public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug nscd/5381] New: nscd: Race condition of mempool_alloc() .. cache_add() and gc()
@ 2007-11-21 4:58 pasky at suse dot cz
2007-11-21 4:59 ` [Bug nscd/5381] " pasky at suse dot cz
` (9 more replies)
0 siblings, 10 replies; 11+ messages in thread
From: pasky at suse dot cz @ 2007-11-21 4:58 UTC (permalink / raw)
To: glibc-bugs
nscd does not use sufficient locking, allowing gc() to be run between
mempool_alloc() of data and its addition by cache_add(). Thus, gc() will free
the data again before it could have been added and properly accounted for. The
code should take the read database lock already before the mempool_alloc() call.
--
Summary: nscd: Race condition of mempool_alloc() .. cache_add()
and gc()
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: nscd
AssignedTo: drepper at redhat dot com
ReportedBy: pasky at suse dot cz
CC: glibc-bugs at sources dot redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=5381
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug nscd/5381] nscd: Race condition of mempool_alloc() .. cache_add() and gc()
2007-11-21 4:58 [Bug nscd/5381] New: nscd: Race condition of mempool_alloc() .. cache_add() and gc() pasky at suse dot cz
@ 2007-11-21 4:59 ` pasky at suse dot cz
2007-12-15 9:39 ` ismail at pardus dot org dot tr
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: pasky at suse dot cz @ 2007-11-21 4:59 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From pasky at suse dot cz 2007-11-21 04:58 -------
Created an attachment (id=2103)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=2103&action=view)
Proposed patch
--
http://sourceware.org/bugzilla/show_bug.cgi?id=5381
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug nscd/5381] nscd: Race condition of mempool_alloc() .. cache_add() and gc()
2007-11-21 4:58 [Bug nscd/5381] New: nscd: Race condition of mempool_alloc() .. cache_add() and gc() pasky at suse dot cz
2007-11-21 4:59 ` [Bug nscd/5381] " pasky at suse dot cz
@ 2007-12-15 9:39 ` ismail at pardus dot org dot tr
2008-04-19 17:36 ` drepper at redhat dot com
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: ismail at pardus dot org dot tr @ 2007-12-15 9:39 UTC (permalink / raw)
To: glibc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
CC| |ismail at pardus dot org dot
| |tr
http://sourceware.org/bugzilla/show_bug.cgi?id=5381
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug nscd/5381] nscd: Race condition of mempool_alloc() .. cache_add() and gc()
2007-11-21 4:58 [Bug nscd/5381] New: nscd: Race condition of mempool_alloc() .. cache_add() and gc() pasky at suse dot cz
2007-11-21 4:59 ` [Bug nscd/5381] " pasky at suse dot cz
2007-12-15 9:39 ` ismail at pardus dot org dot tr
@ 2008-04-19 17:36 ` drepper at redhat dot com
2008-11-22 11:09 ` pasky at suse dot cz
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: drepper at redhat dot com @ 2008-04-19 17:36 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2008-04-19 17:36 -------
Should be fixed in cvs on the trunk. No with the patch here which, if correct
at all, is a terrible performance burden.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
http://sourceware.org/bugzilla/show_bug.cgi?id=5381
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug nscd/5381] nscd: Race condition of mempool_alloc() .. cache_add() and gc()
2007-11-21 4:58 [Bug nscd/5381] New: nscd: Race condition of mempool_alloc() .. cache_add() and gc() pasky at suse dot cz
` (2 preceding siblings ...)
2008-04-19 17:36 ` drepper at redhat dot com
@ 2008-11-22 11:09 ` pasky at suse dot cz
2008-11-26 13:41 ` pasky at suse dot cz
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: pasky at suse dot cz @ 2008-11-22 11:09 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From pasky at suse dot cz 2008-11-22 11:08 -------
The current fix is not really working at all, since the mem_in_flight_list
checking in gc() is incomplete. You do mark these areas as used during garbage
collect, but then if you actually hit them, you do not handle the case at all,
since you assume you always hit either hash entry or data.
We cannot move a mem_in_flight_list entry around since we use the pointers in
the cacheadd routines. Options:
(i) Cover the cacheadd routines with wider-span locks
(ii) Break the shifts on such an entry:
moves->size = off_alloc - off_alloc_start
off_free = off_allocend
disp = 0
I still think the (i) is simpler, but even (ii) should be ok, since typically,
the mem_in_flight entries will be at the top of the garbage-collected area and
thus on the next garbage collect we will shake them down.
I didn't have time to come up with an actual patch yet, I will do that next week
unless you beat me to it (or point out any mistake).
--
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |
http://sourceware.org/bugzilla/show_bug.cgi?id=5381
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug nscd/5381] nscd: Race condition of mempool_alloc() .. cache_add() and gc()
2007-11-21 4:58 [Bug nscd/5381] New: nscd: Race condition of mempool_alloc() .. cache_add() and gc() pasky at suse dot cz
` (3 preceding siblings ...)
2008-11-22 11:09 ` pasky at suse dot cz
@ 2008-11-26 13:41 ` pasky at suse dot cz
2008-11-26 13:42 ` pasky at suse dot cz
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: pasky at suse dot cz @ 2008-11-26 13:41 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From pasky at suse dot cz 2008-11-26 13:40 -------
Created an attachment (id=3078)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=3078&action=view)
proposed patch #2
This is a proposed patch; currently, it seems to work fine - we have one
reported crash in nscd, but I don't think it is related so far.
This is a very simple approach - in theory, there could be a "gap area" near
the top of the database that could grow indefinitely across gc() calls if
_every_ gc() call would happen while there is some memory in flight, but based
on my real-world nscd observations, I don't think this is realistic scenario
even with very busy nscd; if your experience is different, we can go for a more
complex patch that makes mempool_alloc() try to fit data into this gap area.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=5381
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug nscd/5381] nscd: Race condition of mempool_alloc() .. cache_add() and gc()
2007-11-21 4:58 [Bug nscd/5381] New: nscd: Race condition of mempool_alloc() .. cache_add() and gc() pasky at suse dot cz
` (4 preceding siblings ...)
2008-11-26 13:41 ` pasky at suse dot cz
@ 2008-11-26 13:42 ` pasky at suse dot cz
2008-11-26 16:12 ` drepper at redhat dot com
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: pasky at suse dot cz @ 2008-11-26 13:42 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From pasky at suse dot cz 2008-11-26 13:41 -------
Sorry, the date in the changelog entry should be 2008-11-26 instead of -13.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=5381
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug nscd/5381] nscd: Race condition of mempool_alloc() .. cache_add() and gc()
2007-11-21 4:58 [Bug nscd/5381] New: nscd: Race condition of mempool_alloc() .. cache_add() and gc() pasky at suse dot cz
` (5 preceding siblings ...)
2008-11-26 13:42 ` pasky at suse dot cz
@ 2008-11-26 16:12 ` drepper at redhat dot com
2008-11-26 21:51 ` pasky at suse dot cz
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: drepper at redhat dot com @ 2008-11-26 16:12 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2008-11-26 16:11 -------
You haven't explained in the slightest where you _think_ there is a problem.
I'm not even going to look at the patch until you explain the perceived problem
in detail.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |WAITING
http://sourceware.org/bugzilla/show_bug.cgi?id=5381
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug nscd/5381] nscd: Race condition of mempool_alloc() .. cache_add() and gc()
2007-11-21 4:58 [Bug nscd/5381] New: nscd: Race condition of mempool_alloc() .. cache_add() and gc() pasky at suse dot cz
` (6 preceding siblings ...)
2008-11-26 16:12 ` drepper at redhat dot com
@ 2008-11-26 21:51 ` pasky at suse dot cz
2009-01-16 15:37 ` pasky at suse dot cz
2009-02-13 20:37 ` drepper at redhat dot com
9 siblings, 0 replies; 11+ messages in thread
From: pasky at suse dot cz @ 2008-11-26 21:51 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From pasky at suse dot cz 2008-11-26 21:50 -------
Memory in flight is tracked but not taken into account when relocating data in
gc(). I don't know what do you want me to add to my comment #3.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|WAITING |NEW
http://sourceware.org/bugzilla/show_bug.cgi?id=5381
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug nscd/5381] nscd: Race condition of mempool_alloc() .. cache_add() and gc()
2007-11-21 4:58 [Bug nscd/5381] New: nscd: Race condition of mempool_alloc() .. cache_add() and gc() pasky at suse dot cz
` (7 preceding siblings ...)
2008-11-26 21:51 ` pasky at suse dot cz
@ 2009-01-16 15:37 ` pasky at suse dot cz
2009-02-13 20:37 ` drepper at redhat dot com
9 siblings, 0 replies; 11+ messages in thread
From: pasky at suse dot cz @ 2009-01-16 15:37 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From pasky at suse dot cz 2009-01-16 15:37 -------
*** Bug 9746 has been marked as a duplicate of this bug. ***
--
What |Removed |Added
----------------------------------------------------------------------------
CC| |j-nomura at ce dot jp dot
| |nec dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=5381
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug nscd/5381] nscd: Race condition of mempool_alloc() .. cache_add() and gc()
2007-11-21 4:58 [Bug nscd/5381] New: nscd: Race condition of mempool_alloc() .. cache_add() and gc() pasky at suse dot cz
` (8 preceding siblings ...)
2009-01-16 15:37 ` pasky at suse dot cz
@ 2009-02-13 20:37 ` drepper at redhat dot com
9 siblings, 0 replies; 11+ messages in thread
From: drepper at redhat dot com @ 2009-02-13 20:37 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2009-02-13 20:36 -------
I made more changes to the code in cvs.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
http://sourceware.org/bugzilla/show_bug.cgi?id=5381
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2009-02-13 20:37 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-11-21 4:58 [Bug nscd/5381] New: nscd: Race condition of mempool_alloc() .. cache_add() and gc() pasky at suse dot cz
2007-11-21 4:59 ` [Bug nscd/5381] " pasky at suse dot cz
2007-12-15 9:39 ` ismail at pardus dot org dot tr
2008-04-19 17:36 ` drepper at redhat dot com
2008-11-22 11:09 ` pasky at suse dot cz
2008-11-26 13:41 ` pasky at suse dot cz
2008-11-26 13:42 ` pasky at suse dot cz
2008-11-26 16:12 ` drepper at redhat dot com
2008-11-26 21:51 ` pasky at suse dot cz
2009-01-16 15:37 ` pasky at suse dot cz
2009-02-13 20:37 ` drepper at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).