Bug#493055: BRIStuff patches introduce deadlock

Thu, 11 Sep 2008 07:18:29 -0700 

On Thu, Jul 31, 2008 at 01:14:46PM +0930, Kevin Shanahan wrote:
> Package: asterisk
> Version: 1.4.21.2~dfsg-1
> Severity: grave
> 
> I had some problems with my Asterisk installation having the PRI
> channels lock up completely when certain types of calls were
> received. Eventually this was traced back to a deadlock caused by the
> bristuff patches being applied.
> 
> Various information, logs and a stack trace of the lockup here:
>    http://bugs.digium.com/view.php?id=13192
> 
> I'm choosing severity "grave" because this effectively will allow
> someone calling in with particlar caller ID options/flags to lock up
> your PRI span on demand (i.e. DoS).

The following patch has fixed at least one case of reproducable
deadlocks for us. It still needs to be backported to chan_zap.

It is currently at
http://repo.or.cz/w/asterisk-bristuff.git?a=commit;h=6e44531a8a112e36588b5dbced309b0521d6b64e
(Should be at the tag "bristuff-0.4.0-RC4-xr1", but the mirroring seems
to be lagging)

-- 
               Tzafrir Cohen
icq#16849755              jabber:[EMAIL PROTECTED]
+972-50-7952406           mailto:[EMAIL PROTECTED]
http://www.xorcom.com  iax:[EMAIL PROTECTED]/tzafrir

commit ccd11da0599c190f5b678aed3f164579ca873c71
Author: Tzafrir Cohen <[EMAIL PROTECTED]>
Date:   Mon Sep 8 10:59:06 2008 +0000

    Locking fixes in chan_dahdi: lock chan before pvt

diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c
index 35c4e4e..c12c112 100644
--- a/channels/chan_dahdi.c
+++ b/channels/chan_dahdi.c
@@ -9105,7 +9105,7 @@ static void *pri_dchannel(void *vpri)
 	int haveidles;
 	int activeidles;
 	int nextidle = -1;
-	struct ast_channel *c;
+	struct ast_channel *c = NULL;
 	struct timeval tv, lowest, *next;
 	struct timeval lastidle = { 0, 0 };
 	int doidling=0;
@@ -9846,6 +9846,7 @@ static void *pri_dchannel(void *vpri)
 								snprintf(calledtonstr, sizeof(calledtonstr)-1, "%d", e->ring.calledplan);
 								pbx_builtin_setvar_helper(c, "CALLEDTON", calledtonstr);
 
+								ast_mutex_lock(&c->lock);
 								ast_mutex_lock(&pri->pvts[chanpos]->lock);
 								ast_mutex_lock(&pri->lock);
 
@@ -9893,6 +9894,8 @@ static void *pri_dchannel(void *vpri)
 					if (crv)
 						ast_mutex_unlock(&crv->lock);
 					ast_mutex_unlock(&pri->pvts[chanpos]->lock);
+					if (c)
+						ast_mutex_unlock(&c->lock);
 				} else {
 					if (e->ring.flexible)
 						pri_hangup(pri->pri, e->ring.call, PRI_CAUSE_NORMAL_CIRCUIT_CONGESTION);

Reply via email to