This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH] nptl: Fix racy pipe closing in tst-cancel{20,21}

From: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
To: libc-alpha at sourceware dot org
Date: Wed, 14 Oct 2015 16:03:15 -0300
Subject: [PATCH] nptl: Fix racy pipe closing in tst-cancel{20,21}
Authentication-results: sourceware.org; auth=none

The tst-cancel20 open two pipes and creates a thread which blocks
reading the first pipe.  It then issues a signal to activate an
handler which also blocks reading the second pipe.  Finally the
cancellation cleanup-up handlers are tested by first closing the
all the pipe ends and issuing a pthread_cancel. The tst-cancel21 
have a similar behavior, but use an extra fork after the test itself.

The race condition occurs if the cancellation handling acts after the
pipe close: in this case read will return EOF (indicating side-effects)
and thus the cancellation must not act.  However current GLIBC
cancellation behavior acts regardless the syscalls returns with
sid-effects.

This patch adjust the test by moving the pipe closing after the
cancellation handling.  This avoid spurious cancellation for the
case described.

Checked on x86_64 and i386.

	* nptl/tst-cancel20.c (do_one_test): Move the pipe closing after
	pthread_join.
	* nptl/tst-cancel21.c (tf): Likewise.
---
 ChangeLog           |  6 ++++++
 nptl/tst-cancel20.c | 15 +++++++++------
 nptl/tst-cancel21.c | 15 +++++++++------
 3 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/nptl/tst-cancel20.c b/nptl/tst-cancel20.c
index 51b558e..91452fb 100644
--- a/nptl/tst-cancel20.c
+++ b/nptl/tst-cancel20.c
@@ -145,12 +145,6 @@ do_one_test (void)
       return 1;
     }
 
-  /* This will cause the read in the child to return.  */
-  close (fd[0]);
-  close (fd[1]);
-  close (fd[2]);
-  close (fd[3]);
-
   void *ret;
   if (pthread_join (th, &ret) != 0)
     {
@@ -170,6 +164,15 @@ do_one_test (void)
       return 1;
     }
 
+  /* The pipe closing must be issued after the cancellation handling to avoid
+     a race condition where the cancellation runs after both pipe ends are
+     closed.  In this case the read syscall returns EOF and the cancellation
+     must not act.  */
+  close (fd[0]);
+  close (fd[1]);
+  close (fd[2]);
+  close (fd[3]);
+
   return 0;
 }
 
diff --git a/nptl/tst-cancel21.c b/nptl/tst-cancel21.c
index b54f236..d082776 100644
--- a/nptl/tst-cancel21.c
+++ b/nptl/tst-cancel21.c
@@ -123,12 +123,6 @@ tf (void *arg)
       exit (1);
     }
 
-  /* This will cause the read in the initial thread to return.  */
-  close (fd[0]);
-  close (fd[1]);
-  close (fd[2]);
-  close (fd[3]);
-
   void *ret;
   if (pthread_join (th, &ret) != 0)
     {
@@ -154,6 +148,15 @@ tf (void *arg)
       exit (1);
     }
 
+  /* The pipe closing must be issued after the cancellation handling to avoid
+     a race condition where the cancellation runs after both pipe ends are
+     closed.  In this case the read syscall returns EOF and the cancellation
+     must not act.  */
+  close (fd[0]);
+  close (fd[1]);
+  close (fd[2]);
+  close (fd[3]);
+
   exit (0);
 }
 
-- 
1.9.1

Follow-Ups:
- Re: [PATCH] nptl: Fix racy pipe closing in tst-cancel{20,21}
  - From: Rich Felker

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]