Merge "fix race in ProcessState::getThreadPoolMaxTotalThreadCount" into main am: f0063973af

Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/3207754 Change-Id: Ib68a3ca88e3b66c17aed812b5aca8d8a06b181df Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Frederick Mayle <fmayle@google.com> 2024-08-05 23:56:41 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2024-08-05 23:56:41 +0000
commit: be501ee4bd32b19f09655887a2a84704b56c41a8 (patch)
tree: e8db03e4e1555f4aa78ba1d5812bdf8ba74aa1c5
parent: 34f357038f54efe73e463c97614143a13f1c4990 (diff)
parent: f0063973af550cd32fc4f4b7e056ec76a79eaf73 (diff)
2 files changed, 11 insertions, 3 deletions
diff --git a/libs/binder/ProcessState.cpp b/libs/binder/ProcessState.cpp
index a42ede29a2..7c29dba2d0 100644
--- a/libs/binder/ProcessState.cpp
+++ b/libs/binder/ProcessState.cpp
@@ -429,8 +429,17 @@ status_t ProcessState::setThreadPoolMaxThreadCount(size_t maxThreads) {
 }
 
 size_t ProcessState::getThreadPoolMaxTotalThreadCount() const {
+    // Need to read `mKernelStartedThreads` before `mThreadPoolStarted` (with
+    // non-relaxed memory ordering) to avoid a race like the following:
+    //
+    // thread A: if (mThreadPoolStarted) { // evaluates false
+    // thread B: mThreadPoolStarted = true;
+    // thread B: mKernelStartedThreads++;
+    // thread A: size_t kernelStarted = mKernelStartedThreads;
+    // thread A: LOG_ALWAYS_FATAL_IF(kernelStarted != 0, ...);
+    size_t kernelStarted = mKernelStartedThreads;
+
     if (mThreadPoolStarted) {
-        size_t kernelStarted = mKernelStartedThreads;
         size_t max = mMaxThreads;
         size_t current = mCurrentThreads;
 
@@ -460,7 +469,6 @@ size_t ProcessState::getThreadPoolMaxTotalThreadCount() const {
 
     // must not be initialized or maybe has poll thread setup, we
     // currently don't track this in libbinder
-    size_t kernelStarted = mKernelStartedThreads;
     LOG_ALWAYS_FATAL_IF(kernelStarted != 0, "Expecting 0 kernel started threads but have %zu",
                         kernelStarted);
     return mCurrentThreads;
diff --git a/libs/binder/include/binder/ProcessState.h b/libs/binder/include/binder/ProcessState.h
index 021bd58e21..ffa222907a 100644
--- a/libs/binder/include/binder/ProcessState.h
+++ b/libs/binder/include/binder/ProcessState.h
@@ -188,7 +188,7 @@ private:
     Vector<handle_entry> mHandleToObject;
 
     bool mForked;
-    bool mThreadPoolStarted;
+    std::atomic_bool mThreadPoolStarted;
     volatile int32_t mThreadPoolSeq;
 
     CallRestriction mCallRestriction;
author	Frederick Mayle <fmayle@google.com>	2024-08-05 23:56:41 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2024-08-05 23:56:41 +0000
commit	be501ee4bd32b19f09655887a2a84704b56c41a8 (patch)
tree	e8db03e4e1555f4aa78ba1d5812bdf8ba74aa1c5
parent	34f357038f54efe73e463c97614143a13f1c4990 (diff)
parent	f0063973af550cd32fc4f4b7e056ec76a79eaf73 (diff)