From d0e3ffb7a58854248f1d5e737610d50cd0a60f46 Mon Sep 17 00:00:00 2001 From: Adhemerval Zanella Date: Wed, 14 Oct 2015 12:15:46 -0300 Subject: nptl: Fix racy pipe closing in tst-cancel{20,21} The tst-cancel20 open two pipes and creates a thread which blocks reading the first pipe. It then issues a signal to activate the signal handler which in turn blocks reading the second pipe end. Finally the cancellation cleanup-up handlers are tested by first closing the all the pipes ends and issuing a pthread_cancel. The tst-cancel21 have a similar behavior, but use an extra fork after the test itself. The race condition occurs if the cancellation handling acts after the pipe close: in this case read will return EOF (indicating side-effects) and thus the cancellation must not act. However current GLIBC cancellation behavior acts regardless the syscalls returns with sid-effects. This patch adjust the test by moving the pipe closing after the cancellation handling. This avoid spurious cancellation if the case of the race described. Checked on x86_64 and i386. * nptl/tst-cancel20.c (do_one_test): Move the pipe closing after pthread_join. * nptl/tst-cancel21.c (tf): Likewise. --- ChangeLog | 6 ++++++ nptl/tst-cancel20.c | 15 +++++++++------ nptl/tst-cancel21.c | 15 +++++++++------ 3 files changed, 24 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9da4f3c..b768cd5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2015-12-02 Adhemerval Zanella + + * nptl/tst-cancel20.c (do_one_test): Move the pipe closing after + pthread_join. + * nptl/tst-cancel21.c (tf): Likewise. + 2015-12-01 H.J. Lu [BZ #19313] diff --git a/nptl/tst-cancel20.c b/nptl/tst-cancel20.c index 51b558e..91452fb 100644 --- a/nptl/tst-cancel20.c +++ b/nptl/tst-cancel20.c @@ -145,12 +145,6 @@ do_one_test (void) return 1; } - /* This will cause the read in the child to return. */ - close (fd[0]); - close (fd[1]); - close (fd[2]); - close (fd[3]); - void *ret; if (pthread_join (th, &ret) != 0) { @@ -170,6 +164,15 @@ do_one_test (void) return 1; } + /* The pipe closing must be issued after the cancellation handling to avoid + a race condition where the cancellation runs after both pipe ends are + closed. In this case the read syscall returns EOF and the cancellation + must not act. */ + close (fd[0]); + close (fd[1]); + close (fd[2]); + close (fd[3]); + return 0; } diff --git a/nptl/tst-cancel21.c b/nptl/tst-cancel21.c index b54f236..d082776 100644 --- a/nptl/tst-cancel21.c +++ b/nptl/tst-cancel21.c @@ -123,12 +123,6 @@ tf (void *arg) exit (1); } - /* This will cause the read in the initial thread to return. */ - close (fd[0]); - close (fd[1]); - close (fd[2]); - close (fd[3]); - void *ret; if (pthread_join (th, &ret) != 0) { @@ -154,6 +148,15 @@ tf (void *arg) exit (1); } + /* The pipe closing must be issued after the cancellation handling to avoid + a race condition where the cancellation runs after both pipe ends are + closed. In this case the read syscall returns EOF and the cancellation + must not act. */ + close (fd[0]); + close (fd[1]); + close (fd[2]); + close (fd[3]); + exit (0); } -- cgit v1.1