public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug nscd/30800] New: Improper assert in prune_cache triggers if clock jumps backwards
@ 2023-08-28 6:12 fweimer at redhat dot com
2023-08-28 6:13 ` [Bug nscd/30800] " fweimer at redhat dot com
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: fweimer at redhat dot com @ 2023-08-28 6:12 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30800
Bug ID: 30800
Summary: Improper assert in prune_cache triggers if clock jumps
backwards
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: nscd
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
CC: drepper.fsp at gmail dot com
Target Milestone: ---
Flags: security-
In struct datahead, there are two fields that control validity of the cache
entry, timeout and usable. These are not updated atomically at the same time,
yet in prune_cache, we have this code:
/* Check whether the entry timed out. */
if (dh->timeout < now)
{
…
}
else
{
assert (dh->usable);
next_timeout = MIN (next_timeout, dh->timeout);
}
This assumes that if an entry has not timed out yet, it is always usable. The
precise conditions under which entries become marked as not usable is still a
bit mysterious to me. One such source of invalidation is the pass through the
cache after start, to re-validate entries which have expired. If the date
associated with a key has changed, the old entry is marked as not usable.
I terminated nscd immediately after an entry was marked as unusable and set the
clock backwards, so that the timeout on the entry had no longer lapsed (but not
by an hour, so that nscd would still consider the cache file valid). This was
sufficient to trigger the assertion failure during the next time nscd started.
That's why I think we have a real bug here.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug nscd/30800] Improper assert in prune_cache triggers if clock jumps backwards
2023-08-28 6:12 [Bug nscd/30800] New: Improper assert in prune_cache triggers if clock jumps backwards fweimer at redhat dot com
@ 2023-08-28 6:13 ` fweimer at redhat dot com
2023-08-28 7:23 ` fweimer at redhat dot com
2023-08-29 7:38 ` fweimer at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: fweimer at redhat dot com @ 2023-08-28 6:13 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30800
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unassigned at sourceware dot org |fweimer at redhat dot com
See Also| |https://issues.redhat.com/b
| |rowse/RHEL-1192
Status|NEW |ASSIGNED
CC| |fweimer at redhat dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug nscd/30800] Improper assert in prune_cache triggers if clock jumps backwards
2023-08-28 6:12 [Bug nscd/30800] New: Improper assert in prune_cache triggers if clock jumps backwards fweimer at redhat dot com
2023-08-28 6:13 ` [Bug nscd/30800] " fweimer at redhat dot com
@ 2023-08-28 7:23 ` fweimer at redhat dot com
2023-08-29 7:38 ` fweimer at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: fweimer at redhat dot com @ 2023-08-28 7:23 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30800
--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
Patch posted:
[PATCH] nscd: Skip unusable entries in first pass in prune_cache (bug 30800)
<https://inbox.sourceware.org/libc-alpha/87o7iry6k6.fsf@oldenburg.str.redhat.com/T/#u>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug nscd/30800] Improper assert in prune_cache triggers if clock jumps backwards
2023-08-28 6:12 [Bug nscd/30800] New: Improper assert in prune_cache triggers if clock jumps backwards fweimer at redhat dot com
2023-08-28 6:13 ` [Bug nscd/30800] " fweimer at redhat dot com
2023-08-28 7:23 ` fweimer at redhat dot com
@ 2023-08-29 7:38 ` fweimer at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: fweimer at redhat dot com @ 2023-08-29 7:38 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30800
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Target Milestone|--- |2.39
Resolution|--- |FIXED
--- Comment #2 from Florian Weimer <fweimer at redhat dot com> ---
Fixed for 2.39 via:
commit c00b984fcd53f679ca2dafcd1aee2c89836e6e73
Author: Florian Weimer <fweimer@redhat.com>
Date: Tue Aug 29 08:28:31 2023 +0200
nscd: Skip unusable entries in first pass in prune_cache (bug 30800)
Previously, if an entry was marked unusable for any reason, but had
not timed out yet, the assert would trigger.
One way to get into such state is if a data change is detected during
re-validation of an entry. This causes the entry to be marked as not
usable. If exits nscd soon after that, then the clock jumps
backwards, and nscd restarted, the cache re-validation run after
startup triggers the removed assert.
The change is more complicated than just the removal of the assert
because entries marked as not usable should be garbage-collected in
the second pass. To make this happen, it is necessary to update some
book-keeping data.
Reviewed-by: DJ Delorie <dj@redhat.com>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-08-29 7:38 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-28 6:12 [Bug nscd/30800] New: Improper assert in prune_cache triggers if clock jumps backwards fweimer at redhat dot com
2023-08-28 6:13 ` [Bug nscd/30800] " fweimer at redhat dot com
2023-08-28 7:23 ` fweimer at redhat dot com
2023-08-29 7:38 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).