From 82cf68254614a70a22d4b1b08b5bb2ba96c9dbd7 Mon Sep 17 00:00:00 2001 From: dimitri staessens Date: Wed, 26 Oct 2016 20:42:52 +0200 Subject: ipcpd: Fix bad lock in shim-udp --- src/ipcpd/shim-udp/main.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/src/ipcpd/shim-udp/main.c b/src/ipcpd/shim-udp/main.c index e4ab4fac..c90b47a2 100644 --- a/src/ipcpd/shim-udp/main.c +++ b/src/ipcpd/shim-udp/main.c @@ -272,6 +272,7 @@ static int ipcp_udp_port_req(struct sockaddr_in * c_saddr, } pthread_rwlock_rdlock(&ipcpi.state_lock); + pthread_rwlock_wrlock(&udp_data.flows_lock); /* reply to IRM */ fd = ipcp_flow_req_arr(getpid(), dst_name, src_ae_name); @@ -283,8 +284,6 @@ static int ipcp_udp_port_req(struct sockaddr_in * c_saddr, return -1; } - pthread_rwlock_wrlock(&udp_data.flows_lock); - udp_data.uf_to_fd[skfd] = fd; udp_data.fd_to_uf[fd].skfd = skfd; udp_data.fd_to_uf[fd].udp = f_saddr.sin_port; @@ -494,19 +493,16 @@ static void * ipcp_udp_sdu_loop(void * o) pthread_rwlock_rdlock(&ipcpi.state_lock); pthread_rwlock_rdlock(&udp_data.flows_lock); - fd = udp_data.fd_to_uf[fd].skfd; - - pthread_rwlock_unlock(&udp_data.flows_lock); - pthread_rwlock_unlock(&ipcpi.state_lock); - - if (send(fd, + if (send(udp_data.fd_to_uf[fd].skfd, shm_du_buff_head(sdb), shm_du_buff_tail(sdb) - shm_du_buff_head(sdb), 0) < 0) LOG_ERR("Failed to send SDU."); - ipcp_flow_del(sdb); - } + pthread_rwlock_unlock(&udp_data.flows_lock); + pthread_rwlock_unlock(&ipcpi.state_lock); + + ipcp_flow_del(sdb); } } return (void *) 1; @@ -1119,10 +1115,13 @@ static int ipcp_udp_flow_dealloc(int fd) clr_fd(skfd); pthread_rwlock_unlock(&udp_data.flows_lock); - pthread_rwlock_unlock(&ipcpi.state_lock); + pthread_rwlock_wrlock(&udp_data.flows_lock); close(skfd); + pthread_rwlock_unlock(&udp_data.flows_lock); + pthread_rwlock_unlock(&ipcpi.state_lock); + flow_dealloc(fd); LOG_DBG("Flow with fd %d deallocated.", fd); -- cgit v1.2.3