[asterisk-dev] [Code Review] 2797: optional_api: Fix linking problems between modules that export global symbols

Tilghman Lesher reviewboard at asterisk.org
Wed Aug 28 09:29:05 CDT 2013



> On Aug. 27, 2013, 7:53 p.m., Tilghman Lesher wrote:
> > /branches/12/main/loader.c, line 418
> > <https://reviewboard.asterisk.org/r/2797/diff/1/?file=45201#file45201line418>
> >
> >     I know the while seems a little weird, but on some systems, dlclose() has to be run several times before it will succeed.
> >     
> >     Otherwise, this would be a candidate for ast_do_crash() when dlclose() doesn't return 0.
> 
> David Lee wrote:
>     From what I've been able to find, the while(!dlclose()) is actually an
>     anti-pattern that doesn't solve any actual problem. It's akin to
>     repeatedly unlocking a recursive mutex "just to make sure it's
>     unlocked", which is a Bad Idea™. Do you have a reference that shows
>     when the while() loop is a good thing?
>     
>     The situation I ran into was dlclose() _never_ failed, resulting in
>     infinite loops. I saw this happen when a module links to a symbol
>     exported by another; even if the using module was first unloaded.
>     
>     If dlclose() fails, ast_do_crash() seems a bit extreme. The module
>     will remain resident in memory, but is otherwise harmless. We could
>     log a message on failure, but since there's nothing to do about the
>     situation, I'm not sure what the point would be.

I don't have a reference for it, no, but we probably should be at least receiving the response code when dlclose() fails and printing the error message.  Markster may even remember the specific person who needed it, which would provide a clue to the platform where it's necessary.

The use case is something I've done, which was to remove a buggy module from a running instance of Asterisk and loading in a newly compiled module.  If the dlclose() of the library failed silently, and I attempted to load a new module into place, I'm not sure what the result would be; whether the old module would be used, the new module's symbols would replace it, or something akin to a crash, but we definitely ought to be detecting that problem.

I'd also be fine with something on the order of:
int i, res;
for (i = 0; i < 5; i++) {
    if (!(res = dclose())) {
        break;
    }
    usleep(1);
}
if (i == 5) {
    ast_log(LOG_ERROR, "Library failed to close: %s\n", strerror(res));
}

5 times ought to be plenty, eliminates the infinite loop, and prints an error if something really wasn't able to be unloaded, alerting the user that the module may be left in an inconsistent state.


> On Aug. 27, 2013, 7:53 p.m., Tilghman Lesher wrote:
> > /branches/12/main/optional_api.c, lines 105-106
> > <https://reviewboard.asterisk.org/r/2797/diff/1/?file=45202#file45202line105>
> >
> >     By convention, put the comment phrase "/* SAFE */" after the function, on the same line, so that when code auditors check for unsafe functions, they see the phrase and know that the use has been audited and can eliminate the instance from their report.
> 
> David Lee wrote:
>     Sure, but of the 616 other strcpy()'s in Asterisk, only 27 follow this
>     convention.

That probably speaks more to the last time that somebody did a code audit of unsafe functions than anything else.


- Tilghman


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2797/#review9528
-----------------------------------------------------------


On Aug. 27, 2013, 5:17 p.m., David Lee wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2797/
> -----------------------------------------------------------
> 
> (Updated Aug. 27, 2013, 5:17 p.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Bugs: ASTERISK-22296
>     https://issues.asterisk.org/jira/browse/ASTERISK-22296
> 
> 
> Repository: Asterisk
> 
> 
> Description
> -------
> 
> With the new work in Asterisk 12, there are some uses of the
> optional_api that are prone to failure. The details are rather involved,
> and captured on [the wiki][1].
> 
> This patch addresses the issue by removing almost all of the magic from
> the optional API implementation. Instead of relying on weak symbol
> resolution, a new optional_api.c module was added to Asterisk core.
> 
> For modules providing an optional API, the pointer to the implementation
> function is registered with the core. For modules that use an optional
> API, a pointer to a stub function, along with a optional_ref function
> pointer are registered with the core. The optional_ref function pointers
> is set to the implementation function when it's provided, or the stub
> function when it's now.
> 
> Since the implementation no longer relies on magic, it is now supported
> on all platforms. In the spirit of choice, an OPTIONAL_API flag was
> added, so we can disable the optional_api if needed (maybe it's buggy on
> some bizarre platform I haven't tested on)
> 
> The AST_OPTIONAL_API*() macros themselves remained unchanged, so
> existing code could remain unchanged. But to help with debugging the
> optional_api, the patch limits the #include of optional API's to just
> the modules using the API. This also reduces resource waste maintaining
> optional_ref pointers that aren't used.
> 
> Other changes made as a part of this patch:
>  * The stubs for http_websocket that wrap system calls set errno to
>    ENOSYS.
> 
>  * res_http_websocket now properly increments module use count.
> 
>  * In loader.c, the while() wrappers around dlclose() were removed. The
>    while(!dlclose()) is actually an anti-pattern, which can lead to
>    infinite loops if the module you're attempting to unload exports a
>    symbol that was directly linked to.
> 
>  * The special handling of nonoptreq on systems without weak symbol
>    support was removed, since we no longer rely on weak symbols for
>    optional_api.
> 
>  [1]: https://wiki.asterisk.org/wiki/x/wACUAQ
> 
> 
> Diffs
> -----
> 
>   /branches/12/tests/test_optional_api.c PRE-CREATION 
>   /branches/12/rest-api-templates/swagger_model.py 397673 
>   /branches/12/rest-api-templates/res_ari_resource.c.mustache 397673 
>   /branches/12/res/res_http_websocket.c 397673 
>   /branches/12/res/res_ari_events.c 397673 
>   /branches/12/res/res_ari.c 397673 
>   /branches/12/res/ari/internal.h 397673 
>   /branches/12/res/ari/ari_websockets.c 397673 
>   /branches/12/main/optional_api.c PRE-CREATION 
>   /branches/12/main/loader.c 397673 
>   /branches/12/main/asterisk.c 397673 
>   /branches/12/include/asterisk/optional_api.h 397673 
>   /branches/12/include/asterisk/http_websocket.h 397673 
>   /branches/12/include/asterisk/ari.h 397673 
>   /branches/12/channels/sip/include/sip.h 397673 
>   /branches/12/channels/chan_sip.c 397673 
>   /branches/12/build_tools/cflags.xml 397673 
> 
> Diff: https://reviewboard.asterisk.org/r/2797/diff/
> 
> 
> Testing
> -------
> 
> New optional_api tests pass.
> 
> The config below consistently fails when attempting to connect to the
> ARI WebSocket without this patch; consistently passes with this patch.
> 
> modules.conf:
>     [modules]
>     load => res_stasis.so
>     load => res_ari.so
>     load => res_ari_model.so
>     load => res_ari_events.so
>     load => res_http_websocket.so
> 
> http.conf:
>     [general]
>     enabled=yes
>     bindaddr=127.0.0.1
> 
> ari.conf:
>     [general]
>     enabled = yes
> 
>     [ari]
>     type = user
>     password = ari
> 
> 
> Thanks,
> 
> David Lee
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20130828/5e913fda/attachment.htm>


More information about the asterisk-dev mailing list