Changeset 671

Timestamp:

Aug 10, 2006 9:44:26 PM (18 years ago)

Author:

bennylp

Message:

Attempt to fix the race condition in dialog locking.

Location:

pjproject/trunk/pjsip

Files:

• include/pjsip/sip_dialog.h (modified) (1 diff)
• include/pjsip/sip_ua_layer.h (modified) (1 diff)
• src/pjsip-simple/evsub.c (modified) (3 diffs)
• src/pjsip-ua/sip_inv.c (modified) (9 diffs)
• src/pjsip/sip_dialog.c (modified) (17 diffs)
• src/pjsip/sip_ua_layer.c (modified) (10 diffs)

pjproject/trunk/pjsip/include/pjsip/sip_dialog.h

@@ -109 +109 @@
     char                obj_name[PJ_MAX_OBJ_NAME];  /**< Standard id.       */
     pj_pool_t          *pool;       /**< Dialog's pool.                     */
-    pj_mutex_t         *mutex;      /**< Dialog's mutex. Do not call!!
+    pj_mutex_t         *mutex_;     /**< Dialog's mutex. Do not call!!
                                          Use pjsip_dlg_inc_lock() instead!  */
     pjsip_user_agent   *ua;         /**< User agent instance.               */

pjproject/trunk/pjsip/include/pjsip/sip_ua_layer.h

@@ -80 +80 @@
 PJ_DECL(pjsip_user_agent*) pjsip_ua_instance(void);
 
+
+/**
+ * Lock the dialog's hash table. This function is normally called by
+ * dialog code only.
+ *
+ * @return              PJ_SUCCESS on success or the appropriate error code.
+ */
+PJ_DECL(pj_status_t) pjsip_ua_lock_dlg_table(void);
+
+
+/**
+ * Unlock the dialog's hash table. This function is normally called by
+ * dialog code only.
+ *
+ * @return              PJ_SUCCESS on success or the appropriate error code.
+ */
+PJ_DECL(pj_status_t) pjsip_ua_unlock_dlg_table(void);
+
+
 /**
  * Destroy the user agent layer.

pjproject/trunk/pjsip/src/pjsip-simple/evsub.c

@@ -669 +669 @@
 
 
+    /* Must lock dialog before using pool etc. */
+    pjsip_dlg_inc_lock(dlg);
+
     /* Init attributes: */
 
@@ -715 +718 @@
 
     status = pjsip_dlg_add_usage(dlg, &mod_evsub.mod, dlgsub_head);
-    if (status != PJ_SUCCESS)
+    if (status != PJ_SUCCESS) {
+        pjsip_dlg_dec_lock(dlg);
         return status;
+    }
 
 
@@ -724 +729 @@
 
     *p_evsub = sub;
+    pjsip_dlg_dec_lock(dlg);
 
     return PJ_SUCCESS;

pjproject/trunk/pjsip/src/pjsip-ua/sip_inv.c

@@ -436 +436 @@
     PJ_ASSERT_RETURN(dlg && p_inv, PJ_EINVAL);
 
+    /* Must lock dialog first */
+    pjsip_dlg_inc_lock(dlg);
+
     /* Normalize options */
     if (options & PJSIP_INV_REQUIRE_100REL)
@@ -445 +448 @@
     /* Create the session */
     inv = pj_pool_zalloc(dlg->pool, sizeof(pjsip_inv_session));
-    PJ_ASSERT_RETURN(inv != NULL, PJ_ENOMEM);
+    pj_assert(inv != NULL);
 
     inv->pool = dlg->pool;
@@ -462 +465 @@
         status = pjmedia_sdp_neg_create_w_local_offer(dlg->pool, local_sdp,
                                                       &inv->neg);
-        if (status != PJ_SUCCESS)
+        if (status != PJ_SUCCESS) {
+            pjsip_dlg_dec_lock(dlg);
             return status;
+        }
     }
 
     /* Register invite as dialog usage. */
     status = pjsip_dlg_add_usage(dlg, &mod_inv.mod, inv);
-    if (status != PJ_SUCCESS)
+    if (status != PJ_SUCCESS) {
+        pjsip_dlg_dec_lock(dlg);
         return status;
+    }
 
     /* Increment dialog session */
@@ -476 +483 @@
     /* Done */
     *p_inv = inv;
+
+    pjsip_dlg_dec_lock(dlg);
 
     PJ_LOG(5,(inv->obj_name, "UAC invite session created for dialog %s",
@@ -841 +850 @@
                      PJ_EINVALIDOP);
 
+    /* Lock dialog */
+    pjsip_dlg_inc_lock(dlg);
+
     /* Normalize options */
     if (options & PJSIP_INV_REQUIRE_100REL)
@@ -850 +862 @@
     /* Create the session */
     inv = pj_pool_zalloc(dlg->pool, sizeof(pjsip_inv_session));
-    PJ_ASSERT_RETURN(inv != NULL, PJ_ENOMEM);
+    pj_assert(inv != NULL);
 
     inv->pool = dlg->pool;
@@ -873 +885 @@
             status = pjmedia_sdp_validate(rem_sdp);
 
-        if (status != PJ_SUCCESS)
+        if (status != PJ_SUCCESS) {
+            pjsip_dlg_dec_lock(dlg);
             return status;
+        }
     }
 
@@ -889 +903 @@
     }
 
-    if (status != PJ_SUCCESS)
+    if (status != PJ_SUCCESS) {
+        pjsip_dlg_dec_lock(dlg);
         return status;
+    }
 
     /* Register invite as dialog usage. */
     status = pjsip_dlg_add_usage(dlg, &mod_inv.mod, inv);
-    if (status != PJ_SUCCESS)
+    if (status != PJ_SUCCESS) {
+        pjsip_dlg_dec_lock(dlg);
         return status;
+    }
 
     /* Increment session in the dialog. */
@@ -910 +928 @@
 
     /* Done */
+    pjsip_dlg_dec_lock(dlg);
     *p_inv = inv;
 

pjproject/trunk/pjsip/src/pjsip/sip_dialog.c

@@ -81 +81 @@
     pj_list_init(&dlg->inv_hdr);
 
-    status = pj_mutex_create_recursive(pool, "dlg%p", &dlg->mutex);
+    status = pj_mutex_create_recursive(pool, "dlg%p", &dlg->mutex_);
     if (status != PJ_SUCCESS)
         goto on_error;
@@ -90 +90 @@
 
 on_error:
-    if (dlg->mutex)
-        pj_mutex_destroy(dlg->mutex);
+    if (dlg->mutex_)
+        pj_mutex_destroy(dlg->mutex_);
     pjsip_endpt_release_pool(endpt, pool);
     return status;
@@ -98 +98 @@
 static void destroy_dialog( pjsip_dialog *dlg )
 {
-    if (dlg->mutex)
-        pj_mutex_destroy(dlg->mutex);
+    if (dlg->mutex_) {
+        pj_mutex_destroy(dlg->mutex_);
+        dlg->mutex_ = NULL;
+    }
     pjsip_endpt_release_pool(dlg->endpt, dlg->pool);
 }
@@ -607 +609 @@
 
     /* Destroy this dialog. */
-    pj_mutex_destroy(dlg->mutex);
-    pjsip_endpt_release_pool(dlg->endpt, dlg->pool);
+    destroy_dialog(dlg);
 
     return PJ_SUCCESS;
@@ -639 +640 @@
     PJ_ASSERT_RETURN(dlg, PJ_EINVAL);
 
-    pj_mutex_lock(dlg->mutex);
+    pjsip_dlg_inc_lock(dlg);
 
     /* Clear route set. */
@@ -645 +646 @@
 
     if (!route_set) {
-        pj_mutex_unlock(dlg->mutex);
+        pjsip_dlg_dec_lock(dlg);
         return PJ_SUCCESS;
     }
@@ -659 +660 @@
     }
 
-    pj_mutex_unlock(dlg->mutex);
-
+    pjsip_dlg_dec_lock(dlg);
     return PJ_SUCCESS;
 }
@@ -673 +673 @@
     PJ_ASSERT_RETURN(dlg && mod, PJ_EINVAL);
 
-    pj_mutex_lock(dlg->mutex);
+    pjsip_dlg_inc_lock(dlg);
     ++dlg->sess_count;
-    pj_mutex_unlock(dlg->mutex);
+    pjsip_dlg_dec_lock(dlg);
 
     PJ_LOG(5,(dlg->obj_name, "Session count inc to %d by %.*s",
@@ -685 +685 @@
 /*
  * Lock dialog and increment session counter temporarily
- * to prevent it from being deleted.
+ * to prevent it from being deleted. In addition, it must lock
+ * the user agent's dialog table first, to prevent deadlock.
  */
 PJ_DEF(void) pjsip_dlg_inc_lock(pjsip_dialog *dlg)
 {
-    pj_mutex_lock(dlg->mutex);
+    pjsip_ua_lock_dlg_table();
+
+    pj_mutex_lock(dlg->mutex_);
     dlg->sess_count++;
+
+    pjsip_ua_unlock_dlg_table();
 }
 
@@ -700 +705 @@
 PJ_DEF(void) pjsip_dlg_dec_lock(pjsip_dialog *dlg)
 {
+    pjsip_ua_lock_dlg_table();
+
     pj_assert(dlg->sess_count > 0);
     --dlg->sess_count;
 
     if (dlg->sess_count==0 && dlg->tsx_count==0) {
-        pj_mutex_unlock(dlg->mutex);
-        pj_mutex_lock(dlg->mutex);
+        pj_mutex_unlock(dlg->mutex_);
+        pj_mutex_lock(dlg->mutex_);
         unregister_and_destroy_dialog(dlg);
     } else {
-        pj_mutex_unlock(dlg->mutex);
-    }
+        pj_mutex_unlock(dlg->mutex_);
+    }
+
+    pjsip_ua_unlock_dlg_table();
 }
 
@@ -725 +734 @@
               dlg->sess_count-1, (int)mod->name.slen, mod->name.ptr));
 
-    pj_mutex_lock(dlg->mutex);
+    pjsip_dlg_inc_lock(dlg);
+    --dlg->sess_count;
     pjsip_dlg_dec_lock(dlg);
 
@@ -749 +759 @@
               (int)mod->name.slen, mod->name.ptr, mod_data));
 
-    pj_mutex_lock(dlg->mutex);
+    pjsip_dlg_inc_lock(dlg);
 
     /* Usages are sorted on priority, lowest number first.
@@ -758 +768 @@
         if (dlg->usage[index] == mod) {
             pj_assert(!"This module is already registered");
-            pj_mutex_unlock(dlg->mutex);
+            pjsip_dlg_dec_lock(dlg);
             return PJSIP_ETYPEEXISTS;
         }
@@ -778 +788 @@
     ++dlg->usage_cnt;
 
-    pj_mutex_unlock(dlg->mutex);
+    pjsip_dlg_dec_lock(dlg);
 
     return PJ_SUCCESS;
@@ -897 +907 @@
 
     /* Lock dialog. */
-    pj_mutex_lock(dlg->mutex);
+    pjsip_dlg_inc_lock(dlg);
 
     /* Use outgoing CSeq and increment it by one. */
@@ -922 +932 @@
 
     /* Unlock dialog. */
-    pj_mutex_unlock(dlg->mutex);
+    pjsip_dlg_dec_lock(dlg);
 
     *p_tdata = tdata;
@@ -1114 +1124 @@
 
     /* Lock the dialog. */
-    pj_mutex_lock(dlg->mutex);
+    pjsip_dlg_inc_lock(dlg);
 
     dlg_beautify_response(dlg, st_code, tdata);
 
     /* Unlock the dialog. */
-    pj_mutex_unlock(dlg->mutex);
+    pjsip_dlg_dec_lock(dlg);
 
     /* Done. */

pjproject/trunk/pjsip/src/pjsip/sip_ua_layer.c

@@ -210 +210 @@
 
 
+/**
+ * Lock the dialog's hash table. This function is normally called by
+ * dialog code only.
+ *
+ * @return              PJ_SUCCESS on success or the appropriate error code.
+ */
+PJ_DEF(pj_status_t) pjsip_ua_lock_dlg_table(void)
+{
+    return pj_mutex_lock(mod_ua.mutex);
+}
+
+
+/**
+ * Unlock the dialog's hash table. This function is normally called by
+ * dialog code only.
+ *
+ * @return              PJ_SUCCESS on success or the appropriate error code.
+ */
+PJ_DEF(pj_status_t) pjsip_ua_unlock_dlg_table(void)
+{
+    return pj_mutex_unlock(mod_ua.mutex);
+}
+
+
 /*
  * Get the endpoint where this UA is currently registered.
@@ -562 +586 @@
     rdata->endpt_info.mod_data[mod_ua.mod.id] = dlg;
 
+    /* Lock the dialog */
+    pjsip_dlg_inc_lock(dlg);
+
     /* Done processing in the UA */
     pj_mutex_unlock(mod_ua.mutex);
@@ -567 +594 @@
     /* Pass to dialog. */
     pjsip_dlg_on_rx_request(dlg, rdata);
+
+    /* Unlock the dialog. This may destroy the dialog */
+    pjsip_dlg_dec_lock(dlg);
 
     /* Report as handled. */
@@ -591 +621 @@
      */
 
+    /* Lock user agent dlg table before we're doing anything. */
+    pj_mutex_lock(mod_ua.mutex);
+
     /* Check if transaction is present. */
     tsx = pjsip_rdata_get_tsx(rdata);
@@ -596 +629 @@
         /* Check if dialog is present in the transaction. */
         dlg = pjsip_tsx_get_dlg(tsx);
-        if (!dlg)
+        if (!dlg) {
+            /* Unlock dialog hash table. */
+            pj_mutex_unlock(mod_ua.mutex);
             return PJ_FALSE;
+        }
 
         /* Get the dialog set. */
@@ -621 +657 @@
              * or a very late response.
              */
+            /* Unlock dialog hash table. */
+            pj_mutex_unlock(mod_ua.mutex);
             return PJ_FALSE;
         }
 
-        /* Lock user agent before accessing the hash table. */
-        pj_mutex_lock(mod_ua.mutex);
 
         /* Get the dialog set. */
@@ -633 +669 @@
                               NULL);
 
-        /* Done with accessing the hash table. */
-        pj_mutex_unlock(mod_ua.mutex);
-
         if (!dlg_set) {
+            /* Unlock dialog hash table. */
+            pj_mutex_unlock(mod_ua.mutex);
+
             /* Strayed 2xx response!! */
             PJ_LOG(4,(THIS_FILE, 
@@ -666 +702 @@
         int st_code = rdata->msg_info.msg->line.status.code;
         pj_str_t *to_tag = &rdata->msg_info.to->tag;
-
-        /* Must hold UA mutex before accessing dialog set. */
-        pj_mutex_lock(mod_ua.mutex);
 
         dlg = dlg_set->dlg_list.next;
@@ -734 +767 @@
         }
 
-        /* Done with the dialog set. */
-        pj_mutex_unlock(mod_ua.mutex);
-
     } else {
         /* Either this is a non-INVITE response, or subsequent INVITE
@@ -752 +782 @@
     rdata->endpt_info.mod_data[mod_ua.mod.id] = dlg;
 
+    /* Acquire lock to the dialog. */
+    pjsip_dlg_inc_lock(dlg);
+
+    /* Unlock dialog hash table. */
+    pj_mutex_unlock(mod_ua.mutex);
+
     /* Pass the response to the dialog. */
     pjsip_dlg_on_rx_response(dlg, rdata);
+
+    /* Unlock the dialog. This may destroy the dialog. */
+    pjsip_dlg_dec_lock(dlg);
 
     /* Done. */