v1: https://www.redhat.com/archives/libvir-list/2017-March/msg01228.html Change since v1, add the derefFcn as an argument to the renamed macro (not quite sure how I missed that originally. John Ferlan (2): daemon: Rework remoteClientFreeFunc cleanup loops into C macro remote: Fix possible use-after-free when sending event message daemon/remote.c | 164 ++++++++++++++++++++------------------------------------ 1 file changed, 58 insertions(+), 106 deletions(-) -- 2.9.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On 03/27/2017 12:47 PM, John Ferlan wrote: > v1: https://www.redhat.com/archives/libvir-list/2017-March/msg01228.html > > Change since v1, add the derefFcn as an argument to the renamed macro > (not quite sure how I missed that originally. > > John Ferlan (2): > daemon: Rework remoteClientFreeFunc cleanup loops into C macro > remote: Fix possible use-after-free when sending event message > > daemon/remote.c | 164 ++++++++++++++++++++------------------------------------ > 1 file changed, 58 insertions(+), 106 deletions(-) > Laine took a look at patch 1/2 - anyone want to look at 2/2 which he didn't feel comfortable looking at? Essentially it follows similar logic to virObjectEventCallbackListAddID when processing virObjectRef(conn), except this time the virObjectRef is on virNetServerClientPtr client whenever the callback functions grab it's address. When the callback is free'd the reference is removed (in remoteEventCallbackFree) so that virNetServerProcessClients doesn't inadvertently free the client before the callback code is done with it (sending an event message). Tks - John -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
ping? Tks, - John On 04/03/2017 10:12 AM, John Ferlan wrote: > > > On 03/27/2017 12:47 PM, John Ferlan wrote: >> v1: https://www.redhat.com/archives/libvir-list/2017-March/msg01228.html >> >> Change since v1, add the derefFcn as an argument to the renamed macro >> (not quite sure how I missed that originally. >> >> John Ferlan (2): >> daemon: Rework remoteClientFreeFunc cleanup loops into C macro >> remote: Fix possible use-after-free when sending event message >> >> daemon/remote.c | 164 ++++++++++++++++++++------------------------------------ >> 1 file changed, 58 insertions(+), 106 deletions(-) >> > > > Laine took a look at patch 1/2 - anyone want to look at 2/2 which he > didn't feel comfortable looking at? > > Essentially it follows similar logic to virObjectEventCallbackListAddID > when processing virObjectRef(conn), except this time the virObjectRef is > on virNetServerClientPtr client whenever the callback functions grab > it's address. When the callback is free'd the reference is removed (in > remoteEventCallbackFree) so that virNetServerProcessClients doesn't > inadvertently free the client before the callback code is done with it > (sending an event message). > > Tks - > > John > > -- > libvir-list mailing list > libvir-list@redhat.com > https://www.redhat.com/mailman/listinfo/libvir-list > -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Ping? Tks John On 04/12/2017 07:58 PM, John Ferlan wrote: > > ping? > > Tks, - > > John > > On 04/03/2017 10:12 AM, John Ferlan wrote: >> >> >> On 03/27/2017 12:47 PM, John Ferlan wrote: >>> v1: https://www.redhat.com/archives/libvir-list/2017-March/msg01228.html >>> >>> Change since v1, add the derefFcn as an argument to the renamed macro >>> (not quite sure how I missed that originally. >>> >>> John Ferlan (2): >>> daemon: Rework remoteClientFreeFunc cleanup loops into C macro >>> remote: Fix possible use-after-free when sending event message >>> >>> daemon/remote.c | 164 ++++++++++++++++++++------------------------------------ >>> 1 file changed, 58 insertions(+), 106 deletions(-) >>> >> >> >> Laine took a look at patch 1/2 - anyone want to look at 2/2 which he >> didn't feel comfortable looking at? >> >> Essentially it follows similar logic to virObjectEventCallbackListAddID >> when processing virObjectRef(conn), except this time the virObjectRef is >> on virNetServerClientPtr client whenever the callback functions grab >> it's address. When the callback is free'd the reference is removed (in >> remoteEventCallbackFree) so that virNetServerProcessClients doesn't >> inadvertently free the client before the callback code is done with it >> (sending an event message). >> >> Tks - >> >> John >> >> -- >> libvir-list mailing list >> libvir-list@redhat.com >> https://www.redhat.com/mailman/listinfo/libvir-list >> > > -- > libvir-list mailing list > libvir-list@redhat.com > https://www.redhat.com/mailman/listinfo/libvir-list > -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2024 Red Hat, Inc.