From 95ac79e9bbf1b330735a35a8d034230195215fe6 Mon Sep 17 00:00:00 2001 From: Steven Moreland Date: Thu, 28 Dec 2023 22:46:28 +0000 Subject: libfakeservicemanager: no hold lock in clear destructors may reference servicemanager, and so if objects are destroyed by libfakeservicemanager clear, this was causing a recursive lock take. Fix this the standard way, by using the lock to copy out references, and then clear them when its okay to talk to servicemanager again. Bug: N/A Test: w/ fuzzers Change-Id: I4795ff6e042324e6ffe76f6c915c1328d3eee94f --- libs/fakeservicemanager/FakeServiceManager.cpp | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/libs/fakeservicemanager/FakeServiceManager.cpp b/libs/fakeservicemanager/FakeServiceManager.cpp index ae242f32a3..08f30de637 100644 --- a/libs/fakeservicemanager/FakeServiceManager.cpp +++ b/libs/fakeservicemanager/FakeServiceManager.cpp @@ -122,9 +122,19 @@ std::vector FakeServiceManager::getServiceDeb } void FakeServiceManager::clear() { - std::lock_guard l(mMutex); + std::map> backup; + + { + std::lock_guard l(mMutex); + backup = mNameToService; + mNameToService.clear(); + } + + // destructors may access FSM, so avoid recursive lock + backup.clear(); // explicit - mNameToService.clear(); + // TODO: destructors may have added more services here - may want + // to check this or abort } } // namespace android @@ -147,4 +157,4 @@ void clearFakeServiceManager() { LOG_ALWAYS_FATAL_IF(gFakeServiceManager == nullptr, "Fake Service Manager is not available. Forgot to call setupFakeServiceManager?"); gFakeServiceManager->clear(); } -} //extern "C" \ No newline at end of file +} //extern "C" -- cgit v1.2.3-59-g8ed1b