mirror of https://gerrit.osmocom.org/libosmocore
1f9cc01861
Add global flag osmo_fsm_term_safely() -- if set to true, enable the following behavior: Detect osmo_fsm_inst_term() occuring within osmo_fsm_inst_term(): - collect deallocations until the outermost osmo_fsm_inst_term() is done. - call osmo_fsm_inst_free() *after* dispatching the parent event. If a struct osmo_fsm_inst enters osmo_fsm_inst_term() while another is already within osmo_fsm_inst_term(), do not directly deallocate it, but talloc-reparent it to a separate talloc context, to be deallocated with the outermost FSM inst. The effect is that all osmo_fsm_inst freed within an osmo_fsm_inst_term() cascade will stay allocated until all osmo_fsm_inst_term() are complete and all of them will be deallocated at the same time. Mark the deferred deallocation state as __thread in an attempt to make cascaded deallocation handling threadsafe. Keep the enable/disable flag separate, so that it is global and not per-thread. The feature is showcased by fsm_dealloc_test.c: with this feature, all of those wild deallocation scenarios succeed. Make fsm_dealloc_test a normal regression test in testsuite.at. Rationale: It is difficult to gracefully handle deallocations of groups of FSM instances that reference each other. As soon as one child dispatching a cleanup event causes its parent to deallocate before fsm.c was ready for it, deallocation will hit a use-after-free. Before this patch, by using parent_term events and distinct "terminating" FSM states, parent/child FSMs can be taught to wait for all children to deallocate before deallocating the parent. But as soon as a non-child / non-parent FSM instance is involved, or actually any other cleanup() action that triggers parent FSMs or parent talloc contexts to become unused, it is near impossible to think of all possible deallocation events ricocheting, and to avoid running into freeing FSM instances that were still in the middle of osmo_fsm_inst_term(), or FSM instances to enter osmo_fsm_inst_term() more than once. This patch makes deallocation of "all possible" setups of complex cross referencing FSM instances easy to handle correctly, without running into use-after-free or double free situations, and, notably, without changing calling code. Change-Id: I8eda67540a1cd444491beb7856b9fcd0a3143b18 |
||
|---|---|---|
| .. | ||
| codec | ||
| coding | ||
| ctrl | ||
| gb | ||
| gsm | ||
| pseudotalloc | ||
| sim | ||
| vty | ||
| Makefile.am | ||
| application.c | ||
| backtrace.c | ||
| bitcomp.c | ||
| bits.c | ||
| bitvec.c | ||
| conv.c | ||
| conv_acc.c | ||
| conv_acc_generic.c | ||
| conv_acc_sse.c | ||
| conv_acc_sse_avx.c | ||
| conv_acc_sse_impl.h | ||
| counter.c | ||
| crc16.c | ||
| crcXXgen.c.tpl | ||
| fsm.c | ||
| gsmtap_util.c | ||
| isdnhdlc.c | ||
| logging.c | ||
| logging_gsmtap.c | ||
| logging_syslog.c | ||
| loggingrb.c | ||
| macaddr.c | ||
| msgb.c | ||
| msgfile.c | ||
| panic.c | ||
| plugin.c | ||
| prbs.c | ||
| prim.c | ||
| rate_ctr.c | ||
| rbtree.c | ||
| select.c | ||
| sercomm.c | ||
| serial.c | ||
| signal.c | ||
| sockaddr_str.c | ||
| socket.c | ||
| stat_item.c | ||
| stats.c | ||
| stats_statsd.c | ||
| strrb.c | ||
| tdef.c | ||
| timer.c | ||
| timer_clockgettime.c | ||
| timer_gettimeofday.c | ||
| use_count.c | ||
| utils.c | ||
| write_queue.c | ||