18743 – PowerPC: findutils testcase fails with --enable-lock-elision

Bug 18743 - PowerPC: findutils testcase fails with --enable-lock-elision

Summary: PowerPC: findutils testcase fails with --enable-lock-elision

Status:	RESOLVED FIXED

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	nptl (show other bugs)
Version:	2.21

Importance:	P2 normal
Target Milestone:	2.23
Assignee:	Tulio Magno Quites Machado Filho

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-07-30 16:23 UTC by Tulio Magno Quites Machado Filho
Modified:	2016-02-16 19:11 UTC (History)
CC List:	2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Flags:	fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tulio Magno Quites Machado Filho 2015-07-30 16:23:58 UTC

This has been initially reported at:
https://bugzilla.suse.com/show_bug.cgi?id=923486

OpenSUSE team found an intermittent issue with pthread's rwlock functions while running the tests from findutils.
test_twlock was reporting different values for check_accounts:

=== trial: 24: failure: 0
Starting test_lock ... OK
Starting test_rwlock ...check_accounts: sum=4006, expected 4000
check_accounts: sum=4006, expected 4000 
check_accounts: sum=4006, expected 4000
check_accounts: sum=4006, expected 4000
Aborted (core dumped)
=== trial: 25: failure: 1
=== trial: 616: failure: 29
Starting test_lock ... OK
Starting test_rwlock ...check_accounts: sum=3994, expected 4000
check_accounts: sum=3994, expected 4000 
check_accounts: sum=3994, expected 4000
check_accounts: sum=3994, expected 4000
Aborted (core dumped)
=== trial: 617: failure: 30
=== trial: 866: failure: 39

Comment 1 Sourceware Commits 2015-10-19 19:00:56 UTC

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  6ec52bf634b7650b57ff67b5f5053bce8992d549 (commit)
      from  44f826e317f28969ea6ca0e87aa4c6b69c819245 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6ec52bf634b7650b57ff67b5f5053bce8992d549

commit 6ec52bf634b7650b57ff67b5f5053bce8992d549
Author: Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com>
Date:   Wed Jul 22 09:26:02 2015 -0300

    PowerPC: Fix a race condition when eliding a lock
    
    The previous code used to evaluate the preprocessor token is_lock_free to
    a variable before starting a transaction.  This behavior can cause an
    error if another thread got the lock (without using a transaction)
    between the evaluation of the token and the beginning of the transaction.
    
    This bug can be triggered with the following order of events:
    1. The lock accessed by is_lock_free is free.
    2. Thread T1 evaluates is_lock_free and stores into register R1 that the
       lock is free.
    3. Thread T2 acquires the same lock used in is_lock_free.
    4. T1 begins the transaction, creating a memory barrier where is_lock_free
       is false, but R1 is true.
    5. T1 reads R1 and doesn't abort the transaction.
    6. T1 calls ELIDE_UNLOCK, which reads false from is_lock_free and decides
       to unlock a lock acquired by T2, leading to undefined behavior.
    
    This patch delays the evaluation of is_lock_free to inside a transaction
    by moving this part of the code to the macro ELIDE_LOCK.
    
    	[BZ #18743]
    	* sysdeps/powerpc/nptl/elide.h (__elide_lock): Move most of this
    	code to...
    	(ELIDE_LOCK): ...here.
    	(__get_new_count): New function with part of the code from
    	__elide_lock that updates the value of adapt_count after a
    	transaction abort.
    	(__elided_trylock): Moved this code to...
    	(ELIDE_TRYLOCK): ...here.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                    |   12 ++++
 NEWS                         |   14 +++---
 sysdeps/powerpc/nptl/elide.h |  115 +++++++++++++++++++++++-------------------
 3 files changed, 82 insertions(+), 59 deletions(-)

Comment 2 Tulio Magno Quites Machado Filho 2015-10-19 19:06:57 UTC

The patch has just been pushed to master.

Comment 3 Sourceware Commits 2015-10-20 15:47:10 UTC

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.22/master has been updated
       via  5b319ce2949cf6fb97862ff81558944f76c704f1 (commit)
      from  5fb7924cb6cf606ce865122e5bbac9df934db14e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5b319ce2949cf6fb97862ff81558944f76c704f1

commit 5b319ce2949cf6fb97862ff81558944f76c704f1
Author: Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com>
Date:   Wed Jul 22 09:26:02 2015 -0300

    PowerPC: Fix a race condition when eliding a lock
    
    The previous code used to evaluate the preprocessor token is_lock_free to
    a variable before starting a transaction.  This behavior can cause an
    error if another thread got the lock (without using a transaction)
    between the evaluation of the token and the beginning of the transaction.
    
    This bug can be triggered with the following order of events:
    1. The lock accessed by is_lock_free is free.
    2. Thread T1 evaluates is_lock_free and stores into register R1 that the
       lock is free.
    3. Thread T2 acquires the same lock used in is_lock_free.
    4. T1 begins the transaction, creating a memory barrier where is_lock_free
       is false, but R1 is true.
    5. T1 reads R1 and doesn't abort the transaction.
    6. T1 calls ELIDE_UNLOCK, which reads false from is_lock_free and decides
       to unlock a lock acquired by T2, leading to undefined behavior.
    
    This patch delays the evaluation of is_lock_free to inside a transaction
    by moving this part of the code to the macro ELIDE_LOCK.
    
    	[BZ #18743]
    	* sysdeps/powerpc/nptl/elide.h (__elide_lock): Move most of this
    	code to...
    	(ELIDE_LOCK): ...here.
    	(__get_new_count): New function with part of the code from
    	__elide_lock that updates the value of adapt_count after a
    	transaction abort.
    	(__elided_trylock): Moved this code to...
    	(ELIDE_TRYLOCK): ...here.
    
    (cherry picked from commit 6ec52bf634b7650b57ff67b5f5053bce8992d549)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                    |   12 ++++
 NEWS                         |    4 +-
 sysdeps/powerpc/nptl/elide.h |  115 +++++++++++++++++++++++-------------------
 3 files changed, 77 insertions(+), 54 deletions(-)

Comment 4 Sourceware Commits 2016-02-16 19:11:10 UTC

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, gentoo/2.22 has been updated
       via  b4f19537f9d26dbf95bd2e7d9c056400ad1b5723 (commit)
      from  0f74aed2de00dfbcae8e0217d6abdd5634e1c69c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b4f19537f9d26dbf95bd2e7d9c056400ad1b5723

commit b4f19537f9d26dbf95bd2e7d9c056400ad1b5723
Author: Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com>
Date:   Wed Jul 22 09:26:02 2015 -0300

    PowerPC: Fix a race condition when eliding a lock
    
    The previous code used to evaluate the preprocessor token is_lock_free to
    a variable before starting a transaction.  This behavior can cause an
    error if another thread got the lock (without using a transaction)
    between the evaluation of the token and the beginning of the transaction.
    
    This bug can be triggered with the following order of events:
    1. The lock accessed by is_lock_free is free.
    2. Thread T1 evaluates is_lock_free and stores into register R1 that the
       lock is free.
    3. Thread T2 acquires the same lock used in is_lock_free.
    4. T1 begins the transaction, creating a memory barrier where is_lock_free
       is false, but R1 is true.
    5. T1 reads R1 and doesn't abort the transaction.
    6. T1 calls ELIDE_UNLOCK, which reads false from is_lock_free and decides
       to unlock a lock acquired by T2, leading to undefined behavior.
    
    This patch delays the evaluation of is_lock_free to inside a transaction
    by moving this part of the code to the macro ELIDE_LOCK.
    
    	[BZ #18743]
    	* sysdeps/powerpc/nptl/elide.h (__elide_lock): Move most of this
    	code to...
    	(ELIDE_LOCK): ...here.
    	(__get_new_count): New function with part of the code from
    	__elide_lock that updates the value of adapt_count after a
    	transaction abort.
    	(__elided_trylock): Moved this code to...
    	(ELIDE_TRYLOCK): ...here.
    
    (cherry picked from commit 6ec52bf634b7650b57ff67b5f5053bce8992d549)
    (cherry picked from commit 5b319ce2949cf6fb97862ff81558944f76c704f1)

-----------------------------------------------------------------------

Summary of changes:
 sysdeps/powerpc/nptl/elide.h |  115 +++++++++++++++++++++++-------------------
 1 files changed, 63 insertions(+), 52 deletions(-)