Add some read and write locks around pattern tree manipulation #9618

DHowett · 2021-03-25T19:35:32Z

We have been seeing some crashes (#9410) originating from a
use-after-free or a double-free in the renderer. The renderer is
iterating over the dirty rects from the render engine¹ and the rect list
is being freed out from under it.

Things like this are usually the result of somebody manipulating the
renderer's state outside of lock.

Therefore, this pull request introduces some targeted locking fixes
around manipulation of the pattern buffer (which, in turn, changes the
renderer state.)

¹ This was not a problem until #8621, which made the renderer return a
span instead of a copy for the list of dirty rects.

Validation

I ran Terminal under App Verifier, and introduced a manul delay (under
lock) in the renderer such that the invalid map would definitely have
been invalidated between the renderer taking the lock and the renderer
handling the frame. AppVerif failed us without these locking changes,
and did not do so once they were introduced.

Closes #9410.

DHowett · 2021-03-25T19:47:24Z

Follow-up: #9617

zadjii-msft · 2021-03-25T19:50:42Z

src/cascadia/TerminalControl/TermControl.cpp

@@ -3334,8 +3344,13 @@ namespace winrt::Microsoft::Terminal::Control::implementation

        _lastHoveredCell = terminalPosition;

+        uint16_t newId{ 0u };
+        // we can't use auto here because we're pre-declaring newInterval.


thank you, I would not have been able to decipher that next line without this comment

ghost · 2021-03-26T22:11:05Z

Hello @DHowett!

Because this pull request has the AutoMerge label, I will be glad to assist with helping to merge this pull request once all check-in policies pass.

p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (`@msftbot`) and give me an instruction to get started! Learn more here.

We have been seeing some crashes (#9410) originating from a use-after-free or a double-free in the renderer. The renderer is iterating over the dirty rects from the render engine¹ and the rect list is being freed out from under it. Things like this are usually the result of somebody manipulating the renderer's state outside of lock. Therefore, this pull request introduces some targeted locking fixes around manipulation of the pattern buffer (which, in turn, changes the renderer state.) ¹ This was not a problem until #8621, which made the renderer return a span instead of a copy for the list of dirty rects. ## Validation I ran Terminal under App Verifier, and introduced a manul delay (under lock) in the renderer such that the invalid map would definitely have been invalidated between the renderer taking the lock and the renderer handling the frame. AppVerif failed us without these locking changes, and did not do so once they were introduced. Closes #9410. (cherry picked from commit ea3e56d)

ghost · 2021-04-14T17:03:12Z

🎉Windows Terminal v1.7.1033.0 has been released which incorporates this pull request.:tada:

Handy links:

ghost · 2021-04-14T17:06:33Z

🎉Windows Terminal Preview v1.8.1032.0 has been released which incorporates this pull request.:tada:

Handy links:

DHowett added 3 commits March 25, 2021 14:11

LOCK IT UP

71ef2cf

eh

921c248

I CANNOT SPEEL

b53c414

DHowett added zStable-Service-Queued-1.12 A floating label that tracks the current Stable version for servicing purposes. zPreview-Service-Queued-1.13 A floating label that tracks the current Preview version for servicing purposes. labels Mar 25, 2021

DHowett requested review from zadjii-msft and PankajBhojwani March 25, 2021 19:35

zadjii-msft approved these changes Mar 25, 2021

View reviewed changes

DHowett added the Needs-Second It's a PR that needs another sign-off label Mar 25, 2021

ghost requested review from miniksa, carlos-zamora and leonMSFT March 25, 2021 21:08

carlos-zamora approved these changes Mar 25, 2021

View reviewed changes

DHowett added the AutoMerge Marked for automatic merge by the bot when requirements are met label Mar 26, 2021

ghost merged commit ea3e56d into main Mar 26, 2021

ghost deleted the dev/duhowett/lock branch March 26, 2021 22:11

DHowett removed the zPreview-Service-Queued-1.13 A floating label that tracks the current Preview version for servicing purposes. label Apr 2, 2021

DHowett removed the zStable-Service-Queued-1.12 A floating label that tracks the current Stable version for servicing purposes. label Apr 13, 2021

ghost mentioned this pull request Apr 14, 2021

Terminal crashes deallocating til::bitmap's vector run w/ PMR allocator (??) #9410

Closed

This pull request was closed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add some read and write locks around pattern tree manipulation #9618

Add some read and write locks around pattern tree manipulation #9618

DHowett commented Mar 25, 2021

DHowett commented Mar 25, 2021

zadjii-msft Mar 25, 2021

ghost commented Mar 26, 2021

ghost commented Apr 14, 2021

ghost commented Apr 14, 2021

Add some read and write locks around pattern tree manipulation #9618

Add some read and write locks around pattern tree manipulation #9618

Conversation

DHowett commented Mar 25, 2021

Validation

DHowett commented Mar 25, 2021

zadjii-msft Mar 25, 2021

Choose a reason for hiding this comment

ghost commented Mar 26, 2021

p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (@msftbot) and give me an instruction to get started! Learn more here.

ghost commented Apr 14, 2021

ghost commented Apr 14, 2021

p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (`@msftbot`) and give me an instruction to get started! Learn more here.