From f0315962e98f79e0cdcbe72f07f7bba997415ee7 Mon Sep 17 00:00:00 2001 From: Ben Pfaff Date: Fri, 9 Jan 2009 14:30:25 -0800 Subject: [PATCH] rconn: Fix segfault when the idle timeout races with connection failure. Noticed in Xen VM migration torture test (thanks Henrik!) --- lib/rconn.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/rconn.c b/lib/rconn.c index ba606fb5e..c8bddab52 100644 --- a/lib/rconn.c +++ b/lib/rconn.c @@ -380,10 +380,14 @@ run_ACTIVE(struct rconn *rc) { if (timed_out(rc)) { unsigned int base = MAX(rc->last_received, rc->state_entered); - rconn_send(rc, make_echo_request(), NULL); VLOG_DBG("%s: idle %u seconds, sending inactivity probe", rc->name, (unsigned int) (time_now() - base)); + + /* Ordering is important here: rconn_send() can transition to BACKOFF, + * and we don't want to transition back to IDLE if so, because then we + * can end up queuing a packet with vconn == NULL and then *boom*. */ state_transition(rc, S_IDLE); + rconn_send(rc, make_echo_request(), NULL); return; } -- 2.43.0