* Race observed in if_nametoindex function (not MT-Safe)
@ 2021-09-13 14:13 pgowda cve
2021-09-19 12:46 ` Adhemerval Zanella
0 siblings, 1 reply; 2+ messages in thread
From: pgowda cve @ 2021-09-13 14:13 UTC (permalink / raw)
To: libc-help
Hi,
The race and assert-triggering was observed in if_nametoindex function.
It calls __opensock, which contains two static variables (last_type,
last_family)
that can race, triggering an assert on line 63 of opensock.c.
The variables are set in the reverse order to which they are checked.
Since there is no synchronization between these variables, should the function
not be made MT-Safe.
The patch was originally posted at:-
https://sourceware.org/pipermail/libc-alpha/2014-January/048052.html
It mentions the function as MT-Safe but race was observed.
We may need a memory barrier (atomic_[read|write]_barrier() ? ) to
ensure that the
compiler doesn't re-order assembly instructions and has last_family be
set before last_type.
Environment
Observed during a system restart when the processes start up and
software calls if_nametoindex from multiple threads.
GLIBC was dynamically Linked.
Regards,
pgowda
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Race observed in if_nametoindex function (not MT-Safe)
2021-09-13 14:13 Race observed in if_nametoindex function (not MT-Safe) pgowda cve
@ 2021-09-19 12:46 ` Adhemerval Zanella
0 siblings, 0 replies; 2+ messages in thread
From: Adhemerval Zanella @ 2021-09-19 12:46 UTC (permalink / raw)
To: pgowda cve; +Cc: Adhemerval Zanella via Libc-help
On Mon, Sep 13, 2021 at 11:15 AM pgowda cve via Libc-help
<libc-help@sourceware.org> wrote:
>
> Hi,
>
> The race and assert-triggering was observed in if_nametoindex function.
> It calls __opensock, which contains two static variables (last_type,
> last_family)
> that can race, triggering an assert on line 63 of opensock.c.
> The variables are set in the reverse order to which they are checked.
> Since there is no synchronization between these variables, should the function
> not be made MT-Safe.
>
> The patch was originally posted at:-
> https://sourceware.org/pipermail/libc-alpha/2014-January/048052.html
> It mentions the function as MT-Safe but race was observed.
>
> We may need a memory barrier (atomic_[read|write]_barrier() ? ) to
> ensure that the
> compiler doesn't re-order assembly instructions and has last_family be
> set before last_type.
>
> Environment
> Observed during a system restart when the processes start up and
> software calls if_nametoindex from multiple threads.
> GLIBC was dynamically Linked.
>
> Regards,
> pgowda
I agree, I haved opened
https://sourceware.org/bugzilla/show_bug.cgi?id=28353 to track it.
Thanks for reporting it.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-09-19 12:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-13 14:13 Race observed in if_nametoindex function (not MT-Safe) pgowda cve
2021-09-19 12:46 ` Adhemerval Zanella
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).