[Asterisk-code-review] taskprocessor: Fix race condition between unreferencing and ... (asterisk[master])

Joshua Colp asteriskteam at digium.com
Sat Aug 29 10:44:27 CDT 2015 

Joshua Colp has uploaded a new change for review.

  https://gerrit.asterisk.org/1164

Change subject: taskprocessor: Fix race condition between unreferencing and finding.
......................................................................

taskprocessor: Fix race condition between unreferencing and finding.

When unreferencing a taskprocessor its reference count is checked
to determine if it should be unlinked from the taskprocessors
container and its listener shut down. In between the time when the
reference count is checked and unlinking it is possible for
another thread to jump in, find it, and get a reference to it. If
the thread then uses the taskprocessor it may find that it is not
in the state it expects.

This change locks the taskprocessors container during almost the
entire unreference operation to ensure that any other thread which
may attempt to find the taskprocessor has to wait.

ASTERISK-25295

Change-Id: Icb842db82fe1cf238da55df92e95938a4419377c
---
M main/taskprocessor.c
1 file changed, 11 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/64/1164/1

diff --git a/main/taskprocessor.c b/main/taskprocessor.c
index 1edbaa3..5c513ee 100644
--- a/main/taskprocessor.c
+++ b/main/taskprocessor.c
@@ -691,15 +691,25 @@
 		return NULL;
 	}
 
+	/* To prevent another thread from finding and getting a reference to this
+	 * taskprocessor we hold the singletons lock. If we didn't do this then
+	 * they may acquire it and find that the listener has been shut down.
+	 */
+	ao2_lock(tps_singletons);
+
 	if (ao2_ref(tps, -1) > 3) {
+		ao2_unlock(tps_singletons);
 		return NULL;
 	}
+
 	/* If we're down to 3 references, then those must be:
 	 * 1. The reference we just got rid of
 	 * 2. The container
 	 * 3. The listener
 	 */
-	ao2_unlink(tps_singletons, tps);
+	ao2_unlink_flags(tps_singletons, tps, OBJ_NOLOCK);
+	ao2_unlock(tps_singletons);
+
 	listener_shutdown(tps->listener);
 	return NULL;
 }

-- 
To view, visit https://gerrit.asterisk.org/1164
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Icb842db82fe1cf238da55df92e95938a4419377c
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Owner: Joshua Colp <jcolp at digium.com>

More information about the asterisk-code-review mailing list