From: Rich Felker <dalias@libc.org>
To: musl@lists.openwall.com
Subject: Re: aio_cancel segmentation fault for in progress write requests
Date: Fri, 7 Dec 2018 15:21:14 -0500 [thread overview]
Message-ID: <20181207202114.GI23599@brightrain.aerifal.cx> (raw)
In-Reply-To: <03a5f237-87cd-5580-4148-a29fa22d3ef0@adelielinux.org>
On Fri, Dec 07, 2018 at 01:13:44PM -0600, A. Wilcox wrote:
> Okay, it's a race of some kind:
>
> awilcox on gwyn [pts/7 Fri 7 13:12] musl: lib/libc.so
> musl libc (powerpc64)
> Version 1.1.20-git-156-gb1c58cb9
> Dynamic Program Loader
> Usage: lib/libc.so [options] [--] pathname [args]
> awilcox on gwyn [pts/7 Fri 7 13:12] musl: lib/libc.so ~/aioWrite
>
> zsh: segmentation fault lib/libc.so ~/aioWrite
> awilcox on gwyn [pts/7 Fri 7 13:12] musl: lib/libc.so ~/aioWrite
> zsh: segmentation fault lib/libc.so ~/aioWrite
> awilcox on gwyn [pts/7 Fri 7 13:12] musl: lib/libc.so ~/aioWrite
> zsh: segmentation fault lib/libc.so ~/aioWrite
> awilcox on gwyn [pts/7 Fri 7 13:12] musl: lib/libc.so ~/aioWrite
> zsh: segmentation fault lib/libc.so ~/aioWrite
> awilcox on gwyn [pts/7 Fri 7 13:12] musl: lib/libc.so ~/aioWrite
> zsh: segmentation fault lib/libc.so ~/aioWrite
> awilcox on gwyn [pts/7 Fri 7 13:12] musl: lib/libc.so ~/aioWrite
> zsh: segmentation fault lib/libc.so ~/aioWrite
> awilcox on gwyn [pts/7 Fri 7 13:12] musl: lib/libc.so ~/aioWrite
> aio_write/1-1.c cancelationStatus : 2
> Test PASSED
> awilcox on gwyn [pts/7 Fri 7 13:12] musl: lib/libc.so ~/aioWrite
> zsh: segmentation fault lib/libc.so ~/aioWrite
>
>
> So, my best theory is that running inside a debugger (gdb, valgrind)
> makes it slow enough that it no longer races.
OK, here's a theory. Based on my reply just now to Florian, the signal
context would have to get really big to make the expected code path
overflow -- io_thread_func() has a very small stack frame and so does
cleanup(). However, early in io_thread_func, it calls
__aio_get_queue(), which calls calloc() if the tables at each level
don't already exist, which is certainly the case for the first call.
During this call, the margin will be somewhat smaller, and maybe it's
enough to make kernels that break the MINSIGSTKSZ contract cause an
overflow.
The right action here is probably calling __aio_get_queue with the fd
number *before* calling pthread_create, so that it's guaranteed that
__aio_get_queue takes the fast path in the io thread and doesn't call
calloc. This is especially important in light of the newish allowance
that malloc be interposed, where we would be running
application-provided malloc code in a thread with tiny stack.
I'm still not sure this is the source of the reported crash but I
think it needs to be changed either way.
Rich
next prev parent reply other threads:[~2018-12-07 20:21 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-07 12:52 Arkadiusz Sienkiewicz
2018-12-07 15:44 ` Rich Felker
2018-12-07 16:04 ` Arkadiusz Sienkiewicz
2018-12-07 16:52 ` Orivej Desh
2018-12-07 16:52 ` Rich Felker
2018-12-07 17:31 ` A. Wilcox
2018-12-07 18:26 ` Rich Felker
2018-12-07 19:05 ` A. Wilcox
2018-12-07 20:07 ` Rich Felker
2018-12-07 19:13 ` A. Wilcox
2018-12-07 20:21 ` Rich Felker [this message]
2018-12-07 20:35 ` Markus Wichmann
2018-12-07 21:12 ` Rich Felker
2018-12-07 22:51 ` A. Wilcox
2018-12-07 23:50 ` Rich Felker
2018-12-07 20:06 ` Florian Weimer
2018-12-07 20:14 ` Rich Felker
2018-12-08 16:18 ` Florian Weimer
2018-12-10 9:05 ` Arkadiusz Sienkiewicz
2018-12-12 0:36 ` Rich Felker
2018-12-17 14:21 ` Arkadiusz Sienkiewicz
2018-12-17 17:29 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181207202114.GI23599@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).