nptl: Fix racy pipe closing in tst-cancel{20,21}

The tst-cancel20 open two pipes and creates a thread which blocks
reading the first pipe.  It then issues a signal to activate the
signal handler which in turn blocks reading the second pipe end.
Finally the cancellation cleanup-up handlers are tested by first
closing the all the pipes ends and issuing a pthread_cancel.
The tst-cancel21 have a similar behavior, but use an extra fork
after the test itself.

The race condition occurs if the cancellation handling acts after the
pipe close: in this case read will return EOF (indicating side-effects)
and thus the cancellation must not act.  However current GLIBC
cancellation behavior acts regardless the syscalls returns with
sid-effects.

This patch adjust the test by moving the pipe closing after the
cancellation handling.  This avoid spurious cancellation if the case
of the race described.

Checked on x86_64 and i386.

	* nptl/tst-cancel20.c (do_one_test): Move the pipe closing after
	pthread_join.
	* nptl/tst-cancel21.c (tf): Likewise.

diff --git a/ChangeLog b/ChangeLog
index 9da4f3c..b768cd5 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2015-12-02  Adhemerval Zanella  <adhemerval.zanella@linaro.org>
+
+       * nptl/tst-cancel20.c (do_one_test): Move the pipe closing after
+       pthread_join.
+       * nptl/tst-cancel21.c (tf): Likewise.
+
 2015-12-01  H.J. Lu  <hongjiu.lu@intel.com>
 
        [BZ #19313]

diff --git a/nptl/tst-cancel20.c b/nptl/tst-cancel20.c
index 51b558e..91452fb 100644 (file)
--- a/nptl/tst-cancel20.c
+++ b/nptl/tst-cancel20.c
@@ -145,12 +145,6 @@ do_one_test (void)
       return 1;
     }
 
-  /* This will cause the read in the child to return.  */
-  close (fd[0]);
-  close (fd[1]);
-  close (fd[2]);
-  close (fd[3]);
-
   void *ret;
   if (pthread_join (th, &ret) != 0)
     {
@@ -170,6 +164,15 @@ do_one_test (void)
       return 1;
     }
 
+  /* The pipe closing must be issued after the cancellation handling to avoid
+     a race condition where the cancellation runs after both pipe ends are
+     closed.  In this case the read syscall returns EOF and the cancellation
+     must not act.  */
+  close (fd[0]);
+  close (fd[1]);
+  close (fd[2]);
+  close (fd[3]);
+
   return 0;
 }
 

diff --git a/nptl/tst-cancel21.c b/nptl/tst-cancel21.c
index b54f236..d082776 100644 (file)
--- a/nptl/tst-cancel21.c
+++ b/nptl/tst-cancel21.c
@@ -123,12 +123,6 @@ tf (void *arg)
       exit (1);
     }
 
-  /* This will cause the read in the initial thread to return.  */
-  close (fd[0]);
-  close (fd[1]);
-  close (fd[2]);
-  close (fd[3]);
-
   void *ret;
   if (pthread_join (th, &ret) != 0)
     {
@@ -154,6 +148,15 @@ tf (void *arg)
       exit (1);
     }
 
+  /* The pipe closing must be issued after the cancellation handling to avoid
+     a race condition where the cancellation runs after both pipe ends are
+     closed.  In this case the read syscall returns EOF and the cancellation
+     must not act.  */
+  close (fd[0]);
+  close (fd[1]);
+  close (fd[2]);
+  close (fd[3]);
+
   exit (0);
 }