Skip to content

sim-mbim: fix race condition when sync requested during preload

Aleksander Morgado requested to merge aleksm/ModemManager:aleksander/fix-sim-mbim-preload-race into main

This is an extremely tricky race condition.

  • During SIM object initialization, we try to load SIM type (first item loaded).
  • MMSimMbim SIM type loading step runs preload_subscriber_info(), which: ** Sets self->priv->preload = TRUE; so that it is not run anymore. ** Sets the sync monitor to clear preloaded info if sync needed. ** Runs the subscriber ready status operation asynchronously. ** Just before the subscriber ready status operation returns, the system goes to sleep. ** The resume logic kicks in, and we flag the modem with sync needed, which clears the self->priv->preload flag.
  • Then the subscriber ready status operation response arrives, and we store the IMSI and the other things.
  • When the next initialization step happens, given that self->priv->preload is cleared, we run attempt to run preload_subscriber_info() again, and this time it finds the info like IMSI is already set, so asserts:
    0x00007cbcd287523f (libglib-2.0.so.0 - gtestutils.c: 3253)      g_assertion_message
    0x00007cbcd28752a2 (libglib-2.0.so.0 - gtestutils.c: 3279)      g_assertion_message_expr
    0x00005cbdab0a2dc0 (ModemManager - mm-sim-mbim.c: 253)  subscriber_ready_status_ready
    0x00007cbcd29a173b (libgio-2.0.so.0 - gtask.c: 1230)    g_task_return_now
    0x00007cbcd29a0799 (libgio-2.0.so.0 - gtask.c: 1300)    g_task_return
    0x00007cbcd2a548e0 (libmbim-glib.so.4 - mbim-device.c: 264)     transaction_task_complete_and_free
    0x00007cbcd2a562fc (libmbim-glib.so.4 - mbim-device.c: 1047)    data_available
    0x00007cbcd28534a6 (libglib-2.0.so.0 - gmain.c: 3417)   g_main_context_dispatch
    0x00007cbcd28537b1 (libglib-2.0.so.0 - gmain.c: 4211)   g_main_context_iterate
    0x00007cbcd2853a25 (libglib-2.0.so.0 - gmain.c: 4411)   g_main_loop_run
    0x00005cbdab034d26 (ModemManager - main.c: 217) main
    0x00007cbcd25e16c5 (libc.so.6 + 0x000286c5)     __libc_init_first
    0x00007cbcd25e1781 (libc.so.6 + 0x00028781)     __libc_start_main
    0x00005cbdab034a40 (ModemManager + 0x00061a40)  _start

In order to solve this, upon a sync request the ongoing preload operation will be cancelled.

Edited by Aleksander Morgado

Merge request reports