From b57525f1a376149840f740a31535681c07152ba4 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Thu, 18 Jun 2015 21:40:46 +0000 Subject: Fix potential hanging of gethostbyaddr_r/gethostbyname_r When "reorder" resolver option is enabled, threads of a multi-threaded process could hang in gethostbyaddr_r, gethostbyname_r, or gethostbyname2_r. Due to a trivial bug in _res_hconf_reorder_addrs, simultaneous invocations of this function in a multi-threaded process could result to _res_hconf_reorder_addrs returning without releasing the lock it holds, causing other threads to block indefinitely while waiting for the lock that is not going to be released. [BZ #17977] * resolv/res_hconf.c (_res_hconf_reorder_addrs): Fix unlocking when initializing interface list, based on the bug analysis and the patch proposed by Eric Newton. * resolv/tst-res_hconf_reorder.c: New test. * resolv/Makefile [$(have-thread-library) = yes] (tests): Add tst-res_hconf_reorder. ($(objpfx)tst-res_hconf_reorder): Depend on $(libdl) and $(shared-thread-library). (tst-res_hconf_reorder-ENV): New variable. --- ChangeLog | 11 ++++ NEWS | 20 ++++---- resolv/Makefile | 4 ++ resolv/res_hconf.c | 4 +- resolv/tst-res_hconf_reorder.c | 112 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 139 insertions(+), 12 deletions(-) create mode 100644 resolv/tst-res_hconf_reorder.c diff --git a/ChangeLog b/ChangeLog index 9890872..dee1967 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,16 @@ 2015-06-23 Dmitry V. Levin + [BZ #17977] + * resolv/res_hconf.c (_res_hconf_reorder_addrs): Fix unlocking + when initializing interface list, based on the bug analysis + and the patch proposed by Eric Newton. + * resolv/tst-res_hconf_reorder.c: New test. + * resolv/Makefile [$(have-thread-library) = yes] (tests): Add + tst-res_hconf_reorder. + ($(objpfx)tst-res_hconf_reorder): Depend on $(libdl) + and $(shared-thread-library). + (tst-res_hconf_reorder-ENV): New variable. + * resolv/res_hconf.c (_res_hconf_reorder_addrs): Fix typo in comment. diff --git a/NEWS b/NEWS index 4e21210..d103251 100644 --- a/NEWS +++ b/NEWS @@ -14,16 +14,16 @@ Version 2.22 16560, 16704, 16783, 16850, 17053, 17090, 17195, 17269, 17293, 17322, 17523, 17542, 17569, 17581, 17588, 17596, 17620, 17621, 17628, 17631, 17692, 17711, 17715, 17776, 17779, 17792, 17836, 17912, 17916, 17930, - 17932, 17944, 17949, 17964, 17965, 17967, 17969, 17978, 17987, 17991, - 17996, 17998, 17999, 18007, 18019, 18020, 18029, 18030, 18032, 18034, - 18036, 18038, 18039, 18042, 18043, 18046, 18047, 18049, 18068, 18080, - 18093, 18100, 18104, 18110, 18111, 18116, 18125, 18128, 18138, 18185, - 18196, 18197, 18206, 18210, 18211, 18217, 18220, 18221, 18234, 18244, - 18247, 18287, 18319, 18324, 18333, 18346, 18397, 18409, 18410, 18412, - 18418, 18422, 18434, 18444, 18468, 18469, 18470, 18479, 18483, 18495, - 18496, 18497, 18498, 18507, 18512, 18513, 18519, 18520, 18522, 18527, - 18528, 18529, 18530, 18532, 18533, 18534, 18536, 18539, 18540, 18542, - 18544, 18545, 18546, 18547, 18553, 18558, 18569. + 17932, 17944, 17949, 17964, 17965, 17967, 17969, 17977, 17978, 17987, + 17991, 17996, 17998, 17999, 18007, 18019, 18020, 18029, 18030, 18032, + 18034, 18036, 18038, 18039, 18042, 18043, 18046, 18047, 18049, 18068, + 18080, 18093, 18100, 18104, 18110, 18111, 18116, 18125, 18128, 18138, + 18185, 18196, 18197, 18206, 18210, 18211, 18217, 18220, 18221, 18234, + 18244, 18247, 18287, 18319, 18324, 18333, 18346, 18397, 18409, 18410, + 18412, 18418, 18422, 18434, 18444, 18468, 18469, 18470, 18479, 18483, + 18495, 18496, 18497, 18498, 18507, 18512, 18513, 18519, 18520, 18522, + 18527, 18528, 18529, 18530, 18532, 18533, 18534, 18536, 18539, 18540, + 18542, 18544, 18545, 18546, 18547, 18553, 18558, 18569. * Cache information can be queried via sysconf() function on s390 e.g. with _SC_LEVEL1_ICACHE_SIZE as argument. diff --git a/resolv/Makefile b/resolv/Makefile index f62eea4..3509d98 100644 --- a/resolv/Makefile +++ b/resolv/Makefile @@ -39,6 +39,7 @@ extra-libs := libresolv libnss_dns ifeq ($(have-thread-library),yes) extra-libs += libanl routines += gai_sigqueue +tests += tst-res_hconf_reorder endif extra-libs-others = $(extra-libs) libresolv-routines := gethnamaddr res_comp res_debug \ @@ -98,6 +99,9 @@ $(objpfx)libanl.so: $(shared-thread-library) $(objpfx)ga_test: $(objpfx)libanl.so $(shared-thread-library) +$(objpfx)tst-res_hconf_reorder: $(libdl) $(shared-thread-library) +tst-res_hconf_reorder-ENV = RESOLV_REORDER=on + $(objpfx)tst-leaks: $(objpfx)libresolv.so tst-leaks-ENV = MALLOC_TRACE=$(objpfx)tst-leaks.mtrace $(objpfx)mtrace-tst-leaks.out: $(objpfx)tst-leaks.out diff --git a/resolv/res_hconf.c b/resolv/res_hconf.c index c9642ce..0d4f3f4 100644 --- a/resolv/res_hconf.c +++ b/resolv/res_hconf.c @@ -473,10 +473,10 @@ _res_hconf_reorder_addrs (struct hostent *hp) errno = save; num_ifs = new_num_ifs; - - __libc_lock_unlock (lock); } + __libc_lock_unlock (lock); + __close (sd); } diff --git a/resolv/tst-res_hconf_reorder.c b/resolv/tst-res_hconf_reorder.c new file mode 100644 index 0000000..1e7e0e2 --- /dev/null +++ b/resolv/tst-res_hconf_reorder.c @@ -0,0 +1,112 @@ +/* BZ #17977 _res_hconf_reorder_addrs test. + + Copyright (C) 2015 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static struct timespec ts; + +/* The first thread that gets a lock in _res_hconf_reorder_addrs() + should hold the lock long enough to make two other threads blocked. + This is achieved by slowing down realloc(3) that is called several times + by _res_hconf_reorder_addrs(). */ + +void * +realloc (void *ptr, size_t len) +{ + static void *(*fun) (void *, size_t); + + if (!fun) + fun = dlsym (RTLD_NEXT, "realloc"); + + if (ts.tv_nsec) + nanosleep (&ts, NULL); + + return (*fun) (ptr, len); +} + +static void * +resolve (void *arg) +{ + struct in_addr addr; + struct hostent ent; + struct hostent *result; + int err; + char buf[1024]; + + addr.s_addr = htonl (INADDR_LOOPBACK); + (void) gethostbyaddr_r ((void *) &addr, sizeof (addr), AF_INET, + &ent, buf, sizeof (buf), &result, &err); + return arg; +} + +static int +do_test (void) +{ + #define N 3 + pthread_t thr[N]; + unsigned int i; + int result = 0; + + /* turn on realloc slowdown */ + ts.tv_nsec = 100000000; + + for (i = 0; i < N; ++i) + { + int rc = pthread_create (&thr[i], NULL, resolve, NULL); + + if (rc) + { + printf ("pthread_create: %s\n", strerror(rc)); + exit (1); + } + } + + for (i = 0; i < N; ++i) + { + void *retval; + int rc = pthread_join (thr[i], &retval); + + if (rc) + { + printf ("pthread_join: %s\n", strerror(rc)); + exit (1); + } + if (retval) + { + printf ("thread %u exit status %p\n", i, retval); + result = 1; + } + } + + /* turn off realloc slowdown, no longer needed */ + ts.tv_nsec = 0; + + return result; +} + +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" -- cgit v1.1