From: Jeremy Kerr <jk@ozlabs.org>
Date: Thu, 22 May 2014 10:42:33 +0000 (+0800)
Subject: discover: don't free cancelled load tasks
X-Git-Tag: v1.0.0~179
X-Git-Url: http://git.ozlabs.org/?p=petitboot;a=commitdiff_plain;h=1d69ceee0b8fac1f4451a75b6e4b14ee2d5d91dc;hp=1ae17ad22c1d111e35d75d4e93d609efd61b5329

discover: don't free cancelled load tasks

Currently, we have a bug when a boot task with more than one load tasks
is cancelled:

1) boot_cancel calls cleanup_cancellations, which performs a
load_url_async_cancel on all load tasks. This sets the load tasks'
states to LOAD_CANCELLED, and signals associated processes.

2) The first load task process completes, we get a load_url_process_exit
callback. This then invokes cleanup_cancellations.

3) cleanup_cancellations then (incorrectly) frees the boot task (and
hence freeing all pending load tasks) as no load tasks are in LOAD_ASYNC
state (we set them all to LOAD_CANCELLED in step 1)

4) The actual completion for the second load task attempts to reference
the now-freed task structure.

This change fixes the issue by handing the LOAD_CANCELLED state properly
- if we find a load task in this state, we consider the boot task still
pending, and delay the free until all loads are complete.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
---

diff --git a/discover/boot.c b/discover/boot.c
index e5803a7..ce9c1e0 100644
--- a/discover/boot.c
+++ b/discover/boot.c
@@ -340,6 +340,11 @@ static void cleanup_cancellations(struct boot_task *task,
 		} else if (result->status == LOAD_ASYNC) {
 			load_url_async_cancel(result);
 			pending = true;
+
+		/* if we're waiting for a cancellation, we still need to
+		 * wait for the completion before freeing the boot task */
+		} else if (result->status == LOAD_CANCELLED) {
+			pending = true;
 		}
 	}