Bug 27304 - pthread_cond_destroy does not pass private flag to futex system calls
Summary: pthread_cond_destroy does not pass private flag to futex system calls
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: nptl (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: 2.34
Assignee: Florian Weimer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-01 08:22 UTC by Florian Weimer
Modified: 2021-03-16 09:55 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Weimer 2021-02-01 08:22:41 UTC
Commit dc6cfdc934db9997c33728082d63552b9eee4563 ("nptl: Move pthread_cond_destroy implementation into libc") dropped use of the process-shared flag because of this optimization in sysdeps/nptl/lowlevellock-futex.h:

# if IS_IN (libc) || IS_IN (rtld)
/* In libc.so or ld.so all futexes are private.  */
#  define __lll_private_flag(fl, private)                       \
  ({                                                            \
    /* Prevent warnings in callers of this macro.  */           \
    int __lll_private_flag_priv __attribute__ ((unused));       \
    __lll_private_flag_priv = (private);                        \
    ((fl) | FUTEX_PRIVATE_FLAG);                                \
  })
# else
#  define __lll_private_flag(fl, private) \
  (((fl) | FUTEX_PRIVATE_FLAG) ^ (private))
# endif

I think the fix is to remove the optimization because it is unused. The internal locks are always private, so the optimization does not matter to them.

On x86-64, pthread_cond_destroy is the only place where the alternative macro definition results in changed machine code, but we do not actually want this change there (because it probably breaks process-shared condition variables).
Comment 1 Florian Weimer 2021-02-01 08:47:15 UTC
Patch posted: https://sourceware.org/pipermail/libc-alpha/2021-February/122181.html
Comment 2 Florian Weimer 2021-02-01 08:48:32 UTC
Note that this is sadly unrelated to the libdb/RPM database corruption we see on s390x; we have not backported this into the glibc 2.28 branch where we see this.
Comment 3 cvs-commit@gcc.gnu.org 2021-02-04 14:33:08 UTC
The master branch has been updated by Florian Weimer <fw@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c4ad832276f4dadfa40904109b26a521468f66bc

commit c4ad832276f4dadfa40904109b26a521468f66bc
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Feb 4 15:00:20 2021 +0100

    nptl: Remove private futex optimization [BZ #27304]
    
    It is effectively used, unexcept for pthread_cond_destroy, where we do
    not want it; see bug 27304.  The internal locks do not support a
    process-shared mode.
    
    This fixes commit dc6cfdc934db9997c33728082d63552b9eee4563 ("nptl:
    Move pthread_cond_destroy implementation into libc").
    
    Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
Comment 4 Florian Weimer 2021-02-04 14:35:52 UTC
Fixed for glibc 2.34.
Comment 5 Florian Weimer 2021-03-16 09:22:31 UTC
It turns out that LTP actually tests for this bug.
Comment 6 cvs-commit@gcc.gnu.org 2021-03-16 09:55:12 UTC
The release/2.33/master branch has been updated by Florian Weimer <fw@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=79c6be6a0ad59e28cfb73ad6cae6b073e22836e3

commit 79c6be6a0ad59e28cfb73ad6cae6b073e22836e3
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Feb 4 15:00:20 2021 +0100

    nptl: Remove private futex optimization [BZ #27304]
    
    It is effectively used, unexcept for pthread_cond_destroy, where we do
    not want it; see bug 27304.  The internal locks do not support a
    process-shared mode.
    
    This fixes commit dc6cfdc934db9997c33728082d63552b9eee4563 ("nptl:
    Move pthread_cond_destroy implementation into libc").
    
    Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
    (cherry picked from commit c4ad832276f4dadfa40904109b26a521468f66bc)