From 4766a1ffc97cd7268407472f33a7cca2d8f57ec5 Mon Sep 17 00:00:00 2001
From: David Brazdil <dbrazdil@google.com>
Date: Mon, 19 Dec 2022 21:58:25 +0000
Subject: rpc_binder: Prevent RpcServer shutdown deadlock

RpcServer::~RpcServer invokes shutdown() to trigger exit from all
join and session threads. The function waits for the number of
connections to drop down to zero, but this depends on RpcSession
promoting a wp<RpcServer> to sp<RpcServer>. Since this is happening
during the destructor, when the refcount is zero, this pointer
promotion fails. As a result, the list of connections may not be fully
cleared and the thread calling shutdown() will deadlock.

Fix this by forcing users to call shutdown() earlier and panicing
otherwise.

Bug: 263168076
Test: cleanly shutdown RpcServer with many connections
Change-Id: Ia67a4a839419aafb1bd47fb93ed2e76d56b107c2
---
 libs/binder/RpcServer.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'libs/binder/RpcServer.cpp')

diff --git a/libs/binder/RpcServer.cpp b/libs/binder/RpcServer.cpp
index fedc1d9593..d47e4f044a 100644
--- a/libs/binder/RpcServer.cpp
+++ b/libs/binder/RpcServer.cpp
@@ -50,7 +50,8 @@ using base::unique_fd;
 
 RpcServer::RpcServer(std::unique_ptr<RpcTransportCtx> ctx) : mCtx(std::move(ctx)) {}
 RpcServer::~RpcServer() {
-    (void)shutdown();
+    RpcMutexUniqueLock _l(mLock);
+    LOG_ALWAYS_FATAL_IF(mShutdownTrigger != nullptr, "Must call shutdown() before destructor");
 }
 
 sp<RpcServer> RpcServer::make(std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory) {
-- 
cgit v1.2.3-59-g8ed1b