Skip to content

Fix segfault in sqlite when a future is aborted#1314

Closed
madadam wants to merge 4 commits intolaunchbadge:masterfrom
madadam:fix-sqlite-segfault
Closed

Fix segfault in sqlite when a future is aborted#1314
madadam wants to merge 4 commits intolaunchbadge:masterfrom
madadam:fix-sqlite-segfault

Conversation

@madadam
Copy link
Contributor

@madadam madadam commented Jul 7, 2021

This PR attempts to fix a memory corruption that happens when a future executing a db query is interrupted (more details in #1300). It is built on top of #1186, only the last commit is new. Neither #1186, nor bb62cf7 are by themselves enough to fix this issue, but together they do seem to be.

Some notes:

The fix consist of making sure that calls to sqlite3_reset and sqlite3_step are never called concurrently without synchronization. The synchronization is implemented using an atomic bitflag in StatementHandle. This should be more efficient than using a mutex, however it makes the code a bit more difficult to reason about. Also the performance difference may or might not be significant. The solution only protects against concurrent use of reset and step, not any other functions. This should be fine as those seem to be the only two functions that might possibly be called concurrently from multiple threads. On the other hand this means that the StatementHandle API is strictly speaking not sound and should probably be marked as unsafe. I decided not to do it to keep the changes in this PR minimal.

Closes #1300.

link2xt and others added 4 commits April 23, 2021 00:00
@link2xt
sqlite: use Arc instead of Copy-able StatementHandle
5eebc05 
This guarantees that StatementHandle is never used after calling
`sqlite3_finalize`. Now `sqlite3_finalize` is only called when
StatementHandle is dropped.
@link2xt
sqlite: use Weak poiter to StatementHandle in the worker
5461eee 
Otherwise some tests fail to close connection.
@madadam
Merge remote-tracking branch 'deltachat/sqlite-arc' into fix-sqlite-s…
9643d38 
…egfault
@madadam
Fix segfault due to race condition in sqlite (launchbadge#1300)
bb62cf7
@madadam madadam changed the title Fix segfault in sqlite when future is aborted Fix segfault in sqlite when a future is aborted Jul 7, 2021
@abonander
Copy link
Collaborator

abonander commented Jul 23, 2021
edited
Loading

@madadam if you're still interested in getting this merged, I have some concerns:

  • I don't want to use a hand-rolled mutex. If nothing else, maybe parking_lot::RawMutex.
  • When the reset is called on-drop, it has the potential to block because it's waiting for sqlite3_step() to complete and release the mutex, which isn't ideal.

It's a non-trivial refactor, but I think we should actually just call sqlite3_reset() on the worker thread to avoid any race conditions, and then provide a oneshot channel like with Step for any tasks that are waiting for the reset to complete before continuing.

I started on this in the ab/sqlite-segfaults branch using cherry-picks of your and @link2xt's commits but didn't have time to finish.

@madadam
Copy link
Contributor Author

madadam commented Jul 27, 2021

@abonander I checked the ab/sqlite-segfaults branch and the approach seems reasonable to me. Definitely clearer than what I came up with. What is still missing there before it can be merged? Maybe I can help.

@abonander abonander mentioned this pull request Jul 28, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

waiting for author

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Memory corruption (SIGSEGV) when a future executing a sqlite query is aborted

3 participants

@madadam @abonander @link2xt