This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug nptl/12674] sem_post/sem_wait race causing sem_post to return EINVAL


http://sourceware.org/bugzilla/show_bug.cgi?id=12674

Kevin Dempsey <kevin.dempsey at aculab dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kevin.dempsey at aculab dot
                   |                            |com

--- Comment #8 from Kevin Dempsey <kevin.dempsey at aculab dot com> 2012-02-10 16:26:32 UTC ---
We have been getting the same problem on an Amazon EC2 instance running a
Fedora 8 (2.6.21.7-5.fc8 kernel-xen) based image with glibc.i686 2.7-2, using
the nosegneg variant. The program aborts when sem_post() returns an error and
has been averaging one failure every three months.

Having seen this bug report, I have been testing with a program based on the
original reporters source. On an EC2 instance I have not had it run for more
than 4 hours before failing (I have not seen a failure on bare metal). When a
failure does occur the strace output shows the futex() syscall has been made
with an invalid operation:
12072 futex(0x9152098, 0x1010101 /* FUTEX_??? */, 1) = -1 ENOSYS (Function not
implemented)
presumably because the PRIVATE field has been overwritten.

>From the glibc source repository it appears that this race was introduced when
the change was made to make sem_post() only call FUTEX_WAKE when there are
threads waiting. In fact, with the test program forced to use the old
implementation (using .symver) I haven't had it fail.

If the value and nwaiters were next to each other then they could both be
accessed atomically using cmpxchg8b (on i586 and later). Perhaps then somebody
skilled in the art could eliminate the race condition?

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]