Skip Menu |
 

From: Ken Raeburn <raeburn@raeburn.org>
To: krb5-bugs@mit.edu
Subject: destroying locked mutex
Date: Thu, 14 Aug 2008 08:33:30 -0400
Download (untitled) / with headers
text/plain 1.8KiB
We should check NetBSD results more often; they're currently reporting
assertion failures in the thread library for a lot of our test
programs, though the core files I've looked at so far aren't giving me
terribly useful stack traces. Here's one example from a program run
under gdb with no particular environment setup:

(gdb) run ATHENA.MIT.EDU
Starting program: /usr/home/krbsnap/autobuild-shared/
work-20080814.0500/krb5-current/src/lib/krb5/os/t_locate_kdc
ATHENA.MIT.EDU
t_locate_kdc: Error detected by libpthread: Destroying locked mutex.
Detected by file "/home/builds/ab/netbsd-3-0-RELEASE/src/lib/
libpthread/pthread_mutex.c", line 135, function "pthread_mutex_destroy".
See pthread(3) for information.

Program received signal SIGABRT, Aborted.
[Switching to LWP 1]
0x000000016022d860 in kill () from /usr/lib/libc.so.12
(gdb) bt
#0 0x000000016022d860 in kill () from /usr/lib/libc.so.12
#1 0x00000001601e4968 in pthread__errorfunc () from /usr/lib/
libpthread.so.0
#2 0x00000001601dfd38 in pthread_mutex_destroy ()
from /usr/lib/libpthread.so.0
#3 0x00000001600f3ebc in profile_free_file_data (data=0x120020200)
at prof_file.c:602
#4 0x00000001600f334c in profile_dereference_data (data=0x120020200)
at prof_file.c:547
#5 0x00000001600f3be4 in profile_free_file (prf=0x12001c0e0)
at prof_file.c:570
#6 0x00000001600f4328 in profile_close_file (prf=0x12001c0e0)
at prof_file.c:613
#7 0x00000001600eff54 in profile_open_file (filespec=0x120020200 "",
ret_prof=0x1ffffea00) at prof_file.c:297
#8 0x00000001600f8c0c in profile_init (files=0x0,
ret_profile=0x12001a048)
at prof_init.c:43
#9 0x00000001600e5164 in os_init_paths (ctx=0x12001a000, kdc=0)
at init_os_ctx.c:343
#10 0x00000001600e5214 in krb5_os_init_context (ctx=0x12001a000, kdc=6)
at init_os_ctx.c:397
Subject: k5_mutex_destroy calls pthread_mutex_destroy with mutex locked
CC: raeburn@mit.edu
Download (untitled) / with headers
text/plain 1.2KiB
Detected with the development version of valgrind in which helgrind
actually works.

It complains that calls to pthread_mutex_destroy were made w/ the mutex
locked - which is a no-no. It returns EBUSY which according to the man
page means" The implementation has detected an attempt to destroy the
object referenced by mutex while it is locked or referenced"

Sure enough there is a logic bug in the macro k5_mutex_destroy. The use
of "&&" in the following:

k5_mutex_lock(M) && ((M)->loc_last = K5_DEBUG_LOC, k5_mutex_unlock(M)), \
k5_os_mutex_destroy(&(M)->os))


k5_mutex_lock will return 0 on success. Therefore the rest of the
expression is not evaluated - and the mutex will not be unlocked!!

! before the lock request solves the problem:

===================================================================
--- k5-thread.h (revision 20676)
+++ k5-thread.h (working copy)
@@ -693,7 +694,7 @@
#define k5_mutex_destroy(M) \
(k5_os_mutex_assert_unlocked(&(M)->os), \
krb5int_mutex_report_stats(M), \
- k5_mutex_lock(M) && ((M)->loc_last = K5_DEBUG_LOC,
k5_mutex_unlock(M)),
\
+ !k5_mutex_lock(M) && ((M)->loc_last = K5_DEBUG_LOC,
k5_mutex_unlock(M))
, \
k5_os_mutex_destroy(&(M)->os))

#if __GNUC__ >= 4
From: Ken Raeburn <raeburn@MIT.EDU>
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #6090] k5_mutex_destroy calls pthread_mutex_destroy with mutex locked
Date: Wed, 20 Aug 2008 15:55:03 -0400
RT-Send-Cc:
On Aug 20, 2008, at 15:38, Ezra Peisach via RT wrote:
Show quoted text
> Detected with the development version of valgrind in which helgrind
> actually works.

Yeah, I was looking at that in the context of a NetBSD build that was
reporting errors; the NetBSD thread support does these sorts of checks
automatically and blows up if you mess it up. I was going to change
"&&" to "||" but adding "!" works too. :)

(Weirdly enough, though, the build *stopped* failing when we fixed a
bug in the snapshot process and started testing today's code instead
of something from last month. I'm not sure what's up with that.)

Ken
Date: Wed, 20 Aug 2008 16:02:32 -0400
From: Ezra Peisach <epeisach@MIT.EDU>
To: rt-comment@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #6090] k5_mutex_destroy calls pthread_mutex_destroy with mutex locked
RT-Send-Cc:
Ken Raeburn via RT wrote:
Show quoted text
>
> (Weirdly enough, though, the build *stopped* failing when we fixed a
> bug in the snapshot process and started testing today's code instead
> of something from last month. I'm not sure what's up with that.)
>
>
You did turn off thread debugging recently... Maybe that was related....
Show quoted text
> Ken
>
>
From: raeburn@mit.edu
Subject: SVN Commit

Fix sense of test of lock call preparing to update debug info in
k5_mutex_destroy.
Thanks, Ezra.
Commit By: raeburn



Revision: 20690
Changed Files:
U trunk/src/include/k5-thread.h