TSan: Thread data race in lsm_increment_call_chn_cnt vs. lsm_get_available_line

RESOLVED FIXED in Firefox 22

Status

()

P2
critical
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: posidron, Assigned: ehugg)

Tracking

({sec-want})

Trunk
mozilla22
x86_64
Linux
sec-want
Points:
---
Bug Flags:
in-testsuite -

Firefox Tracking Flags

(firefox21 disabled, firefox22 fixed)

Details

(Whiteboard: [tsan][tsan-test-blocker][webrtc][blocking-webrtc+][qa-], URL)

Attachments

(2 attachments)

(Reporter)

Description

6 years ago
Created attachment 718450 [details]
trace

During initial tests with ThreadSanitizer (LLVM version), we get a data race reported as described in the attached log. Trace was created on mozilla-central with changeset 122820:c233837cce08.

According to the TSan devs, most of the reported traces should be real data races, even though they can be "benign". We need to determine if the race can/should be fixed, or put on the ignore list. Even for benign races, TSan devs suggest to fix them (second priority), as they can also cause problems [1].

[1] http://software.intel.com/en-us/blogs/2013/01/06/benign-data-races-what-could-possibly-go-wrong
This looks like a real race, though it may not be an issue in practice (would need to understand this code better to say)
Assignee: nobody → ethanhugg
Priority: -- → P2

Updated

6 years ago
status-firefox21: --- → affected
status-firefox22: --- → affected

Updated

6 years ago
Whiteboard: [tsan][tsan-test-blocker] → [tsan][tsan-test-blocker][webrtc][blocking-webrtc?]
Note that it's a real race, but we may not be making use of this.

Updated

6 years ago
Whiteboard: [tsan][tsan-test-blocker][webrtc][blocking-webrtc?] → [tsan][tsan-test-blocker][webrtc][blocking-webrtc+]
(Assignee)

Comment 3

6 years ago
Created attachment 732519 [details] [diff] [review]
Signaling - Remove max calls per line
(Assignee)

Comment 4

6 years ago
Comment on attachment 732519 [details] [diff] [review]
Signaling - Remove max calls per line

Review of attachment 732519 [details] [diff] [review]:
-----------------------------------------------------------------

I recommend just removing the max-calls-per-line concept altogether.
Attachment #732519 - Flags: review?(adam)

Comment 5

6 years ago
Comment on attachment 732519 [details] [diff] [review]
Signaling - Remove max calls per line

Review of attachment 732519 [details] [diff] [review]:
-----------------------------------------------------------------

Except for the format string issue I mention below, this all looks good to me.

::: media/webrtc/signaling/src/sipcc/core/common/config_api.c
@@ +301,5 @@
>          }
>          table++;
>      }
>  
> +    debugif_printf("%s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s\n",

I count seventeen "%s" but only sixteen parameters.
Attachment #732519 - Flags: review?(adam) → review+

Comment 7

6 years ago
https://hg.mozilla.org/mozilla-central/rev/ba80ed4de343
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla23
Whiteboard: [tsan][tsan-test-blocker][webrtc][blocking-webrtc+] → [tsan][tsan-test-blocker][webrtc][blocking-webrtc+][webrtc-uplift]

Updated

6 years ago
Flags: in-testsuite-
Whiteboard: [tsan][tsan-test-blocker][webrtc][blocking-webrtc+][webrtc-uplift] → [tsan][tsan-test-blocker][webrtc][blocking-webrtc+][webrtc-uplift][qa-]
Comment on attachment 732519 [details] [diff] [review]
Signaling - Remove max calls per line

[Approval Request Comment]
Bug caused by (feature/regressing bug #): N/A

User impact if declined: TSAN bugs are inherently risky and compiler/optimizer and runtime timing dependent.  Nuclear missiles could be launched (to borrow a phrase from the "there are no such things as benign data races" article.

Testing completed (on m-c, etc.): On m-c for a while.

Risk to taking this patch (and alternatives if risky): Minimal risk; it removes a feature of the imported signaling library we weren't using and had no intention to use.


String or IDL/UUID changes made by this patch: only debug log message format strings
Attachment #732519 - Flags: approval-mozilla-aurora?

Comment 9

6 years ago
Comment on attachment 732519 [details] [diff] [review]
Signaling - Remove max calls per line

We won't track these unknown-criticality webrtc security issues, but will take the fixes up to Aurora.
Attachment #732519 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
https://hg.mozilla.org/releases/mozilla-aurora/rev/97a210433b0c
status-firefox21: affected → disabled
status-firefox22: affected → fixed
Whiteboard: [tsan][tsan-test-blocker][webrtc][blocking-webrtc+][webrtc-uplift][qa-] → [tsan][tsan-test-blocker][webrtc][blocking-webrtc+][qa-]
Target Milestone: mozilla23 → mozilla22
You need to log in before you can comment on or make changes to this bug.