diff options
author | Stephan Bergmann <sbergman@redhat.com> | 2019-05-09 09:21:24 +0200 |
---|---|---|
committer | Stephan Bergmann <sbergman@redhat.com> | 2019-05-09 13:14:00 +0200 |
commit | 8a443fe0f4ab50e2156e2c7e0cf713f2949e3164 (patch) | |
tree | 73d5fd57929f6b1e7fdd8c00c3dfecc65d3397b1 /ucb/source/ucp/gio/gio_content.cxx | |
parent | 82d018b402219b5452bb08aac2c060031bbc3298 (diff) |
tdf#124962: Reduce risk of g_main_loop_run from within gio MountOperation
Using g_main_loop_run here appears to be inherently necessary for the
g_file_mount_enclosing_volume/g_file_mount_enclosing_volume_finish protocol, but
has at least two problems: For one, it temporarily drops the SolarMutex (if it
was held by the current thread), causing the usual integrity issues caused by an
inner stack frame temporarily releasing the SolarMutex that is held by some
unsuspecting caller. This is an inherent problem of our broken SolarMutex
design, and this change can't do much about it.
But for another, at least with GTK-based VCL backends, it also means that the
current thread can start to execute VCL events at "unexpected" times from within
this g_main_loop_run (e.g., paint events, as in the backtraces linked from
tdf#124962). While handling of VCL events is necessary when a callback to
ooo_mount_operation_ask_password happens and it actually pops up a dialog
prompting the user for credentials, such handling of VCL events is completely
unwanted when no such dialog is popped up (e.g., when the given server is
unreachable anyway, as is the case in tdf#124962).
So, to shrink the problematic window of time in which VCL events may get handled
from within the gio MountOperation, use a dedicated GMainContext for the gio
GMainLoop (so that it only handles events related to the mount operation), and
only temporarily put back in place the original GMainContext during
ooo_mount_operation_ask_password (so that VCL events will get handled as
necessary when a dialog is actually popped up).
Change-Id: Ie410f23778045b1adf98579bb34ce38d0f8f3320
Reviewed-on: https://gerrit.libreoffice.org/72026
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Diffstat (limited to 'ucb/source/ucp/gio/gio_content.cxx')
-rw-r--r-- | ucb/source/ucp/gio/gio_content.cxx | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/ucb/source/ucp/gio/gio_content.cxx b/ucb/source/ucp/gio/gio_content.cxx index 6127412d58fc..841a19980824 100644 --- a/ucb/source/ucp/gio/gio_content.cxx +++ b/ucb/source/ucp/gio/gio_content.cxx @@ -17,6 +17,10 @@ * the License at http://www.apache.org/licenses/LICENSE-2.0 . */ +#include <sal/config.h> + +#include <utility> + #include <string.h> #include <unistd.h> #include <sys/types.h> @@ -315,6 +319,7 @@ css::uno::Any Content::getBadArgExcept() class MountOperation { + ucb::ucp::gio::glib::MainContextRef mContext; GMainLoop *mpLoop; GMountOperation *mpAuthentication; GError *mpError; @@ -327,8 +332,11 @@ public: MountOperation::MountOperation(const css::uno::Reference< css::ucb::XCommandEnvironment >& xEnv) : mpError(nullptr) { - mpLoop = g_main_loop_new(nullptr, FALSE); - mpAuthentication = ooo_mount_operation_new(xEnv); + ucb::ucp::gio::glib::MainContextRef oldContext(g_main_context_ref_thread_default()); + mContext.reset(g_main_context_new()); + mpLoop = g_main_loop_new(mContext.get(), FALSE); + g_main_context_push_thread_default(mContext.get()); + mpAuthentication = ooo_mount_operation_new(std::move(oldContext), xEnv); } void MountOperation::Completed(GObject *source, GAsyncResult *res, gpointer user_data) @@ -363,6 +371,7 @@ GError *MountOperation::Mount(GFile *pFile) MountOperation::~MountOperation() { g_object_unref(mpAuthentication); + g_main_context_pop_thread_default(mContext.get()); g_main_loop_unref(mpLoop); } |