lib/56428: recvfrom() is not a cancelation point as documented in pthread_setcanceltype.3

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/56428: recvfrom() is not a cancelation point as documented in pthread_setcanceltype.3
From: clay.mayers%kioxia.com@localhost
Date: Thu, 30 Sep 2021 17:15:01 +0000 (UTC)

>Number:         56428
>Category:       lib
>Synopsis:       recvfrom() is not a cancelation point as documented in pthread_setcanceltype.3
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Sep 30 17:15:00 +0000 2021
>Originator:     Clay Mayers
>Release:        NetBSD 9.99.88
>Organization:
Kioxia
>Environment:
System: NetBSD arm64 9.99.88 NetBSD 9.99.88 (GENERIC64) #0: Fri Aug 13 21:04:44 UTC 2021 mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/evbarm/compile/GENERIC64 evbarm
Architecture: aarch64eb
Machine: evbarm
>Description:
When pthread cancel type is deferred and cancel is enabled, recvfrom() does not act like a cancelation point when entering or while executing.  If it is executing when pthread_cancel() is called, it returns -1 and sets errno to EINTR instead.  If pthread_cancel() was already called before recvfrom() is called, it will block.

You can see this in the disassembly that recvfrom() is simply a svc #0x1d with no checks of TLS for being canceled.

>How-To-Repeat:
#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <sys/socket.h>
#include <errno.h>

int gSock;

void * reader(void *unused)
{
   char buff[32];
   ssize_t ret;

   printf("Thread waiting for data\n");
   while (1)
   {
       // Fixed by adding a cancelation point.
       // pthread_testcancel();
       ret = recvfrom(gSock, buff, 16, 0, NULL, NULL);
       // recvfrom() returns -1/EINTR instead of canceling.
       if (ret == -1 && errno == EINTR)
          continue;
       break;
   }
   printf("reader exiting\n");
   return (void*) ret;
}

int main()
{
    pthread_t read_thread;
    void *ret;

    gSock = socket(PF_LOCAL, SOCK_DGRAM, 0);
    if (gSock < 0)
    {
        printf("Socket system call failed\n");
        return 1;
    }

    pthread_create(&read_thread, NULL, reader, NULL);

    printf("sleeping 2\n");
    sleep(2);
    printf("cancelled %d\n", pthread_cancel(read_thread));
    printf("joined %d\n", pthread_join(read_thread,&ret));
    printf("ret %p\n", ret);
    return 0;
}

arm64# gcc -pthread -g -o testit t.c
arm64# ./testit
sleeping 2
Thread waiting for data
cancelled 0

Uncomment call to pthread_testcancel() so there actually is a cancelation point
In the loop and it works.

arm64# ./testit
sleeping 2
Thread waiting for data
cancelled 0
joined 0
ret 0x1
arm64#

>Fix:
recvfrom() likely needs to test cancel before and after the sys call like read() does. The work around is have a cancelation point before recvfrom() and when it sets errno to EINTR.

Prev by Date: Re: bin/56422: zgrep -l sometimes hangs
Next by Date: NetBSD Nightly Trouble Ticket Report
Previous by Thread: bin/56425: top crashed on system with 80 cpus and being resized
Next by Thread: Re: kern/56421 (panic: ffs_blkfree: bad size, fsck doens't fix it)
Indexes:

Home | Main Index | Thread Index | Old Index