dialog: fix deadlock when freeing a cell on timer

When freeing a dialog on timer, sequential destroy callbacks might try to fetch the dialog lock, resulting in a deadlock. The spotted backtrace is dialog_update_db -> destroy_dlg -> free_dlg_dlg -> destroy_dlg_callbacks_list -> unref_acc_ctx -> free_acc_ctx -> store_dlg_value Thanks go to Jonathan Hulme for spotting this and offering testing (cherry picked from commit 6fcbcc8)
OpenSIPS · Sep 14, 2018 · ba4c253 · ba4c253
1 parent 6f03fd6
commit ba4c253
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/modules/dialog/dlg_db_handler.c b/modules/dialog/dlg_db_handler.c
@@ -1435,8 +1435,10 @@ void dialog_update_db(unsigned int ticks, void *do_lock)
 
 		/* lock the whole entry */
 		entry = &((d_table->entries)[index]);
-		if (do_lock)
+		if (do_lock) {
 			dlg_lock( d_table, entry);
+			cell->locked_by = process_no;
+		}
 
 		for (cell = entry->first; cell != NULL; ) {
 			callee_leg = callee_idx(cell);
@@ -1590,8 +1592,10 @@ void dialog_update_db(unsigned int ticks, void *do_lock)
 			}
 			cell = cell->next;
 		}
-		if (do_lock)
+		if (do_lock) {
+			cell->locked_by = 0;
 			dlg_unlock( d_table, entry);
+		}
 
 	}