Gitiles
Code Review Sign In
gerrit.openfyde.cn / webrtc.googlesource.com / src / 7b69a44c8b1cc632e1633c7622e12d789972e3e2^! / . / rtc_base / socket_unittest.h
commit7b69a44c8b1cc632e1633c7622e12d789972e3e2[log] [tgz]
authorTaylor Brandstetter <deadbeef@webrtc.org>Thu Aug 20 23:43:13 2020 +0000
committerCommit Bot <commit-bot@chromium.org>Mon Aug 31 20:26:37 2020 +0000
treea89d3d03fbbdcc87e5c6a8e1a731b341f54b7bc2
parent81de439281e9dd65f09a8e3138576008b0b8b17b [diff] [blame]
Fix ABA problem when iterating epoll events.

Original patch contributed by andrey.semashev@gmail.com.

In PhysicalSocketServer::WaitEpoll(), the loop verifies that the
signalled dispatcher is in dispatchers_ set. It does so by looking up
the dispatcher pointer in the set. This is vulnerable to the ABA
problem because one dispatcher may be removed and destroyed and another
created and added with the same address before epoll reports an event
for the old dispatcher. The same issue exists for other Wait
implementations, if a dispatcher is removed and a new one added with
the same socket handle is the old.

This is avoided by using a 64-bit key for looking up the dispatcher
in the set. The key is set from a running counter which gets incremented
when a dispatcher is added to the set, so even if the same dispatcher
pointer is added, removed and added again, the key value will be
different.

This changes the storage of dispatchers_ from a set to a flat_hash_map,
which uses a bit more memory but has faster lookup (O(1) as opposed to
O(log n)).

Bug: webrtc:11124
Change-Id: I6d206e1a367b58ba971edca9b48af7664384b797
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/181027
Commit-Queue: Taylor <deadbeef@webrtc.org>
Reviewed-by: Karl Wiberg <kwiberg@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#32019}

diff --git a/rtc_base/socket_unittest.h b/rtc_base/socket_unittest.h
index 5197ccd..91ef39c 100644
--- a/rtc_base/socket_unittest.h
+++ b/rtc_base/socket_unittest.h

@@ -46,6 +46,8 @@
   void TestServerCloseIPv6();
   void TestCloseInClosedCallbackIPv4();
   void TestCloseInClosedCallbackIPv6();
+  void TestDeleteInReadCallbackIPv4();
+  void TestDeleteInReadCallbackIPv6();
   void TestSocketServerWaitIPv4();
   void TestSocketServerWaitIPv6();
   void TestTcpIPv4();
@@ -83,6 +85,7 @@
   void ClientCloseDuringConnectInternal(const IPAddress& loopback);
   void ServerCloseInternal(const IPAddress& loopback);
   void CloseInClosedCallbackInternal(const IPAddress& loopback);
+  void DeleteInReadCallbackInternal(const IPAddress& loopback);
   void SocketServerWaitInternal(const IPAddress& loopback);
   void SingleFlowControlCallbackInternal(const IPAddress& loopback);
   void UdpInternal(const IPAddress& loopback);