rpc_binder: Prevent RpcServer shutdown deadlock (4766a1ff) · Commits · e / os / platform_frameworks_native

RpcServer::~RpcServer invokes shutdown() to trigger exit from all join and session threads. The function waits for the number of connections to drop down to zero, but this depends on RpcSession promoting a wp<RpcServer> to sp<RpcServer>. Since this is happening during the destructor, when the refcount is zero, this pointer promotion fails. As a result, the list of connections may not be fully cleared and the thread calling shutdown() will deadlock. Fix this by forcing users to call shutdown() earlier and panicing otherwise. Bug: 263168076 Test: cleanly shutdown RpcServer with many connections Change-Id: Ia67a4a839419aafb1bd47fb93ed2e76d56b107c2

libs/binder/RpcServer.cpp

+2 −1

Original line number	Diff line number	Diff line
		@@ -50,7 +50,8 @@ using base::unique_fd;

		RpcServer::RpcServer(std::unique_ptr<RpcTransportCtx> ctx) : mCtx(std::move(ctx)) {}
		RpcServer::~RpcServer() {
		(void)shutdown();
		RpcMutexUniqueLock _l(mLock);
		LOG_ALWAYS_FATAL_IF(mShutdownTrigger != nullptr, "Must call shutdown() before destructor");
		}

		sp<RpcServer> RpcServer::make(std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory) {

libs/binder/libbinder_rpc_unstable.cpp

+3 −0

Original line number	Diff line number	Diff line
		@@ -162,6 +162,9 @@ bool ARpcServer_shutdown(ARpcServer* handle) {
		}

		void ARpcServer_free(ARpcServer* handle) {
		// Ignore the result of ARpcServer_shutdown - either it had been called
		// earlier, or the RpcServer destructor will panic.
		(void)ARpcServer_shutdown(handle);
		freeObjectHandle<RpcServer>(handle);
		}