From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_ADSP_CUSTOM_MED,
	DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,HTML_MESSAGE,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,
	T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 14993 invoked from network); 25 Jun 2022 11:09:13 -0000
Received: from mother.openwall.net (195.42.179.200)
  by inbox.vuxu.org with ESMTPUTF8; 25 Jun 2022 11:09:13 -0000
Received: (qmail 12210 invoked by uid 550); 25 Jun 2022 11:09:09 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 24109 invoked from network); 25 Jun 2022 03:40:40 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:from:date:message-id:subject:to;
        bh=P067WSyUSTC2cTj+Y5BvHBoasI50vSvWpeAeS3+gijk=;
        b=BxX24EtjHo3H3hx2SJJez33s1V/n8SzJoobKoVA5xKbmvSntI4Q1+efSM1THDJZtML
         N8CRLyH8HLmcpRjbtzLsyUHS8Gs0arcGEqj+SL83mvX1YUwq/ODVbgSXj17fC8z3jnjw
         vgbDH5p/ME3SDTGPqoYq47TqIlFbwVzT2LiChI7GO/GV7+IreEt04bMczwAYEHvg/2g7
         uk2Dkra+QkLQvL9F8pfkQCHs+zAFKhbLvtwpaf7Ti0U9a631nVvckflJ3xD79+ZdGK/F
         WMwWOkcLi7lou4mZYFmK8edy7593c3nPuYpYmGSckJ+y0nx1jdiG6moVykXOco8pP/Na
         Afvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=P067WSyUSTC2cTj+Y5BvHBoasI50vSvWpeAeS3+gijk=;
        b=mYvTh+mnj7NxwEyvK6mCWa10t3k2bBrzS5siUaHMLcMsXyP155lmiahi1SvUHMx+Si
         cy9/p4FKMQjI9fxG5zXdtLZKRuMa8UaPVB086++dIB7Za9AiTjxCrhpdl8FeKzxFX+tR
         LNqX4uoxqSPtOTay+HCcIyU1JIpZXzBfPxUJqnLZNRpoZTAJ/Flne/bsS3iHt47WBYrP
         GCcXksUrn4kD94HxcJrTZ9NpU9MNyGBrUdxoZjQJLqnpYemyELmCgdIugaj/StyM3JcY
         3cmLcUcMeX/9ha958SmreCZInPs6BHFJsrU5m9cvKOJ3zGuccnpb59ZAMVXPpUFAxnzI
         BZPw==
X-Gm-Message-State: AJIora8lFlM8dcTDuJAM6NBY0fb9NfQRH/TU3KcHt5Q9nVWjLjKNippW
	CpfUBOin/ZapNXYh8AB5QijL5LvRCIs8XKCaHwn0cglk2G03Dw==
X-Google-Smtp-Source: AGRyM1sDVGKdhpsb11i/096aHCa9ElmSVPCkABW/SHa1pgeBFQAQxeU7EYDnHwB6F9TIOIuWrpmgHDISDNkD0iTVsNA=
X-Received: by 2002:a05:6102:15a4:b0:354:6370:333b with SMTP id
 g36-20020a05610215a400b003546370333bmr883057vsv.29.1656128428686; Fri, 24 Jun
 2022 20:40:28 -0700 (PDT)
MIME-Version: 1.0
From: Nick Peng <pymumu@gmail.com>
Date: Sat, 25 Jun 2022 11:40:17 +0800
Message-ID: <CALkM5nvbb27vzH--43Oo1k0EjH68d9fUpEgY8RYAwvTPNkUc4g@mail.gmail.com>
To: musl@lists.openwall.com
Content-Type: multipart/alternative; boundary="000000000000b1c47305e23d726b"
Subject: [musl] BUG: Calling readdir/dirfd after vfork will cause deadlock.

--000000000000b1c47305e23d726b
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Description:  After vfork, calling functions such as readdir/dirfd may
cause deadlock. GNU C is OK.
                     Also tested on x86-64 with musl, no deadlock, but
seems never exit, slower than GNU C.
Version: latest, musl-1.2.3
OS: debian bullseye 64bit OS. and asus router
CPU: raspberrypi aarch64=EF=BC=8C mips32
Reproduce Code:

#include <dirent.h>
#include <pthread.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <string.h>

pthread_mutex_t lock =3D PTHREAD_MUTEX_INITIALIZER;
pthread_cond_t cond =3D PTHREAD_COND_INITIALIZER;

struct tlog_log *logs =3D NULL;
int do_exit =3D 0;

void *test(void *arg)
{
    int i =3D 0;

    for (i =3D 0; i < 10000000; i++) {
        char *b =3D malloc(4096);
        memset(b, 0, 4096);
        free(b);
    }
    do_exit =3D 1;
    return NULL;
}

void lockfunc()
{
    char path_name[4096];
    DIR *dir =3D NULL;
    struct dirent *ent;

    snprintf(path_name, sizeof(path_name), "/proc/self/fd/");
    dir =3D opendir(path_name);
    if (dir =3D=3D NULL) {
        goto errout;
    }

    while ((ent =3D readdir(dir)) !=3D NULL) {
    }

    closedir(dir);

    return;
errout:
    if (dir) {
        closedir(dir);
    }

    return;
}

void *test_fork(void *arg)
{
    int count =3D 0;
    while (do_exit =3D=3D 0) {
        printf("test fork count %d\n", count++);
        int pid =3D vfork();
        if (pid < 0) {
            return NULL;
        } else if (pid =3D=3D 0) {
            lockfunc();
            _exit(0);
        }

        int status;
        waitpid(pid, &status, 0);
    }

    return NULL;
}

int main(int argc, char *argv[])
{
    pthread_attr_t attr;
    pthread_t threads[10];
    pthread_t fork_test;
    int i;
    int ret;

    pthread_attr_init(&attr);

    ret =3D pthread_create(&fork_test, &attr, test_fork, NULL);

    for (i =3D 0; i < 10; i++) {
        ret =3D pthread_create(&threads[i], &attr, test, NULL);
        if (ret !=3D 0) {
            return 1;
        }
    }

    for (i =3D 0; i < 10; i++) {
        void *retval =3D NULL;
        pthread_join(threads[i], &retval);
    }

    void *retval =3D NULL;
    pthread_join(fork_test, &retval);
    printf("exit\n");
    getchar();
    return 0;
}


Log=EF=BC=9A
pi@raspberrypi:~/code/tinylog/test $ ./test
test fork count 0
test fork count 1   <-- lock here
^C

gdb backtrace:
x0000000000409524 in __lock ()
(gdb) bt
#0  0x0000000000409524 in __lock ()
#1  0x0000000000406278 in __libc_malloc_impl ()

--000000000000b1c47305e23d726b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Description:=C2=A0 After vfork, calling functions such as =
readdir/dirfd may cause deadlock. GNU C is OK.<div>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Also tested on x86-64 w=
ith musl, no deadlock, but seems never exit, slower than GNU C.<br><div>Ver=
sion: latest, musl-1.2.3<div>OS: debian bullseye 64bit OS. and asus router<=
/div><div>CPU: raspberrypi aarch64=EF=BC=8C mips32</div><div>Reproduce Code=
:</div><div><br></div><div>#include &lt;dirent.h&gt;<br>#include &lt;pthrea=
d.h&gt;<br>#include &lt;stdint.h&gt;<br>#include &lt;stdio.h&gt;<br>#includ=
e &lt;stdlib.h&gt;<br>#include &lt;sys/types.h&gt;<br>#include &lt;sys/wait=
.h&gt;<br>#include &lt;unistd.h&gt;<br>#include &lt;string.h&gt;<br><br>pth=
read_mutex_t lock =3D PTHREAD_MUTEX_INITIALIZER;<br>pthread_cond_t cond =3D=
 PTHREAD_COND_INITIALIZER;<br><br>struct tlog_log *logs =3D NULL;<br>int do=
_exit =3D 0;<br><br>void *test(void *arg)<br>{<br>=C2=A0 =C2=A0 int i =3D 0=
;<br><br>=C2=A0 =C2=A0 for (i =3D 0; i &lt; 10000000; i++) {<br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 char *b =3D malloc(4096);<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =
memset(b, 0, 4096);<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 free(b);<br>=C2=A0 =C2=
=A0 }<br>=C2=A0 =C2=A0 do_exit =3D 1;<br>=C2=A0 =C2=A0 return NULL;<br>}<br=
><br>void lockfunc()<br>{<br>=C2=A0 =C2=A0 char path_name[4096];<br>=C2=A0 =
=C2=A0 DIR *dir =3D NULL;<br>=C2=A0 =C2=A0 struct dirent *ent;<br><br>=C2=
=A0 =C2=A0 snprintf(path_name, sizeof(path_name), &quot;/proc/self/fd/&quot=
;);<br>=C2=A0 =C2=A0 dir =3D opendir(path_name);<br>=C2=A0 =C2=A0 if (dir =
=3D=3D NULL) {<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 goto errout;<br>=C2=A0 =C2=A0=
 }<br><br>=C2=A0 =C2=A0 while ((ent =3D readdir(dir)) !=3D NULL) {<br>=C2=
=A0 =C2=A0 }<br><br>=C2=A0 =C2=A0 closedir(dir);<br><br>=C2=A0 =C2=A0 retur=
n;<br>errout:<br>=C2=A0 =C2=A0 if (dir) {<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 cl=
osedir(dir);<br>=C2=A0 =C2=A0 }<br><br>=C2=A0 =C2=A0 return;<br>}<br><br>vo=
id *test_fork(void *arg)<br>{<br>=C2=A0 =C2=A0 int count =3D 0;<br>=C2=A0 =
=C2=A0 while (do_exit =3D=3D 0) {<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 printf(&qu=
ot;test fork count %d\n&quot;, count++);<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 int=
 pid =3D vfork();<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 if (pid &lt; 0) {<br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return NULL;<br>=C2=A0 =C2=A0 =C2=A0=
 =C2=A0 } else if (pid =3D=3D 0) {<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 lockfunc();<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 _exit(0);<b=
r>=C2=A0 =C2=A0 =C2=A0 =C2=A0 }<br><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 int stat=
us;<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 waitpid(pid, &amp;status, 0);<br>=C2=A0 =
=C2=A0 }<br><br>=C2=A0 =C2=A0 return NULL;<br>}<br><br>int main(int argc, c=
har *argv[])<br>{<br>=C2=A0 =C2=A0 pthread_attr_t attr;<br>=C2=A0 =C2=A0 pt=
hread_t threads[10];<br>=C2=A0 =C2=A0 pthread_t fork_test;<br>=C2=A0 =C2=A0=
 int i;<br>=C2=A0 =C2=A0 int ret;<br><br>=C2=A0 =C2=A0 pthread_attr_init(&a=
mp;attr);<br><br>=C2=A0 =C2=A0 ret =3D pthread_create(&amp;fork_test, &amp;=
attr, test_fork, NULL);<br><br>=C2=A0 =C2=A0 for (i =3D 0; i &lt; 10; i++) =
{<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 ret =3D pthread_create(&amp;threads[i], &a=
mp;attr, test, NULL);<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 if (ret !=3D 0) {<br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return 1;<br>=C2=A0 =C2=A0 =C2=A0=
 =C2=A0 }<br>=C2=A0 =C2=A0 }<br><br>=C2=A0 =C2=A0 for (i =3D 0; i &lt; 10; =
i++) {<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 void *retval =3D NULL;<br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 pthread_join(threads[i], &amp;retval);<br>=C2=A0 =C2=A0 }=
<br><br>=C2=A0 =C2=A0 void *retval =3D NULL;<br>=C2=A0 =C2=A0 pthread_join(=
fork_test, &amp;retval);<br>=C2=A0 =C2=A0 printf(&quot;exit\n&quot;);<br>=
=C2=A0 =C2=A0 getchar();<br>=C2=A0 =C2=A0 return 0;<br>}<br></div><div><br>=
</div><div><br></div><div>Log=EF=BC=9A</div><div>pi@raspberrypi:~/code/tiny=
log/test $ ./test <br>test fork count 0<br>test fork count 1=C2=A0 =C2=A0&l=
t;-- lock here<br>^C<br></div></div><div><br></div><div>gdb backtrace:</div=
><div>x0000000000409524 in __lock ()<br>(gdb) bt<br>#0 =C2=A00x000000000040=
9524 in __lock ()<br>#1 =C2=A00x0000000000406278 in __libc_malloc_impl ()<b=
r></div></div></div>

--000000000000b1c47305e23d726b--