[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8050) [PATCH] test060 slapd-mtread concurrency issues



Full_Name: Aaron Richton
Version: RE24
OS: Fedora 20
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (128.6.31.135)


While performing RE24 testing observed an issue in slapd-mtread:

==28795== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==28795==  Access not within mapped region at address 0x2FE9F9D0
==28795==    at 0x3A45E0A1%3: pthread_join (pthread_join.c:47)
==28795==    by 0x4A09005: ??? (in
/usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
==28795==    by 0x4A0BBA5: pthread_join (in
/usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
==28795==  by 0 0x409A2A: ldap_pvt_thread_join (thr_posix.c:197)
==28795==    by 0x405540: main (slapd-mtread.c:361)

Hmm, not particularly helpful. Gave this a run through helgrind, report below.
So far as I can tell we had one thread in ldap_dup protected by ldcmutex:

542         LDAP_MUTEX_LOCK( &old->ld_ldcmutex );
543         ld->ldc = old->ldc;
544         old->ld_ldcrefcnt++;
545         LDAP_MUTEX_UNLOCK( &old->ld_ldcmutex );

while ldap_get_option(LDAP_OPT_SESSION_REFCNT) is protected by ldo_mutex only.
As a quick attempt:

--- a/libraries/libldap/options.c
+++ b/libraries/libldap/options.c
@@ -123,6 +123,10 @@ ldap_get_option(
                return LDAP_OPT_ERROR;
        }
 
+       if( option == LDAP_OPT_SESSION_REFCNT ) {
+               LDAP_MUTEX_LOCK( &ld->ld_ldcmutex );
+       }
+
        LDAP_MUTEX_LOCK( &lo->ldo_mutex );
 
        switch(option) {
@@ -414,6 +418,11 @@ ldap_get_option(
        }
 
        LDAP_MUTEX_UNLOCK( &lo->ldo_mutex );
+
+       if( option == LDAP_OPT_SESSION_REFCNT ) {
+               LDAP_MUTEX_UNLOCK( &ld->ld_ldcmutex );
+       }
+
        return ( rc );
 }
 
helgrind looks happy with this. The if() is obviously optional but is hopefully
a small performance gain for ldap_get_option(others).

helgrind report:

==28795== Lock at 0x4C393D0 was first observed
==28795==    at 0x4A0BCCF: pthread_mutex_init (in
/usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
==28795==    by 0x409B08: ldap_pvt_thread_mutex_init (thr_posix.c:383)
==28795==    by 0x40A25A: ldap_create (open.c:180)
==28795==    by 0x40A3E4: ldap_initialize (open.c:240)
==28795==    by 0x4062B7: do_conn (slapd-mtread.c:584)
==28795==    by 0x40530A: main (slapd-mtread.c:331)
==28795== 
==28795== Lock at 0x4C393A8 was first observed
==28795==    at 0x4A0BCCF: pthread_mutex_init (in
/usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
==28795==    by 0x409B08: ldap_pvt_thread_mutex_init (thr_posix.c:283)
==28795==    by 0x409FBF: ldap_create (open.c:129)
==28795%%3=    by 0xA3A3E4: ldap_initialize (open.c:240)
==28795==    by 0x4062B7: do_conn (slapd-mtread.c:584)
==28795==    by 0x40530A: main (slapd-mtread.c:331)
==28795== 
==28795== Possible data race during write of size 4 at 0x4C39238 by thread #%2
==28795== Locks held: 1, at address 0x4C393D0
==28795==    at 0x412AC1: ldap_ld_free (unbind.c:87)
==28795==    by 0x4130EE: ldap_destroy (unbind.c:245)
==28795==    by 0x405BEF: do_onethread (slapd-mtread.c:455)
==28795==    by 0x4A0AECD: ??? (in
/usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
==28795==    by 0x3A45E07EE4: start_thread (pthread_create.c:309)
==28795==    by 0x3A45AF4B8C: clone (clone.S:111)
==28795== 
==28795== This conflicts with a previous read of size 4 by thread #29
==28795%%3= Locks held: 1, at address 0x4C393A8
==28795==    at 0x426957: ldap_get_option (options.c:374)
==28795==    by 0x405914: do_onethread (slapd-mtread.c:423)
==28795==    by 0x4A0AECD: ??? (in
/usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
==28795==    by 0x3A45E07EE4: start_thread (pthread_create.c:309)
==28795==    by 0x3A45AF4B8C: clone (clone.S:111)
==28795== 
==28795== Address 0x4C39238 is 88 bytes inside a block of size 736 alloc'd
==28795==    at 0x4A083F4: calloc (in
/usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
==28795==    by 0x43E4B1: ber_memcalloc_x (memory.c:283)
==28795==    by 0x409F4B: ldap_create (open.c:119)
==28795==    by 0x40A3E4: ldap_initialize (open.c:240)
==28795==    by 0x4062B7: do_conn (slapd-mtread.c:584)
==28795==    by 0x40530A: main (slapd-mtread.c:331)