sysmocom
/
asterisk
11
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

res_pjsip_pubsub: Ensure dialog lock balance. 

When sending a NOTIFY, we lock the dialog and then unlock the dialog
when finished. A recent change made it so that the subscription tree's
dialog pointer will be set NULL when sending the final NOTIFY request
out. This means that when we attempt to unlock the dialog, we pass a
NULL pointer to pjsip_dlg_dec_lock(). The result is that the dialog
remains locked after we think we have unlocked it. When a response to
the NOTIFY arrives, the monitor thread attempts to lock the dialog, but
it cannot because we never released the dialog lock. This results in
Asterisk being unable to process incoming SIP traffic any longer.

The fix in this patch is to use a local pointer to save off the pointer
value of the subscription tree's dialog when locking and unlocking the
dialog. This way, if the subscription tree's dialog pointer is NULLed
out, the local pointer will still have point to the proper place and the
dialog lock will be unlocked as we expect.

Change-Id: I7ddb3eaed7276cceb9a65daca701c3d5e728e63a
This commit is contained in:
Mark Michelson 2015-09-29 14:53:22 -05:00 committed by Richard Mudgett
parent b96267f7a3
commit e9e4bc9ece
1 changed files with 21 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
res/res_pjsip_pubsub.c
View File

@ -2134,19 +2134,20 @@ static int send_notify(struct sip_subscription_tree *sub_tree, unsigned int forc
static int serialized_send_notify(void *userdata)
{
struct sip_subscription_tree *sub_tree = userdata;
pjsip_dialog *dlg = sub_tree->dlg;
if (!sub_tree->dlg) {
if (!dlg) {
return 0;
}
pjsip_dlg_inc_lock(sub_tree->dlg);
pjsip_dlg_inc_lock(dlg);
/* It's possible that between when the notification was scheduled
* and now, that a new SUBSCRIBE arrived, requiring full state to be
* sent out in an immediate NOTIFY. If that has happened, we need to
* bail out here instead of sending the batched NOTIFY.
*/
if (!sub_tree->send_scheduled_notify) {
pjsip_dlg_dec_lock(sub_tree->dlg);
pjsip_dlg_dec_lock(dlg);
ao2_cleanup(sub_tree);
return 0;
}
@ -2156,7 +2157,7 @@ static int serialized_send_notify(void *userdata)
"Resource: %s",
sub_tree->root->resource);
sub_tree->notify_sched_id = -1;
pjsip_dlg_dec_lock(sub_tree->dlg);
pjsip_dlg_dec_lock(dlg);
ao2_cleanup(sub_tree);
return 0;
}
@ -2190,21 +2191,22 @@ int ast_sip_subscription_notify(struct ast_sip_subscription *sub, struct ast_sip
int terminate)
{
int res;
pjsip_dialog *dlg = sub->tree->dlg;
if (!sub->tree->dlg) {
if (!dlg) {
return 0;
}
pjsip_dlg_inc_lock(sub->tree->dlg);
pjsip_dlg_inc_lock(dlg);
if (!sub->tree->evsub) {
pjsip_dlg_dec_lock(sub->tree->dlg);
pjsip_dlg_dec_lock(dlg);
return 0;
}
if (ast_sip_pubsub_generate_body_content(ast_sip_subscription_get_body_type(sub),
ast_sip_subscription_get_body_subtype(sub), notify_data, &sub->body_text)) {
pjsip_dlg_dec_lock(sub->tree->dlg);
pjsip_dlg_dec_lock(dlg);
return -1;
}
@ -2225,7 +2227,7 @@ int ast_sip_subscription_notify(struct ast_sip_subscription *sub, struct ast_sip
ao2_ref(sub->tree, -1);
}
pjsip_dlg_dec_lock(sub->tree->dlg);
pjsip_dlg_dec_lock(dlg);
return res;
}
@ -3195,14 +3197,15 @@ static void set_state_terminated(struct ast_sip_subscription *sub)
static int serialized_pubsub_on_server_timeout(void *userdata)
{
struct sip_subscription_tree *sub_tree = userdata;
pjsip_dialog *dlg = sub_tree->dlg;
if (!sub_tree->dlg) {
if (!dlg) {
return 0;
}
pjsip_dlg_inc_lock(sub_tree->dlg);
pjsip_dlg_inc_lock(dlg);
if (!sub_tree->evsub) {
pjsip_dlg_dec_lock(sub_tree->dlg);
pjsip_dlg_dec_lock(dlg);
return 0;
}
set_state_terminated(sub_tree->root);
@ -3211,7 +3214,7 @@ static int serialized_pubsub_on_server_timeout(void *userdata)
"Resource: %s",
sub_tree->root->resource);
pjsip_dlg_dec_lock(sub_tree->dlg);
pjsip_dlg_dec_lock(dlg);
ao2_cleanup(sub_tree);
return 0;
}
@ -3299,14 +3302,15 @@ static void pubsub_on_evsub_state(pjsip_evsub *evsub, pjsip_event *event)
static int serialized_pubsub_on_rx_refresh(void *userdata)
{
struct sip_subscription_tree *sub_tree = userdata;
pjsip_dialog *dlg = sub_tree->dlg;
if (!sub_tree->dlg) {
if (!dlg) {
return 0;
}
pjsip_dlg_inc_lock(sub_tree->dlg);
pjsip_dlg_inc_lock(dlg);
if (!sub_tree->evsub) {
pjsip_dlg_dec_lock(sub_tree->dlg);
pjsip_dlg_dec_lock(dlg);
return 0;
}
@ -3320,7 +3324,7 @@ static int serialized_pubsub_on_rx_refresh(void *userdata)
"SUBSCRIPTION_TERMINATED" : "SUBSCRIPTION_REFRESHED",
"Resource: %s", sub_tree->root->resource);
pjsip_dlg_dec_lock(sub_tree->dlg);
pjsip_dlg_dec_lock(dlg);
ao2_cleanup(sub_tree);
return 0;
}