conflux-rust icon indicating copy to clipboard operation
conflux-rust copied to clipboard

Published 20 hours ago verified publisher icon Conflux-Chain

Fix double-lock in sync_manager.rs

Open BurtonQin opened this issue 2 years ago • 4 comments

There is a double-lock bug in fn request_now_from_peer: The first lock: https://github.com/Conflux-Chain/conflux-rust/blob/cc2c436a3bd76f62d196cff0d8845efbf1fa149d/core/src/light_protocol/handler/sync/common/sync_manager.rs#L291 Call insert_waiting: https://github.com/Conflux-Chain/conflux-rust/blob/cc2c436a3bd76f62d196cff0d8845efbf1fa149d/core/src/light_protocol/handler/sync/common/sync_manager.rs#L314 The second lock: https://github.com/Conflux-Chain/conflux-rust/blob/cc2c436a3bd76f62d196cff0d8845efbf1fa149d/core/src/light_protocol/handler/sync/common/sync_manager.rs#L146-L148

The fix is to add drop before calling insert_waiting.

Found the bug with my static detector lockbud.

This change is Reviewable

BurtonQin avatar Aug 29 '22 14:08 BurtonQin

Can one of the admins verify this patch?

Conflux-Dev avatar Aug 29 '22 14:08 Conflux-Dev

ok to test

peilun-conflux avatar Aug 31 '22 09:08 peilun-conflux

Thanks for pointing this out!

Releasing the lock here introduces a possible race condition, but as I understand the worse case is to trigger some duplicated requests, which is acceptable.

peilun-conflux avatar Aug 31 '22 09:08 peilun-conflux

Thanks for pointing this out!

Releasing the lock here introduces a possible race condition, but as I understand the worse case is to trigger some duplicated requests, which is acceptable.

If this is the case, then one possible solution is to replace the call to insert_waiting with a new fn taking &in_flight as a parameter and to require the lock before calling it.

BurtonQin avatar Sep 01 '22 01:09 BurtonQin

Replaced by #2630.

peilun-conflux avatar Feb 15 '23 10:02 peilun-conflux