From e78d0d423ad9afbb60fdad0fabd7d61f605facc8 Mon Sep 17 00:00:00 2001 From: Ben Pfaff Date: Fri, 9 Jan 2009 14:30:25 -0800 Subject: [PATCH] rconn: Fix segfault when the idle timeout races with connection failure. Noticed in Xen VM migration torture test (thanks Henrik!) --- lib/rconn.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/rconn.c b/lib/rconn.c index f3dd6aa7..910c1ced 100644 --- a/lib/rconn.c +++ b/lib/rconn.c @@ -385,10 +385,14 @@ run_ACTIVE(struct rconn *rc) { if (timed_out(rc)) { unsigned int base = MAX(rc->last_received, rc->state_entered); - rconn_send(rc, make_echo_request(), NULL); VLOG_DBG("%s: idle %u seconds, sending inactivity probe", rc->name, (unsigned int) (time_now() - base)); + + /* Ordering is important here: rconn_send() can transition to BACKOFF, + * and we don't want to transition back to IDLE if so, because then we + * can end up queuing a packet with vconn == NULL and then *boom*. */ state_transition(rc, S_IDLE); + rconn_send(rc, make_echo_request(), NULL); return; } -- 2.30.2