From ac96ad37e08f6017a51b29d849e82c6fb98d5782 Mon Sep 17 00:00:00 2001 From: mnicholson Date: Thu, 17 Sep 2009 15:44:14 +0000 Subject: Merged revisions 219139 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r219139 | mnicholson | 2009-09-17 10:18:01 -0500 (Thu, 17 Sep 2009) | 17 lines Merged revisions 219136 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r219136 | mnicholson | 2009-09-17 09:58:39 -0500 (Thu, 17 Sep 2009) | 10 lines Prevent a potential race condition and crash when hanging up a channel by removing the channel from the channel list before begining channel tear down. This fix may potentially cause problems with CDR backends that access the channel a CDR is associated with via the channel list. This fix makes the channel unavabile at the time when the CDR backend is invoked. This has been documented in include/asterisk/cdr.h. (closes issue #15316) Reported by: vmarrone Tested by: mnicholson Review: https://reviewboard.asterisk.org/r/362/ ........ ................ git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.6.0@219198 f38db490-d61c-443f-a65b-d21fe96a405b --- include/asterisk/cdr.h | 6 ++++++ include/asterisk/channel.h | 2 ++ main/channel.c | 33 +++++++++++++++++++++++++-------- 3 files changed, 33 insertions(+), 8 deletions(-) diff --git a/include/asterisk/cdr.h b/include/asterisk/cdr.h index 0b94fd73c..6d633b990 100644 --- a/include/asterisk/cdr.h +++ b/include/asterisk/cdr.h @@ -120,6 +120,12 @@ int ast_cdr_serialize_variables(struct ast_cdr *cdr, struct ast_str **buf, char void ast_cdr_free_vars(struct ast_cdr *cdr, int recur); int ast_cdr_copy_vars(struct ast_cdr *to_cdr, struct ast_cdr *from_cdr); +/*! + * \brief CDR backend callback + * \warning CDR backends should NOT attempt to access the channel associated + * with a CDR record. This channel is not guaranteed to exist when the CDR + * backend is invoked. + */ typedef int (*ast_cdrbe)(struct ast_cdr *cdr); /*! \brief Return TRUE if CDR subsystem is enabled */ diff --git a/include/asterisk/channel.h b/include/asterisk/channel.h index c9a70faca..a5f080df8 100644 --- a/include/asterisk/channel.h +++ b/include/asterisk/channel.h @@ -592,6 +592,8 @@ enum { * bridge terminates, this will allow the hangup in the pbx loop to be run instead. * */ AST_FLAG_BRIDGE_HANGUP_DONT = (1 << 18), + /*! This flag indicates whether the channel is in the channel list or not. */ + AST_FLAG_IN_CHANNEL_LIST = (1 << 19), }; /*! \brief ast_bridge_config flags */ diff --git a/main/channel.c b/main/channel.c index 39a47545b..30f5fbbce 100644 --- a/main/channel.c +++ b/main/channel.c @@ -931,6 +931,8 @@ alertpipe_failed: tmp->tech = &null_tech; + ast_set_flag(tmp, AST_FLAG_IN_CHANNEL_LIST); + AST_RWLIST_WRLOCK(&channels); AST_RWLIST_INSERT_HEAD(&channels, tmp, chan_list); AST_RWLIST_UNLOCK(&channels); @@ -1334,17 +1336,21 @@ void ast_channel_free(struct ast_channel *chan) struct varshead *headp; struct ast_datastore *datastore = NULL; char name[AST_CHANNEL_NAME], *dashptr; + int inlist; headp=&chan->varshead; - AST_RWLIST_WRLOCK(&channels); - if (!AST_RWLIST_REMOVE(&channels, chan, chan_list)) { - ast_log(LOG_ERROR, "Unable to find channel in list to free. Assuming it has already been done.\n"); + inlist = ast_test_flag(chan, AST_FLAG_IN_CHANNEL_LIST); + if (inlist) { + AST_RWLIST_WRLOCK(&channels); + if (!AST_RWLIST_REMOVE(&channels, chan, chan_list)) { + ast_debug(1, "Unable to find channel in list to free. Assuming it has already been done.\n"); + } + /* Lock and unlock the channel just to be sure nobody has it locked still + due to a reference retrieved from the channel list. */ + ast_channel_lock(chan); + ast_channel_unlock(chan); } - /* Lock and unlock the channel just to be sure nobody has it locked still - due to a reference retrieved from the channel list. */ - ast_channel_lock(chan); - ast_channel_unlock(chan); /* Get rid of each of the data stores on the channel */ while ((datastore = AST_LIST_REMOVE_HEAD(&chan->datastores, entry))) @@ -1422,7 +1428,8 @@ void ast_channel_free(struct ast_channel *chan) ast_string_field_free_memory(chan); ast_free(chan); - AST_RWLIST_UNLOCK(&channels); + if (inlist) + AST_RWLIST_UNLOCK(&channels); ast_device_state_changed_literal(name); } @@ -1672,6 +1679,16 @@ int ast_hangup(struct ast_channel *chan) ast_channel_unlock(chan); return 0; } + ast_channel_unlock(chan); + + AST_RWLIST_WRLOCK(&channels); + if (!AST_RWLIST_REMOVE(&channels, chan, chan_list)) { + ast_log(LOG_ERROR, "Unable to find channel in list to free. Assuming it has already been done.\n"); + } + ast_clear_flag(chan, AST_FLAG_IN_CHANNEL_LIST); + AST_RWLIST_UNLOCK(&channels); + + ast_channel_lock(chan); free_translation(chan); /* Close audio stream */ if (chan->stream) { -- cgit v1.2.3