[Android] Prevent race condition by synchronizing buffer access#117950
[Android] Prevent race condition by synchronizing buffer access#117950kotlarmilos merged 19 commits intodotnet:mainfrom
Conversation
|
/azp run runtime-android,runtime-androidemulator |
|
Azure Pipelines will not run the associated pipelines, because the pull request was updated after the run command was issued. Review the pull request again and issue a new run command. |
|
/azp run runtime-android,runtime-androidemulator |
|
Azure Pipelines successfully started running 2 pipeline(s). |
|
Tagging subscribers to 'arch-android': @vitek-karas, @simonrozsival, @steveisok, @akoeplinger |
There was a problem hiding this comment.
Pull Request Overview
This PR fixes a race condition in Android SSL implementation where GCHandle references were being freed while native callbacks could still access them, causing InvalidCastException or NullReferenceException. The fix extends the GCHandle lifetime to match the SafeDeleteSslContext object and adds proper synchronization for buffer operations.
Key changes:
- Replace weak
GCHandleallocation with persistent handle that lives for the full object lifetime - Add comprehensive locking around all buffer operations to prevent race conditions
- Implement null/disposed checks in native callbacks with graceful error handling
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| src/libraries/tests.proj | Re-enables System.Net.Http.Functional.Tests for Android and adds it to smoke tests |
| src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs | Implements persistent GCHandle, thread-safe buffer access, and defensive callback handling |
src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs
Outdated
Show resolved
Hide resolved
|
Azure Pipelines successfully started running 2 pipeline(s). |
src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs
Outdated
Show resolved
Hide resolved
…Android/SafeDeleteSslContext.cs Co-authored-by: Jan Kotas <jkotas@microsoft.com>
|
/azp run runtime-android,runtime-androidemulator |
|
Azure Pipelines successfully started running 2 pipeline(s). |
|
/azp run runtime-android,runtime-androidemulator |
|
Azure Pipelines successfully started running 2 pipeline(s). |
simonrozsival
left a comment
There was a problem hiding this comment.
All the failing tests are known and unrelated to these changes.
src/native/libs/System.Security.Cryptography.Native.Android/pal_sslstream.c
Outdated
Show resolved
Hide resolved
src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs
Show resolved
Hide resolved
|
/azp run runtime-android,runtime-androidemulator |
|
Azure Pipelines successfully started running 2 pipeline(s). |
simonrozsival
left a comment
There was a problem hiding this comment.
All the failing tests are known and unrelated to these changes.
What's the known issue for the wasm failure? |
|
I have opened #118244 on the wasm test failure. All CI failure - even the ones unrelated to the change - should have tracking issue: https://github.com/dotnet/runtime/blob/main/docs/workflow/ci/failure-analysis.md#what-to-do-if-you-determine-the-failure-is-unrelated |
|
Thanks Jan — I merged the PR on the second CI attempt and the failure occurred on the first attempt, which is why it let me merge without an escape comment. |
|
/backport to release/9.0-staging |
|
Started backporting to |
|
@kotlarmilos backporting to git am output$ git am --3way --empty=keep --ignore-whitespace --keep-non-patch changes.patch
Applying: Dispose SafeSslHandle and use thread-safe operations on PAL layer
Using index info to reconstruct a base tree...
M src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs
M src/libraries/tests.proj
Falling back to patching base and 3-way merge...
Auto-merging src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs
Auto-merging src/libraries/tests.proj
CONFLICT (content): Merge conflict in src/libraries/tests.proj
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config set advice.mergeConflict false"
Patch failed at 0001 Dispose SafeSslHandle and use thread-safe operations on PAL layer
Error: The process '/usr/bin/git' failed with exit code 128 |
Problem
Android SSL callbacks
WriteToConnection/ReadFromConnectionreceive an IntPtr that should reference a GCHandle toSafeDeleteSslContext. The handle was freed while native code could still invoke the callbacks with the IntPtr referencing a different object. This led to a NullReferenceException or InvalidCastException:Description
This PR synchronizes all buffer mutations behind a shared
_lock, and updates the managed callbacks to verify that the handle is still allocated and its target is aSafeDeleteSslContextbefore using it.Changes
Testing
The
System.Net.Http.Functional.Testsnow pass without the crash on Android.Fixes #117045