talloc & threads in rlm_eap
Alan DeKok
aland at deployingradius.com
Mon Jun 23 23:26:20 CEST 2014
Phil Mayers wrote:
> In that particular case it was an access-after-free; I think maybe
> (ironically) the request_running() VERIFY_REQUEST() call is walking the
> vps at the same time the child thread is running through them?
Yes.
> Are we (well, I) actually seeing access-after-free being triggered by
> the VERIFY_* stuff? Which wouldn't happen in a release build?
Yes.
> That said I'm not seeing the locking or lock-free primitives which would
> ensure a request isn't accessed from main & worker thread; what's to
> stop a child thread updating request->child_state at the same time
> request_process_timer reading it?
There are none. The main thread ignores the request for most values
of request->child_state. The child updates request->child_state
carefully, so that the main thread doesn't blow up.
Alan DeKok.
More information about the Freeradius-Devel
mailing list