-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Fix concurrent tool installation race conditions with named mutex #51834
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -272,26 +272,60 @@ protected void DownloadTool( | |||||
| string? targetFramework, | ||||||
| VerbosityOptions verbosity) | ||||||
| { | ||||||
| // Use a named mutex to serialize concurrent installations of the same tool package | ||||||
| string mutexName = GetToolInstallMutexName(packageId, packageVersion); | ||||||
| using var mutex = new Mutex(false, mutexName); | ||||||
|
|
||||||
| if (!IsPackageInstalled(packageId, packageVersion, packageDownloadDir.Value)) | ||||||
| try | ||||||
| { | ||||||
| DownloadAndExtractPackage(packageId, nugetPackageDownloader, packageDownloadDir.Value, packageVersion, packageSourceLocation, includeUnlisted: givenSpecificVersion, verbosity: verbosity); | ||||||
| } | ||||||
| // First try a quick check to see if the mutex is immediately available | ||||||
| if (!mutex.WaitOne(TimeSpan.FromMilliseconds(50))) | ||||||
| { | ||||||
| // Mutex is held by another process - inform the user | ||||||
| Reporter.Error.WriteLine(string.Format(CliStrings.ToolInstallationWaiting, packageId, packageVersion)); | ||||||
|
||||||
| Reporter.Error.WriteLine(string.Format(CliStrings.ToolInstallationWaiting, packageId, packageVersion)); | |
| Reporter.Output.WriteLine(string.Format(CliStrings.ToolInstallationWaiting, packageId, packageVersion)); |
Copilot
AI
Nov 20, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The mutex acquisition logic should handle AbandonedMutexException, which can be thrown when a previous process holding the mutex terminated abnormally without releasing it. When this exception is caught, the calling thread has acquired the mutex and can safely proceed with the installation. Consider wrapping the WaitOne calls in a try-catch block that handles AbandonedMutexException.
Example:
try
{
if (!mutex.WaitOne(TimeSpan.FromMilliseconds(50)))
{
// ... existing code ...
}
}
catch (AbandonedMutexException)
{
// Mutex was abandoned by another process, but we now own it
// This is safe to proceed
}
Copilot
AI
Nov 20, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The ReleaseMutex() call in the finally block can throw ApplicationException if the mutex is not currently owned by the calling thread (e.g., if an exception was thrown before the mutex was acquired, or if an AbandonedMutexException occurred but wasn't properly caught). This could mask the original exception. Consider checking if the mutex was successfully acquired before attempting to release it.
Example:
bool mutexAcquired = false;
try
{
if (!mutex.WaitOne(TimeSpan.FromMilliseconds(50)))
{
// ...
mutexAcquired = mutex.WaitOne(TimeSpan.FromMinutes(5));
}
else
{
mutexAcquired = true;
}
if (mutexAcquired)
{
// ... installation logic ...
}
}
finally
{
if (mutexAcquired)
{
mutex.ReleaseMutex();
}
}
Copilot
AI
Nov 20, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The mutex name sanitization only replaces / and \ characters, but mutex names on Windows have additional restrictions. Windows mutex names:
- Cannot exceed 260 characters
- Cannot contain certain special characters beyond
/and\
Package IDs and versions could contain other problematic characters (e.g., + in semver build metadata). Consider using a more robust sanitization approach or creating a hash-based name for long/complex package identifiers.
Example:
private static string GetToolInstallMutexName(PackageId packageId, NuGetVersion packageVersion)
{
string baseName = $"tool-install-{packageId}-{packageVersion.ToNormalizedString()}";
// If the name is too long or contains problematic characters, use a hash
if (baseName.Length > 200 || !IsValidMutexName(baseName))
{
using var sha256 = SHA256.Create();
var hash = Convert.ToBase64String(sha256.ComputeHash(Encoding.UTF8.GetBytes(baseName)))
.Replace('/', '_')
.Replace('+', '-');
return $"tool-install-{hash}";
}
return baseName.Replace('/', '_').Replace('\\', '_');
}Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I worry about the scenario where a computer running Windows has two Jenkins agents installed as services with separate user accounts and separate file-system directories, and the agents run
dotnet tool installon the same tool in parallel. Then this code will construct the samemutexNamestring in both processes, and because all services run in session 0, they will attempt to open the same mutex object; but because they have separate user accounts, the DACL of the mutex might not allow the second open.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I'd suggest including a hash of the directory path where the tool is going to be installed.