Attention is currently required from: jolly.

jolly uploaded patch set #9 to this change.

View Change

The following approvals got outdated and were removed: Verified+1 by Jenkins Builder

The change is no longer submittable: Verified is unsatisfied now.

osmo_io_uring: Cancel pending request, free msghdr on completion

There is always a completion after cancelling a uring request.

Because uring requests use msghdr pointer as user data, we cannot just
free the msghdr after cancelling. Upon completion (received after
cancelling), the user data still points to the msghdr. To prevent a
use-after-free bug, msghdr is not freed, but detached from iofd
instance. Then upon completion, the msghdr (if it was detached from
iofd) is freed.

Additionally it is not required to keep IOFD_FLAG_IN_CALLBACK set
anymore, if there is a msghdr attached to iofd. As described above,
all msghdr get detached, if iofd is freed (uring request get cancelled)
during callback.

Related: OS#5751
Change-Id: Ic253f085dd6362db85f029f46350951472210a02
---
M src/core/osmo_io_uring.c
1 file changed, 43 insertions(+), 4 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/81/35981/9

To view, visit change 35981. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: Ic253f085dd6362db85f029f46350951472210a02
Gerrit-Change-Number: 35981
Gerrit-PatchSet: 9
Gerrit-Owner: jolly <andreas@eversberg.eu>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: daniel <dwillmann@sysmocom.de>
Gerrit-Reviewer: laforge <laforge@osmocom.org>
Gerrit-Attention: jolly <andreas@eversberg.eu>
Gerrit-MessageType: newpatchset