NetBSD Problem Report #56428
From www@netbsd.org Thu Sep 30 17:14:13 2021
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 592841A921F
for <gnats-bugs@gnats.NetBSD.org>; Thu, 30 Sep 2021 17:14:13 +0000 (UTC)
Message-Id: <20210930171412.5EEC11A9239@mollari.NetBSD.org>
Date: Thu, 30 Sep 2021 17:14:12 +0000 (UTC)
From: clay.mayers@kioxia.com
Reply-To: clay.mayers@kioxia.com
To: gnats-bugs@NetBSD.org
Subject: recvfrom() is not a cancelation point as documented in pthread_setcanceltype.3
X-Send-Pr-Version: www-1.0
>Number: 56428
>Category: lib
>Synopsis: recvfrom() is not a cancelation point as documented in pthread_setcanceltype.3
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: lib-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Sep 30 17:15:00 +0000 2021
>Originator: Clay Mayers
>Release: NetBSD 9.99.88
>Organization:
Kioxia
>Environment:
System: NetBSD arm64 9.99.88 NetBSD 9.99.88 (GENERIC64) #0: Fri Aug 13 21:04:44 UTC 2021 mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/evbarm/compile/GENERIC64 evbarm
Architecture: aarch64eb
Machine: evbarm
>Description:
When pthread cancel type is deferred and cancel is enabled, recvfrom() does not act like a cancelation point when entering or while executing. If it is executing when pthread_cancel() is called, it returns -1 and sets errno to EINTR instead. If pthread_cancel() was already called before recvfrom() is called, it will block.
You can see this in the disassembly that recvfrom() is simply a svc #0x1d with no checks of TLS for being canceled.
>How-To-Repeat:
#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <sys/socket.h>
#include <errno.h>
int gSock;
void * reader(void *unused)
{
char buff[32];
ssize_t ret;
printf("Thread waiting for data\n");
while (1)
{
// Fixed by adding a cancelation point.
// pthread_testcancel();
ret = recvfrom(gSock, buff, 16, 0, NULL, NULL);
// recvfrom() returns -1/EINTR instead of canceling.
if (ret == -1 && errno == EINTR)
continue;
break;
}
printf("reader exiting\n");
return (void*) ret;
}
int main()
{
pthread_t read_thread;
void *ret;
gSock = socket(PF_LOCAL, SOCK_DGRAM, 0);
if (gSock < 0)
{
printf("Socket system call failed\n");
return 1;
}
pthread_create(&read_thread, NULL, reader, NULL);
printf("sleeping 2\n");
sleep(2);
printf("cancelled %d\n", pthread_cancel(read_thread));
printf("joined %d\n", pthread_join(read_thread,&ret));
printf("ret %p\n", ret);
return 0;
}
arm64# gcc -pthread -g -o testit t.c
arm64# ./testit
sleeping 2
Thread waiting for data
cancelled 0
Uncomment call to pthread_testcancel() so there actually is a cancelation point
In the loop and it works.
arm64# ./testit
sleeping 2
Thread waiting for data
cancelled 0
joined 0
ret 0x1
arm64#
>Fix:
recvfrom() likely needs to test cancel before and after the sys call like read() does. The work around is have a cancelation point before recvfrom() and when it sets errno to EINTR.
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.