[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] [tor/release-0.2.2] Do not send Libevent log messages to a controller.



commit 6199ac5fbec7f8a862440a8b65f7f299de4c2dbf
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Fri Nov 19 22:22:43 2010 -0500

    Do not send Libevent log messages to a controller.
    
    Doing so could make Libevent call Libevent from inside a Libevent
    logging call, which is a recipe for reentrant confusion and
    hard-to-debug crashes.  This would especially hurt if Libevent
    debug-level logging is enabled AND the user has a controller
    watching for low-severity log messages.
    
    Fix bug 2190; fix on 0.1.0.2-rc.
---
 changes/bug2190              |    6 ++++++
 src/common/compat_libevent.c |   10 +++++-----
 src/common/log.c             |    4 ++++
 src/common/torlog.h          |    4 ++++
 4 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/changes/bug2190 b/changes/bug2190
new file mode 100644
index 0000000..92ecba7
--- /dev/null
+++ b/changes/bug2190
@@ -0,0 +1,6 @@
+  o Minor bugfixes
+    - Prevent calls from Libevent from inside Libevent log handlers.
+      This had potential to cause a nasty set of crashes, especially if
+      running Libevent with debug logging enabled, and running Tor
+      with a controller watching for low-severity log messages.
+      Bugfix on 0.1.0.2-rc.  Fixes bug 2190.
diff --git a/src/common/compat_libevent.c b/src/common/compat_libevent.c
index 250fa2b..96843c7 100644
--- a/src/common/compat_libevent.c
+++ b/src/common/compat_libevent.c
@@ -65,19 +65,19 @@ libevent_logging_callback(int severity, const char *msg)
   }
   switch (severity) {
     case _EVENT_LOG_DEBUG:
-      log(LOG_DEBUG, LD_NET, "Message from libevent: %s", buf);
+      log(LOG_DEBUG, LD_NOCB|LD_NET, "Message from libevent: %s", buf);
       break;
     case _EVENT_LOG_MSG:
-      log(LOG_INFO, LD_NET, "Message from libevent: %s", buf);
+      log(LOG_INFO, LD_NOCB|LD_NET, "Message from libevent: %s", buf);
       break;
     case _EVENT_LOG_WARN:
-      log(LOG_WARN, LD_GENERAL, "Warning from libevent: %s", buf);
+      log(LOG_WARN, LD_NOCB|LD_GENERAL, "Warning from libevent: %s", buf);
       break;
     case _EVENT_LOG_ERR:
-      log(LOG_ERR, LD_GENERAL, "Error from libevent: %s", buf);
+      log(LOG_ERR, LD_NOCB|LD_GENERAL, "Error from libevent: %s", buf);
       break;
     default:
-      log(LOG_WARN, LD_GENERAL, "Message [%d] from libevent: %s",
+      log(LOG_WARN, LD_NOCB|LD_GENERAL, "Message [%d] from libevent: %s",
           severity, buf);
       break;
   }
diff --git a/src/common/log.c b/src/common/log.c
index b639e7a..0ccda53 100644
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -278,6 +278,10 @@ logv(int severity, log_domain_mask_t domain, const char *funcname,
       lf = lf->next;
       continue;
     }
+    if (lf->callback && (domain & LD_NOCB)) {
+      lf = lf->next;
+      continue;
+    }
     if (lf->seems_dead) {
       lf = lf->next;
       continue;
diff --git a/src/common/torlog.h b/src/common/torlog.h
index 2121956..8b6cd1b 100644
--- a/src/common/torlog.h
+++ b/src/common/torlog.h
@@ -95,6 +95,10 @@
 /** Number of logging domains in the code. */
 #define N_LOGGING_DOMAINS 20
 
+/** This log message is not safe to send to a callback-based logger.
+ * Used as a flag, not a log domain. */
+#define LD_NOCB (1u<<31)
+
 typedef uint32_t log_domain_mask_t;
 
 /** Configures which severities are logged for each logging domain for a given