apollo icon indicating copy to clipboard operation
apollo copied to clipboard
verified publisher icon ApolloAuto

Fix Cyber - Timing Wheel Concurrency bug

Open CHOcho-quan opened this issue 2 years ago • 2 comments

As #15161 stated, there's a concurrency issue under timing wheel.

Considering 3 threads, running the following content

  • Thread I: Starts the timer, and spinning for sometime. Then Stops the timer.
  • Thread II: The timing wheel thread, ticking new tasks
  • Thread III: A task added to TaskManager and running asynchronously

Now Let's say Thread I stops the timer and reset task_ when Thread II has already run line 52 (timing_wheel.cc) & got an instance of the shared pointer. The only shared pointer task is only maintained in Thread II. Let's say somehow the scheduler haven't got enough resource to run Thread III and Thread II finished first. In this case, task_ is released.

If now, Thread III is scheduled by TaskManager and running line 60 (timing_wheel.cc) , since this callback is caught by task->callback, this is a heap-use-after-release problem. This could also be detected by ASAN.

CHOcho-quan avatar Nov 18 '23 21:11 CHOcho-quan

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Nov 18 '23 21:11 CLAassistant

Will check and feedback soon!

daohu527 avatar Dec 07 '23 01:12 daohu527