From 07d09c32524b7e3ee4faabcd680325c6ac99b4f4 Mon Sep 17 00:00:00 2001 From: Vlad Khorsun Date: Wed, 5 Jun 2024 21:34:29 +0300 Subject: [PATCH] Fixed bug #8150 : Process could attach to the deleted instance of shared memory Patch and additional comments by @AlexPeshkoff --- src/common/isc_sync.cpp | 10 +++++++--- src/jrd/tpc.cpp | 9 +++++++++ 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/src/common/isc_sync.cpp b/src/common/isc_sync.cpp index c0c709de6f..7b5cc6df78 100644 --- a/src/common/isc_sync.cpp +++ b/src/common/isc_sync.cpp @@ -1127,13 +1127,17 @@ void SharedMemoryBase::removeMapFile() if (!sh_mem_header->isDeleted()) { #ifndef WIN_NT - unlinkFile(); + FileLockHolder initLock(initFile); + if (!sh_mem_header->isDeleted()) + { + unlinkFile(); + sh_mem_header->markAsDeleted(); + } #else fb_assert(!sh_mem_unlink); sh_mem_unlink = true; -#endif // WIN_NT - sh_mem_header->markAsDeleted(); +#endif // WIN_NT } } diff --git a/src/jrd/tpc.cpp b/src/jrd/tpc.cpp index 3adbdc338e..79a5115055 100644 --- a/src/jrd/tpc.cpp +++ b/src/jrd/tpc.cpp @@ -385,6 +385,10 @@ TipCache::StatusBlockData::StatusBlockData(thread_db* tdbb, TipCache* tipCache, try { + // Here SharedMemory constructor is called with skipLock parameter set to true. + // Appropriate locking is performed by existenceLock using LM. + // This should be in sync with SharedMemoryBase::unlinkFile() call + // in TipCache::StatusBlockData::clear(). memory = FB_NEW_POOL(*dbb->dbb_permanent) SharedMemory( fileName.c_str(), blockSize, &cache->memBlockInitializer, true); @@ -462,6 +466,11 @@ void TipCache::StatusBlockData::clear(thread_db* tdbb) if (fName.hasData()) { + // Here file is removed from SharedMemory created with skipLock parameter + // set to true. That means internal file lock is turned off. + // Appropriate locking is performed by existenceLock using LM. + // This should be in sync with SharedMemory constructor called + // in TipCache::StatusBlockData constructor. if (LCK_lock(tdbb, &existenceLock, LCK_EX, LCK_NO_WAIT)) SharedMemoryBase::unlinkFile(fName.c_str()); else