Closed Bug 1749214 Opened 2 years ago Closed 2 years ago

Various locking issues with nsHttpConnectionMgr

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
98 Branch
Tracking Flags:
Tracking Status
firefox-esr91 --- wontfix
firefox96 --- wontfix
firefox97 --- wontfix
firefox98 --- fixed

People

(Reporter: jesup, Assigned: jesup)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-race, sec-moderate, Whiteboard: [post-critsmash-triage][adv-main98+r])

Attachments

(1 file)

Bug 1749214: nsHttpConnectionMgr cleanup r=kershaw
48 bytes, text/x-phabricator-request
Details | Review

Thread-safety analysis found a bunch of issues with nsHttpConnectionMgr.

Some certainly seem to be real issues; a bunch of others look like the values are only ever accessed off the socket thread when they're modified in OnMsgUpdateParam; if that could be moved to run on SocketThread, there wouldn't be any data races for many of these values, and we could drop a bunch (not all) of the locks I've added.

This patch passes cleanly, but you'll see what I mean. Many (perhaps not all) of the locks that could be dropped are marked with a comment indicating I'd like to remove it.

There are some real issues here too, I believe (and those values updated in OnMsgUpdateParam could cause real data races and undefined behavior as-is).

Flags: needinfo?(kershaw)
Flags: needinfo?(dd.mozilla)

(In reply to Randell Jesup [:jesup] (needinfo me) from comment #0)

Thread-safety analysis found a bunch of issues with nsHttpConnectionMgr.

Some certainly seem to be real issues; a bunch of others look like the values are only ever accessed off the socket thread when they're modified in OnMsgUpdateParam; if that could be moved to run on SocketThread, there wouldn't be any data races for many of these values, and we could drop a bunch (not all) of the locks I've added.

OnMsgUpdateParam is only used here, so it should be only called on socket thread. I assume most of the locks you've added can be dropped?

Flags: needinfo?(kershaw)

nsHttpConnectionMgr should only be modified on the socket tread. All functions that are called on another thread are posted to the socket thread (the code uses a very old code for posting, this one, some are modernized).
If the above is not true that we are in trouble.

Flags: needinfo?(dd.mozilla)

Aha, thanks! Since OnMsgUpdateParam is socketthread-only, I can remove most of those locks (and assert it's socket-thread only)

Assignee: nobody → rjesup
Attachment #9258247 - Attachment description: WIP: Bug 1749214: nsHttpConnectionMgr cleanup r=kershaw → Bug 1749214: nsHttpConnectionMgr cleanup r=kershaw
Status: NEW → ASSIGNED

nsHttpConnectionMgr cleanup r=kershaw,necko-reviewers
https://hg.mozilla.org/integration/autoland/rev/4bb5d4538395b34edc7fbb17d87c01f22b8f5712
https://hg.mozilla.org/mozilla-central/rev/4bb5d4538395

Group: core-security → core-security-release
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox98: --- → fixed
Flags: needinfo?(rjesup)
Resolution: --- → FIXED
Target Milestone: --- → 98 Branch

The patch landed in nightly and beta is affected.
:jesup, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.

For more information, please visit auto_nag documentation.

Flags: needinfo?(rjesup)

I don't see a need to uplift this

Flags: needinfo?(rjesup)
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main98+r]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: