From: Tobias Brunner Date: Thu, 10 Jun 2021 09:34:37 +0000 (+0200) Subject: kernel-netlink: Don't wait for VIPs to disappear during de-initialization X-Git-Tag: 5.9.3dr4~9 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=030e80957d30105c48cd32407ae5191bfcd833a9;p=thirdparty%2Fstrongswan.git kernel-netlink: Don't wait for VIPs to disappear during de-initialization This can happen if an IKE_SA is terminated forcefully shortly before terminating the daemon. The thread that handles the terminate command will call checkin_and_destroy(), which unregisters the IKE_SA from the manager before destroying it. The main thread that calls flush() on the IKE_SA manager won't wait for this SA (its entry is already gone), so the processor and in turn the watcher job/thread might get canceled before the first thread started deleting the VIP. It would then wait indefinitely for a signal that can never be sent. There is still a small chance the thread hangs in wait() if the state check happens right before the watcher is canceled and it wasn't yet able to deliver the event from the kernel, we counter that by rechecking the state after a while. --- diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c index 3e6e64cfd8..278ea647b7 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c @@ -2548,9 +2548,11 @@ METHOD(kernel_net_t, del_ip, status_t, if (status == SUCCESS && wait) { /* wait until the address is really gone */ this->lock->write_lock(this->lock); - while (is_known_vip(this, virtual_ip)) - { - this->condvar->wait(this->condvar, this->lock); + while (is_known_vip(this, virtual_ip) && + lib->watcher->get_state(lib->watcher) != WATCHER_STOPPED) + { /* don't wait during deinit when we can't get notified, + * re-evaluate watcher state if we have to wait longer */ + this->condvar->timed_wait(this->condvar, this->lock, 1000); } this->lock->unlock(this->lock); }