[5.2] 9e3efbe There is a race between the call to VSM_Status() and VSM_Map() where the shared memory segment could have gone away, simply ignore the segment in that case.
PÃ¥l Hermunn Johansen
hermunn at varnish-software.com
Fri Sep 15 11:17:23 UTC 2017
commit 9e3efbed1930d733f9fbbb0890e2920336b2d857
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Wed Sep 13 12:36:32 2017 +0000
There is a race between the call to VSM_Status() and VSM_Map() where
the shared memory segment could have gone away, simply
ignore the segment in that case.
Fixes #2411
diff --git a/lib/libvarnishapi/vsc.c b/lib/libvarnishapi/vsc.c
index 8ca2572..155c675 100644
--- a/lib/libvarnishapi/vsc.c
+++ b/lib/libvarnishapi/vsc.c
@@ -327,7 +327,15 @@ vsc_add_seg(const struct vsc *vsc, struct vsm *vsm, const struct vsm_fantom *fp)
ALLOC_OBJ(sp, VSC_SEG_MAGIC);
AN(sp);
*sp->fantom = *fp;
- AZ(VSM_Map(vsm, sp->fantom));
+ if (VSM_Map(vsm, sp->fantom)) {
+ /*
+ * If the seg was removed between our call to VSM_Status()
+ * and now, we won't be able to map it.
+ */
+ FREE_OBJ(sp);
+ return (NULL);
+ }
+ // AZ(VSM_Map(vsm, sp->fantom));
u = vbe64dec(sp->fantom->b);
if (u == 0) {
@@ -407,10 +415,12 @@ VSC_Iter(struct vsc *vsc, struct vsm *vsm, VSC_iter_f *fiter, void *priv)
sp = VTAILQ_NEXT(sp, list);
} else {
sp = vsc_add_seg(vsc, vsm, &ifantom);
- VTAILQ_INSERT_TAIL(&vsc->segs, sp, list);
- if (fiter != NULL)
- i = vsc_iter_seg(vsc, sp, fiter, priv);
- sp = NULL;
+ if (sp != NULL) {
+ VTAILQ_INSERT_TAIL(&vsc->segs, sp, list);
+ if (fiter != NULL)
+ i = vsc_iter_seg(vsc, sp, fiter, priv);
+ sp = NULL;
+ }
}
if (i)
break;
More information about the varnish-commit
mailing list