node-api: fix data race and use-after-free in napi_threadsafe_function #55877
Conversation
|
Review requested:
|
nodejs-github-bot
added
c++
|
I still need to see how to integrate the test from here https://github.com/mika-fischer/node-bug-napi-tsfn |
|
@gabrielschulhof you mentioned you'd take a look at this issue in our weekly meeting last week. If you can take a look at this PR it would be great. |
|
LGTM. @mika-fischer, please add the test when you get a chance! |
gabrielschulhof
force-pushed
the
fix-55706
branch
from
0384dff to
791bc6a
Compare
gabrielschulhof
changed the title
|
Marking as ready for review so the tests will run. |
gabrielschulhof
force-pushed
the
fix-55706
branch
from
791bc6a to
fac8a80
Compare
@gabrielschulhof Thanks for pushing this further, and sorry for not following up! FYI The test case only triggers reliably under valgrind. Otherwise it crashes only occasionally. I don't know if anthing special is needed or if all tests are run with valgrind anyway. |
|
Hello @mika-fischer , Are you still interesting in managing this pull request? |
|
@KevinEady Yes, sure, I'm just not sure what was missing the last time around. I think after @gabrielschulhof added the test this PR could have been merged already, no? I can rebase the PR, but other than that I'd need guidance what else needs to be done. |
mika-fischer
force-pushed
the
fix-55706
branch
2 times, most recently
from
f21787d to
090268b
Compare
mika-fischer
changed the title
|
@KevinEady I rebased and fixed the formatting and linting issues with the unit test. Let me know if there's more to do in order to merge this. |
mika-fischer
force-pushed
the
fix-55706
branch
from
090268b to
073cc51
Compare
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #55877 +/- ##
==========================================
- Coverage 88.55% 88.54% -0.01%
==========================================
Files 703 703
Lines 208259 208284 +25
Branches 40178 40180 +2
==========================================
+ Hits 184425 184430 +5
- Misses 15855 15864 +9
- Partials 7979 7990 +11
🚀 New features to boost your workflow:
|
|
Thanks @mika-fischer , we'll discuss this in the next Node-API meeting. |
|
Anything else I can do to move this along? |
|
@KevinEady Just another ping, before this PR goes stale again... |
|
Hi @mika-fischer , Thanks for waiting. Took awhile to for me to get around to writing some small tests that ensure that the tsfn's CallJS was called on remaining queued items on abort, and that looks good 👍 Got a little side-tracked on debugging some (what I think is) odd behavior that is not related to this PR, so I'll probably make a separate issue. I think this PR is ready-to-go, @legendecas @vmoroz ? |
|
Thank you @KevinEady! Not sure what to make of the latest test failures. They seem to be unrelated... |
Other threads can still hold a valid handle to the tsfn after finalization if finalization was triggered by - release with napi_tsfn_abort, or - environment shutdown Handle this by: - protecting finalization itself with the mutex - if necessary, delay deletion after finalization to when thread_count drops to 0 - releasing all resources as soon as possible before deletion Fixes: nodejs#55706
mika-fischer
force-pushed
the
fix-55706
branch
from
969c56a to
704c22a
Compare
mika-fischer
force-pushed
the
fix-55706
branch
from
c980195 to
fd90228
Compare
|
@KevinEady @mhdawson @gabrielschulhof I once again rebased and fixed the new lint error. Please move this forward or let me know what I still need to do. |
legendecas
added
the
author ready
legendecas
added
the
commit-queue
nodejs-github-bot
added
commit-queue-failed
Commit Queue failed- Loading data for nodejs/node/pull/55877 ✔ Done loading data for nodejs/node/pull/55877 ----------------------------------- PR info ------------------------------------ Title node-api: fix data race and use-after-free in napi_threadsafe_function (#55877) Author Mika Fischer <mika.fischer@zoopnet.de> (@mika-fischer) Branch mika-fischer:fix-55706 -> nodejs:main Labels c++, node-api, author ready, needs-ci Commits 5 - node-api: add unit test - node-api: fix data race and use-after-free in napi_threadsafe_function - node-api: combine threadsafe_function state flags into single variable - node-api: release lock before calling user callback - Fix test lint Committers 1 - Mika Fischer <mika.fischer@zoopnet.de> PR-URL: https://github.com/nodejs/node/pull/55877 Fixes: https://github.com/nodejs/node/issues/55706 Reviewed-By: Chengzhong Wu <legendecas@gmail.com> ------------------------------ Generated metadata ------------------------------ PR-URL: https://github.com/nodejs/node/pull/55877 Fixes: https://github.com/nodejs/node/issues/55706 Reviewed-By: Chengzhong Wu <legendecas@gmail.com> -------------------------------------------------------------------------------- ℹ This PR was created on Sat, 16 Nov 2024 12:16:20 GMT ✔ Approvals: 1 ✔ - Chengzhong Wu (@legendecas) (TSC): https://github.com/nodejs/node/pull/55877#pullrequestreview-3514457543 ✔ Last GitHub CI successful ℹ Last Full PR CI on 2025-11-26T21:17:23Z: https://ci.nodejs.org/job/node-test-pull-request/70325/ - Querying data for job/node-test-pull-request/70325/ ✔ Last Jenkins CI successful -------------------------------------------------------------------------------- ✔ No git cherry-pick in progress ✔ No git am in progress ✔ No git rebase in progress -------------------------------------------------------------------------------- - Bringing origin/main up to date... From https://github.com/nodejs/node * branch main -> FETCH_HEAD ✔ origin/main is now up-to-date - Downloading patch for 55877 From https://github.com/nodejs/node * branch refs/pull/55877/merge -> FETCH_HEAD ✔ Fetched commits as e825de8e02c2..fd9022818808 -------------------------------------------------------------------------------- [main 9757caffcc] node-api: add unit test Author: Gabriel Schulhof <gabrielschulhof@gmail.com> Date: Fri Jan 31 08:53:04 2025 -0800 3 files changed, 111 insertions(+) create mode 100644 test/node-api/test_threadsafe_function_shutdown/binding.cc create mode 100644 test/node-api/test_threadsafe_function_shutdown/binding.gyp create mode 100644 test/node-api/test_threadsafe_function_shutdown/test.js [main ada8bdf49a] node-api: fix data race and use-after-free in napi_threadsafe_function Author: Mika Fischer <mika.fischer@zoopnet.de> Date: Fri Nov 15 18:58:09 2024 +0100 1 file changed, 84 insertions(+), 40 deletions(-) [main 11b13a8f75] node-api: combine threadsafe_function state flags into single variable Author: Mika Fischer <mika.fischer@zoopnet.de> Date: Sat Nov 16 11:33:03 2024 +0100 1 file changed, 25 insertions(+), 23 deletions(-) [main 189ed03aba] node-api: release lock before calling user callback Author: Mika Fischer <mika.fischer@zoopnet.de> Date: Sat Aug 30 13:03:31 2025 +0200 1 file changed, 8 insertions(+), 4 deletions(-) [main 4d921bd23f] Fix test lint Author: Mika Fischer <mika.fischer@zoopnet.de> Date: Tue Nov 25 09:30:34 2025 +0100 1 file changed, 2 insertions(+), 2 deletions(-) ✔ Patches applied There are 5 commits in the PR. Attempting autorebase. (node:2217) [DEP0190] DeprecationWarning: Passing args to a child process with shell option true can lead to security vulnerabilities, as the arguments are not escaped, only concatenated. (Use `node --trace-deprecation ...` to show where the warning was created) Rebasing (2/10) Executing: git node land --amend --yes --------------------------------- New Message ---------------------------------- node-api: add unit test
Handle this by:
Fixes: #55706
|
legendecas
added
commit-queue
Other threads can still hold a valid handle to the tsfn after finalization if finalization was triggered by - release with napi_tsfn_abort, or - environment shutdown Handle this by: - protecting finalization itself with the mutex - if necessary, delay deletion after finalization to when thread_count drops to 0 - releasing all resources as soon as possible before deletion Fixes: #55706 PR-URL: #55877 Co-Authored-By: Gabriel Schulhof <gabrielschulhof@gmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
|
Landed in bff6ea4. |
github-project-automation
bot
moved this from In Progress
to Done
in Node-API Team Project
Other threads can still hold a valid handle to the tsfn after finalization if finalization was triggered by - release with napi_tsfn_abort, or - environment shutdown Handle this by: - protecting finalization itself with the mutex - if necessary, delay deletion after finalization to when thread_count drops to 0 - releasing all resources as soon as possible before deletion Fixes: #55706 PR-URL: #55877 Co-Authored-By: Gabriel Schulhof <gabrielschulhof@gmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
7 participants
Other threads can still hold a valid handle to the tsfn after
finalization if finalization was triggered by
Handle this by:
drops to 0
Fixes: #55706