NetBSD Problem Report #56428

From www@netbsd.org  Thu Sep 30 17:14:13 2021
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 592841A921F
	for <gnats-bugs@gnats.NetBSD.org>; Thu, 30 Sep 2021 17:14:13 +0000 (UTC)
Message-Id: <20210930171412.5EEC11A9239@mollari.NetBSD.org>
Date: Thu, 30 Sep 2021 17:14:12 +0000 (UTC)
From: clay.mayers@kioxia.com
Reply-To: clay.mayers@kioxia.com
To: gnats-bugs@NetBSD.org
Subject: recvfrom() is not a cancelation point as documented in pthread_setcanceltype.3
X-Send-Pr-Version: www-1.0

>Number:         56428
>Category:       lib
>Synopsis:       recvfrom() is not a cancelation point as documented in pthread_setcanceltype.3
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Sep 30 17:15:00 +0000 2021
>Originator:     Clay Mayers
>Release:        NetBSD 9.99.88
>Organization:
Kioxia
>Environment:
System: NetBSD arm64 9.99.88 NetBSD 9.99.88 (GENERIC64) #0: Fri Aug 13 21:04:44 UTC 2021 mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/evbarm/compile/GENERIC64 evbarm
Architecture: aarch64eb
Machine: evbarm
>Description:
When pthread cancel type is deferred and cancel is enabled, recvfrom() does not act like a cancelation point when entering or while executing.  If it is executing when pthread_cancel() is called, it returns -1 and sets errno to EINTR instead.  If pthread_cancel() was already called before recvfrom() is called, it will block.

You can see this in the disassembly that recvfrom() is simply a svc #0x1d with no checks of TLS for being canceled.

>How-To-Repeat:
#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <sys/socket.h>
#include <errno.h>

int gSock;

void * reader(void *unused)
{
   char buff[32];
   ssize_t ret;

   printf("Thread waiting for data\n");
   while (1)
   {
       // Fixed by adding a cancelation point.
       // pthread_testcancel();
       ret = recvfrom(gSock, buff, 16, 0, NULL, NULL);
       // recvfrom() returns -1/EINTR instead of canceling.
       if (ret == -1 && errno == EINTR)
          continue;
       break;
   }
   printf("reader exiting\n");
   return (void*) ret;
}

int main()
{
    pthread_t read_thread;
    void *ret;

    gSock = socket(PF_LOCAL, SOCK_DGRAM, 0);
    if (gSock < 0)
    {
        printf("Socket system call failed\n");
        return 1;
    }

    pthread_create(&read_thread, NULL, reader, NULL);

    printf("sleeping 2\n");
    sleep(2);
    printf("cancelled %d\n", pthread_cancel(read_thread));
    printf("joined %d\n", pthread_join(read_thread,&ret));
    printf("ret %p\n", ret);
    return 0;
}

arm64# gcc -pthread -g -o testit t.c
arm64# ./testit
sleeping 2
Thread waiting for data
cancelled 0

Uncomment call to pthread_testcancel() so there actually is a cancelation point
In the loop and it works.

arm64# ./testit
sleeping 2
Thread waiting for data
cancelled 0
joined 0
ret 0x1
arm64#

>Fix:
recvfrom() likely needs to test cancel before and after the sys call like read() does. The work around is have a cancelation point before recvfrom() and when it sets errno to EINTR.

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.