public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug nptl/25765] New: Incorrect futex syscall in __pthread_disable_asynccancel for linux x86_64 leads to livelock @ 2020-04-02 12:08 martin.lubich at gmx dot at 2020-04-02 12:22 ` [Bug nptl/25765] " adhemerval.zanella at linaro dot org ` (4 more replies) 0 siblings, 5 replies; 6+ messages in thread From: martin.lubich at gmx dot at @ 2020-04-02 12:08 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=25765 Bug ID: 25765 Summary: Incorrect futex syscall in __pthread_disable_asynccancel for linux x86_64 leads to livelock Product: glibc Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: nptl Assignee: unassigned at sourceware dot org Reporter: martin.lubich at gmx dot at CC: drepper.fsp at gmail dot com Target Milestone: --- Created attachment 12422 --> https://sourceware.org/bugzilla/attachment.cgi?id=12422&action=edit Example code to reproduce and trigger the bug There is a bug in the x86_64 specific implementation of __pthread_disable_asynccancel. When detecting an ongoing thread cancellation (CANCELLING_BITMASK) the code tries to block on a futex based on the cancellation member of the thread structure. The generic c-code in nptl/cancellation.c does this in a correct way. The specific implemention in sysdeps/unix/sysv/linux/x86_64/cancellation.S has an error in setting up the futex syscall. The 3rd parameter ( the value against which the kernel futex code checks ) is not set (edx register) i.e. edx is not in a defined state and thus typically the futex call will return immediately with EAGAIN. This leads to an endless loop. If the looping thread has a higher RT priority than the cancelling thread, the loop will go on forever, consuming all CPU cycles there are. In case of RT threads, this will also cause complete system freezes. If have attached a simple test which will show the problem after some time. This is a patch which fixes the problem. The patch is based on a glibc 2.27, but the bug is still present in the actual version 2.31. as well as the actual developmemt version. --------------- snip ---------------------------- diff -Naur glibc-2.27/sysdeps/unix/sysv/linux/x86_64/cancellation.S glibc-2.27_patched/sysdeps/unix/sysv/linux/x86_64/cancellation.S --- glibc-2.27/sysdeps/unix/sysv/linux/x86_64/cancellation.S 2018-02-01 17:17:18.000000000 +0100 +++ glibc-2.27_patched/sysdeps/unix/sysv/linux/x86_64/cancellation.S 2020-04-02 12:08:02.712851151 +0200 @@ -95,8 +95,8 @@ cmpxchgl %r11d, %fs:CANCELHANDLING jnz 2b - movl %r11d, %eax -3: andl $(TCB_CANCELING_BITMASK|TCB_CANCELED_BITMASK), %eax +3: movl %r11d, %eax + andl $(TCB_CANCELING_BITMASK|TCB_CANCELED_BITMASK), %eax cmpl $TCB_CANCELING_BITMASK, %eax je 4f 1: ret @@ -104,12 +104,13 @@ /* Performance doesn't matter in this loop. We will delay until the thread is canceled. And we will unlikely enter the loop twice. */ -4: mov %fs:0, %RDI_LP +4: movl %r11d, %edx + mov %fs:0, %RDI_LP movl $__NR_futex, %eax xorq %r10, %r10 addq $CANCELHANDLING, %rdi LOAD_PRIVATE_FUTEX_WAIT (%esi) syscall - movl %fs:CANCELHANDLING, %eax + movl %fs:CANCELHANDLING, %edx jmp 3b END(__pthread_disable_asynccancel) ------------------- snip --------------------------- This is a linux x86_64 specific bug. -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug nptl/25765] Incorrect futex syscall in __pthread_disable_asynccancel for linux x86_64 leads to livelock 2020-04-02 12:08 [Bug nptl/25765] New: Incorrect futex syscall in __pthread_disable_asynccancel for linux x86_64 leads to livelock martin.lubich at gmx dot at @ 2020-04-02 12:22 ` adhemerval.zanella at linaro dot org 2020-04-02 12:25 ` martin.lubich at gmx dot at ` (3 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: adhemerval.zanella at linaro dot org @ 2020-04-02 12:22 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=25765 Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |adhemerval.zanella at linaro dot o | |rg --- Comment #1 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> --- Thanks for the report, recently I submitted a patch to just remove all the x86_64 assembly (the cancellation syscalls are now only done by C implementation, so there is no need to use specialized assembly routines). -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug nptl/25765] Incorrect futex syscall in __pthread_disable_asynccancel for linux x86_64 leads to livelock 2020-04-02 12:08 [Bug nptl/25765] New: Incorrect futex syscall in __pthread_disable_asynccancel for linux x86_64 leads to livelock martin.lubich at gmx dot at 2020-04-02 12:22 ` [Bug nptl/25765] " adhemerval.zanella at linaro dot org @ 2020-04-02 12:25 ` martin.lubich at gmx dot at 2020-04-02 12:27 ` adhemerval.zanella at linaro dot org ` (2 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: martin.lubich at gmx dot at @ 2020-04-02 12:25 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=25765 --- Comment #2 from Martin Lubich <martin.lubich at gmx dot at> --- Thats interesting. Is this already in master ? -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug nptl/25765] Incorrect futex syscall in __pthread_disable_asynccancel for linux x86_64 leads to livelock 2020-04-02 12:08 [Bug nptl/25765] New: Incorrect futex syscall in __pthread_disable_asynccancel for linux x86_64 leads to livelock martin.lubich at gmx dot at 2020-04-02 12:22 ` [Bug nptl/25765] " adhemerval.zanella at linaro dot org 2020-04-02 12:25 ` martin.lubich at gmx dot at @ 2020-04-02 12:27 ` adhemerval.zanella at linaro dot org 2020-04-03 14:17 ` cvs-commit at gcc dot gnu.org 2020-04-03 14:36 ` adhemerval.zanella at linaro dot org 4 siblings, 0 replies; 6+ messages in thread From: adhemerval.zanella at linaro dot org @ 2020-04-02 12:27 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=25765 --- Comment #3 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> --- Unfortunately no, it is still in review. -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug nptl/25765] Incorrect futex syscall in __pthread_disable_asynccancel for linux x86_64 leads to livelock 2020-04-02 12:08 [Bug nptl/25765] New: Incorrect futex syscall in __pthread_disable_asynccancel for linux x86_64 leads to livelock martin.lubich at gmx dot at ` (2 preceding siblings ...) 2020-04-02 12:27 ` adhemerval.zanella at linaro dot org @ 2020-04-03 14:17 ` cvs-commit at gcc dot gnu.org 2020-04-03 14:36 ` adhemerval.zanella at linaro dot org 4 siblings, 0 replies; 6+ messages in thread From: cvs-commit at gcc dot gnu.org @ 2020-04-03 14:17 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=25765 --- Comment #4 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Adhemerval Zanella <azanella@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=17fd707f88c5531972c980a4f4567ba6c7f84067 commit 17fd707f88c5531972c980a4f4567ba6c7f84067 Author: Adhemerval Zanella <adhemerval.zanella@linaro.org> Date: Tue Mar 31 14:59:28 2020 -0300 nptl: Remove x86_64 cancellation assembly implementations [BZ #25765] All cancellable syscalls are done by C implementations, so there is no no need to use a specialized implementation to optimize register usage. It fixes BZ #25765. Checked on x86_64-linux-gnu. -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug nptl/25765] Incorrect futex syscall in __pthread_disable_asynccancel for linux x86_64 leads to livelock 2020-04-02 12:08 [Bug nptl/25765] New: Incorrect futex syscall in __pthread_disable_asynccancel for linux x86_64 leads to livelock martin.lubich at gmx dot at ` (3 preceding siblings ...) 2020-04-03 14:17 ` cvs-commit at gcc dot gnu.org @ 2020-04-03 14:36 ` adhemerval.zanella at linaro dot org 4 siblings, 0 replies; 6+ messages in thread From: adhemerval.zanella at linaro dot org @ 2020-04-03 14:36 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=25765 Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED Assignee|unassigned at sourceware dot org |adhemerval.zanella at linaro dot o | |rg Target Milestone|--- |2.32 --- Comment #5 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> --- Fixed on 2.32. -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-04-03 14:36 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-04-02 12:08 [Bug nptl/25765] New: Incorrect futex syscall in __pthread_disable_asynccancel for linux x86_64 leads to livelock martin.lubich at gmx dot at 2020-04-02 12:22 ` [Bug nptl/25765] " adhemerval.zanella at linaro dot org 2020-04-02 12:25 ` martin.lubich at gmx dot at 2020-04-02 12:27 ` adhemerval.zanella at linaro dot org 2020-04-03 14:17 ` cvs-commit at gcc dot gnu.org 2020-04-03 14:36 ` adhemerval.zanella at linaro dot org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).