From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D1987A0A0A for ; Thu, 3 Jun 2021 07:00:19 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C21A24013F; Thu, 3 Jun 2021 07:00:19 +0200 (CEST) Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) by mails.dpdk.org (Postfix) with ESMTP id DA5604013F for ; Thu, 3 Jun 2021 07:00:18 +0200 (CEST) Received: from mail-qv1-f71.google.com ([209.85.219.71]) by youngberry.canonical.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1lofSs-0000qF-Lp for stable@dpdk.org; Thu, 03 Jun 2021 05:00:18 +0000 Received: by mail-qv1-f71.google.com with SMTP id r11-20020a0cb28b0000b02901c87a178503so3543474qve.22 for ; Wed, 02 Jun 2021 22:00:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wRcg2RIh5JW1u3ugVTS5W7KiNO6F139d0vO3ztRFmUg=; b=dBOkxtkShuMQMwtXyPyasAXIL3obK4H1QL6H68RuM8aFnTmEEDUy8vFf+JoRmHTwt4 c6edeWDOxpv/IpZGSm+sQgtYObQvRxhDyIdGvb8JkxDvimFJBcNrL25zBdMhjBAfRIkE uspup1nnVVBEZU6dG6YUFarQs+njGlS/cNrODot0qa9ZSXupEziteQNY9WrSFnVocWcH 9K8iLbzN0orPAULv+Ml7CvP9hqFZmsALt+l3B4g42IOH+/SGdnA7iDzRgeinjbehTcNl TLY8HWR4WgZ2+DcboXNPm0hyfatrIMOsWMSl0we4LBFJoqOhm57k+6Jdba5CipyVGwGI 7zXQ== X-Gm-Message-State: AOAM530iLmlg0Ag3ceXfOlHGPHBDlNepkq61g2adjYGqA1fAKb/NbYcK txov5+N8WpEDOAXs1J05zG7vRaYTI5tFhkI4FxUJSDsAqUnyhth4KmOMHNLoVj5dMW0048Yzpql ayiTEAXq6ifUKIkT7XWrPmZEg2yyZFrJSJPOP00oR X-Received: by 2002:a05:622a:50a:: with SMTP id l10mr27300282qtx.235.1622696417547; Wed, 02 Jun 2021 22:00:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxaBMAwFnl+BeK4dCqcFLJftRPFY7U+7KNoBiD7+t0y4lKXhmKk0NCy2VHA92MVCRhqFUVpEXcT8RmuvBh/SgI= X-Received: by 2002:a05:622a:50a:: with SMTP id l10mr27300271qtx.235.1622696417313; Wed, 02 Jun 2021 22:00:17 -0700 (PDT) MIME-Version: 1.0 References: <20210521154907.320565-1-lucp.at.work@gmail.com> In-Reply-To: <20210521154907.320565-1-lucp.at.work@gmail.com> From: Christian Ehrhardt Date: Thu, 3 Jun 2021 06:59:51 +0200 Message-ID: To: Luc Pelletier Cc: dpdk stable Content-Type: text/plain; charset="UTF-8" Subject: Re: [dpdk-stable] [PATCH 19.11.9 1/2] eal: fix race in control thread creation X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" On Fri, May 21, 2021 at 5:49 PM Luc Pelletier wrote: > > [ upstream commit 34cc55cce6b180a6c3ee3fcf70a0fd56927f240d ] > > The creation of control threads uses a pthread barrier for > synchronization. This patch fixes a race condition where the pthread > barrier could get destroyed while one of the threads has not yet > returned from the pthread_barrier_wait function, which could result in > undefined behaviour. > > Fixes: 3a0d465d4c53 ("eal: fix use-after-free on control thread creation") > --- Thank you, applied to 19.11.9 (to become -rc2) now > lib/librte_eal/common/eal_common_thread.c | 49 +++++++++++++---------- > 1 file changed, 27 insertions(+), 22 deletions(-) > > diff --git a/lib/librte_eal/common/eal_common_thread.c b/lib/librte_eal/common/eal_common_thread.c > index f9a8cf14d..a5089ae49 100644 > --- a/lib/librte_eal/common/eal_common_thread.c > +++ b/lib/librte_eal/common/eal_common_thread.c > @@ -147,20 +147,25 @@ struct rte_thread_ctrl_params { > void *(*start_routine)(void *); > void *arg; > pthread_barrier_t configured; > + unsigned int refcnt; > }; > > +static void ctrl_params_free(struct rte_thread_ctrl_params *params) > +{ > + if (__atomic_sub_fetch(¶ms->refcnt, 1, __ATOMIC_ACQ_REL) == 0) { > + (void)pthread_barrier_destroy(¶ms->configured); > + free(params); > + } > +} > + > static void *rte_thread_init(void *arg) > { > - int ret; > struct rte_thread_ctrl_params *params = arg; > void *(*start_routine)(void *) = params->start_routine; > void *routine_arg = params->arg; > > - ret = pthread_barrier_wait(¶ms->configured); > - if (ret == PTHREAD_BARRIER_SERIAL_THREAD) { > - pthread_barrier_destroy(¶ms->configured); > - free(params); > - } > + pthread_barrier_wait(¶ms->configured); > + ctrl_params_free(params); > > return start_routine(routine_arg); > } > @@ -180,15 +185,18 @@ rte_ctrl_thread_create(pthread_t *thread, const char *name, > > params->start_routine = start_routine; > params->arg = arg; > + params->refcnt = 2; > > - pthread_barrier_init(¶ms->configured, NULL, 2); > - > - ret = pthread_create(thread, attr, rte_thread_init, (void *)params); > + ret = pthread_barrier_init(¶ms->configured, NULL, 2); > if (ret != 0) { > free(params); > return -ret; > } > > + ret = pthread_create(thread, attr, rte_thread_init, (void *)params); > + if (ret != 0) > + goto fail; > + > if (name != NULL) { > ret = rte_thread_setname(*thread, name); > if (ret < 0) > @@ -197,24 +205,21 @@ rte_ctrl_thread_create(pthread_t *thread, const char *name, > } > > ret = pthread_setaffinity_np(*thread, sizeof(*cpuset), cpuset); > - if (ret) > - goto fail; > + if (ret != 0) > + goto fail_cancel; > > - ret = pthread_barrier_wait(¶ms->configured); > - if (ret == PTHREAD_BARRIER_SERIAL_THREAD) { > - pthread_barrier_destroy(¶ms->configured); > - free(params); > - } > + pthread_barrier_wait(¶ms->configured); > + ctrl_params_free(params); > > return 0; > > -fail: > - if (PTHREAD_BARRIER_SERIAL_THREAD == > - pthread_barrier_wait(¶ms->configured)) { > - pthread_barrier_destroy(¶ms->configured); > - free(params); > - } > +fail_cancel: > pthread_cancel(*thread); > pthread_join(*thread, NULL); > + > +fail: > + (void)pthread_barrier_destroy(¶ms->configured); > + free(params); > + > return -ret; > } > -- > 2.25.1 > -- Christian Ehrhardt Staff Engineer, Ubuntu Server Canonical Ltd