Closed Bug 1749164 Opened 2 years ago Closed 2 years ago

Probable locking issues with nsInputStreamPump

Categories

(Core :: Networking, defect, P2)

Product:
Core
Component:
Networking
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
98 Branch
Tracking Flags:
Tracking Status
firefox-esr91 --- wontfix
firefox96 --- wontfix
firefox97 --- wontfix
firefox98 --- fixed

People

(Reporter: jesup, Assigned: jesup)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-race, sec-moderate, Whiteboard: [necko-triaged][post-critsmash-triage][adv-main98+r])

Attachments

(1 file)

Bug 1749164: nsInputStreamPump cleanup r=kershaw
48 bytes, text/x-phabricator-request
Details | Review

There appear to be a number of issues with locking for nsInputStreamPump. I have some changes that quiet all the thread-safety warnings, however...

  • I'm not certain that all the members I marked as GUARDED_BY() are correct.
  • There are several cases where it unlocks to call the listener, and passes (apparently) guarded values. I've made these passings "safe" by snapshotting them before unlock, however note that once we unlock I presume these values could change during the listener call. This needs to be validated as ok or not (and if not, some redesign is probably needed).

I'm putting up a patch for review with both the fixes and the annotations, so you can see what I'm assuming about GUARDED_BY(). This would land with just the fixes; the annotation would land later (after base thread-safety code has landed).

Assignee: nobody → rjesup
Status: NEW → ASSIGNED
Severity: -- → S3
Priority: -- → P2
Whiteboard: [necko-triaged]

Landed: https://hg.mozilla.org/integration/autoland/rev/0d027e522b78b6c01694e5a5e473da6aaacfa03b

Backed out for causing build bustages in nsInputStreamPump.h:

https://hg.mozilla.org/integration/autoland/rev/2a399bb445d15c3df27110a489af21b36d910e4b

Push with failures: https://treeherder.mozilla.org/jobs?repo=autoland&group_state=expanded&resultStatus=testfailed%2Cbusted%2Cexception&revision=0d027e522b78b6c01694e5a5e473da6aaacfa03b
Build log: https://treeherder.mozilla.org/logviewer?job_id=365090892&repo=autoland

[task 2022-01-22T16:38:56.552Z] 16:38:56    ERROR -  /builds/worker/checkouts/gecko/netwerk/base/nsInputStreamPump.h:79:5: error: use of undeclared identifier 'PUSH_IGNORE_THREAD_SAFETY'
[task 2022-01-22T16:38:56.553Z] 16:38:56     INFO -      PUSH_IGNORE_THREAD_SAFETY
[task 2022-01-22T16:38:56.553Z] 16:38:56     INFO -      ^
Flags: needinfo?(rjesup)

https://hg.mozilla.org/mozilla-central/rev/ffbdf1a566d0

Group: core-security → core-security-release
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox96: --- → wontfix
status-firefox97: --- → wontfix
status-firefox98: --- → fixed
status-firefox-esr91: --- → wontfix
Flags: needinfo?(rjesup)
Resolution: --- → FIXED
Target Milestone: --- → 98 Branch
Flags: qe-verify-
Whiteboard: [necko-triaged] → [necko-triaged][post-critsmash-triage]
Whiteboard: [necko-triaged][post-critsmash-triage] → [necko-triaged][post-critsmash-triage][adv-main98+r]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: