Change in libosmocore[master]: fsm: support graceful osmo_fsm_inst_term() cascades

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Neels Hofmeyr gerrit-no-reply at lists.osmocom.org
Sun Mar 24 18:13:01 UTC 2019


Hello Jenkins Builder, 

I'd like you to reexamine a change. Please visit

    https://gerrit.osmocom.org/13392

to look at the new patch set (#3).

Change subject: fsm: support graceful osmo_fsm_inst_term() cascades
......................................................................

fsm: support graceful osmo_fsm_inst_term() cascades

Detect osmo_fsm_inst_term() occuring within osmo_fsm_inst_term():
- prevent the same FSM instance from entering term twice, and
- collect deallocations until the outermost osmo_fsm_inst_term() is done.

If a struct osmo_fsm_inst enters osmo_fsm_inst_term() while another is already
within osmo_fsm_inst_term(), do not directly deallocate it, but talloc-reparent
it to the struct osmo_fsm_inst that first started terminating.

The effect is that all osmo_fsm_inst freed within an osmo_fsm_inst_term()
cascade will stay allocated until all osmo_fsm_inst_term() are complete and all
of them will be deallocated at the same time.

To prevent re-entering osmo_fsm_inst_term() twice for the same osmo_fsm_inst,
add flag osmo_fsm_inst.proc.terminating. osmo_fsm_inst_term() sets this to
true, or exits if it already is true.

This is showcased by fsm_dealloc_test.c.

Enhance fsm_dealloc_test.c to show that now all of the modeled situations solve
cleanly.

Make fsm_dealloc_test a normal regression test in testsuite.at.

Note: This patch's mechanism is not thread safe. It might be made thread safe
if the new global variable osmo_fsm_inst_terminating_root were handled
per-thread instead of once globally.

Rationale:

It is difficult to gracefully handle deallocations of groups of FSM instances
that reference each other. As soon as one child dispatching a cleanup event
causes its parent to deallocate before fsm.c was ready for it, deallocation
will hit a use-after-free. Before this patch, by using parent_term events and
distinct "terminating" FSM states, parent/child FSMs can be taught to wait for
all children to deallocate before deallocating the parent. But as soon as a
non-child / non-parent FSM instance is involved, or actually any other
cleanup() action that triggers parent FSMs or parent talloc contexts to become
unused, it is near impossible to think of all possible deallocation events
ricocheting, and to avoid running into freeing FSM instances that were still in
the middle of osmo_fsm_inst_term(), or FSM instances to enter
osmo_fsm_inst_term() more than once. This patch makes deallocation of "all
possible" setups of complex cross referencing FSM instances easy to handle
correctly, without running into use-after-free or double free situations, and,
notably, without changing calling code.

Logging of FSM deallocation changes, but only in cases where
osmo_fsm_inst_term() triggers other osmo_fsm_inst_term().

Change-Id: I8eda67540a1cd444491beb7856b9fcd0a3143b18
---
M include/osmocom/core/fsm.h
M src/fsm.c
M tests/Makefile.am
M tests/fsm/fsm_dealloc_test.c
M tests/fsm/fsm_dealloc_test.err
M tests/testsuite.at
6 files changed, 3,624 insertions(+), 93 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/92/13392/3
-- 
To view, visit https://gerrit.osmocom.org/13392
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I8eda67540a1cd444491beb7856b9fcd0a3143b18
Gerrit-Change-Number: 13392
Gerrit-PatchSet: 3
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder (1000002)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20190324/ae25e251/attachment.htm>


More information about the gerrit-log mailing list