Skip to content
Snippets Groups Projects
Commit a0bfba21 authored by Sree Kuchibhotla's avatar Sree Kuchibhotla
Browse files

Fix use after free error in cq

parent 1d27c66d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/core/lib/surface/completion_queue.c
+ 8
11
View file @ a0bfba21
...@@ -855,8 +855,7 @@ static grpc_event cq_next(grpc_completion_queue *cq, gpr_timespec deadline, ...@@ -855,8 +855,7 @@ static grpc_event cq_next(grpc_completion_queue *cq, gpr_timespec deadline,
inconsistent state. If it is the latter, we shold do a 0-timeout poll inconsistent state. If it is the latter, we shold do a 0-timeout poll
so that the thread comes back quickly from poll to make a second so that the thread comes back quickly from poll to make a second
attempt at popping. Not doing this can potentially deadlock this attempt at popping. Not doing this can potentially deadlock this
thread thread forever (if the deadline is infinity) */
forever (if the deadline is infinity) */
if (cq_event_queue_num_items(&cqd->queue) > 0) { if (cq_event_queue_num_items(&cqd->queue) > 0) {
iteration_deadline = gpr_time_0(GPR_CLOCK_MONOTONIC); iteration_deadline = gpr_time_0(GPR_CLOCK_MONOTONIC);
} }
...@@ -869,10 +868,8 @@ static grpc_event cq_next(grpc_completion_queue *cq, gpr_timespec deadline, ...@@ -869,10 +868,8 @@ static grpc_event cq_next(grpc_completion_queue *cq, gpr_timespec deadline,
if (cq_event_queue_num_items(&cqd->queue) > 0) { if (cq_event_queue_num_items(&cqd->queue) > 0) {
/* Go to the beginning of the loop. No point doing a poll because /* Go to the beginning of the loop. No point doing a poll because
(cq->shutdown == true) is only possible when there is no pending (cq->shutdown == true) is only possible when there is no pending
work work (i.e cq->pending_events == 0) and any outstanding completion
(i.e cq->pending_events == 0) and any outstanding events should have already been queued on this cq */
grpc_cq_completion
events are already queued on this cq */
continue; continue;
} }
...@@ -909,11 +906,6 @@ static grpc_event cq_next(grpc_completion_queue *cq, gpr_timespec deadline, ...@@ -909,11 +906,6 @@ static grpc_event cq_next(grpc_completion_queue *cq, gpr_timespec deadline,
is_finished_arg.first_loop = false; is_finished_arg.first_loop = false;
} }
GRPC_SURFACE_TRACE_RETURNED_EVENT(cq, &ret);
GRPC_CQ_INTERNAL_UNREF(&exec_ctx, cq, "next");
grpc_exec_ctx_finish(&exec_ctx);
GPR_ASSERT(is_finished_arg.stolen_completion == NULL);
if (cq_event_queue_num_items(&cqd->queue) > 0 && if (cq_event_queue_num_items(&cqd->queue) > 0 &&
gpr_atm_no_barrier_load(&cqd->pending_events) > 0) { gpr_atm_no_barrier_load(&cqd->pending_events) > 0) {
gpr_mu_lock(cq->mu); gpr_mu_lock(cq->mu);
...@@ -921,6 +913,11 @@ static grpc_event cq_next(grpc_completion_queue *cq, gpr_timespec deadline, ...@@ -921,6 +913,11 @@ static grpc_event cq_next(grpc_completion_queue *cq, gpr_timespec deadline,
gpr_mu_unlock(cq->mu); gpr_mu_unlock(cq->mu);
} }
GRPC_SURFACE_TRACE_RETURNED_EVENT(cq, &ret);
GRPC_CQ_INTERNAL_UNREF(&exec_ctx, cq, "next");
grpc_exec_ctx_finish(&exec_ctx);
GPR_ASSERT(is_finished_arg.stolen_completion == NULL);
GPR_TIMER_END("grpc_completion_queue_next", 0); GPR_TIMER_END("grpc_completion_queue_next", 0);
return ret; return ret;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment