NetBSD Problem Report #56428

From  Thu Sep 30 17:14:13 2021
Return-Path: <>
Received: from ( [])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "", Issuer " CA" (not verified))
	by (Postfix) with ESMTPS id 592841A921F
	for <>; Thu, 30 Sep 2021 17:14:13 +0000 (UTC)
Message-Id: <>
Date: Thu, 30 Sep 2021 17:14:12 +0000 (UTC)
Subject: recvfrom() is not a cancelation point as documented in pthread_setcanceltype.3
X-Send-Pr-Version: www-1.0

>Number:         56428
>Category:       lib
>Synopsis:       recvfrom() is not a cancelation point as documented in pthread_setcanceltype.3
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Sep 30 17:15:00 +0000 2021
>Originator:     Clay Mayers
>Release:        NetBSD 9.99.88
System: NetBSD arm64 9.99.88 NetBSD 9.99.88 (GENERIC64) #0: Fri Aug 13 21:04:44 UTC 2021 evbarm
Architecture: aarch64eb
Machine: evbarm
When pthread cancel type is deferred and cancel is enabled, recvfrom() does not act like a cancelation point when entering or while executing.  If it is executing when pthread_cancel() is called, it returns -1 and sets errno to EINTR instead.  If pthread_cancel() was already called before recvfrom() is called, it will block.

You can see this in the disassembly that recvfrom() is simply a svc #0x1d with no checks of TLS for being canceled.

#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <sys/socket.h>
#include <errno.h>

int gSock;

void * reader(void *unused)
   char buff[32];
   ssize_t ret;

   printf("Thread waiting for data\n");
   while (1)
       // Fixed by adding a cancelation point.
       // pthread_testcancel();
       ret = recvfrom(gSock, buff, 16, 0, NULL, NULL);
       // recvfrom() returns -1/EINTR instead of canceling.
       if (ret == -1 && errno == EINTR)
   printf("reader exiting\n");
   return (void*) ret;

int main()
    pthread_t read_thread;
    void *ret;

    gSock = socket(PF_LOCAL, SOCK_DGRAM, 0);
    if (gSock < 0)
        printf("Socket system call failed\n");
        return 1;

    pthread_create(&read_thread, NULL, reader, NULL);

    printf("sleeping 2\n");
    printf("cancelled %d\n", pthread_cancel(read_thread));
    printf("joined %d\n", pthread_join(read_thread,&ret));
    printf("ret %p\n", ret);
    return 0;

arm64# gcc -pthread -g -o testit t.c
arm64# ./testit
sleeping 2
Thread waiting for data
cancelled 0

Uncomment call to pthread_testcancel() so there actually is a cancelation point
In the loop and it works.

arm64# ./testit
sleeping 2
Thread waiting for data
cancelled 0
joined 0
ret 0x1

recvfrom() likely needs to test cancel before and after the sys call like read() does. The work around is have a cancelation point before recvfrom() and when it sets errno to EINTR.

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD:,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.