Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / libchrome / 6b80f39dbc8d8034591682a6cdc50c6830799b66
commit6b80f39dbc8d8034591682a6cdc50c6830799b66[log] [tgz]
authorSergey Kuznetsov <kuznetsovs@yandex-team.ru>Fri Feb 16 03:29:30 2018 +0900
committerQijiang Fan <fqj@google.com>Fri Jun 05 08:32:43 2020 +0900
tree09939ebb840520560a86e8c15c50ee432fe802e3
parent5604af58aeac0b6a0072a576bd1c2000c436ccd6 [diff]
Fix race on ipc_task_runner().

channel_->ClearIPCTaskRunner() clears ipc_task_runner_ on
ChildThreadImpl thread, but OnChannelOpened is called on another
thread.

This issues can be reproduced in synthetic environment:
1) Slowdown IO thread by applying patch:
diff --git a/ipc/ipc_sync_channel.cc b/ipc/ipc_sync_channel.cc
index c4f14dc..62adbd3 100644
--- a/ipc/ipc_sync_channel.cc
+++ b/ipc/ipc_sync_channel.cc
@@ -27,6 +27,8 @@
 #include "ipc/ipc_sync_message.h"
 #include "mojo/public/cpp/bindings/sync_event_watcher.h"

+#include "base/threading/platform_thread.h"
+
 using base::WaitableEvent;

 namespace IPC {
@@ -495,6 +497,8 @@ void SyncChannel::SyncContext::OnChannelError() {
 }

 void SyncChannel::SyncContext::OnChannelOpened() {
+  base::PlatformThread::Sleep(base::TimeDelta::FromSeconds(1));
+
   shutdown_watcher_.StartWatching(
       shutdown_event_,
       base::Bind(&SyncChannel::SyncContext::OnShutdownEventSignaled,

2) Run unit test, that have InProcessUtilityThreadHelper, for
example ExtensionServiceTest.ManagementPolicyRequiresEnable

3) The test will crash with stack:
[FATAL:scoped_refptr.h(208)] Check failed: ptr_.

Stack Trace:
  000aa409  logging::LogMessage::~LogMessage()
  00086191  scoped_refptr<base::SequencedTaskRunner>::operator->() const
  000d7d13  base::WaitableEventWatcher::StartWatching ...
  0001dce5  IPC::SyncChannel::SyncContext::OnChannelOpened()
  0009075d  base::OnceCallback<void ()>::Run() &&
  000991fb  base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)
  000af463  base::internal::IncomingTaskQueue::RunTask(base::PendingTask*)
  000b1401  base::MessageLoop::RunTask(base::PendingTask*)
  000b16ed  base::MessageLoop::DeferOrRunPendingTask(base::PendingTask)
  000b17c3  base::MessageLoop::DoWork()
  000b3329  base::MessagePumpLibevent::Run(base::MessagePump::Delegate*)
  000b11bf  base::MessageLoop::Run(bool)
  000c9e01  base::RunLoop::Run()
  000eb387  base::Thread::Run(base::RunLoop*)
  000eb645  base::Thread::ThreadMain()
  000e6865  base::(anonymous namespace)::ThreadFunc(void*)

Change-Id: I7c61e1d967876dd414e19261528d5871f7fbbbf3
Reviewed-on: https://chromium-review.googlesource.com/922201
Reviewed-by: Ken Rockot <rockot@chromium.org>
Commit-Queue: Ken Rockot <rockot@chromium.org>
Cr-Commit-Position: refs/heads/master@{#537078}

CrOS-Libchrome-Original-Commit: 25cb4934ae57092cd7bd27f1900eeaeaa499abfc
1 file changed
tree: 09939ebb840520560a86e8c15c50ee432fe802e3
  1. base/
  2. build/
  3. components/
  4. dbus/
  5. device/
  6. ipc/
  7. mojo/
  8. testing/
  9. third_party/
  10. ui/