Fix potential hanging of gethostbyaddr_r/gethostbyname_r

When "reorder" resolver option is enabled, threads of a multi-threaded process
could hang in gethostbyaddr_r, gethostbyname_r, or gethostbyname2_r.

Due to a trivial bug in _res_hconf_reorder_addrs, simultaneous
invocations of this function in a multi-threaded process could result to
_res_hconf_reorder_addrs returning without releasing the lock it holds,
causing other threads to block indefinitely while waiting for the lock
that is not going to be released.

[BZ #17977]
* resolv/res_hconf.c (_res_hconf_reorder_addrs): Fix unlocking
when initializing interface list, based on the bug analysis
and the patch proposed by Eric Newton.
* resolv/tst-res_hconf_reorder.c: New test.
* resolv/Makefile [$(have-thread-library) = yes] (tests): Add
tst-res_hconf_reorder.
($(objpfx)tst-res_hconf_reorder): Depend on $(libdl)
and $(shared-thread-library).
(tst-res_hconf_reorder-ENV): New variable.

diff --git a/ChangeLog b/ChangeLog
index 9890872..dee1967 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
 2015-06-23  Dmitry V. Levin  <ldv@altlinux.org>
 
+       [BZ #17977]
+       * resolv/res_hconf.c (_res_hconf_reorder_addrs): Fix unlocking
+       when initializing interface list, based on the bug analysis
+       and the patch proposed by Eric Newton.
+       * resolv/tst-res_hconf_reorder.c: New test.
+       * resolv/Makefile [$(have-thread-library) = yes] (tests): Add
+       tst-res_hconf_reorder.
+       ($(objpfx)tst-res_hconf_reorder): Depend on $(libdl)
+       and $(shared-thread-library).
+       (tst-res_hconf_reorder-ENV): New variable.
+
        * resolv/res_hconf.c (_res_hconf_reorder_addrs): Fix typo
        in comment.
 

diff --git a/NEWS b/NEWS
index 4e21210..d103251 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -14,16 +14,16 @@ Version 2.22
   16560, 16704, 16783, 16850, 17053, 17090, 17195, 17269, 17293, 17322,
   17523, 17542, 17569, 17581, 17588, 17596, 17620, 17621, 17628, 17631,
   17692, 17711, 17715, 17776, 17779, 17792, 17836, 17912, 17916, 17930,
-  17932, 17944, 17949, 17964, 17965, 17967, 17969, 17978, 17987, 17991,
-  17996, 17998, 17999, 18007, 18019, 18020, 18029, 18030, 18032, 18034,
-  18036, 18038, 18039, 18042, 18043, 18046, 18047, 18049, 18068, 18080,
-  18093, 18100, 18104, 18110, 18111, 18116, 18125, 18128, 18138, 18185,
-  18196, 18197, 18206, 18210, 18211, 18217, 18220, 18221, 18234, 18244,
-  18247, 18287, 18319, 18324, 18333, 18346, 18397, 18409, 18410, 18412,
-  18418, 18422, 18434, 18444, 18468, 18469, 18470, 18479, 18483, 18495,
-  18496, 18497, 18498, 18507, 18512, 18513, 18519, 18520, 18522, 18527,
-  18528, 18529, 18530, 18532, 18533, 18534, 18536, 18539, 18540, 18542,
-  18544, 18545, 18546, 18547, 18553, 18558, 18569.
+  17932, 17944, 17949, 17964, 17965, 17967, 17969, 17977, 17978, 17987,
+  17991, 17996, 17998, 17999, 18007, 18019, 18020, 18029, 18030, 18032,
+  18034, 18036, 18038, 18039, 18042, 18043, 18046, 18047, 18049, 18068,
+  18080, 18093, 18100, 18104, 18110, 18111, 18116, 18125, 18128, 18138,
+  18185, 18196, 18197, 18206, 18210, 18211, 18217, 18220, 18221, 18234,
+  18244, 18247, 18287, 18319, 18324, 18333, 18346, 18397, 18409, 18410,
+  18412, 18418, 18422, 18434, 18444, 18468, 18469, 18470, 18479, 18483,
+  18495, 18496, 18497, 18498, 18507, 18512, 18513, 18519, 18520, 18522,
+  18527, 18528, 18529, 18530, 18532, 18533, 18534, 18536, 18539, 18540,
+  18542, 18544, 18545, 18546, 18547, 18553, 18558, 18569.
 
 * Cache information can be queried via sysconf() function on s390 e.g. with
   _SC_LEVEL1_ICACHE_SIZE as argument.

diff --git a/resolv/Makefile b/resolv/Makefile
index f62eea4..3509d98 100644 (file)
--- a/resolv/Makefile
+++ b/resolv/Makefile
@@ -39,6 +39,7 @@ extra-libs := libresolv libnss_dns
 ifeq ($(have-thread-library),yes)
 extra-libs += libanl
 routines += gai_sigqueue
+tests += tst-res_hconf_reorder
 endif
 extra-libs-others = $(extra-libs)
 libresolv-routines := gethnamaddr res_comp res_debug   \
@@ -98,6 +99,9 @@ $(objpfx)libanl.so: $(shared-thread-library)
 
 $(objpfx)ga_test: $(objpfx)libanl.so $(shared-thread-library)
 
+$(objpfx)tst-res_hconf_reorder: $(libdl) $(shared-thread-library)
+tst-res_hconf_reorder-ENV = RESOLV_REORDER=on
+
 $(objpfx)tst-leaks: $(objpfx)libresolv.so
 tst-leaks-ENV = MALLOC_TRACE=$(objpfx)tst-leaks.mtrace
 $(objpfx)mtrace-tst-leaks.out: $(objpfx)tst-leaks.out

diff --git a/resolv/res_hconf.c b/resolv/res_hconf.c
index c9642ce..0d4f3f4 100644 (file)
--- a/resolv/res_hconf.c
+++ b/resolv/res_hconf.c
@@ -473,10 +473,10 @@ _res_hconf_reorder_addrs (struct hostent *hp)
          errno = save;
 
          num_ifs = new_num_ifs;
-
-         __libc_lock_unlock (lock);
        }
 
+      __libc_lock_unlock (lock);
+
       __close (sd);
     }
 

diff --git a/resolv/tst-res_hconf_reorder.c b/resolv/tst-res_hconf_reorder.c
new file mode 100644 (file)
index 0000000..1e7e0e2
--- /dev/null
+++ b/resolv/tst-res_hconf_reorder.c
@@ -0,0 +1,112 @@
+/* BZ #17977 _res_hconf_reorder_addrs test.
+
+   Copyright (C) 2015 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <dlfcn.h>
+#include <pthread.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+
+static struct timespec ts;
+
+/* The first thread that gets a lock in _res_hconf_reorder_addrs()
+   should hold the lock long enough to make two other threads blocked.
+   This is achieved by slowing down realloc(3) that is called several times
+   by _res_hconf_reorder_addrs().  */
+
+void *
+realloc (void *ptr, size_t len)
+{
+  static void *(*fun) (void *, size_t);
+
+  if (!fun)
+    fun = dlsym (RTLD_NEXT, "realloc");
+
+  if (ts.tv_nsec)
+    nanosleep (&ts, NULL);
+
+  return (*fun) (ptr, len);
+}
+
+static void *
+resolve (void *arg)
+{
+  struct in_addr addr;
+  struct hostent ent;
+  struct hostent *result;
+  int err;
+  char buf[1024];
+
+  addr.s_addr = htonl (INADDR_LOOPBACK);
+  (void) gethostbyaddr_r ((void *) &addr, sizeof (addr), AF_INET,
+                         &ent, buf, sizeof (buf), &result, &err);
+  return arg;
+}
+
+static int
+do_test (void)
+{
+  #define N 3
+  pthread_t thr[N];
+  unsigned int i;
+  int result = 0;
+
+  /* turn on realloc slowdown */
+  ts.tv_nsec = 100000000;
+
+  for (i = 0; i < N; ++i)
+    {
+      int rc = pthread_create (&thr[i], NULL, resolve, NULL);
+
+      if (rc)
+       {
+         printf ("pthread_create: %s\n", strerror(rc));
+         exit (1);
+       }
+    }
+
+  for (i = 0; i < N; ++i)
+    {
+      void *retval;
+      int rc = pthread_join (thr[i], &retval);
+
+      if (rc)
+       {
+         printf ("pthread_join: %s\n", strerror(rc));
+         exit (1);
+       }
+      if (retval)
+       {
+         printf ("thread %u exit status %p\n", i, retval);
+         result = 1;
+       }
+    }
+
+  /* turn off realloc slowdown, no longer needed */
+  ts.tv_nsec = 0;
+
+  return result;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"