This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Neels Hofmeyr gerrit-no-reply at lists.osmocom.orgHello Jenkins Builder, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/13392 to look at the new patch set (#3). Change subject: fsm: support graceful osmo_fsm_inst_term() cascades ...................................................................... fsm: support graceful osmo_fsm_inst_term() cascades Detect osmo_fsm_inst_term() occuring within osmo_fsm_inst_term(): - prevent the same FSM instance from entering term twice, and - collect deallocations until the outermost osmo_fsm_inst_term() is done. If a struct osmo_fsm_inst enters osmo_fsm_inst_term() while another is already within osmo_fsm_inst_term(), do not directly deallocate it, but talloc-reparent it to the struct osmo_fsm_inst that first started terminating. The effect is that all osmo_fsm_inst freed within an osmo_fsm_inst_term() cascade will stay allocated until all osmo_fsm_inst_term() are complete and all of them will be deallocated at the same time. To prevent re-entering osmo_fsm_inst_term() twice for the same osmo_fsm_inst, add flag osmo_fsm_inst.proc.terminating. osmo_fsm_inst_term() sets this to true, or exits if it already is true. This is showcased by fsm_dealloc_test.c. Enhance fsm_dealloc_test.c to show that now all of the modeled situations solve cleanly. Make fsm_dealloc_test a normal regression test in testsuite.at. Note: This patch's mechanism is not thread safe. It might be made thread safe if the new global variable osmo_fsm_inst_terminating_root were handled per-thread instead of once globally. Rationale: It is difficult to gracefully handle deallocations of groups of FSM instances that reference each other. As soon as one child dispatching a cleanup event causes its parent to deallocate before fsm.c was ready for it, deallocation will hit a use-after-free. Before this patch, by using parent_term events and distinct "terminating" FSM states, parent/child FSMs can be taught to wait for all children to deallocate before deallocating the parent. But as soon as a non-child / non-parent FSM instance is involved, or actually any other cleanup() action that triggers parent FSMs or parent talloc contexts to become unused, it is near impossible to think of all possible deallocation events ricocheting, and to avoid running into freeing FSM instances that were still in the middle of osmo_fsm_inst_term(), or FSM instances to enter osmo_fsm_inst_term() more than once. This patch makes deallocation of "all possible" setups of complex cross referencing FSM instances easy to handle correctly, without running into use-after-free or double free situations, and, notably, without changing calling code. Logging of FSM deallocation changes, but only in cases where osmo_fsm_inst_term() triggers other osmo_fsm_inst_term(). Change-Id: I8eda67540a1cd444491beb7856b9fcd0a3143b18 --- M include/osmocom/core/fsm.h M src/fsm.c M tests/Makefile.am M tests/fsm/fsm_dealloc_test.c M tests/fsm/fsm_dealloc_test.err M tests/testsuite.at 6 files changed, 3,624 insertions(+), 93 deletions(-) git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/92/13392/3 -- To view, visit https://gerrit.osmocom.org/13392 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: I8eda67540a1cd444491beb7856b9fcd0a3143b18 Gerrit-Change-Number: 13392 Gerrit-PatchSet: 3 Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de> Gerrit-Reviewer: Jenkins Builder (1000002) -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20190324/ae25e251/attachment.htm>