|
Packit |
8ea169 |
From b2ec373cfec2dd6a39acfd91ea1a67618ee209ac Mon Sep 17 00:00:00 2001
|
|
Packit |
8ea169 |
From: Martin Kutlak <mkutlak@redhat.com>
|
|
Packit |
8ea169 |
Date: Tue, 20 Nov 2018 19:03:55 +0100
|
|
Packit |
8ea169 |
Subject: [PATCH] daemon: Fix double closed fd race condition
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
When a communication channel is set up between abrtd and abrt-server it uses
|
|
Packit |
8ea169 |
abrt_gio_channel_unix_new(). In that function there is a call g_io_channel_set_close_on_unref() [1].
|
|
Packit |
8ea169 |
This function sets whether to close a file/socket/whatever associated with the channel when channel
|
|
Packit |
8ea169 |
recieves a final unref and is to be destroyed.
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
Calling a close() on fd associated with the channel before/after g_io_channel_unref()
|
|
Packit |
8ea169 |
created a double close() race condition when ABRT was processing a lot of crashes at the same time.
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
Thank you benzea for the patch.
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
Related BZ#1650622
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
1 - https://developer.gnome.org/glib/stable/glib-IO-Channels.html#g-io-channel-get-close-on-unref
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
Signed-off-by: Martin Kutlak <mkutlak@redhat.com>
|
|
Packit |
8ea169 |
---
|
|
Packit |
8ea169 |
src/daemon/abrt-server.c | 1 -
|
|
Packit |
8ea169 |
src/daemon/abrtd.c | 4 +---
|
|
Packit |
8ea169 |
2 files changed, 1 insertion(+), 4 deletions(-)
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
diff --git a/src/daemon/abrt-server.c b/src/daemon/abrt-server.c
|
|
Packit |
8ea169 |
index 692ccee38..90068069d 100644
|
|
Packit |
8ea169 |
--- a/src/daemon/abrt-server.c
|
|
Packit |
8ea169 |
+++ b/src/daemon/abrt-server.c
|
|
Packit |
8ea169 |
@@ -364,7 +364,6 @@ static int run_post_create(const char *dirname, struct response *resp)
|
|
Packit |
8ea169 |
g_main_loop_unref(context.main_loop);
|
|
Packit |
8ea169 |
g_io_channel_unref(channel_signal);
|
|
Packit |
8ea169 |
close(g_signal_pipe[1]);
|
|
Packit |
8ea169 |
- close(g_signal_pipe[0]);
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
log_notice("Waiting finished");
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
diff --git a/src/daemon/abrtd.c b/src/daemon/abrtd.c
|
|
Packit |
8ea169 |
index 32753966b..fefb2e9c9 100644
|
|
Packit |
8ea169 |
--- a/src/daemon/abrtd.c
|
|
Packit |
8ea169 |
+++ b/src/daemon/abrtd.c
|
|
Packit |
8ea169 |
@@ -114,7 +114,6 @@ static void stop_abrt_server(struct abrt_server_proc *proc)
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
static void dispose_abrt_server(struct abrt_server_proc *proc)
|
|
Packit |
8ea169 |
{
|
|
Packit |
8ea169 |
- close(proc->fdout);
|
|
Packit |
8ea169 |
free(proc->dirname);
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
if (proc->watch_id > 0)
|
|
Packit |
8ea169 |
@@ -231,8 +230,7 @@ static gboolean abrt_server_output_cb(GIOChannel *channel, GIOCondition conditio
|
|
Packit |
8ea169 |
GList *item = g_list_find_custom(s_processes, &fdout, (GCompareFunc)abrt_server_compare_fdout);
|
|
Packit |
8ea169 |
if (item == NULL)
|
|
Packit |
8ea169 |
{
|
|
Packit |
8ea169 |
- log_warning("Closing a pipe fd (%d) without a process assigned", fdout);
|
|
Packit |
8ea169 |
- close(fdout);
|
|
Packit |
8ea169 |
+ log_warning("Removing an input channel fd (%d) without a process assigned", fdout);
|
|
Packit |
8ea169 |
return FALSE;
|
|
Packit |
8ea169 |
}
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
--
|
|
Packit |
8ea169 |
2.17.2
|
|
Packit |
8ea169 |
|