Attention is currently required from: osmith, pespin, lynxis lazus. Hello osmith, Jenkins Builder, fixeria, daniel, lynxis lazus,

I'd like you to reexamine a change. Please visit

https://gerrit.osmocom.org/c/osmo-uecups/+/27739

to look at the new patch set (#3).

Change subject: Fix use-after-free by tun thread after tun obj destroyed ......................................................................

Fix use-after-free by tun thread after tun obj destroyed

The main thread calls pthread_cancel before freeing the tun object. However, pthread_cancel doesn't kill the thread synchronously (man pthread_cancel). Hence, the tun thread may still be running for a while after the tun object is/has been(ing) freed. Let's avoid this by making sure the thread is stopped before freeing the object. To accomplish it, we must wait for the thread to be cancelled. A cleanup routie is added which will signal the "tun_released" message to the main thread through an osmo_itq, which will then free the object (since talloc context is managed by the main thread).

Related: SYS#5523 Change-Id: Idf005359afb41d3413b09281a9ff937d5eafcc7c --- M daemon/daemon_vty.c M daemon/internal.h M daemon/main.c M daemon/tun_device.c 4 files changed, 84 insertions(+), 15 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/osmo-uecups refs/changes/39/27739/3