exec: defer async reply teardown to avoid use-after-free#27
Merged
Conversation
wildmeng
force-pushed
the
submit/defer-async-exec-reply
branch
from
2d14baa to
c7293b6
Compare
wildmeng
changed the title
wildmeng
force-pushed
the
submit/defer-async-exec-reply
branch
from
c7293b6 to
ecf45e4
Compare
wildmeng
changed the title
Async exec replies currently tear down their context directly from ustream callbacks. When the callback chain keeps running after the reply path frees the context, rpcd can hit a use-after-free and crash with SIGSEGV. Defer reply completion through a 0 ms uloop timeout and guard against duplicate scheduling so cleanup runs after the callbacks unwind in both exec paths. Signed-off-by: Meng <x.meng@genexis.eu>
wildmeng
force-pushed
the
submit/defer-async-exec-reply
branch
from
ecf45e4 to
e655a0d
Compare
Contributor
|
LGTM, merged! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This fixes a use-after-free in async exec handling.
When reply teardown runs directly from ustream callbacks, the callback call chain can still touch the freed exec context. Deferring completion through a 0 ms uloop timeout avoids freeing the context until the callbacks unwind.