src: avoid race condition in tracing code

`json_trace_writer_` is protected by `stream_mutex_`, but one access to it was not guarded by a lock on said mutex. Refs: https://github.com/nodejs/node/issues/25512 PR-URL: https://github.com/nodejs/node/pull/25624 Reviewed-By: Denys Otrishko <shishugi@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com>
2026-01-15 12:15:26 +00:00 · 2019-01-21 22:16:23 +01:00
parent accd674c9a
commit 06da364be2
2 changed files with 10 additions and 3 deletions
--- a/src/tracing/node_trace_writer.cc
+++ b/src/tracing/node_trace_writer.cc
@@ -138,8 +138,13 @@ void NodeTraceWriter::FlushPrivate() {

 void NodeTraceWriter::Flush(bool blocking) {
  Mutex::ScopedLock scoped_lock(request_mutex_);
-  if (!json_trace_writer_) {
-    return;
+  {
+    // We need to lock the mutexes here in a nested fashion; stream_mutex_
+    // protects json_trace_writer_, and without request_mutex_ there might be
+    // a time window in which the stream state changes?
+    Mutex::ScopedLock stream_mutex_lock(stream_mutex_);
+    if (!json_trace_writer_)
+      return;
  }
  int request_id = ++num_write_requests_;
  int err = uv_async_send(&flush_signal_);
--- a/src/tracing/node_trace_writer.h
+++ b/src/tracing/node_trace_writer.h
@@ -45,9 +45,11 @@ class NodeTraceWriter : public AsyncTraceWriter {
  // Triggers callback to close async objects, ending the tracing thread.
  uv_async_t exit_signal_;
  // Prevents concurrent R/W on state related to serialized trace data
-  // before it's written to disk, namely stream_ and total_traces_.
+  // before it's written to disk, namely stream_ and total_traces_
+  // as well as json_trace_writer_.
  Mutex stream_mutex_;
  // Prevents concurrent R/W on state related to write requests.
+  // If both mutexes are locked, request_mutex_ has to be locked first.
  Mutex request_mutex_;
  // Allows blocking calls to Flush() to wait on a condition for
  // trace events to be written to disk.