From 6634974d68b8cc78cdde1104636fe97d7e310845 Mon Sep 17 00:00:00 2001 From: Paul Jakma Date: Tue, 13 Apr 2010 22:33:54 +0100 Subject: ospfd: fix lsa_refresh_walker unlock before use bug * ospf_lsa.c: (ospf_lsa_refresh_walker) fix an "unlock before use" bug (various) add asserts for lsa refcounting. --- ospfd/ospf_lsa.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/ospfd/ospf_lsa.c b/ospfd/ospf_lsa.c index e708d5e2..dbf0f417 100644 --- a/ospfd/ospf_lsa.c +++ b/ospfd/ospf_lsa.c @@ -3608,6 +3608,7 @@ ospf_lsa_refresh (struct ospf *ospf, struct ospf_lsa *lsa) { struct external_info *ei; assert (CHECK_FLAG (lsa->flags, OSPF_LSA_SELF)); + assert (lsa->lock > 0); switch (lsa->data->type) { @@ -3650,6 +3651,7 @@ ospf_refresher_register_lsa (struct ospf *ospf, struct ospf_lsa *lsa) { u_int16_t index, current_index; + assert (lsa->lock > 0); assert (CHECK_FLAG (lsa->flags, OSPF_LSA_SELF)); if (lsa->refresh_list < 0) @@ -3692,6 +3694,7 @@ ospf_refresher_register_lsa (struct ospf *ospf, struct ospf_lsa *lsa) void ospf_refresher_unregister_lsa (struct ospf *ospf, struct ospf_lsa *lsa) { + assert (lsa->lock > 0); assert (CHECK_FLAG (lsa->flags, OSPF_LSA_SELF)); if (lsa->refresh_list >= 0) { @@ -3744,6 +3747,8 @@ ospf_lsa_refresh_walker (struct thread *t) refresh_list = ospf->lsa_refresh_queue.qs [i]; + assert (i >= 0); + ospf->lsa_refresh_queue.qs [i] = NULL; if (refresh_list) @@ -3755,8 +3760,8 @@ ospf_lsa_refresh_walker (struct thread *t) "refresh lsa %p (slot %d)", inet_ntoa (lsa->data->id), lsa, i); + assert (lsa->lock > 0); list_delete_node (refresh_list, node); - ospf_lsa_unlock (&lsa); /* lsa_refresh_queue */ lsa->refresh_list = -1; listnode_add (lsa_to_refresh, lsa); } @@ -3769,7 +3774,11 @@ ospf_lsa_refresh_walker (struct thread *t) ospf->lsa_refresher_started = quagga_time (NULL); for (ALL_LIST_ELEMENTS (lsa_to_refresh, node, nnode, lsa)) - ospf_lsa_refresh (ospf, lsa); + { + ospf_lsa_refresh (ospf, lsa); + assert (lsa->lock > 0); + ospf_lsa_unlock (&lsa); /* lsa_refresh_queue & temp for lsa_to_refresh*/ + } list_delete (lsa_to_refresh); -- cgit v1.2.1