public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug network/28566] New: getnameinfo with NI_NOFQDN is not thread safe
@ 2021-11-09 13:07 leonardo.macchia at gmail dot com
  2021-11-10  2:44 ` [Bug network/28566] " adhemerval.zanella at linaro dot org
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: leonardo.macchia at gmail dot com @ 2021-11-09 13:07 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=28566

            Bug ID: 28566
           Summary: getnameinfo with NI_NOFQDN is not thread safe
           Product: glibc
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: network
          Assignee: unassigned at sourceware dot org
          Reporter: leonardo.macchia at gmail dot com
  Target Milestone: ---

Created attachment 13770
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13770&action=edit
Reproducer and proposed patch

Context: using getnameinfo with NI_NOFQDN and calling some of them in threads

If getnameinfo is used with NI_NOFQDN, nrl_domainname (in
libc/inet/getnameinfo.c) is used to determine the local domain.

nlr_domainname uses not_first to check if the function has already been run
(and if the result, in static variable domain, has already been populated).

However not_first is set to 1 before domain is actually populated.

This means that further calls to getnameinfo (while the first call is still
trying to determine nlr_domainname) might believe that the domain is the empty
string.

The problem is easily reproduceable with getnameinfo_test2.c in attach (you
need to change ip="192.168.240.1" to an ip that would resolve to something that
has the domain of the server where you run it).

Example of a run (two threads that calls getnameinfo, then other two threads)
on a Linux Debian x86_64 (libc6 2.31-13+deb11u2):

First pair of threads:
1 -> host=server serv=0
2 -> host=server.yourdomain.org serv=0

Second pair of threads:
3 -> host=server serv=0
4 -> host=server serv=0

Thread 2 didn't chop "yourdomain.org" because getnameinfo believe the local
domain was the null string (thread 1 was still computing the domain name); any
further call to getnameinfo will be fine (thread 3 and 4 are fine) since the
domain has already been computed.

It seems that getnameinfo.patch (in the archive in attach) resolves the
problem.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Bug network/28566] getnameinfo with NI_NOFQDN is not thread safe
  2021-11-09 13:07 [Bug network/28566] New: getnameinfo with NI_NOFQDN is not thread safe leonardo.macchia at gmail dot com
@ 2021-11-10  2:44 ` adhemerval.zanella at linaro dot org
  2021-11-10  2:44 ` adhemerval.zanella at linaro dot org
  2022-03-08 15:54 ` adhemerval.zanella at linaro dot org
  2 siblings, 0 replies; 4+ messages in thread
From: adhemerval.zanella at linaro dot org @ 2021-11-10  2:44 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=28566

Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |adhemerval.zanella at linaro dot o
                   |                            |rg

--- Comment #1 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> ---
The first 'not_first' access outside the lock is definitly wrong, but I think
also your patch is incomplete because write on the variable without atomics is
not suffice (it might appear to work on architecture with more strict memory
ordering such as x86, but it is still not fully fix it for architecture with a
more weakly memory ordering such as arm or powerpc).

If a lock-free is really necessary, one option would be to proper use atomic on
'domain' and since is pointer size variable I think we can even remove the lock
(since atomicity is provided on all supported architectures).  However for
simplicity I think we should just use the already defined lock and remove the
'not_first' optimization.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Bug network/28566] getnameinfo with NI_NOFQDN is not thread safe
  2021-11-09 13:07 [Bug network/28566] New: getnameinfo with NI_NOFQDN is not thread safe leonardo.macchia at gmail dot com
  2021-11-10  2:44 ` [Bug network/28566] " adhemerval.zanella at linaro dot org
@ 2021-11-10  2:44 ` adhemerval.zanella at linaro dot org
  2022-03-08 15:54 ` adhemerval.zanella at linaro dot org
  2 siblings, 0 replies; 4+ messages in thread
From: adhemerval.zanella at linaro dot org @ 2021-11-10  2:44 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=28566

Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|unassigned at sourceware dot org   |adhemerval.zanella at linaro dot o
                   |                            |rg

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Bug network/28566] getnameinfo with NI_NOFQDN is not thread safe
  2021-11-09 13:07 [Bug network/28566] New: getnameinfo with NI_NOFQDN is not thread safe leonardo.macchia at gmail dot com
  2021-11-10  2:44 ` [Bug network/28566] " adhemerval.zanella at linaro dot org
  2021-11-10  2:44 ` adhemerval.zanella at linaro dot org
@ 2022-03-08 15:54 ` adhemerval.zanella at linaro dot org
  2 siblings, 0 replies; 4+ messages in thread
From: adhemerval.zanella at linaro dot org @ 2022-03-08 15:54 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=28566

Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
   Target Milestone|---                         |2.36
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #2 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> ---
Fixed on 2.36.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-03-08 15:54 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-09 13:07 [Bug network/28566] New: getnameinfo with NI_NOFQDN is not thread safe leonardo.macchia at gmail dot com
2021-11-10  2:44 ` [Bug network/28566] " adhemerval.zanella at linaro dot org
2021-11-10  2:44 ` adhemerval.zanella at linaro dot org
2022-03-08 15:54 ` adhemerval.zanella at linaro dot org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).