From a4756e2a7fc1b6d2965024ccea95d4467406eff5 Mon Sep 17 00:00:00 2001
From: Rahul Frias <rfrias@google.com>
Date: Fri, 29 Oct 2021 01:43:34 -0700
Subject: [PATCH 1/2] Protect against race conditions when removing keys

[ Merge of http://go/wvgerrit/142229 and http://go/ag/16147655 ]

This adds concurrency protection to a session when keys or a
license is removed from a session.

Bug: 195625322
Test: GtsMediaTestCases, unit/integration tests, YT EME conformance test
Change-Id: I38601a58dc593ce053cb5457b9d42d2c35f3f041
---
 libwvdrmengine/cdm/core/src/cdm_engine.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libwvdrmengine/cdm/core/src/cdm_engine.cpp b/libwvdrmengine/cdm/core/src/cdm_engine.cpp
index fd5234f3..132d2e4c 100644
--- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp
@@ -455,6 +455,7 @@ CdmResponseType CdmEngine::RestoreKey(const CdmSessionId& session_id,
 CdmResponseType CdmEngine::RemoveKeys(const CdmSessionId& session_id) {
   LOGI("session_id = %s", IdToString(session_id));
   std::shared_ptr<CdmSession> session;
+  std::unique_lock<std::recursive_mutex> lock(session_map_lock_);
   if (!session_map_.FindSession(session_id, &session)) {
     LOGE("Session not found: session_id = %s", IdToString(session_id));
     return SESSION_NOT_FOUND_5;
@@ -466,6 +467,7 @@ CdmResponseType CdmEngine::RemoveKeys(const CdmSessionId& session_id) {
 CdmResponseType CdmEngine::RemoveLicense(const CdmSessionId& session_id) {
   LOGI("session_id = %s", IdToString(session_id));
   std::shared_ptr<CdmSession> session;
+  std::unique_lock<std::recursive_mutex> lock(session_map_lock_);
   if (!session_map_.FindSession(session_id, &session)) {
     LOGE("Session not found: session_id = %s", IdToString(session_id));
     return SESSION_NOT_FOUND_19;

From 84abb87fd83ad7a162ea143fdad87392a65b57d2 Mon Sep 17 00:00:00 2001
From: Rahul Frias <rfrias@google.com>
Date: Fri, 19 Nov 2021 13:00:11 -0800
Subject: [PATCH 2/2] Protect against race conditions when adding a license

[ Merge of http://go/wvgerrit/142249 and http://go/ag/16307264 ]

This adds concurrency protection to a session when policy
timers are reset to from v15 to v16. The v15 policy timer may still be
in use by the decryption thread.

Bug: 204282907
Bug: 207304220
Test: Unit/Integration tests, GtsMediaTestCases
Change-Id: I4967b3927e47733fb23a1a12b6094d1cd2072918
---
 libwvdrmengine/cdm/core/src/cdm_engine.cpp | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/libwvdrmengine/cdm/core/src/cdm_engine.cpp b/libwvdrmengine/cdm/core/src/cdm_engine.cpp
index 132d2e4c..014ac290 100644
--- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp
@@ -387,7 +387,16 @@ CdmResponseType CdmEngine::AddKey(const CdmSessionId& session_id,
     return EMPTY_KEY_DATA_1;
   }
 
-  const CdmResponseType sts = session->AddKey(key_data);
+  CdmResponseType sts = KEY_ADDED;
+  {
+    // TODO(rfrias): Refactor. For now lock while adding keys to prevent
+    // a race condition between this and the decryption thread. This may
+    // occur if |policy_timers_| is reset when PolicyEngine::SetLicense
+    // is called.
+    std::unique_lock<std::recursive_mutex> lock(session_map_lock_);
+    sts = session->AddKey(key_data);
+  }
+
   if (sts == KEY_ADDED) {
     if (session->is_release()) {
       *license_type = kLicenseTypeRelease;