Closed Bug 1745056 Opened 4 years ago Closed 1 year ago

Check thread safety of PermissionManager initialization

Categories

(Core :: Permission Manager, task)

Product:
Core
Component:
Permission Manager
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
136 Branch
Tracking Flags:
Tracking Status
firefox136 --- fixed

People

(Reporter: jstutte, Assigned: jstutte)

References

Details

Attachments

(2 files)

Bug 1745056 - Make PermissionManager lifecycle truely thread safe. r?asuth
48 bytes, text/x-phabricator-request
Details | Review
Bug 1745056 - Synchronize TemporaryAccessGrantObserver shutdown with PermissionManager. r?asuth
48 bytes, text/x-phabricator-request
Details | Review

There is at least a known minimal possibility for a race on GetInstance.

See Also: → 1707963
Summary: Check thread safety of PermissionManager → Check thread safety of PermissionManager initialization

It looks like PermissionManager::GetInstance wants to avoid to take the sCreationMutex lock that GetXPCOMSingleton actually takes. I assume this "just works" as is currently because we can kind of rely on finding either nullptr or the entirly written correct pointer in gPermissionManager due to pseudo-atomical behavior of 64Bit writes on most of the systems of interest. But we could make this explicit either by:

  1. Making gPermissionManager atomic or
  2. just always call GetXPCOMSingleton directly, if we think it is not too performance critical to take the creation lock.

It is worth mentioning that PermissionManager is NS_DECL_THREADSAFE_ISUPPORTS which implies IMHO that at least creation and destruction of the singleton should be entirely thread safe.

This patch makes PermissionManager::GetInstance do the instantiation
work and GetXPCOMSingleton just uses it.
We always acquire the creation mutex and return an already_AddRefed to
avoid any possible race. We count on callers of GetInstance to
(shortly) keep a local reference if they have more work to do.
On async shutdown in the parent process, we first mark our singleton
dead, then close all our resources async and finally null our instance
holder only after the async shutdown has finished.

Assignee: nobody → jstutte
Attachment #9446761 - Attachment description: WIP: Bug 1745056 - Make PermissionManager lifecycle truely thread safe. r?asuth → Bug 1745056 - Make PermissionManager lifecycle truely thread safe. r?asuth
Status: NEW → ASSIGNED
Pushed by jstutte@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2636a0d71a2f Make PermissionManager lifecycle truely thread safe. r=asuth,cookie-reviewers,anti-tracking-reviewers,permissions-reviewers,valentin,timhuang https://hg.mozilla.org/integration/autoland/rev/b2b47f64fd35 Synchronize TemporaryAccessGrantObserver shutdown with PermissionManager. r=asuth,anti-tracking-reviewers,timhuang

https://hg.mozilla.org/mozilla-central/rev/2636a0d71a2f
https://hg.mozilla.org/mozilla-central/rev/b2b47f64fd35

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox136: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 136 Branch
Regressions: 1942810
No longer regressions: 1942810
See Also: → 1942810
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: