|
|
Created:
3 years, 10 months ago by tzik Modified:
3 years, 10 months ago Reviewers:
yzshen1 CC:
chromium-reviews, qsr+mojo_chromium.org, viettrungluu+watch_chromium.org, yzshen+watch_chromium.org, abarth-chromium, Aaron Boodman, darin (slow to review) Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionProtect RefCount manipulation of InterfaceEndpoint with MultiplexRouter lock
mojo::internal::InterfaceEndpoint has non-thread-safe ref count.
Most of the ref count manipulations are protected by MultiplexRouter::lock_,
but one in InterfaceEndpoint::OnHandleReady is not protected. That may cause
data race on the ref count.
Review-Url: https://codereview.chromium.org/2684213002
Cr-Commit-Position: refs/heads/master@{#449470}
Committed: https://chromium.googlesource.com/chromium/src/+/47ee91d0dc7bfc1afed32d6ce1d7c5311859d1d2
Patch Set 1 #Patch Set 2 : fix #Patch Set 3 : +AutoUnlock #
Total comments: 2
Patch Set 4 : -MayAutoUnlock #Messages
Total messages: 21 (16 generated)
The CQ bit was checked by tzik@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by tzik@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
Description was changed from ========== Protect RefCount manipulation of InterfaceEndpoint with MultiplexRouter lock ========== to ========== Protect RefCount manipulation of InterfaceEndpoint with MultiplexRouter lock mojo::internal::InterfaceEndpoint has non-thread-safe ref count. Most of the ref count manipulations are protected by MultiplexRouter::lock_, but one in InterfaceEndpoint::OnHandleReady is not protected. That may cause data race on the ref count. ==========
tzik@chromium.org changed reviewers: + yzshen@chromium.org
The CQ bit was checked by tzik@chromium.org to run a CQ dry run
PTAL
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
Thanks for finding out this issue! :) I also checked that ipc_mojo_bootstrap.cc (the other AssociatedGroupController impl) doesn't have the same problem, it uses RefCountedThreadSafe for its endpoints. LGTM with one nit. https://codereview.chromium.org/2684213002/diff/40001/mojo/public/cpp/binding... File mojo/public/cpp/bindings/lib/multiplex_router.cc (right): https://codereview.chromium.org/2684213002/diff/40001/mojo/public/cpp/binding... mojo/public/cpp/bindings/lib/multiplex_router.cc:197: MayAutoUnlock unlocker(router_->lock_.get()); |sync_watcher_| is used exclusively on the |task_runner_|'s thread, so it is safe to use inside/outside of lock. In this case, we may just directly reset while holding the lock to save unlock/re-lock cost. Lock contention shouldn't be an issue here.
https://codereview.chromium.org/2684213002/diff/40001/mojo/public/cpp/binding... File mojo/public/cpp/bindings/lib/multiplex_router.cc (right): https://codereview.chromium.org/2684213002/diff/40001/mojo/public/cpp/binding... mojo/public/cpp/bindings/lib/multiplex_router.cc:197: MayAutoUnlock unlocker(router_->lock_.get()); On 2017/02/09 17:16:50, yzshen1 wrote: > |sync_watcher_| is used exclusively on the |task_runner_|'s thread, so it is > safe to use inside/outside of lock. In this case, we may just directly reset > while holding the lock to save unlock/re-lock cost. Lock contention shouldn't be > an issue here. Done.
The CQ bit was checked by tzik@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from yzshen@chromium.org Link to the patchset: https://codereview.chromium.org/2684213002/#ps60001 (title: "-MayAutoUnlock")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
CQ is committing da patch. Bot data: {"patchset_id": 60001, "attempt_start_ts": 1486680090521240, "parent_rev": "284df53db5c6f01b9f41838cfa89f42672ed406a", "commit_rev": "47ee91d0dc7bfc1afed32d6ce1d7c5311859d1d2"}
Message was sent while issue was closed.
Description was changed from ========== Protect RefCount manipulation of InterfaceEndpoint with MultiplexRouter lock mojo::internal::InterfaceEndpoint has non-thread-safe ref count. Most of the ref count manipulations are protected by MultiplexRouter::lock_, but one in InterfaceEndpoint::OnHandleReady is not protected. That may cause data race on the ref count. ========== to ========== Protect RefCount manipulation of InterfaceEndpoint with MultiplexRouter lock mojo::internal::InterfaceEndpoint has non-thread-safe ref count. Most of the ref count manipulations are protected by MultiplexRouter::lock_, but one in InterfaceEndpoint::OnHandleReady is not protected. That may cause data race on the ref count. Review-Url: https://codereview.chromium.org/2684213002 Cr-Commit-Position: refs/heads/master@{#449470} Committed: https://chromium.googlesource.com/chromium/src/+/47ee91d0dc7bfc1afed32d6ce1d7... ==========
Message was sent while issue was closed.
Committed patchset #4 (id:60001) as https://chromium.googlesource.com/chromium/src/+/47ee91d0dc7bfc1afed32d6ce1d7... |