From ab3f442e84cbb7dfd21197ee452c3b480eda481f Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Mon, 27 Sep 2021 18:38:20 -0700
Subject: libbinder: RPC avoid FdTrigger shutdown race

RpcSession's FdTrigger can't have simultaneous calls to trigger. This
will cause a double-close of the FD. Take locks to avoid this case.

Bug: 200368820
Test: binderRpcTest, binder_rpc_fuzzer, binder_bpBinderFuzz
Change-Id: I94822f441142b3a1352e38adacb8e17f285d66ac
---
 libs/binder/RpcServer.cpp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'libs/binder/RpcServer.cpp')

diff --git a/libs/binder/RpcServer.cpp b/libs/binder/RpcServer.cpp
index 5733993b3b..4c61a5902f 100644
--- a/libs/binder/RpcServer.cpp
+++ b/libs/binder/RpcServer.cpp
@@ -205,8 +205,11 @@ bool RpcServer::shutdown() {
     }
 
     mShutdownTrigger->trigger();
+
     for (auto& [id, session] : mSessions) {
         (void)id;
+        // server lock is a more general lock
+        std::lock_guard<std::mutex> _lSession(session->mMutex);
         session->mShutdownTrigger->trigger();
     }
 
-- 
cgit v1.2.3-59-g8ed1b