Differential D19496

Detect some attempts to destroy a condvar with waiters.
ClosedPublic
Actions

Authored by markj on Mar 7 2019, 6:09 PM.

Details

Reviewers

ngie
jhb
kib

Commits

rS344935: Have pthread_cond_destroy() return EBUSY if the condvar has waiters.

Summary

The check is racy if the associated mutex is not held, but in that case
a race is present anyway, so the situation is not made worse.

Add a couple of tests, one which direct checks that we return EBUSY as
desired, and one which verifies that one can destroy a condvar
immediately after waking up sleepers. This will help catch bugs like
the one referenced in r283250 (there it was the kernel's internal
condvar implementation).

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.Mar 7 2019, 6:09 PM

Herald added a reviewer: ngie. · View Herald TranscriptMar 7 2019, 6:09 PM

Harbormaster completed remote builds in B22941: Diff 54810.Mar 7 2019, 6:09 PM

markj added reviewers: jhb, kib.Mar 7 2019, 6:09 PM

markj added a subscriber: emaste.

This looks right to me. The only change I had locally is that I had added a helper function in thr_umtx.h since that seemed to match the style of other code in libthr:

static inline int
_thr_ucond_has_waiters(struct ucond *cv)
{
    return (cv->c_has_waiters != 0);
}

and then used that instead of looking at cvp->kcond directly. I don't mind either way though.

In D19496#417290, @jhb wrote:
This looks right to me. The only change I had locally is that I had added a helper function in thr_umtx.h since that seemed to match the style of other code in libthr:
static inline int
_thr_ucond_has_waiters(struct ucond *cv)
{
    return (cv->c_has_waiters != 0);
}
and then used that instead of looking at cvp->kcond directly. I don't mind either way though.

I considered this, but note that the tests are different depending on the condvar type, and there is existing code in thr_cond.c and thr_umtx.c that checks the field values directly.

It was only a minor suggestion as at the time it seemed more consistent. In my patches I hadn't handled the pshared case yet either fwiw.

This revision is now accepted and ready to land.Mar 7 2019, 7:12 PM

kib accepted this revision.Mar 7 2019, 7:36 PM

Two questions:

is there a test case for the EBUSY behavior?
is there a reason why one of the test cases was ifdef’ed FreeBSD, but the other wasn’t?

In D19496#417321, @ngie wrote:

Two questions:

is there a test case for the EBUSY behavior?

Yes, destroy_busy().

is there a reason why one of the test cases was ifdef’ed FreeBSD, but the other wasn’t?

The code change implements non-standard behaviour, and the test for that behaviour may fail on conforming implementations of the pthread API (like NetBSD's). The other test is for behaviour that is specifically permitted by the standard, so there's no reason to ifdef.