From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS17314 8.43.84.0/22 X-Spam-Status: No, score=-4.2 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 045941F8C6 for ; Thu, 26 Aug 2021 15:07:09 +0000 (UTC) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 2E6203858413 for ; Thu, 26 Aug 2021 15:07:08 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2E6203858413 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1629990428; bh=aKDinCpDfTugibxFFM7GwV2r9C/vGIObPBT0moiOP6c=; h=To:Subject:References:Date:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=WIIgFoAqk3cWJgh5+XzBJRH/c7kTuGMu0dNwD4o7FE816RcTYNk0EQk7hknJW3tOd 010WKW7+UvNp/2nnPeGjQjDY6sDg0KtOev4ecI4bfzJUhWbifHei7RxE94wOKzDyPN 6KF+glxXTfsrwBCOTwDfnwi2G+aiLELd73GwIOyI= Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTP id E1EEB3857C67 for ; Thu, 26 Aug 2021 15:06:43 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org E1EEB3857C67 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-120-vn-jJI18NQeSlKghr7xRkA-1; Thu, 26 Aug 2021 11:06:42 -0400 X-MC-Unique: vn-jJI18NQeSlKghr7xRkA-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 529691026218; Thu, 26 Aug 2021 15:06:41 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.39.194.140]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 79F9A69280; Thu, 26 Aug 2021 15:06:40 +0000 (UTC) To: Adhemerval Zanella Subject: Re: [PATCH v2 04/19] nptl: Do not use pthread set_tid_address as state synchronization (BZ #19951) References: <20210823195047.543237-1-adhemerval.zanella@linaro.org> <20210823195047.543237-5-adhemerval.zanella@linaro.org> <87y28o7ake.fsf@oldenburg.str.redhat.com> <1f026797-7be8-bf9d-323f-6ac7539752a1@linaro.org> Date: Thu, 26 Aug 2021 17:06:38 +0200 In-Reply-To: <1f026797-7be8-bf9d-323f-6ac7539752a1@linaro.org> (Adhemerval Zanella's message of "Thu, 26 Aug 2021 11:58:14 -0300") Message-ID: <87zgt4454x.fsf@oldenburg.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Florian Weimer via Libc-alpha Reply-To: Florian Weimer Cc: libc-alpha@sourceware.org Errors-To: libc-alpha-bounces+e=80x24.org@sourceware.org Sender: "Libc-alpha" * Adhemerval Zanella: >>> The race condition on pthread_detach is avoided with only one atomic >>> operation on PD state: once the mode is set to THREAD_STATE_DETACHED >>> it is up to thread itself to deallocate its memory (done on the exit >>> phase at pthread_create()). >>=20 >> See above regarding thread self-deallocation. >>=20 >> The design as described above looks sound to me, those are just nits. > > Right, should I change this paragraph as well (it is not clear the > suggestion here). Maybe =E2=80=9Cup to [the] thread itself to [trigger deallocation of] its m= emory=E2=80=9D? >>> diff --git a/nptl/pthread_create.c b/nptl/pthread_create.c >>> index 08e5189ad6..763e32bc3e 100644 >>> --- a/nptl/pthread_create.c >>> +++ b/nptl/pthread_create.c >>> @@ -286,7 +286,7 @@ static int create_thread (struct pthread *pd, >>> const struct >>> @@ -351,13 +351,16 @@ start_thread (void *arg) >>> and free any resource prior return to the pthread_create call= er. */ >>> setup_failed =3D pd->setup_failed =3D=3D 1; >>> if (setup_failed) >>> -=09pd->joinid =3D NULL; >>> +=09pd->joinstate =3D THREAD_STATE_JOINABLE; >>> =20 >>> /* And give it up right away. */ >>> lll_unlock (pd->lock, LLL_PRIVATE); >>> =20 >>> if (setup_failed) >>> -=09goto out; >>> +=09{ >>> +=09 pd->tid =3D 0; >>> +=09 goto out; >>> +=09} >>> } >>=20 >> What's the advantage of setting pd->tid here and below in start_thread? > > We don't really need to clear the tid on setup_failed case in fact, since > in this case no pthread_t will be returned to caller. I remove it. What about the change in start_thread? The subsequent changes look at the tid member, but they could equally well look at joinstate, I think. >> I think you need a strong CAS here. We don't have, so you'll have to >> add a loop. > > Yeah, it seems right. I changed to: > > unsigned int prevstate;=20 > while (!atomic_compare_exchange_weak_acquire (&pd->joinstate, &prevstat= e, > THREAD_STATE_EXITING)) > prevstate =3D atomic_load_relaxed (&pd->joinstate); Isn't prevstate uninitialized? Why no do-while loop? >> pthread_tryjoin_np on a thread which is THREAD_STATE_DETACHED is >> invalid, so that case doesn't matter, I think. > > I changed the comment to: > > /* The joinable state (THREAD_STATE_JOINABLE) is straigthforward since = the > thread hasn't finished yet and trying to join might block. > The exiting thread (THREAD_STATE_EXITING) also mgith result in abloc= king > call: a detached thread might change its state to exiting and a exit= ing > thread my take some time to exit (and thus let the kernel set the st= ate > to THREAD_STATE_EXITED). */ Typo: mgith Rest looks okay to me. >>> diff --git a/sysdeps/pthread/tst-thrd-detach.c b/sysdeps/pthread/tst-th= rd-detach.c >>> index c844767748..e1906a0e10 100644 >>> --- a/sysdeps/pthread/tst-thrd-detach.c >>> +++ b/sysdeps/pthread/tst-thrd-detach.c >>=20 >>> - if (thrd_join (id, NULL) =3D=3D thrd_success) >>> - FAIL_EXIT1 ("thrd_join succeed where it should fail"); >>> + TEST_COMPARE (thrd_join (id, NULL), thrd_error); >>=20 >> This is still a user-after-free bug, right? > > Indeed, I think it would be better to just remove this test. Agreed. Thanks, Florian