18 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1a4mIk-00032e-3o for qemu-devel@nongnu.org; Fri, 04 Dec 2015 04:05:17 -0500 Received: from ozlabs.org ([103.22.144.67]:40836) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a4mIj-00032L-Pz for qemu-devel@nongnu.org; Fri, 04 Dec 2015 04:05:14 -0500 Date: Fri, 4 Dec 2015 20:05:47 +1100 From: David Gibson Message-ID: <20151204090547.GI9559@voom.redhat.com> References: <1449024397-9200-1-git-send-email-david@gibson.dropbear.id.au> <1005103785.22106475.1449052609787.JavaMail.zimbra@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jQIvE3yXcK9X9HBh" Content-Disposition: inline In-Reply-To: <1005103785.22106475.1449052609787.JavaMail.zimbra@redhat.com> Subject: Re: [Qemu-devel] [PATCH] tests/vhost-user-test: Fix potential use-after-free List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: =?iso-8859-1?Q?Marc-Andr=E9?= Lureau Cc: marcandre lureau , qemu-devel@nongnu.org, mst@redhat.com --jQIvE3yXcK9X9HBh Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 02, 2015 at 05:36:49AM -0500, Marc-Andr=E9 Lureau wrote: > Hi >=20 > ----- Original Message ----- > > ae31fb5 "vhost-user-test: wrap server in TestServer struct" cleaned up > > the handling of the test server in vhost-user-test. Unfortunately it > > introduced a subtle use-after-free if a race goes the wrong way. > >=20 > > When the server structure is freed inside test_server_free() the GThread > > started earlier is still running inside g_main_loop_run(). That GMainL= oop > > still has handlers active which reference the server structure, so if t= hose > > trip before the program exits there's a use-after-free. > >=20 > > I've had difficulty reproducing this locally, but for some reason it se= ems > > to trip every time on Travis builds - this has been breaking all my test > > builds there, which is why I notced it. > >=20 > > This patch prevents the use after free. Unfortunately it looks like th= ere > > are additional problems still breaking my Travis builds, but one problem > > at a time. > >=20 > > Signed-off-by: David Gibson >=20 > The fix is on the ML for a few days, see "vhost-user-test: fix chardriver= race" > The last series of fixes is "[PATCH for-2.5 v4 0/4] vhost-user-test > fixes" Drat, wish I'd spotted it. Oh well. --=20 David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson --jQIvE3yXcK9X9HBh Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWYVdrAAoJEGw4ysog2bOSv/cP/30/DhGOKC5L87LLJmvVb70s pyVB8OZMT9qcgyJiexYerQNE2zZg7fVWaPiK70tVqc6SZyY/8XaRz1WigJZi0mAC dQUPJcaycN6Afy/Vg+1sPS2O+ugidYUNY4oSWeFyE9o4hG2u+wUwFHh7QUrHDyL1 StOJsu7v5ebILl8hBb7a0bDv+7r7ThwBTzFYWGU00TfnZtctjt/EOtIVNeY85s7I jAQSaNZgNxmW/0yvilNgNs/rrvWsLjPrmsrlqplXgKbSdTc2mqXOl4ReDsKiTkC1 M15jQh4wc6QdExx30zwMq9b0X3a8v6AZfOgg6u9BWjJ7C7UlmtlbyY0F3QLx+kPR zSTyNdgETSDmlkaR4aWAWR0geDN+DmnOmEClNb/2Qts/dpRF3bxxaVMyteRqAJjI Ke1ZaiDl3fG4VLkHyXtTTRbOqXjJKt14tvDv4+PYRYB1Y8ymbmi7Xkd3JANAUUPc IGprrLjoWecfNBs2BByTZq4R/z8FWdpvJ479gyksQGnQesZeeKIFhp7OCY4rSh+l UnhRMZ47uJpFCBW8DmSvSSplv05OVRYCgCkSUY5Dw6dNyjQ9gOKw1aOL/PSxVunT +2M1bVKLLpaqW8UJi65qf+cG5r8swTE0C04q8in7pdW/0eHrhJCP8cxsqetsrl5S vMEwHZtyTcQYOPoILbxD =M+O1 -----END PGP SIGNATURE----- --jQIvE3yXcK9X9HBh--