Fix libthr segfault.
AbandonedPublic
Actions

Authored by mmokhi on Apr 25 2016, 3:40 PM.

Details

Reviewers

Summary

Using pthread_workqueue and libthr, locking/unlockig mutex results in segfault (null-deref.), due adding node to NULL tailq.
This fixes it

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

mmokhi updated this revision to Diff 15575.Apr 25 2016, 3:40 PM

mmokhi retitled this revision from to Fix libthr segfault..

mmokhi updated this object.

mmokhi edited the test plan for this revision. (Show Details)

mmokhi set the repository for this revision to rS FreeBSD src repository - subversion.

Herald added subscribers: Contributor Reviews (src), imp. · View Herald TranscriptApr 25 2016, 3:40 PM

cem added a reviewer: kib.Apr 25 2016, 3:46 PM

This seems wrong to me. TAILQ_INSERT_TAIL should do the right thing on empty lists. If it doesn't already, that's where the fix should go, I think.

In D6087#129590, @cem wrote:

This seems wrong to me. TAILQ_INSERT_TAIL should do the right thing on empty lists. If it doesn't already, that's where the fix should go, I think.

TAILQ_INSERT_TAIL handles empty queues just fine.

If the fault is real, the debugging data, i.e. at least the backtrace (from libthr compiled with -g) and dump of the curthread content are due.

In D6087#129590, @cem wrote:

This seems wrong to me. TAILQ_INSERT_TAIL should do the right thing on empty lists.

I personally expected that from TAILQ_INSERT_TAIL, but as far as i followed it, it's doing *(head)->tqh_last = (elm);
which assumes tqh_last != NULL without no clear reason.

Maybe we should do something for TAILQ_INSERT_TAIL, but till then this seems fixes it.

In D6087#129593, @kib wrote:

In D6087#129590, @cem wrote:

This seems wrong to me. TAILQ_INSERT_TAIL should do the right thing on empty lists. If it doesn't already, that's where the fix should go, I think.

TAILQ_INSERT_TAIL handles empty queues just fine.

If the fault is real, the debugging data, i.e. at least the backtrace (from libthr compiled with -g) and dump of the curthread content are due.

I should attach dumps here ?
Or in bugzilla ?

In D6087#129593, @kib wrote:

In D6087#129590, @cem wrote:

This seems wrong to me. TAILQ_INSERT_TAIL should do the right thing on empty lists. If it doesn't already, that's where the fix should go, I think.

TAILQ_INSERT_TAIL handles empty queues just fine.

If the fault is real, the debugging data, i.e. at least the backtrace (from libthr compiled with -g) and dump of the curthread content are due.

bugzilla issue : https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209036

In D6087#129603, @mokhi64_gmail.com wrote:

In D6087#129590, @cem wrote:

This seems wrong to me. TAILQ_INSERT_TAIL should do the right thing on empty lists.

I personally expected that from TAILQ_INSERT_TAIL, but as far as i followed it, it's doing *(head)->tqh_last = (elm);
which assumes tqh_last != NULL without no clear reason.

tqh_last is not NULL for initialized tailq.

Maybe we should do something for TAILQ_INSERT_TAIL, but till then this seems fixes it.

In D6087#129620, @kib wrote:

In D6087#129603, @mokhi64_gmail.com wrote:

In D6087#129590, @cem wrote:

This seems wrong to me. TAILQ_INSERT_TAIL should do the right thing on empty lists.

I personally expected that from TAILQ_INSERT_TAIL, but as far as i followed it, it's doing *(head)->tqh_last = (elm);
which assumes tqh_last != NULL without no clear reason.

tqh_last is not NULL for initialized tailq.

Maybe we should do something for TAILQ_INSERT_TAIL, but till then this seems fixes it.

Yes :) you are right.
I think we can delete this review.
Though i think it's a good feature for TAILQ_INSERT_TAIL to check for empty conditions too ;)

mmokhi abandoned this revision.Jan 7 2017, 11:12 PM

Revision Contents
Changeset List

Path

Size

lib/

libthr/

thread/

thr_mutex.c

9 lines

Diff 15575

View Options

lib/libthr/thread/thr_mutex.c

Fix libthr segfault.AbandonedPublicActions