New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Race condition between Apple SSL destroy and event callback #2825
Conversation
What about introducing flags such as |
Okay, it's finally ready for review. A few notes:
The ideal solution, I believe, is to use the group lock, similar to timer heap. There is one complication, though. The correct place to add the group lock's ref, in order to prevent ssl sock being destroyed while in the event list, is when posting the event (similar to timer when scheduling). But So, I'm forced to add the ref in the polling instead. There's still (theoretically) a tiny window when ssl socket can be destroyed right before adding the group lock's ref, but with the help of the |
b5a0976
to
4f6197c
Compare
A race condition can occur between destroying of Apple SSL socket and its event callback. Specifically, the race happens between
ssl_destroy()
andssl_network_event_poll()
inssl_sock_apple.m
.ssl_destroy()
will try to remove all events that belong to the socket by callingevent_manager_remove_events(ssock)
, but at the same time, the event polling may be in the process of calling those event's callback.Unfortunately, there doesn't seem to be a simple solution for this. Holding the event manager's lock when calling the callbacks will cause deadlock, while adding reference to the socket's group lock prior to calling the callback may have been too late since the destroying process has already started (in fact,
ssl_destroy()
is called by the group lock's destructor handler).Note: Since event callback is unique to Apple SSL, this shouldn't affect other SSL backends.