public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "bugdal at aerifal dot cx" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug nptl/12683] Race conditions in pthread cancellation Date: Mon, 13 Jan 2014 04:37:00 -0000 [thread overview] Message-ID: <bug-12683-131-kXtSUnqreR@http.sourceware.org/bugzilla/> (raw) In-Reply-To: <bug-12683-131@http.sourceware.org/bugzilla/> https://sourceware.org/bugzilla/show_bug.cgi?id=12683 --- Comment #16 from Rich Felker <bugdal at aerifal dot cx> --- There are several points at which the cancellation signal could arrive: 1. Before the final "testcancel" before the syscall is made. 2. Between the "testcancel" and the syscall. 3. While the syscall is blocked and no side effects have yet taken place. 4. While the syscall is blocked but with some side effects already having taken place (e.g. a partial read or write). 5. After the syscall has returned. You want to act on cancellation in cases 1-3 but not in case 4 or 5. Handling case 1 is of course trivial, since you're about to do a conditional branch based on whether the thread has received a cancellation request; nothing needs to be done in the signal handler (but it also wouldn't hurt to handle it from the signal handler). Case 2 can be caught by the signal handler determining that the saved program counter (from the ucontext_t) is in some address range beginning just before the "testcancel" and ending with the syscall instruction. The rest of the cases are the "tricky" part but it turns out they too are easy: Case 3: In this case, except for certain syscalls that ALWAYS fail with EINTR even for non-interrupting signals, the kernel will reset the program counter to point at the syscall instruction during signal handling, so that the syscall is restarted when the signal handler returns. So, from the signal handler's standpoint, this looks the same as case 2, and thus it's taken care of. Case 4: In this case, the kernel cannot restart the syscall; when it's interrupted by a signal, the kernel must cause the syscall to return with whatever partial result it obtained (e.g. partial read or write). In this case, the saved program counter points just after the syscall instruction, so the signal handler won't act on cancellation. Case 5: OK, I lied. This one is trivial too since the program counter is past the syscall instruction already. What about syscalls that fail with EINTR even when the signal handler is non-interrupting? In this case, the syscall wrapper code can just check the cancellation flag when the errno result is EINTR, and act on cancellation if it's set. Note that an exception needs to be made for close(), where EINTR should be treated as EINPROGRESS and thus not permit cancellation to take place. BTW, I should justify why the signal handler should be non-interrupting (SA_RESTART): if it weren't, you would risk causing spurious EINTR in programs not written to handle it, e.g. if the user incorrectly send signal 32/33 to the process or if pthread_cancel were called while cancellation is disabled in the target thread. The kernel folks have spent a great deal of effort getting rid of spurious EINTRs (which cause all sorts of ugly bugs) and it would be a shame to reintroduce them. Also it doesn't buy you anything moving the cancellation action to the EINTR check after the syscall returns; the same check in the signal handler that handles case 2 above also handles the case of restartable syscalls correctly, for free. -- You are receiving this mail because: You are on the CC list for the bug.
next prev parent reply other threads:[~2014-01-13 4:37 UTC|newest] Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top 2011-04-18 22:28 [Bug nptl/12683] New: " bugdal at aerifal dot cx 2011-04-18 22:35 ` [Bug nptl/12683] " bugdal at aerifal dot cx 2011-09-21 18:30 ` bugdal at aerifal dot cx 2012-04-29 2:56 ` bugdal at aerifal dot cx 2012-04-29 2:57 ` bugdal at aerifal dot cx 2012-09-22 23:13 ` bugdal at aerifal dot cx 2013-08-16 15:32 ` carlos at redhat dot com 2013-08-16 15:34 ` carlos at redhat dot com 2013-08-16 15:34 ` carlos at redhat dot com 2013-08-16 16:22 ` bugdal at aerifal dot cx 2013-08-16 16:59 ` carlos at redhat dot com 2013-08-16 17:14 ` bugdal at aerifal dot cx 2013-08-16 18:09 ` carlos at redhat dot com 2014-01-10 20:25 ` carlos at redhat dot com 2014-01-10 21:31 ` carlos at redhat dot com 2014-01-10 22:37 ` bugdal at aerifal dot cx 2014-01-12 18:31 ` carlos at redhat dot com 2014-01-12 23:55 ` bugdal at aerifal dot cx 2014-01-13 1:52 ` carlos at redhat dot com 2014-01-13 4:37 ` bugdal at aerifal dot cx [this message] 2014-01-14 14:51 ` carlos at redhat dot com 2014-02-16 19:42 ` jackie.rosen at hushmail dot com 2014-05-28 19:47 ` schwab at sourceware dot org 2014-05-28 19:47 ` schwab at sourceware dot org 2014-06-27 13:35 ` fweimer at redhat dot com 2014-07-19 18:44 ` sstewartgallus00 at mylangara dot bc.ca 2014-07-19 18:54 ` bugdal at aerifal dot cx 2014-07-20 18:15 ` sstewartgallus00 at mylangara dot bc.ca 2014-07-20 18:41 ` bugdal at aerifal dot cx 2014-08-19 14:08 ` azanella at linux dot vnet.ibm.com 2014-08-28 15:02 ` carlos at redhat dot com 2015-01-15 13:20 ` dan at censornet dot com 2015-01-15 13:31 ` bugdal at aerifal dot cx 2015-01-15 14:01 ` dan at censornet dot com 2020-06-08 14:04 ` fweimer at redhat dot com
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-12683-131-kXtSUnqreR@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).