44 bytes, text/x-phabricator-request
|Details | Review|
On Ubuntu 16.04 with USB token inserted: 1. Go to WebAuthN test site . 2. Click "Create Credentials" but don't perform USB verification. 3. Create new tab. 4. Return to original tab. 5. Confirm abort message. 6. Return to new tab and try to navigate to a new URL. Result: Browser is unresponsive. 7. Close new tab. Result: Eventually you will get a crash .  https://webauthn.bin.coffee/  https://crash-stats.mozilla.com/report/index/0908f79a-c425-4829-af50-7b3060170918
Ok so what's happening here is that U2FTokenManager::Cancel() sends a Cancel request and then destroys the U2FHIDTokenManager. rust_u2f_mgr_free() waits for the work queue thread in manager.rs to be joined. While waiting it holds the gInstanceMutex. Now the runloop in PlatformManager::sign() will terminate and call the callback, that however will acquire gInstanceMutex again and we have a deadlock.
OS: Linux → All
Hardware: x86_64 → All
Assignee: jjones → ttaubert
Status: NEW → ASSIGNED
Summary: Linux: Crash after tab switch during verification process → Deadlock after tab switch during verification process
Pushed by email@example.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/efa6750d4e13 Fix WebAuthn deadlock when cancelling a request on tab switch r=jcj
Comment on attachment 8909442 [details] Bug 1400940 - Fix WebAuthn deadlock when cancelling a request on tab switch r=jcj J.C. Jones [:jcj] has approved the revision. https://phabricator.services.mozilla.com/D67
Attachment #8909442 - Flags: review+
You need to log in before you can comment on or make changes to this bug.