File 0052-kernel-netlink-dont-wait-for-vips-to-disappear-during-de-init.patch of Package strongswan.31464
commit 030e80957d30105c48cd32407ae5191bfcd833a9
Author: Tobias Brunner <tobias@strongswan.org>
Date: Thu Jun 10 11:34:37 2021 +0200
kernel-netlink: Don't wait for VIPs to disappear during de-initialization
This can happen if an IKE_SA is terminated forcefully shortly before
terminating the daemon. The thread that handles the terminate command
will call checkin_and_destroy(), which unregisters the IKE_SA from the
manager before destroying it. The main thread that calls flush() on the
IKE_SA manager won't wait for this SA (its entry is already gone), so
the processor and in turn the watcher job/thread might get canceled
before the first thread started deleting the VIP. It would then wait
indefinitely for a signal that can never be sent.
There is still a small chance the thread hangs in wait() if the state check
happens right before the watcher is canceled and it wasn't yet able to
deliver the event from the kernel, we counter that by rechecking the state
after a while.
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index 3e6e64cfd..278ea647b 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -2548,9 +2548,11 @@ METHOD(kernel_net_t, del_ip, status_t,
if (status == SUCCESS && wait)
{ /* wait until the address is really gone */
this->lock->write_lock(this->lock);
- while (is_known_vip(this, virtual_ip))
- {
- this->condvar->wait(this->condvar, this->lock);
+ while (is_known_vip(this, virtual_ip) &&
+ lib->watcher->get_state(lib->watcher) != WATCHER_STOPPED)
+ { /* don't wait during deinit when we can't get notified,
+ * re-evaluate watcher state if we have to wait longer */
+ this->condvar->timed_wait(this->condvar, this->lock, 1000);
}
this->lock->unlock(this->lock);
}
