Bridging: Use a ref to bridge_channel's channel to prevent crash.
There's a race condition with bridging where a bridge can be torn down causing the bridge_channel's ast_channel to become NULL when it's still needed. This particular case happened with attended transfers, but the crash occurred when trying to publish a stasis message. Now, the bridge_channel is locked, a ref to the ast_channel is obtained, and that ref is passed down the chain. Change-Id: Ic48715c0c041615d17d286790ae3e8c61bb28814
This commit is contained in:
Ben Ford
Joshua Colp
parent
bd0724c7ed
commit
e7620d034a
|
|
@ -193,6 +193,20 @@ struct ast_bridge_channel {
|
|||
} stream_map;
|
||||
};
|
||||
|
||||
/*!
|
||||
* \brief Get a ref to the bridge_channel's ast_channel
|
||||
*
|
||||
* \param bridge_channel The bridge channel
|
||||
*
|
||||
* \note The returned channel NEEDS to be unref'd once you are done with it. In general, this
|
||||
* function is best used when accessing the bridge_channel chan from outside of a bridging
|
||||
* thread.
|
||||
*
|
||||
* \retval ref'd ast_channel on success
|
||||
* \retval NULL otherwise
|
||||
*/
|
||||
struct ast_channel *ast_bridge_channel_get_chan(struct ast_bridge_channel *bridge_channel);
|
||||
|
||||
/*!
|
||||
* \brief Try locking the bridge_channel.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -1753,7 +1753,10 @@ int ast_bridge_join(struct ast_bridge *bridge,
|
|||
ast_channel_lock(chan);
|
||||
ast_channel_internal_bridge_channel_set(chan, NULL);
|
||||
ast_channel_unlock(chan);
|
||||
/* Due to a race condition, we lock the bridge channel here for ast_bridge_channel_get_chan */
|
||||
ao2_lock(bridge_channel);
|
||||
bridge_channel->chan = NULL;
|
||||
ao2_unlock(bridge_channel);
|
||||
/* If bridge_channel->swap is not NULL then the join failed. */
|
||||
ao2_t_cleanup(bridge_channel->swap, "Bridge complete: join failed");
|
||||
bridge_channel->swap = NULL;
|
||||
|
|
@ -1822,7 +1825,10 @@ static void *bridge_channel_ind_thread(void *data)
|
|||
ast_channel_lock(chan);
|
||||
ast_channel_internal_bridge_channel_set(chan, NULL);
|
||||
ast_channel_unlock(chan);
|
||||
/* Lock here for ast_bridge_channel_get_chan */
|
||||
ao2_lock(bridge_channel);
|
||||
bridge_channel->chan = NULL;
|
||||
ao2_unlock(bridge_channel);
|
||||
/* If bridge_channel->swap is not NULL then the join failed. */
|
||||
ao2_t_cleanup(bridge_channel->swap, "Bridge complete: Independent impart join failed");
|
||||
bridge_channel->swap = NULL;
|
||||
|
|
@ -1923,7 +1929,10 @@ static int bridge_impart_internal(struct ast_bridge *bridge,
|
|||
ast_channel_lock(chan);
|
||||
ast_channel_internal_bridge_channel_set(chan, NULL);
|
||||
ast_channel_unlock(chan);
|
||||
/* Lock here for ast_bridge_channel_get_chan */
|
||||
ao2_lock(bridge_channel);
|
||||
bridge_channel->chan = NULL;
|
||||
ao2_unlock(bridge_channel);
|
||||
ao2_t_cleanup(bridge_channel->swap, "Bridge complete: Impart failed");
|
||||
bridge_channel->swap = NULL;
|
||||
ast_bridge_features_destroy(bridge_channel->features);
|
||||
|
|
@ -4771,14 +4780,22 @@ enum ast_transfer_result ast_bridge_transfer_attended(struct ast_channel *to_tra
|
|||
|
||||
if (to_transferee_bridge_channel) {
|
||||
/* Take off hold if they are on hold. */
|
||||
ast_bridge_channel_write_unhold(to_transferee_bridge_channel);
|
||||
if (ast_bridge_channel_write_unhold(to_transferee_bridge_channel)) {
|
||||
ast_log(LOG_ERROR, "Transferee channel disappeared during transfer!\n");
|
||||
res = AST_BRIDGE_TRANSFER_FAIL;
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (to_target_bridge_channel) {
|
||||
const char *target_complete_sound;
|
||||
|
||||
/* Take off hold if they are on hold. */
|
||||
ast_bridge_channel_write_unhold(to_target_bridge_channel);
|
||||
if (ast_bridge_channel_write_unhold(to_target_bridge_channel)) {
|
||||
ast_log(LOG_ERROR, "Target channel disappeared during transfer!\n");
|
||||
res = AST_BRIDGE_TRANSFER_FAIL;
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* Is there a courtesy sound to play to the target? */
|
||||
ast_channel_lock(to_transfer_target);
|
||||
|
|
|
|||
|
|
@ -208,6 +208,17 @@ static void bridge_sync_signal(struct bridge_sync *sync_struct)
|
|||
ast_sem_post(&sync_struct->sem);
|
||||
}
|
||||
|
||||
struct ast_channel *ast_bridge_channel_get_chan(struct ast_bridge_channel *bridge_channel)
|
||||
{
|
||||
struct ast_channel *chan;
|
||||
|
||||
ao2_lock(bridge_channel);
|
||||
chan = ao2_bump(bridge_channel->chan);
|
||||
ao2_unlock(bridge_channel);
|
||||
|
||||
return chan;
|
||||
}
|
||||
|
||||
void ast_bridge_channel_lock_bridge(struct ast_bridge_channel *bridge_channel)
|
||||
{
|
||||
struct ast_bridge *bridge;
|
||||
|
|
@ -1177,7 +1188,14 @@ int ast_bridge_channel_write_hold(struct ast_bridge_channel *bridge_channel, con
|
|||
|
||||
int ast_bridge_channel_write_unhold(struct ast_bridge_channel *bridge_channel)
|
||||
{
|
||||
ast_channel_publish_cached_blob(bridge_channel->chan, ast_channel_unhold_type(), NULL);
|
||||
struct ast_channel *chan = ast_bridge_channel_get_chan(bridge_channel);
|
||||
|
||||
if (!chan) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
ast_channel_publish_cached_blob(chan, ast_channel_unhold_type(), NULL);
|
||||
ao2_ref(chan, -1);
|
||||
|
||||
return ast_bridge_channel_write_control_data(bridge_channel, AST_CONTROL_UNHOLD, NULL, 0);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue