Use appendFrom in LazyValue.writeToParcel()
Due to lazy bundle, we can now have bundles touching the original parcel (used to create the bundle in the first place) during serialization. This can lead to races within the same bundle or across bundles when the same is copied. Both these cases happen in notification manager when it's about to post notification for its listeners. In summary, it notifies all the listeners in oneway calls and the listeners make a call back to system_server to retrieve the notification. These calls back can race and lead to the bug observed in http://b/198355758#comment12. In order to avoid that we use appendFrom(mSource, mPosition) in LazyValue.writeToParcel() since that method doesn't change or use the cursor of mSource. We only ever write to mSource before creating all the LazyValues, so there can't be any r/w races. Test: 1. Attach debugger to system server and put log breakpoints in racy lines in Parcel$LazyValue.writeToParcel 2. atest -d CtsHostsideNetworkTests:com.android.cts.net.HostsideRestrictBackgroundNetworkTests#testDozeModeMetered_enabledButWhitelistedOnNotificationAction 3. Observe no crashes Test: 1. Attach debugger as in previous "Test:" line 2. Create a notification with a parcelable extra, post it 3. Observe no crashes Bug: 195622897 Bug: 198355758 Test: atest -d android.os.cts.ParcelTest android.os.cts.BundleTest android.os.BundleTest android.os.ParcelTest Change-Id: I02f890d22910c69e29e791b55d3655962a6dddfd
Loading
Please register or sign in to comment