[asterisk-bugs] [JIRA] (ASTERISK-21951) res_fax unsafely unlocks channel to perform an asynchronous goto to the 'fax' extension

Matt Jordan (JIRA) noreply at issues.asterisk.org
Fri Jun 21 22:04:03 CDT 2013 

Matt Jordan created ASTERISK-21951:
--------------------------------------

             Summary: res_fax unsafely unlocks channel to perform an asynchronous goto to the 'fax' extension
                 Key: ASTERISK-21951
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-21951
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Resources/res_fax
    Affects Versions: 11.4.0, 12
            Reporter: Matt Jordan


This bug affects Asterisk in 11, but is more prevalent in Asterisk 12.

When executing in a framehook, the channel *must* remain locked. Otherwise, the channel's list of framehooks can be changed out from under it, and the traversal of the framehooks becomes unsafe.

Unfortunately, in {{res_fax}}, there is at least one place where we have to unlock the channel - when we bounce to the {{fax}} extension. Note that we currently don't ref bump the channel prior to doing that either, which is probably wrong.

In 12, however, it actually will get worse - we can no longer access the bridged peer of the channel safely without first locking the bridge. This creates a locking inversion, as the bridge should be locked prior to locking the channel. Deadlock avoidance won't work here (which is what the bridge attempts to do), as the channel still shouldn't be unlocked.

This boils down to a problem that cannot be easily solved safely.

The good news is that it is highly unlikely for the framehook list to be modified while a channel is waiting for a fax to start.

A short term solution will be to ref bump the channel for the lifetime of these calls and unlock/lock the channel to prevent deadlocks. This is not terribly safe, but beats the current deadlocks.

A longer term solution is to replace the list of framehooks with an ao2_container. Iterators for ao2_containers version the objects in the container such that modifying the contents of the container does not remove or add ao2 objects in the iteration. This would allow unlocking the channel safely.




--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list