Hadriel Kaplan created ZOOKEEPER-2321:
-----------------------------------------
Summary: C-client session watcher removal is not thread safe
Key: ZOOKEEPER-2321
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2321
Project: ZooKeeper
Issue Type: Bug
Components: c client
Affects Versions: 3.5.1
Reporter: Hadriel Kaplan
Invoking the C-client API function {{zoo_set_watcher()}} to remove/change a
session event watcher is not a thread-safe operation. The IO thread accesses
the session watcher (the one stored in the zhandle_t.watcher member) and copies
its value into completion events, which are then later processed by the
completion thread. This happens when it's processing session events, such as
session connected/connecting/expired events.
Meanwhile after the value has been copied by the IO thread, but before the
completion thread has used it, the main thread could change the watcher to NULL
using {{zoo_set_watcher()}} because the calling application may be free'ing it.
The call to {{zoo_set_watcher()}} will return even though the IO and completion
threads still have the old watcher pointer value, and the main application
cannot safely free it. But since the function call returns, the main
application thinks it can free it, and boom goes the dynamite.
So... either there needs to be a lockout while the IO/completion threads
process session events, or the {{zoo_set_watcher()}} needs to become
asynchronous itself by going through the same processing pipeline to the
completion thread and having a completion callback to tell the calling
application when it succeeded/failed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
