This fixes a race condition that leads to the winbindd_children list becoming
corrupted. It happens when on a busy winbind SIGCHLD is a bit late.
Imagine a winbind with multiple requests in the queue for a single child. Child
dies, and before the SIGCHLD handler is called we find the socket to be dead.
wb_child_request_done is called, receiving an error from wb_simple_trans_recv.
It closes the socket. Then immediately the wb_child_request_trigger will do
another fork_domain_child before the signal handler is called. This means that
we do another fork_domain_child, we have child->sock==-1 at this point.
fork_domain_child will do a DLIST_ADD(winbindd_children, child) a second time
where the child is already part of that list. This corrupts the list. Then the
signal handler kicks in, spinning in
for (child = winbindd_children; child != NULL; child = child->next) {
forever. Not good. This patch makes sure that both conditions (sock==-1 and not
part of the list) for a winbindd_child struct match up.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Aug 26 18:51:24 CEST 2011 on sn-devel-104
Fix bug #9000 - winbindd hangs when disconnect domain connection.
extern bool override_logfile;
extern struct winbindd_methods cache_methods;
+static struct winbindd_child *children = NULL;
+
/* Read some data from a client connection */
static NTSTATUS child_read_request(struct winbindd_cli_state *state)
*/
close(state->child->sock);
state->child->sock = -1;
+ DLIST_REMOVE(children, state->child);
tevent_req_error(req, err);
return;
}
SMB_ASSERT(child->rpccli != NULL);
}
-struct winbindd_child *children = NULL;
-
void winbind_child_died(pid_t pid)
{
struct winbindd_child *child;
git.samba.org / samba.git / commitdiff