From 509072a0f7f8a37bedf61a78c0cdd7783368c65a Mon Sep 17 00:00:00 2001 From: Andreas Jaeger Date: Tue, 15 May 2012 20:35:53 +0200 Subject: Avoid race in nscd 2012-05-15 Jeff Law Andreas Jaeger [BZ #13594] * nscd/nscd-client.h (__nscd_acquire_maplock): New function, split out from... * nscd/nscd_helper.c (__nscd_get_map_ref): ... here. * nscd/nscd-client.h: Add __nscd_acquire_maplock. * nscd/nscd_gethst_r.c (__nscd_get_nl_timestamp): Add locking to code changing __hst_map_handle.map. --- nscd/nscd-client.h | 21 +++++++++++++++++++-- nscd/nscd_gethst_r.c | 21 +++++++++++++++++---- nscd/nscd_helper.c | 15 +++------------ 3 files changed, 39 insertions(+), 18 deletions(-) (limited to 'nscd') diff --git a/nscd/nscd-client.h b/nscd/nscd-client.h index e57a23c..325368e 100644 --- a/nscd/nscd-client.h +++ b/nscd/nscd-client.h @@ -1,5 +1,4 @@ -/* Copyright (c) 1998, 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009, 2011 - Free Software Foundation, Inc. +/* Copyright (c) 1998-2012 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk , 1998. @@ -322,6 +321,24 @@ struct locked_map_ptr }; #define libc_locked_map_ptr(class, name) class struct locked_map_ptr name +/* Try acquiring lock for mapptr, returns true if it succeeds, false + if not. */ +static inline bool __nscd_acquire_maplock (volatile struct locked_map_ptr *mapptr) +{ + int cnt = 0; + while (__builtin_expect (atomic_compare_and_exchange_val_acq (&mapptr->lock, + 1, 0) != 0, 0)) + { + // XXX Best number of rounds? + if (__builtin_expect (++cnt > 5, 0)) + return false; + + atomic_delay (); + } + + return true; +} + /* Open socket connection to nscd server. */ extern int __nscd_open_socket (const char *key, size_t keylen, diff --git a/nscd/nscd_gethst_r.c b/nscd/nscd_gethst_r.c index c1661f8..d64ad2e 100644 --- a/nscd/nscd_gethst_r.c +++ b/nscd/nscd_gethst_r.c @@ -1,5 +1,4 @@ -/* Copyright (C) 1998-2005, 2006, 2007, 2008, 2009, 2011 - Free Software Foundation, Inc. +/* Copyright (C) 1998-2012 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper , 1998. @@ -100,9 +99,18 @@ libc_freeres_fn (hst_map_free) uint32_t __nscd_get_nl_timestamp (void) { + uint32_t retval; if (__nss_not_use_nscd_hosts != 0) return 0; + /* __nscd_get_mapping can change hst_map_handle.mapped to NO_MAPPING. + However, __nscd_get_mapping assumes the prior value was not NO_MAPPING. + Thus we have to acquire the lock to prevent this thread from changing + hst_map_handle.mapped to NO_MAPPING while another thread is inside + __nscd_get_mapping. */ + if (!__nscd_acquire_maplock (&__hst_map_handle)) + return 0; + struct mapped_database *map = __hst_map_handle.mapped; if (map == NULL @@ -112,9 +120,14 @@ __nscd_get_nl_timestamp (void) map = __nscd_get_mapping (GETFDHST, "hosts", &__hst_map_handle.mapped); if (map == NO_MAPPING) - return 0; + retval = 0; + else + retval = map->head->extra_data[NSCD_HST_IDX_CONF_TIMESTAMP]; + + /* Release the lock. */ + __hst_map_handle.lock = 0; - return map->head->extra_data[NSCD_HST_IDX_CONF_TIMESTAMP]; + return retval; } diff --git a/nscd/nscd_helper.c b/nscd/nscd_helper.c index 92558b6..96fb93d 100644 --- a/nscd/nscd_helper.c +++ b/nscd/nscd_helper.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1998-2007, 2008, 2009 Free Software Foundation, Inc. +/* Copyright (C) 1998-2012 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper , 1998. @@ -419,7 +419,6 @@ __nscd_get_mapping (request_type type, const char *key, return result; } - struct mapped_database * __nscd_get_map_ref (request_type type, const char *name, volatile struct locked_map_ptr *mapptr, int *gc_cyclep) @@ -428,16 +427,8 @@ __nscd_get_map_ref (request_type type, const char *name, if (cur == NO_MAPPING) return cur; - int cnt = 0; - while (__builtin_expect (atomic_compare_and_exchange_val_acq (&mapptr->lock, - 1, 0) != 0, 0)) - { - // XXX Best number of rounds? - if (__builtin_expect (++cnt > 5, 0)) - return NO_MAPPING; - - atomic_delay (); - } + if (!__nscd_acquire_maplock (mapptr)) + return NO_MAPPING; cur = mapptr->mapped; -- cgit v1.1