session UPDATE minor lock refactoring

michalvasko · michalvasko · commit dfe7d9490dd3 · 2025-01-24T14:18:33.000+01:00
Also added another lock to be held during
server hello message creation.
diff --git a/src/session.c b/src/session.c
@@ -1117,8 +1117,6 @@ nc_server_get_cpblts_version(const struct ly_ctx *ctx, LYS_VERSION version)
     cpblts[1] = strdup("urn:ietf:params:netconf:base:1.1");
     count = 2;
 
-    /* capabilities */
-
     mod = ly_ctx_get_module_implemented(ctx, "ietf-netconf");
     if (mod) {
         if (lys_feature_value(mod, "writable-running") == LY_SUCCESS) {
@@ -1153,11 +1151,15 @@ nc_server_get_cpblts_version(const struct ly_ctx *ctx, LYS_VERSION version)
         }
     }
 
+    /* HELLO LOCK */
+    pthread_rwlock_rdlock(&server_opts.hello_lock);
+
     mod = ly_ctx_get_module_implemented(ctx, "ietf-netconf-with-defaults");
     if (mod) {
-        wd_basic_mode = ATOMIC_LOAD_RELAXED(server_opts.wd_basic_mode);
+        wd_basic_mode = server_opts.wd_basic_mode;
         if (!wd_basic_mode) {
-            VRB(NULL, "with-defaults capability will not be advertised even though \"ietf-netconf-with-defaults\" model is present, unknown basic-mode.");
+            VRB(NULL, "with-defaults capability will not be advertised even though \"ietf-netconf-with-defaults\" "
+                    "model is present, unknown basic-mode.");
         } else {
             strcpy(str, "urn:ietf:params:netconf:capability:with-defaults:1.0");
             switch (wd_basic_mode) {
@@ -1172,7 +1174,7 @@ nc_server_get_cpblts_version(const struct ly_ctx *ctx, LYS_VERSION version)
                 break;
             default:
                 ERRINT;
-                break;
+                goto unlock_error;
             }
 
             wd_also_supported = ATOMIC_LOAD_RELAXED(server_opts.wd_also_supported);
@@ -1213,7 +1215,7 @@ nc_server_get_cpblts_version(const struct ly_ctx *ctx, LYS_VERSION version)
         if (!strcmp(mod->name, "ietf-yang-library")) {
             if (!mod->revision || (strcmp(mod->revision, "2016-06-21") && strcmp(mod->revision, "2019-01-04"))) {
                 ERR(NULL, "Unknown \"ietf-yang-library\" revision, only 2016-06-21 and 2019-01-04 are supported.");
-                goto error;
+                goto unlock_error;
             }
 
             /* get content-id */
@@ -1298,11 +1300,18 @@ nc_server_get_cpblts_version(const struct ly_ctx *ctx, LYS_VERSION version)
         add_cpblt(str, &cpblts, &size, &count);
     }
 
+    /* HELLO UNLOCK */
+    pthread_rwlock_unlock(&server_opts.hello_lock);
+
     /* ending NULL capability */
     add_cpblt(NULL, &cpblts, &size, &count);
 
     return cpblts;
 
+unlock_error:
+    /* HELLO UNLOCK */
+    pthread_rwlock_unlock(&server_opts.hello_lock);
+
 error:
     free(cpblts);
     return NULL;
diff --git a/src/session_p.h b/src/session_p.h
@@ -498,19 +498,27 @@ struct nc_ch_client_thread_arg {
 };
 
 struct nc_server_opts {
-    /* ACCESS unlocked */
-    ATOMIC_T wd_basic_mode;
-    ATOMIC_T wd_also_supported;
-    uint32_t capabilities_count;
+    /* ACCESS locked - hello lock - separate lock to not always hold config_lock */
+    char **ignored_modules;         /**< Names of YANG modules that are not reported in the server <hello> message. */
+    uint16_t ignored_mod_count;
+    NC_WD_MODE wd_basic_mode;       /**< With-defaults basic mode of the server. */
+    int wd_also_supported;          /**< Bitmap of with-defaults modes that are also supported by the server. */
     char **capabilities;
+    uint32_t capabilities_count;
 
-    char *(*content_id_clb)(void *user_data);
+    char *(*content_id_clb)(void *user_data);   /**< Callback for generating content_id for ietf-yang-library data. */
     void *content_id_data;
-
     void (*content_id_data_free)(void *data);
 
+    pthread_rwlock_t hello_lock;    /**< Needs to be held while the server <hello> message is being generated. */
+
+    /* ACCESS unlocked */
     uint16_t idle_timeout;
 
+    /* ACCESS locked - options modified by YANG data/API - WRITE lock
+     *               - options read when accepting sessions - READ lock */
+    pthread_rwlock_t config_lock;
+
 #ifdef NC_ENABLED_SSH_TLS
     char *authkey_path_fmt;             /**< Path to users' public keys that may contain tokens with special meaning. */
     char *pam_config_name;              /**< PAM configuration file name. */
@@ -521,13 +529,12 @@ struct nc_server_opts {
     int (*user_verify_clb)(const struct nc_session *session);
 #endif /* NC_ENABLED_SSH_TLS */
 
-    pthread_rwlock_t config_lock;
-
 #ifdef NC_ENABLED_SSH_TLS
-    struct nc_keystore keystore;        /**< store for server's keys/certificates */
-    struct nc_truststore truststore;    /**< store for server client's keys/certificates */
+    struct nc_keystore keystore;        /**< Server's keys/certificates. */
+    struct nc_truststore truststore;    /**< Server client's keys/certificates. */
 #endif /* NC_ENABLED_SSH_TLS */
 
+    /* ACCESS locked */
     struct nc_bind *binds;
     pthread_mutex_t bind_lock;          /**< To avoid concurrent calls of poll and accept on the bound sockets **/
     struct nc_endpt {
@@ -607,11 +614,12 @@ struct nc_server_opts {
     } ch_dispatch_data;
 #endif /* NC_ENABLED_SSH_TLS */
 
-    /* Atomic IDs */
+    /* ACCESS unlocked */
     ATOMIC_T new_session_id;
     ATOMIC_T new_client_id;
 
 #ifdef NC_ENABLED_SSH_TLS
+    /* ACCESS locked */
     struct {
         pthread_t tid;                      /**< Thread ID of the certificate expiration notification thread. */
         int thread_running;                 /**< Flag representing the runningness of the cert exp notification thread. */
@@ -628,7 +636,8 @@ struct nc_server_opts {
         int interval_count;                 /**< Number of intervals. */
     } cert_exp_notif;
 
-    FILE *tls_keylog_file;                      /**< File to log TLS secrets to. */
+    /* ACCESS unlocked */
+    FILE *tls_keylog_file;                  /**< File to log TLS secrets to. */
 #endif
 };
 
diff --git a/src/session_server.c b/src/session_server.c
@@ -52,6 +52,7 @@
 #endif
 
 struct nc_server_opts server_opts = {
+    .hello_lock = PTHREAD_RWLOCK_INITIALIZER,
     .config_lock = PTHREAD_RWLOCK_INITIALIZER,
     .ch_client_lock = PTHREAD_RWLOCK_INITIALIZER,
     .idle_timeout = 180,    /**< default idle timeout (not in config for UNIX socket) */
@@ -962,8 +963,15 @@ nc_server_set_capab_withdefaults(NC_WD_MODE basic_mode, int also_supported)
         return -1;
     }
 
-    ATOMIC_STORE_RELAXED(server_opts.wd_basic_mode, basic_mode);
-    ATOMIC_STORE_RELAXED(server_opts.wd_also_supported, also_supported);
+    /* HELLO LOCK */
+    pthread_rwlock_wrlock(&server_opts.hello_lock);
+
+    server_opts.wd_basic_mode = basic_mode;
+    server_opts.wd_also_supported = also_supported;
+
+    /* HELLO UNLOCK */
+    pthread_rwlock_unlock(&server_opts.hello_lock);
+
     return 0;
 }
 
@@ -975,12 +983,18 @@ nc_server_get_capab_withdefaults(NC_WD_MODE *basic_mode, int *also_supported)
         return;
     }
 
+    /* HELLO LOCK */
+    pthread_rwlock_wrlock(&server_opts.hello_lock);
+
     if (basic_mode) {
-        *basic_mode = ATOMIC_LOAD_RELAXED(server_opts.wd_basic_mode);
+        *basic_mode = server_opts.wd_basic_mode;
     }
     if (also_supported) {
-        *also_supported = ATOMIC_LOAD_RELAXED(server_opts.wd_also_supported);
+        *also_supported = server_opts.wd_also_supported;
     }
+
+    /* HELLO UNLOCK */
+    pthread_rwlock_unlock(&server_opts.hello_lock);
 }
 
 API int
@@ -993,23 +1007,35 @@ nc_server_set_capability(const char *value)
         return EXIT_FAILURE;
     }
 
+    /* HELLO LOCK */
+    pthread_rwlock_wrlock(&server_opts.hello_lock);
+
     mem = realloc(server_opts.capabilities, (server_opts.capabilities_count + 1) * sizeof *server_opts.capabilities);
     NC_CHECK_ERRMEM_RET(!mem, EXIT_FAILURE);
     server_opts.capabilities = mem;
 
     server_opts.capabilities[server_opts.capabilities_count] = strdup(value);
     server_opts.capabilities_count++;
 
+    /* HELLO UNLOCK */
+    pthread_rwlock_unlock(&server_opts.hello_lock);
+
     return EXIT_SUCCESS;
 }
 
 API void
 nc_server_set_content_id_clb(char *(*content_id_clb)(void *user_data), void *user_data,
         void (*free_user_data)(void *user_data))
 {
+    /* HELLO LOCK */
+    pthread_rwlock_wrlock(&server_opts.hello_lock);
+
     server_opts.content_id_clb = content_id_clb;
     server_opts.content_id_data = user_data;
     server_opts.content_id_data_free = free_user_data;
+
+    /* HELLO UNLOCK */
+    pthread_rwlock_unlock(&server_opts.hello_lock);
 }
 
 API NC_MSG_TYPE
diff --git a/src/session_server_tls.c b/src/session_server_tls.c
@@ -658,7 +658,13 @@ nc_session_get_client_cert(const struct nc_session *session)
 API void
 nc_server_tls_set_verify_clb(int (*verify_clb)(const struct nc_session *session))
 {
+    /* CONFIG LOCK */
+    pthread_rwlock_wrlock(&server_opts.config_lock);
+
     server_opts.user_verify_clb = verify_clb;
+
+    /* CONFIG UNLOCK */
+    pthread_rwlock_unlock(&server_opts.config_lock);
 }
 
 int

Original file line number	Diff line number	Diff line change
`@@ -658,7 +658,13 @@ nc_session_get_client_cert(const struct nc_session *session)`
`658`	`658`	`API void`
`659`	`659`	`nc_server_tls_set_verify_clb(int (verify_clb)(const struct nc_session session))`
`660`	`660`	`{`
	`661`	`+ /* CONFIG LOCK */`
	`662`	`+ pthread_rwlock_wrlock(&server_opts.config_lock);`
	`663`	`+`
`661`	`664`	`server_opts.user_verify_clb = verify_clb;`
	`665`	`+`
	`666`	`+ /* CONFIG UNLOCK */`
	`667`	`+ pthread_rwlock_unlock(&server_opts.config_lock);`
`662`	`668`	`}`
`663`	`669`
`664`	`670`	`int`