From: Tobias Burnus <burnus@net-b.de>
To: gcc-patches <gcc-patches@gcc.gnu.org>,
fortran <fortran@gcc.gnu.org>,
Jerry DeLisle <jvdelisle@charter.net>,
mscfd@gmx.net
Subject: Re: [Patch] Fortran: Fix libgfortran I/O race with newunit_free [PR99529]
Date: Thu, 11 Mar 2021 11:38:43 +0100 [thread overview]
Message-ID: <9b6fa121-a5ea-4d2c-9924-fcdfe7d6d560@net-b.de> (raw)
In-Reply-To: <bbc7dd2f-02e7-482b-2abf-5fa3e4f06b47@net-b.de>
[-- Attachment #1: Type: text/plain, Size: 961 bytes --]
Revised version – the previous had a lock inversion, which could lead to
a deadlock, found by -fsanitize=thread. See transfer.c for the changes.
OK?
Tobias
On 11.03.21 10:42, Tobias Burnus wrote:
> Hi all,
>
> as found by Martin (thanks!) there is a race for newunit_free.
> While that call is within the unitlock for the calls in io/unit.c,
> the call in transfer.c did not use locks.
>
> Additionally,
> unit = get_gfc_unit (dtp->common.unit, do_create);
> set_internal_unit (dtp, unit, kind);
> gets first the unit (with proper locking when using the unit number
> dtp->common.unit) but then in set_internal_unit it re-sets the
> unit number to the same number without locking. That causes
> race warnings and if the assignment is not atomic it is a true race.
>
> OK for mainline? What about GCC 10?
>
> As Martin notes in the email thread and in the PR there are more
> race warnings (and likely true race issues).
>
> Tobias
>
[-- Attachment #2: libgf-race-v2.diff --]
[-- Type: text/x-patch, Size: 3528 bytes --]
Fortran: Fix libgfortran I/O race with newunit_free [PR99529]
libgfortran/ChangeLog:
* io/transfer.c (st_read_done_worker, st_write_done_worker):
Call unlock_unit here, add unit_lock lock around newunit_free call.
(st_read_done, st_write_done): Only call unlock_unit when not
calling the worker function.
* io/unit.c (set_internal_unit): Don't reset the unit_number
to the same number as this cause race warnings.
diff --git a/libgfortran/io/transfer.c b/libgfortran/io/transfer.c
index 27bee9d4e01..71a935652e3 100644
--- a/libgfortran/io/transfer.c
+++ b/libgfortran/io/transfer.c
@@ -4339,6 +4339,7 @@ export_proto(st_read_done);
void
st_read_done_worker (st_parameter_dt *dtp)
{
+ bool free_newunit = false;
finalize_transfer (dtp);
free_ionml (dtp);
@@ -4358,7 +4359,7 @@ st_read_done_worker (st_parameter_dt *dtp)
free (dtp->u.p.current_unit->ls);
dtp->u.p.current_unit->ls = NULL;
}
- newunit_free (dtp->common.unit);
+ free_newunit = true;
}
if (dtp->u.p.unit_is_internal || dtp->u.p.format_not_saved)
{
@@ -4366,6 +4367,14 @@ st_read_done_worker (st_parameter_dt *dtp)
free_format (dtp);
}
}
+ unlock_unit (dtp->u.p.current_unit);
+ if (free_newunit)
+ {
+ /* Avoid inverse lock issues by placing after unlock_unit. */
+ LOCK (&unit_lock);
+ newunit_free (dtp->common.unit);
+ UNLOCK (&unit_lock);
+ }
}
void
@@ -4382,11 +4391,10 @@ st_read_done (st_parameter_dt *dtp)
if (dtp->u.p.async)
enqueue_done (dtp->u.p.current_unit->au, AIO_READ_DONE);
}
+ unlock_unit (dtp->u.p.current_unit);
}
else
- st_read_done_worker (dtp);
-
- unlock_unit (dtp->u.p.current_unit);
+ st_read_done_worker (dtp); /* Calls unlock_unit. */
}
library_end ();
@@ -4406,6 +4414,7 @@ st_write (st_parameter_dt *dtp)
void
st_write_done_worker (st_parameter_dt *dtp)
{
+ bool free_newunit = false;
finalize_transfer (dtp);
if (dtp->u.p.current_unit != NULL
@@ -4446,7 +4455,7 @@ st_write_done_worker (st_parameter_dt *dtp)
free (dtp->u.p.current_unit->ls);
dtp->u.p.current_unit->ls = NULL;
}
- newunit_free (dtp->common.unit);
+ free_newunit = true;
}
if (dtp->u.p.unit_is_internal || dtp->u.p.format_not_saved)
{
@@ -4454,6 +4463,14 @@ st_write_done_worker (st_parameter_dt *dtp)
free_format (dtp);
}
}
+ unlock_unit (dtp->u.p.current_unit);
+ if (free_newunit)
+ {
+ /* Avoid inverse lock issues by placing after unlock_unit. */
+ LOCK (&unit_lock);
+ newunit_free (dtp->common.unit);
+ UNLOCK (&unit_lock);
+ }
}
extern void st_write_done (st_parameter_dt *);
@@ -4476,11 +4493,10 @@ st_write_done (st_parameter_dt *dtp)
if (dtp->u.p.async)
enqueue_done (dtp->u.p.current_unit->au, AIO_WRITE_DONE);
}
+ unlock_unit (dtp->u.p.current_unit);
}
else
- st_write_done_worker (dtp);
-
- unlock_unit (dtp->u.p.current_unit);
+ st_write_done_worker (dtp); /* Calls unlock_unit. */
}
library_end ();
diff --git a/libgfortran/io/unit.c b/libgfortran/io/unit.c
index 2ea664331bc..b0cc6ab2301 100644
--- a/libgfortran/io/unit.c
+++ b/libgfortran/io/unit.c
@@ -456,7 +456,6 @@ set_internal_unit (st_parameter_dt *dtp, gfc_unit *iunit, int kind)
{
gfc_offset start_record = 0;
- iunit->unit_number = dtp->common.unit;
iunit->recl = dtp->internal_unit_len;
iunit->internal_unit = dtp->internal_unit;
iunit->internal_unit_len = dtp->internal_unit_len;
next prev parent reply other threads:[~2021-03-11 10:38 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-11 9:42 Tobias Burnus
2021-03-11 10:38 ` Tobias Burnus [this message]
2021-03-11 11:43 ` Martin Stein
2021-03-12 1:35 ` Jerry DeLisle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9b6fa121-a5ea-4d2c-9924-fcdfe7d6d560@net-b.de \
--to=burnus@net-b.de \
--cc=fortran@gcc.gnu.org \
--cc=gcc-patches@gcc.gnu.org \
--cc=jvdelisle@charter.net \
--cc=mscfd@gmx.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).