From: Vladimir Davydov <vdavydov.dev@gmail.com> To: tarantool-patches@freelists.org Subject: [PATCH 4/5] relay: close xlog cursor in relay thread Date: Sat, 29 Dec 2018 00:21:50 +0300 [thread overview] Message-ID: <a11435265bed850e3f39bf5163481608954543aa.1546030880.git.vdavydov.dev@gmail.com> (raw) In-Reply-To: <cover.1546030880.git.vdavydov.dev@gmail.com> In-Reply-To: <cover.1546030880.git.vdavydov.dev@gmail.com> An xlog_cursor created and used by a relay via recovery context is destroyed by the main thread once the relay thread has exited. This is incorrect, because xlog_cursor uses cord's slab allocator and therefore must be destroyed in the same thread it was created by, otherwise we risk getting a use-after-free bug. So this patch moves recovery_delete() invocation to the end of the relay thread routine. No test is added, because our existing tests already cover this case - crashes don't usually happen, because we are lucky. The next patch will add some assertions to make the bug 100% reproducible. Closes #3910 --- src/box/relay.cc | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/src/box/relay.cc b/src/box/relay.cc index 988c01d3..8f5355ae 100644 --- a/src/box/relay.cc +++ b/src/box/relay.cc @@ -210,6 +210,26 @@ relay_cancel(struct relay *relay) } } +/** + * Called by a relay thread right before termination. + */ +static void +relay_exit(struct relay *relay) +{ + struct errinj *inj = errinj(ERRINJ_RELAY_EXIT_DELAY, ERRINJ_DOUBLE); + if (inj != NULL && inj->dparam > 0) + fiber_sleep(inj->dparam); + + /* + * Destroy the recovery context. We MUST do it in + * the relay thread, because it contains an xlog + * cursor, which must be closed in the same thread + * that opened it (it uses cord's slab allocator). + */ + recovery_delete(relay->r); + relay->r = NULL; +} + static void relay_stop(struct relay *relay) { @@ -277,6 +297,8 @@ int relay_final_join_f(va_list ap) { struct relay *relay = va_arg(ap, struct relay *); + auto guard = make_scoped_guard([=] { relay_exit(relay); }); + coio_enable(); relay_set_cord_name(relay->io.fd); @@ -601,10 +623,7 @@ relay_subscribe_f(va_list ap) NULL, NULL, cbus_process); cbus_endpoint_destroy(&relay->endpoint, cbus_process); - struct errinj *inj = errinj(ERRINJ_RELAY_EXIT_DELAY, ERRINJ_DOUBLE); - if (inj != NULL && inj->dparam > 0) - fiber_sleep(inj->dparam); - + relay_exit(relay); return -1; } -- 2.11.0
next prev parent reply other threads:[~2018-12-28 21:21 UTC|newest] Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-12-28 21:21 [PATCH 0/5] Fix a couple of replication breakdown issues Vladimir Davydov 2018-12-28 21:21 ` [PATCH 1/5] recovery: stop writing to xstream on system error Vladimir Davydov 2018-12-29 9:09 ` [tarantool-patches] " Konstantin Osipov 2018-12-29 9:50 ` Vladimir Davydov 2018-12-29 10:57 ` Vladimir Davydov 2018-12-29 12:08 ` Konstantin Osipov 2018-12-28 21:21 ` [PATCH 2/5] relay: do not try to scan xlog if exiting Vladimir Davydov 2018-12-29 9:14 ` [tarantool-patches] " Konstantin Osipov 2018-12-29 9:53 ` Vladimir Davydov 2018-12-28 21:21 ` [PATCH 3/5] relay: cleanup error handling Vladimir Davydov 2018-12-28 21:21 ` Vladimir Davydov [this message] 2018-12-28 21:21 ` [PATCH 5/5] xlog: assure xlog is opened and closed in the same thread Vladimir Davydov 2018-12-29 11:40 ` [PATCH 0/5] Fix a couple of replication breakdown issues Vladimir Davydov
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=a11435265bed850e3f39bf5163481608954543aa.1546030880.git.vdavydov.dev@gmail.com \ --to=vdavydov.dev@gmail.com \ --cc=tarantool-patches@freelists.org \ --subject='Re: [PATCH 4/5] relay: close xlog cursor in relay thread' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox