[svn-commits] russell: branch 1.4 r222878 - in /branches/1.4: include/asterisk/ main/
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Thu Oct 8 14:46:06 CDT 2009
Author: russell
Date: Thu Oct 8 14:45:47 2009
New Revision: 222878
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=222878
Log:
Make filestream frame handling safer by isolating frames before returning them.
This patch is related to a number of issues on the bug tracker that show
crashes related to freeing frames that came from a filestream. A number of
fixes have been made over time while trying to figure out these problems, but
there re still people seeing the crash. (Note that some of these bug reports
include information about other problems. I am specifically addressing
the filestream frame crash here.)
I'm still not clear on what the exact problem is. However, what is _very_
clear is that we have seen quite a few problems over time related to unexpected
behavior when we try to use embedded frames as an optimization. In some cases,
this optimization doesn't really provide much due to improvements made in other
areas.
In this case, the patch modifies filestream handling such that the embedded frame
will not be returned. ast_frisolate() is used to ensure that we end up with a
completely mallocd frame. In reality, though, we will not actually have to malloc
every time. For filestreams, the frame will almost always be allocated and freed
in the same thread. That means that the thread local frame cache will be used.
So, going this route doesn't hurt.
With this patch in place, some people have reported success in not seeing the
crash anymore.
(SWP-150)
(AST-208)
(ABE-1834)
(issue #15609)
Reported by: aragon
Patches:
filestream_frisolate-1.4.diff2.txt uploaded by russell (license 2)
Tested by: aragon, russell
(closes issue #15817)
Reported by: zerohalo
Tested by: zerohalo
(closes issue #15845)
Reported by: marhbere
Review: https://reviewboard.asterisk.org/r/386/
Modified:
branches/1.4/include/asterisk/file.h
branches/1.4/include/asterisk/frame.h
branches/1.4/main/file.c
branches/1.4/main/frame.c
Modified: branches/1.4/include/asterisk/file.h
URL: http://svnview.digium.com/svn/asterisk/branches/1.4/include/asterisk/file.h?view=diff&rev=222878&r1=222877&r2=222878
==============================================================================
--- branches/1.4/include/asterisk/file.h (original)
+++ branches/1.4/include/asterisk/file.h Thu Oct 8 14:45:47 2009
@@ -402,21 +402,6 @@
*/
struct ast_frame *ast_readframe(struct ast_filestream *s);
-/*!\brief destroy a filestream using an ast_frame as input
- *
- * This is a hack that is used also by the ast_trans_pvt and
- * ast_dsp structures. When a structure contains an ast_frame
- * pointer as one of its fields. It may be that the frame is
- * still used after the outer structure is freed. This leads to
- * invalid memory accesses. This function allows for us to hold
- * off on destroying the ast_filestream until we are done using
- * the ast_frame pointer that is part of it
- *
- * \param fr The ast_frame that is part of an ast_filestream we wish
- * to free.
- */
-void ast_filestream_frame_freed(struct ast_frame *fr);
-
/*! Initialize file stuff */
/*!
* Initializes all the various file stuff. Basically just registers the cli stuff
Modified: branches/1.4/include/asterisk/frame.h
URL: http://svnview.digium.com/svn/asterisk/branches/1.4/include/asterisk/frame.h?view=diff&rev=222878&r1=222877&r2=222878
==============================================================================
--- branches/1.4/include/asterisk/frame.h (original)
+++ branches/1.4/include/asterisk/frame.h Thu Oct 8 14:45:47 2009
@@ -135,10 +135,6 @@
* The dsp cannot be free'd if the frame inside of it still has
* this flag set. */
AST_FRFLAG_FROM_DSP = (1 << 2),
- /*! This frame came from a filestream and is still the original frame.
- * The filestream cannot be free'd if the frame inside of it still has
- * this flag set. */
- AST_FRFLAG_FROM_FILESTREAM = (1 << 3),
};
/*! \brief Data structure associated with a single frame of data
Modified: branches/1.4/main/file.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.4/main/file.c?view=diff&rev=222878&r1=222877&r2=222878
==============================================================================
--- branches/1.4/main/file.c (original)
+++ branches/1.4/main/file.c Thu Oct 8 14:45:47 2009
@@ -706,17 +706,36 @@
return NULL;
}
+static struct ast_frame *read_frame(struct ast_filestream *s, int *whennext)
+{
+ struct ast_frame *fr, *new_fr;
+
+ if (!s || !s->fmt) {
+ return NULL;
+ }
+
+ if (!(fr = s->fmt->read(s, whennext))) {
+ return NULL;
+ }
+
+ if (!(new_fr = ast_frisolate(fr))) {
+ ast_frfree(fr);
+ return NULL;
+ }
+
+ if (new_fr != fr) {
+ ast_frfree(fr);
+ fr = new_fr;
+ }
+
+ return fr;
+}
+
struct ast_frame *ast_readframe(struct ast_filestream *s)
{
- struct ast_frame *f = NULL;
- int whennext = 0;
- if (s && s->fmt)
- f = s->fmt->read(s, &whennext);
- if (f) {
- ast_set_flag(f, AST_FRFLAG_FROM_FILESTREAM);
- ao2_ref(s, +1);
- }
- return f;
+ int whennext = 0;
+
+ return read_frame(s, &whennext);
}
enum fsread_res {
@@ -733,15 +752,13 @@
while (!whennext) {
struct ast_frame *fr;
-
- if (s->orig_chan_name && strcasecmp(s->owner->name, s->orig_chan_name))
+
+ if (s->orig_chan_name && strcasecmp(s->owner->name, s->orig_chan_name)) {
goto return_failure;
-
- fr = s->fmt->read(s, &whennext);
- if (fr) {
- ast_set_flag(fr, AST_FRFLAG_FROM_FILESTREAM);
- ao2_ref(s, +1);
- }
+ }
+
+ fr = read_frame(s, &whennext);
+
if (!fr /* stream complete */ || ast_write(s->owner, fr) /* error writing */) {
if (fr) {
ast_log(LOG_WARNING, "Failed to write frame\n");
@@ -749,10 +766,12 @@
}
goto return_failure;
}
+
if (fr) {
ast_frfree(fr);
}
}
+
if (whennext != s->lasttimeout) {
#ifdef HAVE_DAHDI
if (s->owner->timingfd > -1) {
@@ -803,11 +822,8 @@
int whennext = 0;
while (!whennext) {
- struct ast_frame *fr = s->fmt->read(s, &whennext);
- if (fr) {
- ast_set_flag(fr, AST_FRFLAG_FROM_FILESTREAM);
- ao2_ref(s, +1);
- }
+ struct ast_frame *fr = read_frame(s, &whennext);
+
if (!fr /* stream complete */ || ast_write(s->owner, fr) /* error writing */) {
if (fr) {
ast_log(LOG_WARNING, "Failed to write frame\n");
@@ -816,6 +832,7 @@
s->owner->vstreamid = -1;
return FSREAD_FAILURE;
}
+
if (fr) {
ast_frfree(fr);
}
@@ -907,20 +924,6 @@
}
}
- if (ast_test_flag(&f->fr, AST_FRFLAG_FROM_FILESTREAM)) {
- /* If this flag is still set, it essentially means that the reference
- * count of f is non-zero. We can't destroy this filestream until
- * whatever is using the filestream's frame has finished.
- *
- * Since this was called, however, we need to remove the reference from
- * when this filestream was first allocated. That way, when the embedded
- * frame is freed, the refcount will reach 0 and we can finish destroying
- * this filestream properly.
- */
- ao2_ref(f, -1);
- return 0;
- }
-
ao2_ref(f, -1);
return 0;
}
@@ -1338,17 +1341,6 @@
-1, -1, context);
}
-void ast_filestream_frame_freed(struct ast_frame *fr)
-{
- struct ast_filestream *fs;
-
- ast_clear_flag(fr, AST_FRFLAG_FROM_FILESTREAM);
-
- fs = (struct ast_filestream *) (((char *) fr) - offsetof(struct ast_filestream, fr));
-
- ao2_ref(fs, -1);
-}
-
/*
* if the file name is non-empty, try to play it.
* Return 0 if success, -1 if error, digit if interrupted by a digit.
Modified: branches/1.4/main/frame.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.4/main/frame.c?view=diff&rev=222878&r1=222877&r2=222878
==============================================================================
--- branches/1.4/main/frame.c (original)
+++ branches/1.4/main/frame.c Thu Oct 8 14:45:47 2009
@@ -346,8 +346,6 @@
ast_translate_frame_freed(fr);
} else if (ast_test_flag(fr, AST_FRFLAG_FROM_DSP)) {
ast_dsp_frame_freed(fr);
- } else if (ast_test_flag(fr, AST_FRFLAG_FROM_FILESTREAM)) {
- ast_filestream_frame_freed(fr);
}
if (!fr->mallocd)
@@ -436,7 +434,6 @@
} else {
ast_clear_flag(fr, AST_FRFLAG_FROM_TRANSLATOR);
ast_clear_flag(fr, AST_FRFLAG_FROM_DSP);
- ast_clear_flag(fr, AST_FRFLAG_FROM_FILESTREAM);
out = fr;
}
More information about the svn-commits
mailing list