[asterisk-bugs] [Asterisk 0018310]: hint state changes deadlock/race

Tue Nov 16 08:21:13 CST 2010

A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=18310 
====================================================================== 
Reported By:                one47
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   18310
Category:                   Core/PBX
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     new
Asterisk Version:           1.6.2.14 
JIRA:                       SWP-2541 
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
====================================================================== 
Date Submitted:             2010-11-15 12:19 CST
Last Modified:              2010-11-16 08:21 CST
====================================================================== 
Summary:                    hint state changes deadlock/race
Description: 
VERY similar to https://issues.asterisk.org/view.php?id=18165, but this is a
different deadlock path, so I have
raised a separate report.

Thread 1: taskprocessor  -> handle_statechange
    Lock order = conlock, hints, hint, pvt
Thread 2: chan_sip.c:  handle_request_do -> handle_response_notify
    Lock order = pvt, conlock

Thread2 only gets into the conlock if STATECHANGEQUEUE is true, ie. there
are rapid state changes happening on a subscribed hint.
====================================================================== 

---------------------------------------------------------------------- 
 (0128892) one47 (reporter) - 2010-11-16 08:21
 https://issues.asterisk.org/view.php?id=18310#c128892 
---------------------------------------------------------------------- 
Hi, I assume you are referring to the patch here:
 https://reviewboard.asterisk.org/r/1003/diff/5/

I do not think that catches this partcular deadlock. When chan_sip
receives a packet, it immediately uses find_call() to lock the appropriate
"pvt" lock, and in this circumstance (STATECHANGEQUEUE set), it uses
ast_get_hint(), which requires the "conlock" lock.

The taskprocessor/handle_statechange code path always locks the "conlock"
lock first, and the "pvt" lock is acquired inside the state-change
callback, which is outside of the domain of your patch.

In fact, I believe there are a couple of places where chan_sip calls
ast_get_hint() with a "pvt" lock held (eg. handling a hint subscribe
request) that could potentially cause the same issue. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2010-11-16 08:21 one47          Note Added: 0128892                          
======================================================================