This adds a new helper program (qemu-props) to support the emulated system.
Its purpose is to contact the 'boot-properties' service during the
boot process and to set the list of system properties read from the
emulator program through it.
It must be launched from /system/etc/init.goldfish.rc as root.
It depends on the 'boot-properties' service being implemented by the
emulator (in a later patch). If not available, it will simply timeout.
This also fixes a potential crash in qemud which can happen in the following case:
- client sends a command to a service
- the service responds with one or more message
- the service immediately closes the connection before the client can read the data
what happened is that the FDHandler object was buffering out-going packets to the
client, but the Multiplexer acted on the disconnection immediately. This resulted
in:
- client_free() being called
- fdhandler_shutdown() being called
- the FDHandler being placed on the 'closing' list to be able to send
buffered packets later. And 'receiver_close' being called
- client_fd_close() being called, which would call client_free()
recursively
- the second client_free() call would free the object
- the first client_free() call would try to free the object again
- ==> dlmalloc() detects a double-free and immediately aborts.
the fixes simply avoids the calle to receiver_close() in fdhandler_shutdown()
since this function is called from an explicit shutdown request from the multiplexer,
it doesn't correspond to the case where the client has closed the connection itself.
diff --git a/emulator/qemud/qemud.c b/emulator/qemud/qemud.c
index c578145..5edf8a6 100644
--- a/emulator/qemud/qemud.c
+++ b/emulator/qemud/qemud.c
@@ -857,8 +857,10 @@
fdhandler_remove(f);
fdhandler_prepend(f, &f->list->closing);
- /* notify the receiver that we're closing */
- receiver_close(f->receiver);
+ /* prevent later fdhandler_close() to
+ * call the receiver's close.
+ */
+ f->receiver->close = NULL;
return;
}