Attention is currently required from: osmith, pespin, lynxis lazus. Hello osmith, Jenkins Builder, fixeria, daniel, lynxis lazus, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/c/osmo-uecups/+/27739 to look at the new patch set (#3). Change subject: Fix use-after-free by tun thread after tun obj destroyed ...................................................................... Fix use-after-free by tun thread after tun obj destroyed The main thread calls pthread_cancel before freeing the tun object. However, pthread_cancel doesn't kill the thread synchronously (man pthread_cancel). Hence, the tun thread may still be running for a while after the tun object is/has been(ing) freed. Let's avoid this by making sure the thread is stopped before freeing the object. To accomplish it, we must wait for the thread to be cancelled. A cleanup routie is added which will signal the "tun_released" message to the main thread through an osmo_itq, which will then free the object (since talloc context is managed by the main thread). Related: SYS#5523 Change-Id: Idf005359afb41d3413b09281a9ff937d5eafcc7c --- M daemon/daemon_vty.c M daemon/internal.h M daemon/main.c M daemon/tun_device.c 4 files changed, 84 insertions(+), 15 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-uecups refs/changes/39/27739/3 -- To view, visit https://gerrit.osmocom.org/c/osmo-uecups/+/27739 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-uecups Gerrit-Branch: master Gerrit-Change-Id: Idf005359afb41d3413b09281a9ff937d5eafcc7c Gerrit-Change-Number: 27739 Gerrit-PatchSet: 3 Gerrit-Owner: pespin <pespin(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: daniel <dwillmann(a)sysmocom.de> Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: lynxis lazus <lynxis(a)fe80.eu> Gerrit-Reviewer: osmith <osmith(a)sysmocom.de> Gerrit-Attention: osmith <osmith(a)sysmocom.de> Gerrit-Attention: pespin <pespin(a)sysmocom.de> Gerrit-Attention: lynxis lazus <lynxis(a)fe80.eu> Gerrit-MessageType: newpatchset