From 73e16d5e3965ff350c7a985c17993cec7d14dc99 Mon Sep 17 00:00:00 2001
From: Marek Habersack <grendel@twistedcode.net>
Date: Wed, 30 Nov 2022 18:41:54 +0100
Subject: [PATCH] [monodroid] Attach current thread to MonoVM when registering
 a type (#7560)

Fixes: https://github.com/xamarin/xamarin-android/issues/7532

Whenever any MonoVM APIs are called, the current thread of execution
must be attached to the runtime or we risk native code crashes, e.g.:

	Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x40 in tid 1860 (jg_fr_pool_thre), pid 1792 (yname.sampleapp)
	backtrace:
	  00 pc 0011588e  /data/app/~~lwgdvtQhIfK0II0Nd0mtag==/com.companyname.sampleapp-8yF54k9YuWCWpsuGRJvVQw==/lib/x86/libmonosgen-2.0.so
	  01 pc 001156ae  /data/app/~~lwgdvtQhIfK0II0Nd0mtag==/com.companyname.sampleapp-8yF54k9YuWCWpsuGRJvVQw==/lib/x86/libmonosgen-2.0.so
	  02 pc 00115575  /data/app/~~lwgdvtQhIfK0II0Nd0mtag==/com.companyname.sampleapp-8yF54k9YuWCWpsuGRJvVQw==/lib/x86/libmonosgen-2.0.so (mono_threads_enter_gc_unsafe_region_internal+53)
	  03 pc 000973c3  /data/app/~~lwgdvtQhIfK0II0Nd0mtag==/com.companyname.sampleapp-8yF54k9YuWCWpsuGRJvVQw==/lib/x86/libmonosgen-2.0.so (mono_runtime_invoke+51) (BuildId: c54662bbf82dbdadd595ca9d3e31dce29735885f)
	  04 pc 00027ace  /data/app/~~lwgdvtQhIfK0II0Nd0mtag==/com.companyname.sampleapp-8yF54k9YuWCWpsuGRJvVQw==/lib/x86/libmonodroid.so (xamarin::android::internal::MonodroidRuntime::Java_mono_android_Runtime_register(_JNIEnv*, _jstring*, _jclass*, _jstring*)+286)
	  05 pc 000279a0  /data/app/~~lwgdvtQhIfK0II0Nd0mtag==/com.companyname.sampleapp-8yF54k9YuWCWpsuGRJvVQw==/lib/x86/libmonodroid.so (Java_mono_android_Runtime_register+48)

The above trace translates to the following locations in the Mono runtime:

	copy_stack_data_internal
	/__w/1/s/src/mono/mono/utils/mono-threads-coop.c:191
	copy_stack_data
	/__w/1/s/src/mono/mono/utils/mono-threads-coop.c:246

	mono_threads_enter_gc_unsafe_region_unbalanced_with_info
	/__w/1/s/src/mono/mono/utils/mono-threads-coop.c:476

	mono_runtime_invoke
	/__w/1/s/src/mono/mono/metadata/object.c:2442

In this case, a pointer to Mono thread information structure
(`MonoThreadInfo*`) is null in `copy_stack_data()` which, in turn,
causes the segfault when the pointer is dereferenced.

In the case of issue #7532, `Java_mono_android_Runtime_register()` is
called on behalf of a 3rd party library on a thread that is, most
likely, created by that library and thus not (yet) attached to the
runtime by the time the registration attempt is made.

Attach thread to the runtime by calling
`mono_jit_thread_attach(nullptr)` in .NET builds to fix the issue.
`nullptr` is used because .NET only has a single AppDomain and
there's no need to pass around pointers to it.

TODO: Try to create a test case.  Our attempted unit tests don't
cause an app crash when the fix isn't applied -- i.e. when
`mono_jit_thread_attach(nullptr)` *isn't* called -- which suggests
that we don't fully understand the reported bug report.
---
 src/monodroid/jni/monodroid-glue.cc           |   2 +
 .../Java.Interop/JnienvTest.cs                |  38 ++++++
 tests/Mono.Android-Tests/jni/reuse-threads.c  | 125 +++++++++++++++++-
 3 files changed, 162 insertions(+), 3 deletions(-)

diff --git a/src/monodroid/jni/monodroid-glue.cc b/src/monodroid/jni/monodroid-glue.cc
index 5a8a3500951..7fb2a67dcb3 100644
--- a/src/monodroid/jni/monodroid-glue.cc
+++ b/src/monodroid/jni/monodroid-glue.cc
@@ -2537,6 +2537,8 @@ MonodroidRuntime::Java_mono_android_Runtime_register (JNIEnv *env, jstring manag
 
 	utils.monodroid_runtime_invoke (domain, register_jni_natives, nullptr, args, nullptr);
 #else // ndef NET
+	mono_jit_thread_attach (nullptr); // There's just one domain in .net
+
 #if !defined (ANDROID)
 	mono_runtime_invoke (register_jni_natives, nullptr, args, nullptr);
 #else
diff --git a/tests/Mono.Android-Tests/Java.Interop/JnienvTest.cs b/tests/Mono.Android-Tests/Java.Interop/JnienvTest.cs
index 11ac6e04b18..a1efbb26591 100644
--- a/tests/Mono.Android-Tests/Java.Interop/JnienvTest.cs
+++ b/tests/Mono.Android-Tests/Java.Interop/JnienvTest.cs
@@ -32,11 +32,31 @@ public void TestMyPaintColor ()
 			}
 		}
 
+		[DllImport ("reuse-threads")]
+		static extern int rt_register_type_on_new_thread (string java_type_namem, IntPtr class_loader);
+
 		delegate void CB (IntPtr jnienv, IntPtr java_instance);
 
 		[DllImport ("reuse-threads")]
 		static extern int rt_invoke_callback_on_new_thread (CB cb);
 
+		[Test]
+		public void RegisterTypeOnNewNativeThread ()
+		{
+			Java.Lang.JavaSystem.LoadLibrary ("reuse-threads");
+			int ret = rt_register_type_on_new_thread ("from.NewThreadOne", Application.Context.ClassLoader.Handle);
+			Assert.AreEqual (0, ret, $"Java type registration on a new thread failed with code {ret}");
+		}
+
+		[Test]
+		public void RegisterTypeOnNewJavaThread ()
+		{
+			var thread = new MyRegistrationThread ();
+			thread.Start ();
+			thread.Join (5000);
+			Assert.AreNotEqual (null, thread.Instance, "Failed to register instance of a class on new thread");
+		}
+
 		[Test]
 		public void ThreadReuse ()
 		{
@@ -434,6 +454,24 @@ public void DoNotLeakWeakReferences ()
 		}
 	}
 
+	[Register ("from/NewThreadOne")]
+	class RegisterMeOnNewThreadOne : Java.Lang.Object
+	{}
+
+	[Register ("from/NewThreadTwo")]
+	class RegisterMeOnNewThreadTwo : Java.Lang.Object
+	{}
+
+	class MyRegistrationThread : Java.Lang.Thread
+	{
+		public RegisterMeOnNewThreadTwo Instance { get; private set; }
+
+		public override void Run ()
+		{
+			Instance = new RegisterMeOnNewThreadTwo ();
+		}
+	}
+
 	class MyCb : Java.Lang.Object, Java.Lang.IRunnable {
 		public void Run ()
 		{
diff --git a/tests/Mono.Android-Tests/jni/reuse-threads.c b/tests/Mono.Android-Tests/jni/reuse-threads.c
index bdc1f415694..07223a60f37 100644
--- a/tests/Mono.Android-Tests/jni/reuse-threads.c
+++ b/tests/Mono.Android-Tests/jni/reuse-threads.c
@@ -81,6 +81,12 @@
 #include <android/log.h>
 #include <jni.h>
 
+typedef struct
+{
+	const char *java_type_name;
+	jobject class_loader;
+} RegisterFromThreadContext;
+
 typedef void (*CB)(JNIEnv *env, jobject self);
 
 static JavaVM *gvm;
@@ -113,9 +119,9 @@ _get_env (const char *where)
 }
 
 static jobject
-_create_java_instance (JNIEnv *env)
+_create_java_instance (JNIEnv *env, const char *class_name)
 {
-	jclass    Object_class  = (*env)->FindClass (env, "java/lang/Object");
+	jclass    Object_class  = (*env)->FindClass (env, class_name);
 	jmethodID Object_ctor   = (*env)->GetMethodID (env, Object_class, "<init>", "()V");
 
 	jobject   instance      = (*env)->NewObject (env, Object_class, Object_ctor);
@@ -154,7 +160,7 @@ _call_cb_from_new_thread (void *cb)
 	}
 
 	/* 5: Execution of T enters managed code... */
-	jobject instance = _create_java_instance (env);
+	jobject instance = _create_java_instance (env, "java/lang/Object");
 	_cb (env, instance);
 
 	return NULL;
@@ -200,3 +206,116 @@ rt_invoke_callback_on_new_thread (CB cb)
 	return 0;
 }
 
+/* We return -2 for errors, because -1 is reserved for the pthreads PTHREAD_CANCELED special value, indicating that the
+ * thread was canceled. */
+static int
+_register_type_from_new_thread (void *data)
+{
+	RegisterFromThreadContext *context = (RegisterFromThreadContext*)data;
+
+	if (context == NULL) {
+		return -100;
+	}
+
+	JNIEnv *env = _get_env ("_register_type_from_new_thread");
+
+	if ((*env)->PushLocalFrame (env, 4) < 0) {
+		__android_log_print (ANDROID_LOG_INFO, "XA/RuntimeTest", "FAILURE: unable to create a local reference frame!");
+
+		if ((*env)->ExceptionOccurred (env)) {
+			(*env)->ExceptionDescribe (env);
+			(*env)->ExceptionClear (env);
+		}
+
+		return -101;
+	}
+
+	int ret = 0;
+	jclass ClassLoader_class = (*env)->FindClass (env, "java/lang/ClassLoader");
+	if (ClassLoader_class == NULL) {
+		ret = -102;
+		__android_log_print (ANDROID_LOG_INFO, "XA/RuntimeTest", "FAILURE: unable to find the 'java/lang/ClassLoader' class!");
+		goto cleanup;
+	}
+
+	jmethodID loadClass = (*env)->GetMethodID (env, ClassLoader_class, "loadClass", "(Ljava/lang/String;)Ljava/lang/Class;");
+	if (loadClass == NULL) {
+		ret = -103;
+		__android_log_print (ANDROID_LOG_INFO, "XA/RuntimeTest", "FAILURE: unable to get id of method 'loadClass' in the 'java/lang/ClassLoader' class!");
+		goto cleanup;
+	}
+
+	jstring klass_name = (*env)->NewStringUTF (env, context->java_type_name);
+	jobject loaded_class = (*env)->CallObjectMethod (env, context->class_loader, loadClass, klass_name);
+
+	if ((*env)->ExceptionOccurred (env) != NULL) {
+		__android_log_print (ANDROID_LOG_INFO, "XA/RuntimeTest", "FAILURE: class '%s' cannot be loaded, Java exception thrown!", context->java_type_name);
+		(*env)->ExceptionDescribe (env);
+		(*env)->ExceptionClear (env);
+		ret = -104;
+		goto cleanup;
+	}
+
+	if (loaded_class == NULL) {
+		ret = -105;
+		__android_log_print (ANDROID_LOG_INFO, "XA/RuntimeTest", "FAILURE: 'java/lang/ClassLoader' wasn't able to load the '%s' class!", context->java_type_name);
+		goto cleanup;
+	}
+
+	jmethodID Object_ctor = (*env)->GetMethodID (env, loaded_class, "<init>", "()V");
+	if (Object_ctor == NULL) {
+		ret = -106;
+		__android_log_print (ANDROID_LOG_INFO, "XA/RuntimeTest", "FAILURE: unable to find the '%s' class constructor!", context->java_type_name);
+		goto cleanup;
+	}
+
+	jobject instance = (*env)->NewObject (env, loaded_class, Object_ctor);
+
+	if ((*env)->ExceptionOccurred (env) != NULL || instance == NULL) {
+		__android_log_print (ANDROID_LOG_INFO, "XA/RuntimeTest", "FAILURE: instance of class '%s' wasn't created!", context->java_type_name);
+		(*env)->ExceptionDescribe (env);
+		(*env)->ExceptionClear (env);
+		ret = -107;
+	}
+
+	if (instance == NULL) {
+		ret = -108;
+		__android_log_print (ANDROID_LOG_INFO, "XA/RuntimeTest", "FAILURE: unable to create instance of the '%s' class!", context->java_type_name);
+	}
+
+  cleanup:
+	(*env)->PopLocalFrame (env, NULL);
+
+	return ret;
+}
+
+JNIEXPORT int JNICALL
+rt_register_type_on_new_thread (const char *java_type_name, jobject class_loader)
+{
+	JNIEnv *env = _get_env ("rt_register_type_on_new_thread");
+	pthread_t t;
+	RegisterFromThreadContext context = {
+		java_type_name,
+		class_loader,
+	};
+
+	int r = pthread_create (&t, NULL, _register_type_from_new_thread, &context);
+
+	if (r) {
+		__android_log_print (ANDROID_LOG_INFO, "XA/RuntimeTest", "RegisterOnNewThread: pthread_create() failed! %i: %s", r, strerror (r));
+		return -200;
+	}
+
+	void *tr;
+	if (pthread_join (t, &tr) != 0) {
+		__android_log_print (ANDROID_LOG_INFO, "XA/RuntimeTest", "RegisterOnNewThread: pthread_join() failed! %i: %s", r, strerror (r));
+		return -201;
+	}
+
+	if ((int)tr == -1 /* PTHREAD_CANCELED - not defined in bionic */) {
+		__android_log_print (ANDROID_LOG_INFO, "XA/RuntimeTest", "RegisterOnNewThread: worker thread was canceled");
+		return -202;
+	}
+
+	return (int)tr;
+}