[PATCH 1/2] rpcrt4: Don't nest critical sections to prevent a deadlock (Coverity).
Sven Baars
sven.wine at gmail.com
Wed Oct 23 15:09:43 CDT 2019
On 23-10-19 18:47, Andrew Eikum wrote:
> On Mon, Oct 21, 2019 at 11:49:49PM +0200, Sven Baars wrote:
>> Signed-off-by: Sven Baars <sven.wine at gmail.com>
>> ---
>> dlls/rpcrt4/rpc_server.c | 9 ++++++---
>> 1 file changed, 6 insertions(+), 3 deletions(-)
>>
>> diff --git a/dlls/rpcrt4/rpc_server.c b/dlls/rpcrt4/rpc_server.c
>> index 12260b7298..b5110c879c 100644
>> --- a/dlls/rpcrt4/rpc_server.c
>> +++ b/dlls/rpcrt4/rpc_server.c
>> @@ -1558,12 +1558,16 @@ RPC_STATUS WINAPI RpcMgmtWaitServerListen( void )
>> WaitForSingleObject( event, INFINITE );
>> TRACE( "done waiting\n" );
>>
>> - EnterCriticalSection(&listen_cs);
>> /* wait for server threads to finish */
>> while(1)
>> {
>> + EnterCriticalSection(&listen_cs);
>> if (listen_count)
>> + {
>> + LeaveCriticalSection(&listen_cs);
>> break;
>
> I agree there's a potential deadlock here (RpcMgmtWaitServerListen
> locks listen_cs and then server_cs, while RPCRT4_start_listen locks
> server_cs and then listen_cs), but this change unsynchronizes the
> listen_count check from the listen_done_event assignment below. That
> doesn't look right to me.
>
> Andrew
Hi Andrew,
I thought that this was the reason that the "listen_done_event == event"
statement is there in the first place. Note that before, during the
while loop, listen_cs was already unlocked anyway, so in that case this
issue also existed there.
But I indeed was also a bit confused because I suppose something like
this could happen:
RPCRT4_stop_listen locks listen_cs
RPCRT4_stop_listen checks if listen_done_event is NULL, it is not
RPCRT4_stop_listen unlocks listen_cs
RpcMgmtWaitServerListen locks listen_cs
RpcMgmtWaitServerListen sets listen_done_event to NULL
RpcMgmtWaitServerListen unlocks listen_cs
RPCRT4_stop_listen locks listen_cs
RPCRT4_stop_listen calls SetEvent with listen_done_event now being NULL
RPCRT4_stop_listen unlocks listen_cs
and other similar things. But I'm not sure if these are actual issues
that should be fixed. For the same reason I also wasn't really sure if I
had to add that lock around listen_count.
Sven
More information about the wine-devel
mailing list