From ee78e760a7727947b02972af548c71b2f38019e2 Mon Sep 17 00:00:00 2001 From: Steven Moreland Date: Wed, 5 May 2021 21:12:51 +0000 Subject: libbinder: delete dead server objects We can do more active cleanup, and we can do kinder cleanup, but for now fix leaks (future considerations/TODOs left in code). Bug: 185167543 Test: binderRpcTest Change-Id: Ide06476aefd72cbc46ba5fba095244a5448e493b --- libs/binder/RpcSession.cpp | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'libs/binder/RpcSession.cpp') diff --git a/libs/binder/RpcSession.cpp b/libs/binder/RpcSession.cpp index 09ec20dbf0..bf998c1cd8 100644 --- a/libs/binder/RpcSession.cpp +++ b/libs/binder/RpcSession.cpp @@ -24,6 +24,7 @@ #include #include +#include #include #include @@ -168,6 +169,22 @@ void RpcSession::join(unique_fd client) { "bad state: connection object guaranteed to be in list"); } +void RpcSession::terminateLocked() { + // TODO(b/185167543): + // - kindly notify other side of the connection of termination (can't be + // locked) + // - prevent new client/servers from being added + // - stop all threads which are currently reading/writing + // - terminate RpcState? + + if (mTerminated) return; + + sp server = mForServer.promote(); + if (server) { + server->onSessionTerminating(sp::fromExisting(this)); + } +} + wp RpcSession::server() { return mForServer; } @@ -264,6 +281,9 @@ bool RpcSession::removeServerConnection(const sp& connection) { std::lock_guard _l(mMutex); if (auto it = std::find(mServers.begin(), mServers.end(), connection); it != mServers.end()) { mServers.erase(it); + if (mServers.size() == 0) { + terminateLocked(); + } return true; } return false; -- cgit v1.2.3-59-g8ed1b From 2ff0d47cf68ae3e6a0593220205ba06b23db73fc Mon Sep 17 00:00:00 2001 From: Steven Moreland Date: Wed, 5 May 2021 22:20:40 +0000 Subject: libbinder: RPC avoid server shutdown crash Server thread needs to detach itself before removing its entry in RpcSession. This was causing the (upcoming) RPC server fuzzer to fail very frequently. Bug: 182938024 Test: w/ fuzzer, binderRpcTest Change-Id: I004747971997ed2ae90613757836eb6f68473abd --- libs/binder/RpcSession.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'libs/binder/RpcSession.cpp') diff --git a/libs/binder/RpcSession.cpp b/libs/binder/RpcSession.cpp index bf998c1cd8..f4a3cffa24 100644 --- a/libs/binder/RpcSession.cpp +++ b/libs/binder/RpcSession.cpp @@ -143,8 +143,10 @@ void RpcSession::startThread(unique_fd client) { holdThis->join(unique_fd(fd)); { std::lock_guard _l(holdThis->mMutex); - size_t erased = mThreads.erase(std::this_thread::get_id()); - LOG_ALWAYS_FATAL_IF(erased != 0, "Could not erase thread."); + auto it = mThreads.find(std::this_thread::get_id()); + LOG_ALWAYS_FATAL_IF(it == mThreads.end()); + it->second.detach(); + mThreads.erase(it); } }); mThreads[thread.get_id()] = std::move(thread); -- cgit v1.2.3-59-g8ed1b