mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-26 19:23:26 -03:00
Merge #18487: rpc: Fix rpcRunLater race in walletpassphrase
7b8e15728drpc: Fix rpcRunLater race in walletpassphrase (João Barbosa) Pull request description: Release locks before calling `rpcRunLater`. Quick explanation: `rpcRunLater` leads to `event_free` which calls `event_del` which can wait for the event callback to finish if it's already running and that callback will try to lock wallet mutex - which is already locked in http thread. Fixes #14995 , fixes #18482. Best reviewed with whitespace changes hidden. ACKs for top commit: MarcoFalke: ACK7b8e15728d, only tested that this avoids the node freezing. Did not look at how libevent works or how the deadlock happens or if this breaks other stuff. 📞 ryanofsky: Code review ACK7b8e15728d. Just updated comment since last review Tree-SHA512: 17874a2fa7b0e164fb0d7ee4cb7d59650275b8c03476fb291d60af8b758495457660d3912623fb26259fefe84aeba21c0a9e0c6467982ba511f19344ed5413ab
This commit is contained in:
Wladimir J. van der Laan
commit
75021e80ee
1 changed files with 43 additions and 35 deletions
|
|
@ -1912,44 +1912,52 @@ static UniValue walletpassphrase(const JSONRPCRequest& request)
|
||||||
},
|
},
|
||||||
}.Check(request);
|
}.Check(request);
|
||||||
|
|
||||||
auto locked_chain = pwallet->chain().lock();
|
int64_t nSleepTime;
|
||||||
LOCK(pwallet->cs_wallet);
|
{
|
||||||
|
auto locked_chain = pwallet->chain().lock();
|
||||||
|
LOCK(pwallet->cs_wallet);
|
||||||
|
|
||||||
if (!pwallet->IsCrypted()) {
|
if (!pwallet->IsCrypted()) {
|
||||||
throw JSONRPCError(RPC_WALLET_WRONG_ENC_STATE, "Error: running with an unencrypted wallet, but walletpassphrase was called.");
|
throw JSONRPCError(RPC_WALLET_WRONG_ENC_STATE, "Error: running with an unencrypted wallet, but walletpassphrase was called.");
|
||||||
|
}
|
||||||
|
|
||||||
|
// Note that the walletpassphrase is stored in request.params[0] which is not mlock()ed
|
||||||
|
SecureString strWalletPass;
|
||||||
|
strWalletPass.reserve(100);
|
||||||
|
// TODO: get rid of this .c_str() by implementing SecureString::operator=(std::string)
|
||||||
|
// Alternately, find a way to make request.params[0] mlock()'d to begin with.
|
||||||
|
strWalletPass = request.params[0].get_str().c_str();
|
||||||
|
|
||||||
|
// Get the timeout
|
||||||
|
nSleepTime = request.params[1].get_int64();
|
||||||
|
// Timeout cannot be negative, otherwise it will relock immediately
|
||||||
|
if (nSleepTime < 0) {
|
||||||
|
throw JSONRPCError(RPC_INVALID_PARAMETER, "Timeout cannot be negative.");
|
||||||
|
}
|
||||||
|
// Clamp timeout
|
||||||
|
constexpr int64_t MAX_SLEEP_TIME = 100000000; // larger values trigger a macos/libevent bug?
|
||||||
|
if (nSleepTime > MAX_SLEEP_TIME) {
|
||||||
|
nSleepTime = MAX_SLEEP_TIME;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (strWalletPass.empty()) {
|
||||||
|
throw JSONRPCError(RPC_INVALID_PARAMETER, "passphrase can not be empty");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!pwallet->Unlock(strWalletPass)) {
|
||||||
|
throw JSONRPCError(RPC_WALLET_PASSPHRASE_INCORRECT, "Error: The wallet passphrase entered was incorrect.");
|
||||||
|
}
|
||||||
|
|
||||||
|
pwallet->TopUpKeyPool();
|
||||||
|
|
||||||
|
pwallet->nRelockTime = GetTime() + nSleepTime;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Note that the walletpassphrase is stored in request.params[0] which is not mlock()ed
|
// rpcRunLater must be called without cs_wallet held otherwise a deadlock
|
||||||
SecureString strWalletPass;
|
// can occur. The deadlock would happen when RPCRunLater removes the
|
||||||
strWalletPass.reserve(100);
|
// previous timer (and waits for the callback to finish if already running)
|
||||||
// TODO: get rid of this .c_str() by implementing SecureString::operator=(std::string)
|
// and the callback locks cs_wallet.
|
||||||
// Alternately, find a way to make request.params[0] mlock()'d to begin with.
|
AssertLockNotHeld(wallet->cs_wallet);
|
||||||
strWalletPass = request.params[0].get_str().c_str();
|
|
||||||
|
|
||||||
// Get the timeout
|
|
||||||
int64_t nSleepTime = request.params[1].get_int64();
|
|
||||||
// Timeout cannot be negative, otherwise it will relock immediately
|
|
||||||
if (nSleepTime < 0) {
|
|
||||||
throw JSONRPCError(RPC_INVALID_PARAMETER, "Timeout cannot be negative.");
|
|
||||||
}
|
|
||||||
// Clamp timeout
|
|
||||||
constexpr int64_t MAX_SLEEP_TIME = 100000000; // larger values trigger a macos/libevent bug?
|
|
||||||
if (nSleepTime > MAX_SLEEP_TIME) {
|
|
||||||
nSleepTime = MAX_SLEEP_TIME;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (strWalletPass.empty()) {
|
|
||||||
throw JSONRPCError(RPC_INVALID_PARAMETER, "passphrase can not be empty");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!pwallet->Unlock(strWalletPass)) {
|
|
||||||
throw JSONRPCError(RPC_WALLET_PASSPHRASE_INCORRECT, "Error: The wallet passphrase entered was incorrect.");
|
|
||||||
}
|
|
||||||
|
|
||||||
pwallet->TopUpKeyPool();
|
|
||||||
|
|
||||||
pwallet->nRelockTime = GetTime() + nSleepTime;
|
|
||||||
|
|
||||||
// Keep a weak pointer to the wallet so that it is possible to unload the
|
// Keep a weak pointer to the wallet so that it is possible to unload the
|
||||||
// wallet before the following callback is called. If a valid shared pointer
|
// wallet before the following callback is called. If a valid shared pointer
|
||||||
// is acquired in the callback then the wallet is still loaded.
|
// is acquired in the callback then the wallet is still loaded.
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue