Merge pull request #573 from donaldsharp/pim_crash_a_boo

pimd: Thread changes allow pim to crash a boo
This commit is contained in:
David Lamparter 2017-05-18 19:22:03 +02:00 committed by GitHub
commit f634740f41
11 changed files with 2 additions and 65 deletions

View File

@ -596,8 +596,6 @@ static int on_ifjoin_expiry_timer(struct thread *t)
ch = THREAD_ARG(t);
ch->t_ifjoin_expiry_timer = NULL;
ifjoin_to_noinfo(ch, true);
/* ch may have been deleted */
@ -613,8 +611,6 @@ static int on_ifjoin_prune_pending_timer(struct thread *t)
ch = THREAD_ARG(t);
ch->t_ifjoin_prune_pending_timer = NULL;
if (ch->ifjoin_state == PIM_IFJOIN_PRUNE_PENDING)
{
/* Send PruneEcho(S,G) ? */

View File

@ -156,7 +156,6 @@ static int pim_igmp_other_querier_expire(struct thread *t)
igmp = THREAD_ARG(t);
zassert(igmp->t_other_querier_timer);
zassert(!igmp->t_igmp_query_timer);
if (PIM_DEBUG_IGMP_TRACE) {
@ -167,8 +166,6 @@ static int pim_igmp_other_querier_expire(struct thread *t)
ifaddr_str);
}
igmp->t_other_querier_timer = NULL;
/*
We are the current querier, then
re-start sending general queries.
@ -204,9 +201,7 @@ void pim_igmp_other_querier_timer_on(struct igmp_sock *igmp)
zlog_debug("Querier %s resetting TIMER event for Other-Querier-Present",
ifaddr_str);
}
THREAD_OFF(igmp->t_other_querier_timer);
zassert(!igmp->t_other_querier_timer);
}
else {
/*
@ -268,7 +263,6 @@ void pim_igmp_other_querier_timer_off(struct igmp_sock *igmp)
}
}
THREAD_OFF(igmp->t_other_querier_timer);
zassert(!igmp->t_other_querier_timer);
}
static int
@ -966,7 +960,6 @@ static int igmp_group_timer(struct thread *t)
zassert(group->group_filtermode_isexcl);
group->t_group_timer = NULL;
group->group_filtermode_isexcl = 0;
/* Any source (*,G) is forwarded only if mode is EXCLUDE {empty} */
@ -974,7 +967,6 @@ static int igmp_group_timer(struct thread *t)
igmp_source_delete_expired(group->group_source_list);
zassert(!group->t_group_timer);
zassert(!group->group_filtermode_isexcl);
/*
@ -1001,9 +993,7 @@ static void group_timer_off(struct igmp_group *group)
zlog_debug("Cancelling TIMER event for group %s on %s",
group_str, group->group_igmp_sock->interface->name);
}
THREAD_OFF(group->t_group_timer);
zassert(!group->t_group_timer);
}
void igmp_group_timer_on(struct igmp_group *group,

View File

@ -128,9 +128,6 @@ static int igmp_source_timer(struct thread *t)
group->group_igmp_sock->interface->name);
}
zassert(source->t_source_timer);
source->t_source_timer = NULL;
/*
RFC 3376: 6.3. IGMPv3 Source-Specific Forwarding Rules
@ -151,8 +148,6 @@ static int igmp_source_timer(struct thread *t)
Source timer switched from (T > 0) to (T == 0): disable forwarding.
*/
zassert(!source->t_source_timer);
if (group->group_filtermode_isexcl) {
/* EXCLUDE mode */
@ -193,7 +188,6 @@ static void source_timer_off(struct igmp_group *group,
}
THREAD_OFF(source->t_source_timer);
zassert(!source->t_source_timer);
}
static void igmp_source_timer_on(struct igmp_group *group,
@ -216,7 +210,6 @@ static void igmp_source_timer_on(struct igmp_group *group,
thread_add_timer_msec(master, igmp_source_timer, source, interval_msec,
&source->t_source_timer);
zassert(source->t_source_timer);
/*
RFC 3376: 6.3. IGMPv3 Source-Specific Forwarding Rules
@ -470,8 +463,6 @@ source_new (struct igmp_group *group,
listnode_add(group->group_source_list, src);
zassert(!src->t_source_timer); /* source timer == 0 */
/* Any source (*,G) is forwarded only if mode is EXCLUDE {empty} */
igmp_anysource_forward_stop(group);
@ -1281,8 +1272,6 @@ static int igmp_group_retransmit(struct thread *t)
num_retransmit_sources_left = group_retransmit_sources(group,
send_with_sflag_set);
group->t_group_query_retransmit_timer = NULL;
/*
Keep group retransmit timer running if there is any retransmit
counter pending

View File

@ -625,7 +625,6 @@ static int mroute_read(struct thread *t)
}
/* Keep reading */
done:
qpim_mroute_socket_reader = NULL;
mroute_read_on();
return result;
@ -633,8 +632,6 @@ static int mroute_read(struct thread *t)
static void mroute_read_on()
{
zassert(!qpim_mroute_socket_reader);
thread_add_read(master, mroute_read, 0, qpim_mroute_socket_fd,
&qpim_mroute_socket_reader);
}

View File

@ -67,7 +67,6 @@ pim_msdp_sa_timer_expiry_log(struct pim_msdp_sa *sa, const char *timer_str)
static int
pim_msdp_sa_adv_timer_cb(struct thread *t)
{
msdp->sa_adv_timer = NULL;
if (PIM_DEBUG_MSDP_EVENTS) {
zlog_debug("MSDP SA advertisment timer expired");
}
@ -93,7 +92,6 @@ pim_msdp_sa_state_timer_cb(struct thread *t)
struct pim_msdp_sa *sa;
sa = THREAD_ARG(t);
sa->sa_state_timer = NULL;
if (PIM_DEBUG_MSDP_EVENTS) {
pim_msdp_sa_timer_expiry_log(sa, "state");
@ -898,7 +896,6 @@ pim_msdp_peer_hold_timer_cb(struct thread *t)
struct pim_msdp_peer *mp;
mp = THREAD_ARG(t);
mp->hold_timer = NULL;
if (PIM_DEBUG_MSDP_EVENTS) {
pim_msdp_peer_timer_expiry_log(mp, "hold");
@ -932,7 +929,6 @@ pim_msdp_peer_ka_timer_cb(struct thread *t)
struct pim_msdp_peer *mp;
mp = THREAD_ARG(t);
mp->ka_timer = NULL;
if (PIM_DEBUG_MSDP_EVENTS) {
pim_msdp_peer_timer_expiry_log(mp, "ka");
@ -994,7 +990,6 @@ pim_msdp_peer_cr_timer_cb(struct thread *t)
struct pim_msdp_peer *mp;
mp = THREAD_ARG(t);
mp->cr_timer = NULL;
if (PIM_DEBUG_MSDP_EVENTS) {
pim_msdp_peer_timer_expiry_log(mp, "connect-retry");

View File

@ -223,8 +223,6 @@ static int on_neighbor_timer(struct thread *t)
neigh->holdtime, src_str, ifp->name);
}
neigh->t_expire_timer = NULL;
snprintf(msg, sizeof(msg), "%d-sec holdtime expired", neigh->holdtime);
pim_neighbor_delete(ifp, neigh, msg);
@ -278,7 +276,6 @@ on_neighbor_jp_timer (struct thread *t)
zlog_debug("%s:Sending JP Agg to %s on %s with %d groups", __PRETTY_FUNCTION__,
src_str, neigh->interface->name, neigh->upstream_jp_agg->count);
}
neigh->jp_timer = NULL;
rpf.source_nexthop.interface = neigh->interface;
rpf.rpf_addr.u.prefix4 = neigh->source_addr;

View File

@ -721,7 +721,6 @@ static int on_pim_hello_send(struct thread *t)
/*
* Schedule next hello
*/
pim_ifp->t_pim_hello_timer = NULL;
hello_resched(ifp);
/*
@ -801,7 +800,6 @@ void pim_hello_restart_triggered(struct interface *ifp)
}
THREAD_OFF(pim_ifp->t_pim_hello_timer);
pim_ifp->t_pim_hello_timer = NULL;
}
random_msec = triggered_hello_delay_msec;

View File

@ -310,18 +310,13 @@ static int ssmpingd_read_msg(struct ssmpingd_sock *ss)
static int ssmpingd_sock_read(struct thread *t)
{
struct ssmpingd_sock *ss;
int sock_fd;
int result;
ss = THREAD_ARG(t);
sock_fd = THREAD_FD(t);
zassert(sock_fd == ss->sock_fd);
result = ssmpingd_read_msg(ss);
/* Keep reading */
ss->t_sock_read = 0;
ssmpingd_read_on(ss);
return result;
@ -329,7 +324,6 @@ static int ssmpingd_sock_read(struct thread *t)
static void ssmpingd_read_on(struct ssmpingd_sock *ss)
{
zassert(!ss->t_sock_read);
thread_add_read(master, ssmpingd_sock_read, ss, ss->sock_fd,
&ss->t_sock_read);
}
@ -370,7 +364,7 @@ static struct ssmpingd_sock *ssmpingd_new(struct in_addr source_addr)
}
ss->sock_fd = sock_fd;
ss->t_sock_read = 0;
ss->t_sock_read = NULL;
ss->source_addr = source_addr;
ss->creation = pim_time_monotonic_sec();
ss->requests = 0;

View File

@ -277,8 +277,6 @@ static int on_join_timer(struct thread *t)
up = THREAD_ARG(t);
up->t_join_timer = NULL;
/*
* In the case of a HFR we will not ahve anyone to send this to.
*/
@ -1090,7 +1088,6 @@ pim_upstream_keep_alive_timer (struct thread *t)
struct pim_upstream *up;
up = THREAD_ARG(t);
up->t_ka_timer = NULL;
if (I_am_RP (up->sg.grp))
{
@ -1146,7 +1143,6 @@ pim_upstream_msdp_reg_timer(struct thread *t)
struct pim_upstream *up;
up = THREAD_ARG(t);
up->t_msdp_reg_timer = NULL;
/* source is no longer active - pull the SA from MSDP's cache */
pim_msdp_sa_local_del(&up->sg);
@ -1337,8 +1333,6 @@ pim_upstream_register_stop_timer (struct thread *t)
struct ip ip_hdr;
up = THREAD_ARG (t);
up->t_rs_timer = NULL;
if (PIM_DEBUG_TRACE)
{
char state_str[PIM_REG_STATE_STR_LEN];
@ -1398,11 +1392,7 @@ pim_upstream_start_register_stop_timer (struct pim_upstream *up, int null_regist
{
uint32_t time;
if (up->t_rs_timer)
{
THREAD_TIMER_OFF (up->t_rs_timer);
up->t_rs_timer = NULL;
}
THREAD_TIMER_OFF (up->t_rs_timer);
if (!null_register)
{

View File

@ -579,10 +579,6 @@ void pim_scan_oil()
static int on_rpf_cache_refresh(struct thread *t)
{
zassert(qpim_rpf_cache_refresher);
qpim_rpf_cache_refresher = 0;
/* update PIM protocol state */
scan_upstream_rpf_cache();

View File

@ -46,7 +46,6 @@ static int zclient_lookup_connect(struct thread *t)
struct zclient *zlookup;
zlookup = THREAD_ARG(t);
zlookup->t_connect = NULL;
if (zlookup->sock >= 0) {
return 0;
@ -61,7 +60,6 @@ static int zclient_lookup_connect(struct thread *t)
zlookup->fail = 0; /* reset counter on connection */
}
zassert(!zlookup->t_connect);
if (zlookup->sock < 0) {
/* Since last connect failed, retry within 10 secs */
zclient_lookup_sched(zlookup, 10);
@ -74,8 +72,6 @@ static int zclient_lookup_connect(struct thread *t)
/* Schedule connection with delay. */
static void zclient_lookup_sched(struct zclient *zlookup, int delay)
{
zassert(!zlookup->t_connect);
thread_add_timer(master, zclient_lookup_connect, zlookup, delay,
&zlookup->t_connect);
@ -86,7 +82,6 @@ static void zclient_lookup_sched(struct zclient *zlookup, int delay)
/* Schedule connection for now. */
static void zclient_lookup_sched_now(struct zclient *zlookup)
{
zassert(!zlookup->t_connect);
thread_add_event(master, zclient_lookup_connect, zlookup, 0,
&zlookup->t_connect);