Bug 778002 – race in gdbusprivate.c detected by the ThreadSanitizer

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 778002 - race in gdbusprivate.c detected by the ThreadSanitizer


Summary:	race in gdbusprivate.c detected by the ThreadSanitizer


Status:	RESOLVED FIXED

Product:	glib
Classification:	Platform
Component:	gdbus
Version:	2.50.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gtkdev
QA Contact:	gtkdev

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2017-01-31 20:43 UTC by Fabrice Bellet
Modified:	2017-02-05 13:20 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
AddressSanitizer output (12.26 KB, text/plain) 2017-01-31 20:43 UTC, Fabrice Bellet		Details
ThreadSanitizer log (15.30 KB, text/plain) 2017-01-31 20:52 UTC, Fabrice Bellet		Details
Grab the write_lock before calling schedule_writing_unlocked() (677 bytes, patch) 2017-01-31 20:54 UTC, Fabrice Bellet	none	Details \| Review
gdbus: make sure to stay locked when sending message (1.16 KB, patch) 2017-02-03 17:26 UTC, Fabrice Bellet	committed	Details \| Review

Description Fabrice Bellet 2017-01-31 20:43:49 UTC

Created attachment 344665 [details]
AddressSanitizer output

I initially found a refcount problem with a GDBusMessage object, as decribed in this AddressSanitizer output.

Comment 1 Fabrice Bellet 2017-01-31 20:52:14 UTC

Created attachment 344666 [details]
ThreadSanitizer log

the ThreadSanitizer gives a hint where a data race occurs, that may explain the problem :
  * schedule_writing_unlocked() is called while holding the worker->write_lock lock in the main thread, and worker->pending_close_attempts in written in this context.
  * schedule_pending_close() is called from the gdbus thread,  without the protection the the write_lock, and read the same memory location.

Comment 2 Fabrice Bellet 2017-01-31 20:54:42 UTC

Created attachment 344667 [details] [review]
Grab the write_lock before calling schedule_writing_unlocked()

This patch fixes the race.

Comment 3 Philip Withnall 2017-01-31 23:31:57 UTC

Review of attachment 344667 [details] [review]:

Looks good to me. This bug was introduced in commit 512e9b3b, which moved that code out of continue_writing(), which held the write_lock at the time.

Comment 4 Allison Karlitskaya (desrt) 2017-02-01 09:00:41 UTC

Review of attachment 344667 [details] [review]:

Thanks for the patch, and thanks Philip for the extra detective work.  This is fine to merge, with an appropriate commit message (bug reference, and mentioning the commit that introduced the issue).

Comment 5 Fabrice Bellet 2017-02-03 17:26:25 UTC

Created attachment 344875 [details] [review]
gdbus: make sure to stay locked when sending message

This patch fixes a case where schedule_writing_unlocked() was called
without holding the write lock. The bug was introduced in commit
512e9b3b.

Comment 6 Philip Withnall 2017-02-04 00:24:27 UTC

Review of attachment 344875 [details] [review]:

Great! Do you have git access to push this yourself?

Comment 7 Philip Withnall 2017-02-05 13:20:46 UTC

I went ahead and pushed it. Thanks for the patch.

Attachment 344875 [details] pushed as c457ec0 - gdbus: make sure to stay locked when sending message