Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. [PATCH] ofono: Fix segfault during set_property (Scott Valentine)
----------------------------------------------------------------------
Message: 1
Date: Mon, 06 Mar 2017 09:58:41 -1000
From: Scott Valentine <[email protected]>
To: [email protected]
Subject: [PATCH] ofono: Fix segfault during set_property
Message-ID: <2795786.dcePRAETG4@localhost>
Content-Type: text/plain; charset="us-ascii"
If the SIM card is ejected or the modem is reset / removed between the
set_property call and the set_property_reply callback, connmand will generally
abort, as the remove_all_contexts will get called, and the callback accesses a
reference to a stale context via the property_info pointer.
The following patch adds reference counting to the network_context struct to
prevent the segfault:
diff -uNrp old/plugins/ofono.c new/plugins/ofono.c
--- old/plugins/ofono.c 2016-04-17 21:04:30.000000000 -1000
+++ new/plugins/ofono.c 2017-03-03 17:39:02.922101490 -1000
@@ -143,6 +143,8 @@ struct network_context {
struct connman_ipaddress *ipv6_address;
char *ipv6_nameservers;
+ int refcount;
+
bool active;
bool valid_apn; /* APN is 'valid' if length > 0 */
};
@@ -271,11 +273,24 @@ static struct network_context *network_c
context->ipv6_address = NULL;
context->ipv6_nameservers = NULL;
+ context->refcount = 1;
+
return context;
}
-static void network_context_free(struct network_context *context)
+static void network_context_ref(struct network_context *context)
+{
+ __sync_fetch_and_add(&context->refcount, 1);
+ DBG("refcount = %d", context->refcount);
+}
+
+static void network_context_unref(struct network_context *context)
{
+ DBG("refcount = %d", context->refcount);
+ if (__sync_fetch_and_sub(&context->refcount, 1) != 1)
+ return;
+
+ DBG("free");
g_free(context->path);
connman_ipaddress_free(context->ipv4_address);
@@ -389,6 +404,15 @@ struct property_info {
get_properties_cb get_properties_cb;
};
+static void free_property_info(void * memory)
+{
+ struct property_info * info = memory;
+ if (info->context)
+ network_context_unref(info->context);
+
+ g_free(info);
+}
+
static void set_property_reply(DBusPendingCall *call, void *user_data)
{
struct property_info *info = user_data;
@@ -476,8 +500,11 @@ static int set_property(struct modem_dat
info->property = property;
info->set_property_cb = notify;
+ if (info->context)
+ network_context_ref(info->context);
+
dbus_pending_call_set_notify(modem->call_set_property,
- set_property_reply, info, g_free);
+ set_property_reply, info, free_property_info);
dbus_message_unref(message);
@@ -1228,7 +1255,7 @@ static int add_cm_context(struct modem_d
}
if (g_strcmp0(context_type, "internet") != 0) {
- network_context_free(context);
+ network_context_unref(context);
return -EINVAL;
}
@@ -1261,7 +1288,7 @@ static void remove_cm_context(struct mod
remove_network(modem, context);
modem->context_list = g_slist_remove(modem->context_list, context);
- network_context_free(context);
+ network_context_unref(context);
context = NULL;
}
NOTE: There is a blank line at the end of the patch
Mahalo,
-Scott V.
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman
------------------------------
End of connman Digest, Vol 17, Issue 3
**************************************
