Tim,
I've had a more detailed look at your bug report. While your solution
works, the root of the problem is the ambiguity in the contract provided
by shared_mem_dispatch_bytes_left and its interaction with n_read and
n_write variables.
To resolve this ambiguity, I've attached the following patch which
ensures that shared_memb_dispatch_bytes_left always returns 1 less byte
then is really available. This prevents n_read and n_write from ever
being equal as a result of the dispatch buffer being filled.
Regards
-steve
On Wed, 2009-12-16 at 13:57 +1300, Tim Beale wrote:
> Hi,
>
> I've noticed what seems to be an intermittent corruption of CPG
> messages. The
> problem was that if the dispatch_buffer is filled up exactly, then
> bytes_left
> returned by shared_mem_dispatch_bytes_left() would be
> conn_info->dispatch_size
> instead of zero. The exec could then continue copying messages into
> the
> dispatch_buffer overwriting older messages. If a
> coroipc_response_header_t gets
> overwritten, then cpg_dispatch() can fail and never recover (if the
> header size
> is zero, then the increment in coroipcc_dispatch_put() fails and
> cpg_dispatch()
> returns the same invalid coroipc_response_header_t again next time).
>
> The attached patch avoids the problem by preventing the
> dispatch_buffer
> completely filling up. It may not be the best solution, but I couldn't
> think of
> a better way to differentiate between a completely full
> dispatch_buffer and an
> empty one without adding more variables just to track this.
>
> Attached is a test app that'll generate the problem. We're using
> flatiron trunk
> with a small memory footprint (so dispatch_buffer is 65536 bytes).
> This app
> should hit the fail case almost immediately, then the app will fail to
> send or
> receive any more messages.
>
> Cheers,
> Tim
Index: coroipcs.c
===================================================================
--- coroipcs.c (revision 2649)
+++ coroipcs.c (working copy)
@@ -1179,6 +1179,10 @@
} else {
bytes_left = n_read - n_write;
}
+ if (bytes_left > 0) {
+ bytes_left--;
+ }
+
return (bytes_left);
}
_______________________________________________
Openais mailing list
[email protected]
https://lists.linux-foundation.org/mailman/listinfo/openais
