From 2ed7831ff636f4fbaec27524d416d63c2fd773bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
Date: Tue, 13 Aug 2019 15:17:40 +0200
Subject: DBus: fix deadlock when destroying QDBusServer

Observed infrequently in the QDBus tests, it would deadlock when
destroying QDBusServer at the same time as qDBusNewConnection was being
executed as they were locking the same locks, but in opposite order.

QDBusServer locks d->lock, then QDBusConnectionManager::instance()->mutex.
While qDBusNewConnection locks QDBusConnectionManager::instance()->mutex,
then serverConnection->lock (and serverConnection here
is QDBusServer's d-pointer).

QOrderedMutexLocker cannot be used in this situation because it
operates on QMutex*, which d->lock (QReadWriteLock) is not.

Change the code to lock QDBusConnectionManager's mutex before d->lock
and then unlock the QMutexLocker where it would previously destruct.
If QDBusConnectionManager has already been destroyed then we pass a
nullptr to the QMutexLocker which is fine and will not do anything.

Fixes: QTBUG-74635
Change-Id: I7f02d7759da67377996ef042c81b0969ccb8aadb
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit 6d3a4546934827955f0eb2b07a9928f82790ba37)
---
 src/dbus/qdbusserver.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'src/dbus/qdbusserver.cpp')

diff --git a/src/dbus/qdbusserver.cpp b/src/dbus/qdbusserver.cpp
index b1f9be2c2a..649d8ad8a3 100644
--- a/src/dbus/qdbusserver.cpp
+++ b/src/dbus/qdbusserver.cpp
@@ -111,12 +111,16 @@ QDBusServer::QDBusServer(QObject *parent)
 */
 QDBusServer::~QDBusServer()
 {
-    QWriteLocker locker(&d->lock);
+    QMutex *managerMutex = nullptr;
+    if (QDBusConnectionManager::instance())
+        managerMutex = &QDBusConnectionManager::instance()->mutex;
+    QMutexLocker locker(managerMutex);
+    QWriteLocker writeLocker(&d->lock);
     if (QDBusConnectionManager::instance()) {
-        QMutexLocker locker(&QDBusConnectionManager::instance()->mutex);
         for (const QString &name : qAsConst(d->serverConnectionNames))
             QDBusConnectionManager::instance()->removeConnection(name);
         d->serverConnectionNames.clear();
+        locker.unlock();
     }
     d->serverObject = Q_NULLPTR;
     d->ref.store(0);
-- 
cgit v1.2.3