Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QUIC: Callback GCHandles are released too soon #55044

Closed
geoffkizer opened this issue Jul 1, 2021 · 1 comment · Fixed by #55303
Closed

QUIC: Callback GCHandles are released too soon #55044

geoffkizer opened this issue Jul 1, 2021 · 1 comment · Fixed by #55303
Labels
area-System.Net.Quic
Milestone
6.0.0

Comments

@geoffkizer
Copy link
Contributor

For MsQuicStream and similar classes that receive native callbacks from MsQuic:

We register for event callbacks using a GCHandle to the relevant "State" object. However, we dispose this GCHandle (_stateHandle) in Dispose. This is too early; we may have events still in flight at this point, and when they try to deref the _stateHandle, they will likely get bogus data.

Once the callback (and associated GCHandle) is successfully registered, we should not release the GCHandle until we get a final callback event and know there will not be any more callback events that reference that GCHandle, at which point we can free it. Note this includes some places today where we are freeing the GCHandle on various exception cases; these cannot release the GCHandle either.

I suspect this may be the reason we see various native crashes when using MsQuic.
@geoffkizer geoffkizer added this to the 6.0.0 milestone Jul 1, 2021
@dotnet-issue-labeler dotnet-issue-labeler bot added the untriaged New issue has not been triaged by the area owner label Jul 1, 2021
@ghost
Copy link

ghost commented Jul 1, 2021

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

Issue Details

For MsQuicStream and similar classes that receive native callbacks from MsQuic:

We register for event callbacks using a GCHandle to the relevant "State" object. However, we dispose this GCHandle (_stateHandle) in Dispose. This is too early; we may have events still in flight at this point, and when they try to deref the _stateHandle, they will likely get bogus data.

Once the callback (and associated GCHandle) is successfully registered, we should not release the GCHandle until we get a final callback event and know there will not be any more callback events that reference that GCHandle, at which point we can free it. Note this includes some places today where we are freeing the GCHandle on various exception cases; these cannot release the GCHandle either.

I suspect this may be the reason we see various native crashes when using MsQuic.

Author: geoffkizer
Assignees: -
Labels:

area-System.Net.Quic
Milestone: 6.0.0

@geoffkizer geoffkizer mentioned this issue Jul 1, 2021
Merged
@ManickaP ManickaP removed the untriaged New issue has not been triaged by the area owner label Jul 6, 2021
This was referenced Jul 6, 2021
Closed
Merged
@ghost ghost added the in-pr There is an active PR which will close this issue when it is merged label Jul 7, 2021
@ghost ghost removed the in-pr There is an active PR which will close this issue when it is merged label Jul 8, 2021
@ghost ghost locked as resolved and limited conversation to collaborators Aug 7, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-System.Net.Quic
Projects
None yet
Milestone
6.0.0
Development

Successfully merging a pull request may close this issue.

fix GCHandle free for connection and related fixes and asserts geoffkizer/runtime
2 participants
@ManickaP @geoffkizer