Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 7 Dec 2018 10:44:20 -0500
From: Rich Felker <dalias@...c.org>
To: Arkadiusz Sienkiewicz <sienkiewiczarkadiusz@...il.com>
Cc: musl@...ts.openwall.com
Subject: Re: aio_cancel segmentation fault for in progress write
 requests

On Fri, Dec 07, 2018 at 01:52:31PM +0100, Arkadiusz Sienkiewicz wrote:
> Hi,
> 
> I'm experiencing segmentation fault when I invoke aio_cancel on request
> which is in EINPROGRESS state. This happens only with libc muls (used
> version - 1.1.12-r8) and only on one (dual Intel Xeon Gold 6128) of few
> computers I've tried it on - please let me know if you need more
> information about that machine. Attached is very simple program
> (aioWrite.cpp) that reproduces this problem.
> 
> alpine-tmp-0:~$ ./aioWrite
> Segmentation fault (core dumped)
> 
> Bt from gdb shows problem is in aio_cancel.

This is not correct:

> 
> (gdb) r
> Starting program: ~/aioWrite
> [New LWP 70321]
> 
> Program received signal ?, Unknown signal.
> [Switching to LWP 70321]

This just shows that the aio thread received the cancellation request.
It's not a crash or a problem. However, gdb's reporting of it as
"Unknown signal" and inability to pass it on correctly indicates that
something is wrong with the gdb on your system. I've hit this issue a
lot but it works on some systems and I don't recall what the
cause/difference behind it is. We should work to figure that out and
get an appropriate fix in distros that are affected.


> #include <stdio.h>
> #include <sys/types.h>
> #include <unistd.h>
> #include <sys/stat.h>
> #include <fcntl.h>
> #include <string.h>
> #include <errno.h>
> #include <stdlib.h>
> #include <aio.h>
> 
> #define TNAME "aio_write/1-1.c"
> 
> int main() {
>   char tmpfname[256];
>   #define BUF_SIZE 512512
>   char buf[BUF_SIZE];
>   char check[BUF_SIZE+1];
>   int fd;
>   struct aiocb aiocb;
>   int err;
>   int ret;
> 
>   snprintf(tmpfname, sizeof(tmpfname), "pts_aio_write_1_1_%d", getpid());
>   unlink(tmpfname);
>   fd = open(tmpfname, O_CREAT | O_RDWR | O_EXCL, S_IRUSR | S_IWUSR);
>   if (fd == -1) {
>     printf(TNAME " Error at open(): %s\n", strerror(errno));
>     exit(1);
>   }
> 
>   unlink(tmpfname);
> 
>   memset(buf, 0xaa, BUF_SIZE);
>   memset(&aiocb, 0, sizeof(struct aiocb));
>   aiocb.aio_fildes = fd;
>   aiocb.aio_buf = buf;
>   aiocb.aio_nbytes = BUF_SIZE;
> 
>   if (aio_write(&aiocb) == -1) {
>     printf(TNAME " Error at aio_write(): %s\n", strerror(errno));
>     close(fd);
>     exit(2);
>   }
> 
>   int cancellationStatus = aio_cancel(fd, &aiocb);
>   printf (TNAME " cancelationStatus : %d\n", cancellationStatus);
> 
>   /* Wait until completion */
>   while (aio_error (&aiocb) == EINPROGRESS);
> 
>   close(fd);
>   printf ("Test PASSED\n");
>   return 0;
> }

I just tried this test and it works for me on 32-bit x86. I'll try
some other systems and see if I can reproduce the issue. It could be a
bug in the test but I didn't see anything obviously wrong with it.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.