iproto: don't destroy a session during disconnect
Binary session disconnect trigger yield could lead to use after
free of the session object. That happened because iproto thread
sent two requests to TX thread at disconnect:
- Close the session and run its on disconnect triggers;
- If all requests are handled, destroy the session.
When a connection is idle, all requests are handled, so both these
requests are sent. If the first one yielded in TX thread, the
second one arrived and destroyed the session right under the feet
of the first one.
This can be solved in two ways - in TX thread, and in iproto
thread.
Iproto thread solution (which is chosen in the patch): just don't
send destroy request until disconnect returns back to iproto
thread.
TX thread solution (alternative): add a flag which says whether
disconnect is processed by TX. When destroy request arrives, it
checks the flag. If disconnect is not done, the destroy request
waits on a condition variable until it is.
The iproto is a bit tricker to implement, but it looks more
correct.
Closes #4627
(cherry picked from commit 6da9d395)
Showing
- src/box/iproto.cc 83 additions, 21 deletionssrc/box/iproto.cc
- test/box/gh-4627-session-use-after-free.result 60 additions, 0 deletionstest/box/gh-4627-session-use-after-free.result
- test/box/gh-4627-session-use-after-free.test.lua 35 additions, 0 deletionstest/box/gh-4627-session-use-after-free.test.lua
Loading
Please register or sign in to comment