From: Adhemerval Zanella via Libc-alpha <libc-alpha@sourceware.org>
To: Florian Weimer <fweimer@redhat.com>
Cc: libc-alpha@sourceware.org
Subject: Re: [PATCH v2 04/19] nptl: Do not use pthread set_tid_address as state synchronization (BZ #19951)
Date: Thu, 26 Aug 2021 13:16:04 -0300 [thread overview]
Message-ID: <8719cf82-e68a-402a-f019-174f5602251c@linaro.org> (raw)
In-Reply-To: <87zgt4454x.fsf@oldenburg.str.redhat.com>
On 26/08/2021 12:06, Florian Weimer wrote:
> * Adhemerval Zanella:
>
>>>> The race condition on pthread_detach is avoided with only one atomic
>>>> operation on PD state: once the mode is set to THREAD_STATE_DETACHED
>>>> it is up to thread itself to deallocate its memory (done on the exit
>>>> phase at pthread_create()).
>>>
>>> See above regarding thread self-deallocation.
>>>
>>> The design as described above looks sound to me, those are just nits.
>>
>> Right, should I change this paragraph as well (it is not clear the
>> suggestion here).
>
> Maybe “up to [the] thread itself to [trigger deallocation of] its memory”?
Ack.
>
>>>> diff --git a/nptl/pthread_create.c b/nptl/pthread_create.c
>>>> index 08e5189ad6..763e32bc3e 100644
>>>> --- a/nptl/pthread_create.c
>>>> +++ b/nptl/pthread_create.c
>>>> @@ -286,7 +286,7 @@ static int create_thread (struct pthread *pd,
>>>> const struct
>>>> @@ -351,13 +351,16 @@ start_thread (void *arg)
>>>> and free any resource prior return to the pthread_create caller. */
>>>> setup_failed = pd->setup_failed == 1;
>>>> if (setup_failed)
>>>> - pd->joinid = NULL;
>>>> + pd->joinstate = THREAD_STATE_JOINABLE;
>>>>
>>>> /* And give it up right away. */
>>>> lll_unlock (pd->lock, LLL_PRIVATE);
>>>>
>>>> if (setup_failed)
>>>> - goto out;
>>>> + {
>>>> + pd->tid = 0;
>>>> + goto out;
>>>> + }
>>>> }
>>>
>>> What's the advantage of setting pd->tid here and below in start_thread?
>>
>> We don't really need to clear the tid on setup_failed case in fact, since
>> in this case no pthread_t will be returned to caller. I remove it.
>
> What about the change in start_thread?
>
> The subsequent changes look at the tid member, but they could equally
> well look at joinstate, I think.
My understanding it we still need to clear the tid member to avoid the
unintentional usage, since kernel will clear it anymore. For instance
on pthread_kill() (or any other usage), there is still an windows
where the joinstate test and the tid read might result in an invalid
value (either a tid reuse or an invalid value).
>
>
>>> I think you need a strong CAS here. We don't have, so you'll have to
>>> add a loop.
>>
>> Yeah, it seems right. I changed to:
>>
>> unsigned int prevstate;
>> while (!atomic_compare_exchange_weak_acquire (&pd->joinstate, &prevstate,
>> THREAD_STATE_EXITING))
>> prevstate = atomic_load_relaxed (&pd->joinstate);
>
> Isn't prevstate uninitialized? Why no do-while loop?
It is, I have changed to:
unsigned int prevstate;
do
prevstate = atomic_load_relaxed (&pd->joinstate);
while (!atomic_compare_exchange_weak_acquire (&pd->joinstate, &prevstate,
THREAD_STATE_EXITING));
>
>>> pthread_tryjoin_np on a thread which is THREAD_STATE_DETACHED is
>>> invalid, so that case doesn't matter, I think.
>>
>> I changed the comment to:
>>
>> /* The joinable state (THREAD_STATE_JOINABLE) is straigthforward since the
>> thread hasn't finished yet and trying to join might block.
>> The exiting thread (THREAD_STATE_EXITING) also mgith result in ablocking
>> call: a detached thread might change its state to exiting and a exiting
>> thread my take some time to exit (and thus let the kernel set the state
>> to THREAD_STATE_EXITED). */
>
> Typo: mgith
Ack.
>
> Rest looks okay to me.
>
>>>> diff --git a/sysdeps/pthread/tst-thrd-detach.c b/sysdeps/pthread/tst-thrd-detach.c
>>>> index c844767748..e1906a0e10 100644
>>>> --- a/sysdeps/pthread/tst-thrd-detach.c
>>>> +++ b/sysdeps/pthread/tst-thrd-detach.c
>>>
>>>> - if (thrd_join (id, NULL) == thrd_success)
>>>> - FAIL_EXIT1 ("thrd_join succeed where it should fail");
>>>> + TEST_COMPARE (thrd_join (id, NULL), thrd_error);
>>>
>>> This is still a user-after-free bug, right?
>>
>> Indeed, I think it would be better to just remove this test.
>
> Agreed.
>
> Thanks,
> Florian
>
next prev parent reply other threads:[~2021-08-26 16:16 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-23 19:50 [PATCH v2 00/19] Fix various NPTL synchronization issues Adhemerval Zanella via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 01/19] nptl: Fix tst-cancel7 and tst-cancelx7 race condition (BZ #14232) Adhemerval Zanella via Libc-alpha
2021-08-26 9:33 ` Florian Weimer via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 02/19] nptl: Set cancellation type and state on pthread_exit Adhemerval Zanella via Libc-alpha
2021-08-26 9:38 ` Florian Weimer via Libc-alpha
2021-08-26 9:42 ` Florian Weimer via Libc-alpha
2021-08-26 11:56 ` Adhemerval Zanella via Libc-alpha
2021-08-26 11:52 ` Adhemerval Zanella via Libc-alpha
2021-08-26 12:08 ` Florian Weimer via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 03/19] nptl: Handle robust PI mutexes for !__ASSUME_SET_ROBUST_LIST Adhemerval Zanella via Libc-alpha
2021-08-26 9:42 ` Florian Weimer via Libc-alpha
2021-08-26 12:14 ` Adhemerval Zanella via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 04/19] nptl: Do not use pthread set_tid_address as state synchronization (BZ #19951) Adhemerval Zanella via Libc-alpha
2021-08-26 10:41 ` Florian Weimer via Libc-alpha
2021-08-26 14:58 ` Adhemerval Zanella via Libc-alpha
2021-08-26 15:06 ` Florian Weimer via Libc-alpha
2021-08-26 16:16 ` Adhemerval Zanella via Libc-alpha [this message]
2021-08-30 10:42 ` Florian Weimer via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 05/19] nptl: Move setxid flag out of cancelhandling Adhemerval Zanella via Libc-alpha
2021-08-26 11:34 ` Florian Weimer via Libc-alpha
2021-08-26 15:11 ` Adhemerval Zanella via Libc-alpha
2021-08-26 15:21 ` Florian Weimer via Libc-alpha
2021-08-26 16:39 ` Adhemerval Zanella via Libc-alpha
2021-08-30 11:27 ` Florian Weimer via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 06/19] nptl: Replace struct thread cancelhandling field Adhemerval Zanella via Libc-alpha
2021-08-26 14:34 ` Florian Weimer via Libc-alpha
2021-08-26 16:48 ` Adhemerval Zanella via Libc-alpha
2021-08-30 10:36 ` Florian Weimer via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 07/19] support: Add support_wait_for_thread_exit Adhemerval Zanella via Libc-alpha
2021-08-26 9:31 ` Florian Weimer via Libc-alpha
2021-08-26 16:49 ` Adhemerval Zanella via Libc-alpha
2021-08-30 11:46 ` Florian Weimer via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 08/19] nptl: pthread_kill, pthread_cancel should fail after exit (bug 19193) Adhemerval Zanella via Libc-alpha
2021-08-26 10:03 ` Florian Weimer via Libc-alpha
2021-08-26 16:49 ` Adhemerval Zanella via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 09/19] nptl: Fix race between pthread_kill and thread exit (bug 12889) Adhemerval Zanella via Libc-alpha
2021-08-26 14:23 ` Florian Weimer via Libc-alpha
2021-08-26 17:06 ` Adhemerval Zanella via Libc-alpha
2021-08-30 9:25 ` Florian Weimer via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 10/19] nptl: Use tidlock when accessing TID on pthread_getaffinity_np Adhemerval Zanella via Libc-alpha
2021-08-26 14:24 ` Florian Weimer via Libc-alpha
2021-08-26 17:29 ` Adhemerval Zanella via Libc-alpha
2021-08-30 9:30 ` Florian Weimer via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 11/19] nptl: Use tidlock when accessing TID on pthread_setaffinity Adhemerval Zanella via Libc-alpha
2021-08-26 14:25 ` Florian Weimer via Libc-alpha
2021-08-26 17:31 ` Adhemerval Zanella via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 12/19] nptl: Use tidlock when accessing TID on pthread_getcpuclockid Adhemerval Zanella via Libc-alpha
2021-08-26 14:27 ` Florian Weimer via Libc-alpha
2021-08-26 17:41 ` Adhemerval Zanella via Libc-alpha
2021-08-30 9:34 ` Florian Weimer via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 13/19] nptl: Use tidlock when accessing TID on pthread_getschedparam Adhemerval Zanella via Libc-alpha
2021-08-26 15:00 ` Florian Weimer via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 14/19] nptl: Use tidlock when accessing TID on pthread_setschedparam Adhemerval Zanella via Libc-alpha
2021-08-26 14:35 ` Florian Weimer via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 15/19] nptl: Use tidlock when accessing TID on pthread_getname_np Adhemerval Zanella via Libc-alpha
2021-08-26 14:38 ` Florian Weimer via Libc-alpha
2021-08-26 17:45 ` Adhemerval Zanella via Libc-alpha
2021-08-30 9:37 ` Florian Weimer via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 16/19] nptl: Use tidlock when accessing TID on pthread_setname_np Adhemerval Zanella via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 17/19] nptl: Use tidlock when accessing TID on pthread_sigqueue Adhemerval Zanella via Libc-alpha
2021-08-26 14:43 ` Florian Weimer via Libc-alpha
2021-08-26 17:49 ` Adhemerval Zanella via Libc-alpha
2021-08-30 9:26 ` Florian Weimer via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 18/19] nptl: Use tidlock when accessing TID on pthread_setschedprio Adhemerval Zanella via Libc-alpha
2021-08-23 19:50 ` [PATCH v2 19/19] nptl: Remove INVALID_TD_P Adhemerval Zanella via Libc-alpha
2021-08-26 9:30 ` Florian Weimer via Libc-alpha
2021-08-26 14:47 ` [PATCH v2 00/19] Fix various NPTL synchronization issues Florian Weimer via Libc-alpha
2021-08-26 18:19 ` Adhemerval Zanella via Libc-alpha
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/libc/involved.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8719cf82-e68a-402a-f019-174f5602251c@linaro.org \
--to=libc-alpha@sourceware.org \
--cc=adhemerval.zanella@linaro.org \
--cc=fweimer@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).