socket: fix deadlock in rpc_reconnect_requeue #127
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
the requeueing code is broken because we access pdu->next after we mangled it in rpc_return_to_queue. This leads to losing of waitqueue elements and more severe a deadlock as soon as more than one waitpdu queue has elements. Reason for that is that the first elements of the first two queues are linked to each other. Example: waitpdu[0]->head = pduA ; pduA->next = pduB; pduB->next = NULL; waitpdu[1]->head = pduC ; pduC->next = NULL; outqueue->head = NULL; After the for loop for waitpdu[0] queue the outqueue looks like outqueue->head = pduA; pduA->next = NULL; At this point pduB is lost! In the for loop for waitpdu[1] queue the outqueue looks like this after the first iteration: outqueue->head = pduC; pduC->next = pduA; pduA->next = NULL; We now fetch pdu->next of pduC which is pduA. In the next iteration we put pduA in front of pduC. pduA->next is then pduC and pduC->next is pduA. => Deadlock. Signed-off-by: Peter Lieven <pl@kamp.de>
sahlberg
added a commit
that referenced
this pull request
Sep 6, 2015
socket: fix deadlock in rpc_reconnect_requeue
|
Merged, thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
the requeueing code is broken because we access pdu->next
after we mangled it in rpc_return_to_queue.
This leads to losing of waitqueue elements and more severe
a deadlock as soon as more than one waitpdu queue has elements.
Reason for that is that the first elements of the first
two queues are linked to each other.
Example:
waitpdu[0]->head = pduA ; pduA->next = pduB; pduB->next = NULL;
waitpdu[1]->head = pduC ; pduC->next = NULL;
outqueue->head = NULL;
After the for loop for waitpdu[0] queue the outqueue looks like
outqueue->head = pduA; pduA->next = NULL;
At this point pduB is lost!
In the for loop for waitpdu[1] queue the outqueue looks like this
after the first iteration:
outqueue->head = pduC; pduC->next = pduA; pduA->next = NULL;
We now fetch pdu->next of pduC which is pduA.
In the next iteration we put pduA in front of pduC. pduA->next
is then pduC and pduC->next is pduA. => Deadlock.
Signed-off-by: Peter Lieven pl@kamp.de