Hi, I did a more testing on this and also on a Yu's patch from
http://lists.adiscon.net/pipermail/rsyslog/2012-July/015259.html which seems to be a better solution. Checking only !=NULL does not handle other races like: Program terminated with signal 11, Segmentation fault. #0 0x00007fef178cc898 in Run (pThis=0x158d980) at tcpsrv.c:699 699 CHKiRet(nspoll.Ctl(pPoll, pNewSess->pStrm, 0, pNewSess, NSDPOLL_IN, NSDPOLL_ADD)); (gdb) back #0 0x00007fef178cc898 in Run (pThis=0x158d980) at tcpsrv.c:699 #1 0x00007fef18a1a6c1 in runInput (pThrd=0x15cb0f0) at imgssapi.c:647 #2 0x0000000000467369 in thrdStarter (arg=0x15cb0f0) at ../threads.c:190 #3 0x00007fef1a2668ca in start_thread (arg=<value optimized out>) at pthread_create.c:300 #4 0x00007fef19bc192d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 #5 0x0000000000000000 in ?? () (gdb) p pNewSess $1 = (tcps_sess_t *) 0x100431370 (gdb) p *pNewSess Cannot access memory at address 0x100431370 It would be wonderfull to have +CHKiRet(SessAccept in v5-stable someday ... bodik On 07/11/12 19:03, Rainer Gerhards wrote: > Thx, sounds very reasonable, hope to be able to look at it in depth and merge > tomorrow. If it's not merged by Monday, please ping me. > > Rainer > >> -----Original Message----- >> From: [email protected] [mailto:rsyslog- >> [email protected]] On Behalf Of bodik >> Sent: Wednesday, July 11, 2012 4:25 PM >> To: rsyslog-users >> Cc: Daniel Kouril >> Subject: Re: [rsyslog] v5-stable (5.8.13) segfault >> >> On 06/21/12 11:27, bodik wrote: >>> hi, >>> >>> while current v5-stable works fine on "client" side, on the >>> central "server" side it segfaults after few minutes of run with >> >> hi, >> >> a digged a little deep into it and i think i found a cause. I think >> that using >> plugin pOnSessAccept callback to establish session inside tcp channel >> can lead >> to null pointer dereference at tcpsrv.c:699 >> >> this happens only using imgssapi on the server side in v5-stable, imho >> it is the >> only module using pOnSessAccept >> >> Run > SessAccept > imgssapi::pOnSessAccept > OnSessAcceptGSS fails >> >> when session creation fails. (eg ntp timeskew using KDC, network >> disruptions, >> using tcpkill...) tcpsrv.c:SessAccept jums to finalizer, does not add a >> session >> into live sessions (which is fine) and session is destructed (which is >> maybe >> also fine) but after return from Run.SessAccept, is pNewSess directly >> dereferenced with >> >> 699 CHKiRet(nspoll.Ctl(pPoll, pNewSess->pStrm, >> >> This in not reproducible by any other plugin since imgssapi is the only >> using >> it. but I believe that that can be emulated by custom test plugin >> within plugin >> API testcase ... >> >> Could attached patch solve the issue ? (at least it works fine for me >> ;) >> >> Thank you >> bodik >> >> >> ----------- >> >> tcpsrv.c:SessAccept >> >> 440 /* check if we need to call our callback */ >> 441 if(pThis->pOnSessAccept != NULL) { >> 442 CHKiRet(pThis->pOnSessAccept(pThis, pSess)); >> 443 } >> 444 >> 445 *ppSess = pSess; >> 446 if(!pThis->bUsingEPoll) >> 447 pThis->pSessions[iSess] = pSess; >> 448 pSess = NULL; /* this is now also handed over */ >> 449 >> 450 finalize_it: >> 451 if(iRet != RS_RET_OK) { >> 452 if(pSess != NULL) >> 453 tcps_sess.Destruct(&pSess); >> 454 if(pNewStrm != NULL) >> 455 netstrm.Destruct(&pNewStrm); >> 456 free(fromHostFQDN); >> 457 free(fromHostIP); >> 458 } >> 459 >> 460 RETiRet; >> >> >> tcpsrv.c:Run >> >> 682 while(1) { >> 683 localRet = nspoll.Wait(pPoll, -1, &i, &pUsr); >> ... >> 696 if(pUsr == pThis->ppLstn) { >> 697 DBGPRINTF("New connect on NSD %p.\n", >> 698 SessAccept(pThis, pThis->ppLstnPort[i], >> &pNewSess, >> 699 CHKiRet(nspoll.Ctl(pPoll, pNewSess->pStrm, >> 700 DBGPRINTF("Failed to esablish a new >> 701 } else { >> 702 pNewSess = (tcps_sess_t*) pUsr; >> 703 doReceive(pThis, &pNewSess, pPoll); >> 704 } >> 705 } >> >> _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards
