From 72499dc6970e6679c35f8732a0a840f9e3f303b7 Mon Sep 17 00:00:00 2001
From: Kevin Harwell <kharwell@digium.com>
Date: Fri, 12 Dec 2014 15:31:38 +0000
Subject: [PATCH] chan_pjsip: Race between channel answer and bridge setup when
 using direct media

When direct media is enabled and a pjsip channel is answered a race would occur
between the handling of the answer and bridge setup. Sometimes the media
negotiation would take place after the native bridge was setup. This resulted
in a NULL media address, which in turn resulted in Asterisk using its address
as the remote media address when sending a reinvite.  This patch makes the
chan_pjsip answer handler synchronous thus alleviating the race condition (the
bridge won't start setting things up until after it returns).

ASTERISK-24563 #close
Reported by: Steve Pitts
Review: https://reviewboard.asterisk.org/r/4257/
........

Merged revisions 429477 from http://svn.asterisk.org/svn/asterisk/branches/13


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@429478 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 channels/chan_pjsip.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/channels/chan_pjsip.c b/channels/chan_pjsip.c
index b6bfeb5b4d..cad0a7c5f5 100644
--- a/channels/chan_pjsip.c
+++ b/channels/chan_pjsip.c
@@ -490,7 +490,6 @@ static int answer(void *data)
 	struct ast_sip_session *session = data;
 
 	if (session->inv_session->state == PJSIP_INV_STATE_DISCONNECTED) {
-		ao2_ref(session, -1);
 		return 0;
 	}
 
@@ -507,8 +506,6 @@ static int answer(void *data)
 		ast_sip_session_send_response(session, packet);
 	}
 
-	ao2_ref(session, -1);
-
 	return (status == PJ_SUCCESS) ? 0 : -1;
 }
 
@@ -516,19 +513,27 @@ static int answer(void *data)
 static int chan_pjsip_answer(struct ast_channel *ast)
 {
 	struct ast_sip_channel_pvt *channel = ast_channel_tech_pvt(ast);
+	struct ast_sip_session *session;
 
 	if (ast_channel_state(ast) == AST_STATE_UP) {
 		return 0;
 	}
 
 	ast_setstate(ast, AST_STATE_UP);
+	session = ao2_bump(channel->session);
 
-	ao2_ref(channel->session, +1);
-	if (ast_sip_push_task(channel->session->serializer, answer, channel->session)) {
+	/* the answer task needs to be pushed synchronously otherwise a race condition
+	   can occur between this thread and bridging (specifically when native bridging
+	   attempts to do direct media) */
+	ast_channel_unlock(ast);
+	if (ast_sip_push_task_synchronous(session->serializer, answer, session)) {
 		ast_log(LOG_WARNING, "Unable to push answer task to the threadpool. Cannot answer call\n");
-		ao2_cleanup(channel->session);
+		ao2_ref(session, -1);
+		ast_channel_lock(ast);
 		return -1;
 	}
+	ao2_ref(session, -1);
+	ast_channel_lock(ast);
 
 	return 0;
 }
-- 
GitLab