New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wallet: Add missing cs_wallet/cs_KeyStore locks to wallet #11634

Open
wants to merge 2 commits into
base: master
from

Conversation

Projects
None yet
8 participants
@practicalswift
Member

practicalswift commented Nov 8, 2017

Add missing wallet locks:

  • Calling the function GetConflicts(...) requires holding the mutex cs_wallet
  • Calling the function IsSpent(...) requires holding the mutex cs_wallet
  • Accessing the variables mapKeys and mapCryptedKeys requires holding the mutex cs_KeyStore
  • Accessing the variable nTimeFirstKey requires holding the mutex cs_wallet
  • Accessing the variable mapWallet requires holding the mutex cs_wallet
  • Accessing the variable nTimeFirstKey requires holding the mutex cs_wallet

@fanquake fanquake added the Wallet label Nov 8, 2017

@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Nov 8, 2017

Member

@promag Thanks for reviewing! Feedback addressed. Looks good? :-)

Member

practicalswift commented Nov 8, 2017

@promag Thanks for reviewing! Feedback addressed. Looks good? :-)

@promag

This comment has been minimized.

Show comment
Hide comment
@promag

promag Nov 8, 2017

Member

utACK 007fcbf.

Member

promag commented Nov 8, 2017

utACK 007fcbf.

luke-jr added a commit to bitcoinknots/bitcoin that referenced this pull request Nov 11, 2017

wallet: Add missing cs_wallet/cs_KeyStore locks to wallet
* Reading the variables mapTxSpends and mapWallet (via IsSpent(...) call) require holding the mutex cs_wallet.
* Reading the variables mapKeys and mapCryptedKeys require holding the mutex cs_KeyStore.
* Reading the variable nTimeFirstKey requires holding the mutex cs_wallet.
* Reading the variable mapWallet requires holding the mutex cs_wallet.

Github-Pull: #11634
Rebased-From: 007fcbf
@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Nov 21, 2017

Member

Added another commit with two more missing locks:

  • calling function IsSpent requires holding mutex pwallet->cs_wallet exclusively
  • writing variable nWalletVersion, nWalletMaxVersion, nOrderPosNext and nTimeFirstKey require holding mutex cs_wallet
Member

practicalswift commented Nov 21, 2017

Added another commit with two more missing locks:

  • calling function IsSpent requires holding mutex pwallet->cs_wallet exclusively
  • writing variable nWalletVersion, nWalletMaxVersion, nOrderPosNext and nTimeFirstKey require holding mutex cs_wallet
@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Nov 21, 2017

Member

@promag Would you mind re-reviewing? :-)

Member

practicalswift commented Nov 21, 2017

@promag Would you mind re-reviewing? :-)

Show outdated Hide outdated src/wallet/wallet.cpp
Show outdated Hide outdated src/wallet/wallet.h
@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Feb 22, 2018

Member

@TheBlueMatt Thanks for reviewing! Feedback addressed. Please re-review :-)

Member

practicalswift commented Feb 22, 2018

@TheBlueMatt Thanks for reviewing! Feedback addressed. Please re-review :-)

@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Mar 2, 2018

Member

Fixed build issue. Please re-review :-)

Member

practicalswift commented Mar 2, 2018

Fixed build issue. Please re-review :-)

@MarcoFalke

This comment has been minimized.

Show comment
Hide comment
@MarcoFalke

MarcoFalke Mar 2, 2018

Member

Given that https://github.com/bitcoin/bitcoin/pull/11226/files#diff-12635a58447c65585f51d32b7e04075bR857 is now closed, wouldn't it make sense to add the clang annotations within this commit?

Member

MarcoFalke commented Mar 2, 2018

Given that https://github.com/bitcoin/bitcoin/pull/11226/files#diff-12635a58447c65585f51d32b7e04075bR857 is now closed, wouldn't it make sense to add the clang annotations within this commit?

@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Mar 10, 2018

Member

@MarcoFalke @TheBlueMatt @promag Thanks for reviewing. I've now addressed the feedback and added corresponding GUARDED_BY/EXCLUSIVE_LOCKS_REQUIRED annotations. Please re-review :-)

Member

practicalswift commented Mar 10, 2018

@MarcoFalke @TheBlueMatt @promag Thanks for reviewing. I've now addressed the feedback and added corresponding GUARDED_BY/EXCLUSIVE_LOCKS_REQUIRED annotations. Please re-review :-)

@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Mar 12, 2018

Member

Please re-review :-)

Member

practicalswift commented Mar 12, 2018

Please re-review :-)

@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Mar 14, 2018

Member

Rebased!

Having this merged would have catched this locking incident: https://github.com/bitcoin/bitcoin/pull/12565/files#r171235800

Reviews welcome! Perhaps @promag or @Sjors could take a look? :-)

Member

practicalswift commented Mar 14, 2018

Rebased!

Having this merged would have catched this locking incident: https://github.com/bitcoin/bitcoin/pull/12565/files#r171235800

Reviews welcome! Perhaps @promag or @Sjors could take a look? :-)

Show outdated Hide outdated src/wallet/wallet.cpp
Show outdated Hide outdated src/wallet/wallet.cpp
@Sjors

This comment has been minimized.

Show comment
Hide comment
@Sjors

Sjors Mar 14, 2018

Member

Concept ACK: anything that prevents me from making mistakes :-)

Member

Sjors commented Mar 14, 2018

Concept ACK: anything that prevents me from making mistakes :-)

@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Mar 14, 2018

Member

@promag Thanks for reviewing. Feedback addressed. Please re-review :-)

Member

practicalswift commented Mar 14, 2018

@promag Thanks for reviewing. Feedback addressed. Please re-review :-)

@sipa

This comment has been minimized.

Show comment
Hide comment
@sipa

sipa Mar 15, 2018

Member

Concept ACK

Member

sipa commented Mar 15, 2018

Concept ACK

Show outdated Hide outdated src/wallet/wallet.cpp
Show outdated Hide outdated src/wallet/wallet.cpp
@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Apr 9, 2018

Member

Rebased!

Member

practicalswift commented Apr 9, 2018

Rebased!

@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Apr 9, 2018

Member

Rebased!

Member

practicalswift commented Apr 9, 2018

Rebased!

@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Jun 3, 2018

Member

@MarcoFalke Thanks for the review. I've now reworked this PR and moved annotations to the .h files where possible. Could you please re-review? :-)

Member

practicalswift commented Jun 3, 2018

@MarcoFalke Thanks for the review. I've now reworked this PR and moved annotations to the .h files where possible. Could you please re-review? :-)

@MarcoFalke

This comment has been minimized.

Show comment
Hide comment
@MarcoFalke

MarcoFalke Jun 3, 2018

Member

GetConflicts has still an annotation in the cpp file?

  • If it is not trivially possible to move to the header file, better remove the annotation for now.
Member

MarcoFalke commented Jun 3, 2018

GetConflicts has still an annotation in the cpp file?

  • If it is not trivially possible to move to the header file, better remove the annotation for now.
@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Jun 3, 2018

Member

@MarcoFalke

Applying …

diff --git a/src/wallet/wallet.cpp b/src/wallet/wallet.cpp
index a74efb919..f2926fd74 100644
--- a/src/wallet/wallet.cpp
+++ b/src/wallet/wallet.cpp
@@ -1865,7 +1865,7 @@ bool CWalletTx::RelayWalletTransaction(CConnman* connman)
     return false;
 }

-std::set<uint256> CWalletTx::GetConflicts() const EXCLUSIVE_LOCKS_REQUIRED(pwallet->cs_wallet)
+std::set<uint256> CWalletTx::GetConflicts() const
 {
     std::set<uint256> result;
     if (pwallet != nullptr)
diff --git a/src/wallet/wallet.h b/src/wallet/wallet.h
index d1ffcfbdc..fa4ca5ccb 100644
--- a/src/wallet/wallet.h
+++ b/src/wallet/wallet.h
@@ -493,7 +493,7 @@ public:
     /** Pass this transaction to the mempool. Fails if absolute fee exceeds absurd fee. */
     bool AcceptToMemoryPool(const CAmount& nAbsurdFee, CValidationState& state);

-    std::set<uint256> GetConflicts() const;
+    std::set<uint256> GetConflicts() const EXCLUSIVE_LOCKS_REQUIRED(pwallet->cs_wallet);
 };

 class COutput

… results in …

In file included from wallet/feebumper.cpp:6:
In file included from ./wallet/coincontrol.h:11:
./wallet/wallet.h:496:76: error: member access into incomplete type 'const CWallet'
    std::set<uint256> GetConflicts() const EXCLUSIVE_LOCKS_REQUIRED(pwallet->cs_wallet);
                                                                           ^

OTOH, applying only …

diff --git a/src/wallet/wallet.cpp b/src/wallet/wallet.cpp
index a74efb919..f2926fd74 100644
--- a/src/wallet/wallet.cpp
+++ b/src/wallet/wallet.cpp
@@ -1865,7 +1865,7 @@ bool CWalletTx::RelayWalletTransaction(CConnman* connman)
     return false;
 }

-std::set<uint256> CWalletTx::GetConflicts() const EXCLUSIVE_LOCKS_REQUIRED(pwallet->cs_wallet)
+std::set<uint256> CWalletTx::GetConflicts() const
 {
     std::set<uint256> result;
     if (pwallet != nullptr)

… results in …

wallet/wallet.cpp:1874:27: error: calling function 'GetConflicts' requires holding mutex 'pwallet->cs_wallet' exclusively [-Werror,-Wthread-safety-analysis]
        result = pwallet->GetConflicts(myHash);
                          ^
Member

practicalswift commented Jun 3, 2018

@MarcoFalke

Applying …

diff --git a/src/wallet/wallet.cpp b/src/wallet/wallet.cpp
index a74efb919..f2926fd74 100644
--- a/src/wallet/wallet.cpp
+++ b/src/wallet/wallet.cpp
@@ -1865,7 +1865,7 @@ bool CWalletTx::RelayWalletTransaction(CConnman* connman)
     return false;
 }

-std::set<uint256> CWalletTx::GetConflicts() const EXCLUSIVE_LOCKS_REQUIRED(pwallet->cs_wallet)
+std::set<uint256> CWalletTx::GetConflicts() const
 {
     std::set<uint256> result;
     if (pwallet != nullptr)
diff --git a/src/wallet/wallet.h b/src/wallet/wallet.h
index d1ffcfbdc..fa4ca5ccb 100644
--- a/src/wallet/wallet.h
+++ b/src/wallet/wallet.h
@@ -493,7 +493,7 @@ public:
     /** Pass this transaction to the mempool. Fails if absolute fee exceeds absurd fee. */
     bool AcceptToMemoryPool(const CAmount& nAbsurdFee, CValidationState& state);

-    std::set<uint256> GetConflicts() const;
+    std::set<uint256> GetConflicts() const EXCLUSIVE_LOCKS_REQUIRED(pwallet->cs_wallet);
 };

 class COutput

… results in …

In file included from wallet/feebumper.cpp:6:
In file included from ./wallet/coincontrol.h:11:
./wallet/wallet.h:496:76: error: member access into incomplete type 'const CWallet'
    std::set<uint256> GetConflicts() const EXCLUSIVE_LOCKS_REQUIRED(pwallet->cs_wallet);
                                                                           ^

OTOH, applying only …

diff --git a/src/wallet/wallet.cpp b/src/wallet/wallet.cpp
index a74efb919..f2926fd74 100644
--- a/src/wallet/wallet.cpp
+++ b/src/wallet/wallet.cpp
@@ -1865,7 +1865,7 @@ bool CWalletTx::RelayWalletTransaction(CConnman* connman)
     return false;
 }

-std::set<uint256> CWalletTx::GetConflicts() const EXCLUSIVE_LOCKS_REQUIRED(pwallet->cs_wallet)
+std::set<uint256> CWalletTx::GetConflicts() const
 {
     std::set<uint256> result;
     if (pwallet != nullptr)

… results in …

wallet/wallet.cpp:1874:27: error: calling function 'GetConflicts' requires holding mutex 'pwallet->cs_wallet' exclusively [-Werror,-Wthread-safety-analysis]
        result = pwallet->GetConflicts(myHash);
                          ^
@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Jun 6, 2018

Member

@MarcoFalke Another alternative could be to add NO_THREAD_SAFETY_ANALYSIS here to disable the analysis locally.

What would you suggest as the recommended way to proceed?

Member

practicalswift commented Jun 6, 2018

@MarcoFalke Another alternative could be to add NO_THREAD_SAFETY_ANALYSIS here to disable the analysis locally.

What would you suggest as the recommended way to proceed?

@MarcoFalke

This comment has been minimized.

Show comment
Hide comment
@MarcoFalke

MarcoFalke Jun 6, 2018

Member

@practicalswift I like your latest suggestion (NO_THREAD_SAFETY_ANALYSIS). Make sure to include a comment to explain this is only temporary. Also, explain that this is safe to do, since we have a run-time AssertLockHeld in place.

Member

MarcoFalke commented Jun 6, 2018

@practicalswift I like your latest suggestion (NO_THREAD_SAFETY_ANALYSIS). Make sure to include a comment to explain this is only temporary. Also, explain that this is safe to do, since we have a run-time AssertLockHeld in place.

@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Jun 6, 2018

Member

@MarcoFalke Good point! Added and documented NO_THREAD_SAFETY_ANALYSIS. Please review :-)

Member

practicalswift commented Jun 6, 2018

@MarcoFalke Good point! Added and documented NO_THREAD_SAFETY_ANALYSIS. Please review :-)

@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Jul 11, 2018

Member

Rebased!

Member

practicalswift commented Jul 11, 2018

Rebased!

@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Jul 16, 2018

Member

Rebased!

Member

practicalswift commented Jul 16, 2018

Rebased!

@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Aug 1, 2018

Member

Rebased!

Member

practicalswift commented Aug 1, 2018

Rebased!

@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Aug 6, 2018

Member

Rebased!

Member

practicalswift commented Aug 6, 2018

Rebased!

@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Aug 13, 2018

Member

Rebase number eight performed! :-)

Member

practicalswift commented Aug 13, 2018

Rebase number eight performed! :-)

@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Aug 25, 2018

Member

Rebased!

Member

practicalswift commented Aug 25, 2018

Rebased!

@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Aug 26, 2018

Member

@TheBlueMatt @promag Feedback addressed (added two commits to keep changes easy to review).

@MarcoFalke @sipa @Sjors Please re-review :-)

Member

practicalswift commented Aug 26, 2018

@TheBlueMatt @promag Feedback addressed (added two commits to keep changes easy to review).

@MarcoFalke @sipa @Sjors Please re-review :-)

@MarcoFalke

This comment has been minimized.

Show comment
Hide comment
@MarcoFalke

MarcoFalke Aug 26, 2018

Member

@practicalswift Could squash into two commits? First one is adding the LOCKs, the second one the annotations?

Member

MarcoFalke commented Aug 26, 2018

@practicalswift Could squash into two commits? First one is adding the LOCKs, the second one the annotations?

@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Aug 26, 2018

Member

@MarcoFalke Done! Please re-review :-)

Member

practicalswift commented Aug 26, 2018

@MarcoFalke Done! Please re-review :-)

@MarcoFalke

This comment has been minimized.

Show comment
Hide comment
@MarcoFalke
Member

MarcoFalke commented Aug 27, 2018

utACK 75cb9c0

@practicalswift

This comment has been minimized.

Show comment
Hide comment
@practicalswift

practicalswift Aug 30, 2018

Member

Rebased!

@MarcoFalke @promag - please re-review your utACK:s :-)

Member

practicalswift commented Aug 30, 2018

Rebased!

@MarcoFalke @promag - please re-review your utACK:s :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment