[Tarantool-patches] [PATCH v3 1/1] iproto: don't destroy a session during disconnect
Kirill Yukhin
kyukhin at tarantool.org
Tue Nov 26 10:51:22 MSK 2019
Hello,
On 18 ноя 22:31, Vladislav Shpilevoy wrote:
> Binary session disconnect trigger yield could lead to use after
> free of the session object. That happened because iproto thread
> sent two requests to TX thread at disconnect:
>
> - Close the session and run its on disconnect triggers;
>
> - If all requests are handled, destroy the session.
>
> When a connection is idle, all requests are handled, so both these
> requests are sent. If the first one yielded in TX thread, the
> second one arrived and destroyed the session right under the feet
> of the first one.
>
> This can be solved in two ways - in TX thread, and in iproto
> thread.
>
> Iproto thread solution (which is chosen in the patch): just don't
> send destroy request until disconnect returns back to iproto
> thread.
>
> TX thread solution (alternative): add a flag which says whether
> disconnect is processed by TX. When destroy request arrives, it
> checks the flag. If disconnect is not done, the destroy request
> waits on a condition variable until it is.
>
> The iproto is a bit tricker to implement, but it looks more
> correct.
>
> Closes #4627
I've checked your patch into 1.10, 2.2 and master.
--
Regards, Kirill Yukhin
More information about the Tarantool-patches
mailing list