|
 |
f9f924 |
From f74212ae0052b00828bcf7201ca3afa4dead4530 Mon Sep 17 00:00:00 2001
|
|
|
f9f924 |
From: Martin Kutlak <mkutlak@redhat.com>
|
|
|
f9f924 |
Date: Thu, 20 Sep 2018 16:49:28 +0200
|
|
|
f9f924 |
Subject: [PATCH] daemon: Fix double closed fd race condition
|
|
|
f9f924 |
|
|
|
f9f924 |
When a communication channel is set up between abrtd and abrt-server it uses
|
|
|
f9f924 |
abrt_gio_channel_unix_new(). In that function there is a call g_io_channel_set_close_on_unref() [1].
|
|
|
f9f924 |
This function sets whether to close a file/socket/whatever associated with the channel when channel
|
|
|
f9f924 |
recieves a final unref and is to be destroyed.
|
|
|
f9f924 |
|
|
|
f9f924 |
Calling a close() on fd associated with the channel before/after g_io_channel_unref()
|
|
|
f9f924 |
created a double close() race condition when ABRT was processing a lot of crashes at the same time.
|
|
|
f9f924 |
|
|
|
f9f924 |
Thank you benzea for the patch.
|
|
|
f9f924 |
|
|
|
f9f924 |
Related rhbz#1655241
|
|
|
f9f924 |
|
|
|
f9f924 |
1 - https://developer.gnome.org/glib/stable/glib-IO-Channels.html#g-io-channel-get-close-on-unref
|
|
|
f9f924 |
|
|
|
f9f924 |
(cherry picked from github.com/abrt/abrt/commit/d965a43042b11eaed00ca49fcb060592082c398c)
|
|
|
f9f924 |
|
|
|
f9f924 |
Signed-off-by: Martin Kutlak <mkutlak@redhat.com>
|
|
|
f9f924 |
---
|
|
|
f9f924 |
src/daemon/abrt-server.c | 1 -
|
|
|
f9f924 |
src/daemon/abrtd.c | 4 +---
|
|
|
f9f924 |
2 files changed, 1 insertion(+), 4 deletions(-)
|
|
|
f9f924 |
|
|
|
f9f924 |
diff --git a/src/daemon/abrt-server.c b/src/daemon/abrt-server.c
|
|
|
f9f924 |
index 76186db76..e1dfc4af8 100644
|
|
|
f9f924 |
--- a/src/daemon/abrt-server.c
|
|
|
f9f924 |
+++ b/src/daemon/abrt-server.c
|
|
|
f9f924 |
@@ -294,7 +294,6 @@ static int run_post_create(const char *dirname)
|
|
|
f9f924 |
g_main_loop_unref(context.main_loop);
|
|
|
f9f924 |
g_io_channel_unref(channel_signal);
|
|
|
f9f924 |
close(g_signal_pipe[1]);
|
|
|
f9f924 |
- close(g_signal_pipe[0]);
|
|
|
f9f924 |
|
|
|
f9f924 |
log_notice("Waiting finished");
|
|
|
f9f924 |
|
|
|
f9f924 |
diff --git a/src/daemon/abrtd.c b/src/daemon/abrtd.c
|
|
|
f9f924 |
index fc4f01e22..0c63e7260 100644
|
|
|
f9f924 |
--- a/src/daemon/abrtd.c
|
|
|
f9f924 |
+++ b/src/daemon/abrtd.c
|
|
|
f9f924 |
@@ -109,7 +109,6 @@ static void stop_abrt_server(struct abrt_server_proc *proc)
|
|
|
f9f924 |
|
|
|
f9f924 |
static void dispose_abrt_server(struct abrt_server_proc *proc)
|
|
|
f9f924 |
{
|
|
|
f9f924 |
- close(proc->fdout);
|
|
|
f9f924 |
free(proc->dirname);
|
|
|
f9f924 |
|
|
|
f9f924 |
if (proc->watch_id > 0)
|
|
|
f9f924 |
@@ -226,8 +225,7 @@ static gboolean abrt_server_output_cb(GIOChannel *channel, GIOCondition conditio
|
|
|
f9f924 |
GList *item = g_list_find_custom(s_processes, &fdout, (GCompareFunc)abrt_server_compare_fdout);
|
|
|
f9f924 |
if (item == NULL)
|
|
|
f9f924 |
{
|
|
|
f9f924 |
- log_warning("Closing a pipe fd (%d) without a process assigned", fdout);
|
|
|
f9f924 |
- close(fdout);
|
|
|
f9f924 |
+ log_warning("Removing an input channel fd (%d) without a process assigned", fdout);
|
|
|
f9f924 |
return FALSE;
|
|
|
f9f924 |
}
|
|
|
f9f924 |
|
|
|
f9f924 |
--
|
|
|
f9f924 |
2.17.2
|
|
|
f9f924 |
|