Bug 38200 - Incorrect mutex operation on Windows makes multiple dbus-daemon process instances
Summary: Incorrect mutex operation on Windows makes multiple dbus-daemon process insta...
Status: RESOLVED FIXED
Alias: None
Product: dbus
Classification: Unclassified
Component: core (show other bugs)
Version: unspecified
Hardware: All Windows (All)
: medium major
Assignee: Havoc Pennington
QA Contact: John (J5) Palmieri
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-12 00:38 UTC by Vincent Zhang
Modified: 2011-07-01 07:28 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:


Attachments
pacth for dbus-sysdeps-win.c (1.37 KB, application/octet-stream)
2011-06-12 00:38 UTC, Vincent Zhang
Details

Description Vincent Zhang 2011-06-12 00:38:02 UTC
Created attachment 47859 [details]
pacth for dbus-sysdeps-win.c

I run dbus-daemon.exe on windows platform as a session bus, using "autolaunch:" address. When I run other programs that communicate with DBus, I found additional dbus-daemon processes created, all the preocess except the original one feed 64 bytes memory. After digging the code, I found it is the dbus daemon mutex issue: dbus daemon uses a shared memory file store the bus address and uses a mutex protect it, but the mutex is used incorrectly:

a) When publishing session bus address (function _dbus_daemon_publish_session_bus_address in dbus-sysdeps-win.c), it does not acquire the ownership of the mutex;
b) When checking dbus daemon running instance (function _dbus_daemon_already_runs in dbus-sysdeps-win.c), check condition of the result of function WaitForSingleObject should be WAIT_OBJECT_0, not WAIT_TIMEOUT.

The issue exists on dbus-1.4.x, dbus-1.5.x

Patch attached.
Comment 1 Ralf Habacker 2011-06-19 23:56:03 UTC
(In reply to comment #0)
> Created an attachment (id=47859) [details]
> pacth for dbus-sysdeps-win.c
> 
> I run dbus-daemon.exe on windows platform as a session bus, using "autolaunch:"
> address. When I run other programs that communicate with DBus, I found
> additional dbus-daemon processes created, all the preocess except the original
> one feed 64 bytes memory. After digging the code, I found it is the dbus daemon
> mutex issue: dbus daemon uses a shared memory file store the bus address and
> uses a mutex protect it, but the mutex is used incorrectly:
> 
> a) When publishing session bus address (function
> _dbus_daemon_publish_session_bus_address in dbus-sysdeps-win.c), it does not
> acquire the ownership of the mutex;

Thanks for pointing this out. The first hunk of your patch requesting ownership fixes the issue. 

@@ -2684,6 +2684,13 @@ _dbus_daemon_publish_session_bus_address
     }
   _dbus_string_free( &mutex_name );
 
+  // acquire the mutex
+  if (WaitForSingleObject( hDBusDaemonMutex, 10 ) != WAIT_OBJECT_0)
+    {
+      _dbus_global_unlock( lock );
+	  return FALSE;
+	}
+
   if (!_dbus_get_shm_name(&shm_name,scope))
     {
       _dbus_string_free( &shm_name );


but the second hunk releases the ownership immediatly in dbus_daemon_publish_session_bus_address, which looks wrong to me, because ownership indicates that the address is published  and should be released when the address is unpublished.  

@@ -2704,6 +2711,8 @@ _dbus_daemon_publish_session_bus_address
 
   // cleanup
   UnmapViewOfFile( shared_addr );
+  // release the ownership of dbus daemon mutex
+  ReleaseMutex( hDBusDaemonMutex );



> b) When checking dbus daemon running instance (function
> _dbus_daemon_already_runs in dbus-sysdeps-win.c), check condition of the result
> of function WaitForSingleObject should be WAIT_OBJECT_0, not WAIT_TIMEOUT. 

A published address is indicated by the fact that dbus-daemon process owns the mutex - The error code WAIT_TIMEOUT indicates that ownership hasn't be transfered to the client and means a daemon is running and the address is valid. All other error codes indicates that no address is available ... or do i missed something ?
Comment 2 Vincent Zhang 2011-06-20 00:25:27 UTC
(In reply to comment #1)
> (In reply to comment #0)
> > Created an attachment (id=47859) [details] [details]
> > pacth for dbus-sysdeps-win.c
> > 
> > I run dbus-daemon.exe on windows platform as a session bus, using "autolaunch:"
> > address. When I run other programs that communicate with DBus, I found
> > additional dbus-daemon processes created, all the preocess except the original
> > one feed 64 bytes memory. After digging the code, I found it is the dbus daemon
> > mutex issue: dbus daemon uses a shared memory file store the bus address and
> > uses a mutex protect it, but the mutex is used incorrectly:
> > 
> > a) When publishing session bus address (function
> > _dbus_daemon_publish_session_bus_address in dbus-sysdeps-win.c), it does not
> > acquire the ownership of the mutex;
> 
> Thanks for pointing this out. The first hunk of your patch requesting ownership
> fixes the issue. 
> 
> @@ -2684,6 +2684,13 @@ _dbus_daemon_publish_session_bus_address
>      }
>    _dbus_string_free( &mutex_name );
> 
> +  // acquire the mutex
> +  if (WaitForSingleObject( hDBusDaemonMutex, 10 ) != WAIT_OBJECT_0)
> +    {
> +      _dbus_global_unlock( lock );
> +      return FALSE;
> +    }
> +
>    if (!_dbus_get_shm_name(&shm_name,scope))
>      {
>        _dbus_string_free( &shm_name );
> 
> 
> but the second hunk releases the ownership immediatly in
> dbus_daemon_publish_session_bus_address, which looks wrong to me, because
> ownership indicates that the address is published  and should be released when
> the address is unpublished.  
> 
> @@ -2704,6 +2711,8 @@ _dbus_daemon_publish_session_bus_address
> 
>    // cleanup
>    UnmapViewOfFile( shared_addr );
> +  // release the ownership of dbus daemon mutex
> +  ReleaseMutex( hDBusDaemonMutex );
> 
Who will unpublish the address? Apparently the process which publish the address does - Different dbus session bus has the different mutex name, so I think it is unnecessary to keep the mutex ownership, the only purpose of it is protecting from reading and writing.
> 
> 
> > b) When checking dbus daemon running instance (function
> > _dbus_daemon_already_runs in dbus-sysdeps-win.c), check condition of the result
> > of function WaitForSingleObject should be WAIT_OBJECT_0, not WAIT_TIMEOUT. 
> 
> A published address is indicated by the fact that dbus-daemon process owns the
> mutex - The error code WAIT_TIMEOUT indicates that ownership hasn't be
> transfered to the client and means a daemon is running and the address is
> valid. All other error codes indicates that no address is available ... or do i
> missed something ?
When the dbus-daemon process exits, the mutex doesn't exist anymore, so the point is the existence of the address and the mutex, the mutex makes sure all the processes read and write the address correctly.

I run telepathy (mission-control, CM, and my own code) with the patch, and it works fine.
Comment 3 Ralf Habacker 2011-07-01 07:28:25 UTC
In git master a similar patch has been applied which fixes this issue.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.