This message was generated by the Security Alerts service ( Free Trial 14th of
August - 14th of September )
http://www.opensips.org/Resources/AlertsMain
*
SVN commit*:
http://opensips.svn.sourceforge.net/viewvc/opensips?view=revision&revision=9155
*Severity*: High
*Version* : 1.8, trunk
*Affected modules* : Dialog
*Effect* : Deadlock - 100% CPU Usage
*Affected scenarios*: When the Dialog module is configured to do in-dialog
pinging,
there is a risk of a deadlock during dialog ending.
*Description:* This was due to different ordering of acquiring two locks ( the
per
dialog lock and the per pinging list lock ).
When sending the ping out, the dialog module would first acquire the pinging
list lock,
and then the per dialog lock.
When the dialog was terminated due to a BYE, the dialog module would first
acquire the
per dialog lock and then the pinging list lock, thus leading to the deadlock if
pinging
would have been attempted at the same time.
*Risks* : In high traffic OpenSIPS environments, the possibility of deadlocks
would
dramatically increase. When the deadlock would happen, OpenSIPS would jump to
100% CPU usage
and no more traffic could be processed. Thus, updating is critical if you are
using
in-dialog pinging.
*Update* :
- if you have an SVN checkout, 1.8 and trunk were fixed; so
update to a revision later than 9155 (trunk) or 9156 (1.8 branch)
- if you have OpenSIPS from sources, download and apply the patch from
http://opensips.svn.sourceforge.net/viewvc/opensips/branches/1.8/modules/dialog/dlg_timer.c?view=patch&r1=9156&r2=9155&pathrev=9156
or see the attached patch;
- if using tarballs, they were already regenerated (and include the fix)
- If using the official Debian package (apt.opensips.org), they are also
re-generated including the fix.
--
Vlad Paiu
OpenSIPS Developer
http://www.opensips-solutions.com
--- modules/dialog/dlg_timer.c 2012/07/31 13:12:50 9155
+++ modules/dialog/dlg_timer.c 2012/07/31 13:20:15 9156
@@ -376,10 +376,7 @@
detached = 0;
if (current->flags & DLG_FLAG_PING_CALLER) {
- dlg_lock_dlg(current);
if (current->legs[DLG_CALLER_LEG].reply_received == 0) {
- dlg_unlock_dlg(current);
-
detach_node_unsafe(it);
detached=1;
@@ -391,16 +388,11 @@
ret = it;
}
}
- else
- dlg_unlock_dlg(current);
}
if (detached == 0) {
if (current->flags & DLG_FLAG_PING_CALLEE) {
- dlg_lock_dlg(current);
if (current->legs[callee_idx(current)].reply_received == 0) {
- dlg_unlock_dlg(current);
-
detach_node_unsafe(it);
if (ret == NULL)
ret = it;
@@ -410,8 +402,6 @@
ret = it;
}
}
- else
- dlg_unlock_dlg(current);
}
}
}
@@ -463,9 +453,7 @@
return;
}
- dlg_lock_dlg(dlg);
dlg->legs[DLG_CALLER_LEG].reply_received = 1;
- dlg_unlock_dlg(dlg);
}
/* Duplicate code for the sake of quickly knowing where the reply came from,
@@ -511,9 +499,7 @@
return;
}
- dlg_lock_dlg(dlg);
dlg->legs[callee_idx(dlg)].reply_received = 1;
- dlg_unlock_dlg(dlg);
}
void unref_dlg_cb(void *dlg)
_______________________________________________
Alerts mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/alerts
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
