Skip to content

Comments

type-context.h: Extent cancel_mutex lock to prevent theoretical race#245

Open
ryanofsky wants to merge 2 commits intobitcoin-core:masterfrom
ryanofsky:pr/cancelmutex
Open

type-context.h: Extent cancel_mutex lock to prevent theoretical race#245
ryanofsky wants to merge 2 commits intobitcoin-core:masterfrom
ryanofsky:pr/cancelmutex

Conversation

@ryanofsky
Copy link
Collaborator

This is a followup to #240 that fixes a theoretical race condition in that PR pointed out by janb bitcoin/bitcoin#34422 (comment). Details are in the commit message. There is also an additional commit fixing up some documentation added in that PR

As pointed out by janb84 in
bitcoin/bitcoin#34422 (comment) it makes
sense for the on_cancel callback to lock cancel_mutex while it is assigning
request_canceled = true.

The lock and assigment were introduced in bitcoin-core#240 and in an earlier version of
that PR, request_canceled was a std::atomic and the assignment happened before
the lock was acquired instead of after, so it was ok for the lock to be unnamed
and immediately released after being acquired.

But in the final verion of bitcoin-core#240 request_canceled is an ordinary non-atomic
bool, and it should be assigned true with the lock held to prevent a
theoretical race condition where capn'proto event loop cancels the request
before the execution thread runs, and the execution thread sees the old
request_canceled = false value and then unsafely accesses deleted parameters.
The request being canceled so quickly and parameters being accessed so slowly,
and stale request_canceled value being read even after the execution thread has
the cancel_mutex lock should be very unlikely to occur in practice, but could
happen in theory and is good to fix.
@DrahtBot
Copy link

DrahtBot commented Feb 24, 2026

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Reviews

See the guideline for information on the review process.
A summary of reviews will appear here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants