Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20211216181600.GN7074@brightrain.aerifal.cx>
Date: Thu, 16 Dec 2021 13:16:07 -0500
From: Rich Felker <dalias@...c.org>
To: zuotina <zuotingyang@....com>
Cc: musl@...ts.openwall.com
Subject: Re: [pthread] pthread_barrier_wait  invalid case

On Thu, Dec 16, 2021 at 11:25:35PM +0800, zuotina wrote:
> Hi everrone
> 
> 
> I encountered a panic problem when using timer_create recently.
> Although the probability is small, it still happened.
> Finaly I found there is a problem in the code of phtread_barrier_wait, 
> and review code found that there may be problems in the following place, 
> 81  a_store(&b->_b_lock, 0);
> 82  if (b->_b_waiters) __wake(&b->_b_lock, 1, 1);
> If scheduling occurs between lines 81 and 82, it will be not good.
> So I did an experiment and modified the source code of pthread_barrier_wait to verify my guess
> ```c
> 81  a_store(&b->_b_lock, 0);
>                  /* If it is scheduled out here, when another thread executes pthread_barrier_wait again, 
>                     it can go through the entire function happily, that is, it will not be blocked */
>       syscall(yiled); // new add for test
>                // When the dispatch comes back, this b has been released
> 82  if (b->_b_waiters) __wake(&b->_b_lock, 1, 1);
> ```

The intent here is that it's not possible that b has been released,
because all waiters have to synchronize on b->_b_inst. It's possible
there's a bug here. I'll look. What arch are you running on?

> Here is an example of timer_create (src/time/timer_create.c)
> There are two threads A and B call pthread_barrier_wait. 
> The call is as follows
> A thread: (timer_create // parent thread)
> {
>        .....
>       // new add for test---begin
>        while(b->_b_inst == NULL) {
>                 syscall(yield);
>        }
>      // new add for test---end
>      pthread_barrier_wait();
> }
> B thread: (start // child thread)
> {
>        .....
>       //  Ensure that this function is advanced to the if (!inst) {} branch of barrier_wait
>       pthread_barrier_wait();
> }
> 
> 
> In short, the reason for panic is that pthread_barrier_wait is not blocked as expected;
> I hope you help to confirm whether there is a problem with the implementation 
> of pthread_barrier_wait or am I wrong?
> 
> 
> Looking forward to your reply. Thank you. 

Thanks for the report.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.