From 6f9d4f595e4073807ad0e844cbb3b3d7158b76d5 Mon Sep 17 00:00:00 2001 From: Torvald Riegel Date: Wed, 17 Aug 2016 13:56:11 +0200 Subject: Fix incorrect double-checked locking related to _res_hconf.initialized. _res_hconf.initialized was not suitable for use in a multi-threaded environment due to the lack of atomics and memory barriers. Use of it was also unnecessary because _res_hconf_init did the right thing by using __libc_once. This patch fixes the glibc-internal uses by just calling _res_hconf_init unconditionally, and switches to a release MO atomic store for _res_hconf.initialized to fix the glibc side of the synchronization problem (which will maintain backward compatibility, but cannot fix the lack of acquire MO on any glibc-external loads). [BZ #20477] * resolv/res_hconf.c (do_init): Use atomic access. * resolv/res_hconf.h: Add comments. * nscd/aicache.c (addhstaiX): Call _res_hconf_init unconditionally. * nss/getXXbyYY_r.c (REENTRANT_NAME): Likewise. * sysdeps/posix/getaddrinfo.c (gaih_inet): Likewise. --- ChangeLog | 9 +++++++++ nscd/aicache.c | 3 +-- nss/getXXbyYY_r.c | 3 +-- resolv/res_hconf.c | 3 ++- resolv/res_hconf.h | 9 +++++++++ sysdeps/posix/getaddrinfo.c | 3 +-- 6 files changed, 23 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 59c68d8b9d..bc2c353c2e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2016-08-18 Torvald Riegel + + [BZ #20477] + * resolv/res_hconf.c (do_init): Use atomic access. + * resolv/res_hconf.h: Add comments. + * nscd/aicache.c (addhstaiX): Call _res_hconf_init unconditionally. + * nss/getXXbyYY_r.c (REENTRANT_NAME): Likewise. + * sysdeps/posix/getaddrinfo.c (gaih_inet): Likewise. + 2016-08-18 Stefan Liebler * sysdeps/ieee754/dbl-64/k_rem_pio2.c (__kernel_rem_pio2): diff --git a/nscd/aicache.c b/nscd/aicache.c index a2e6cf8475..32c8f57b41 100644 --- a/nscd/aicache.c +++ b/nscd/aicache.c @@ -101,8 +101,7 @@ addhstaiX (struct database_dyn *db, int fd, request_header *req, nip = hosts_database; /* Initialize configurations. */ - if (__glibc_unlikely (!_res_hconf.initialized)) - _res_hconf_init (); + _res_hconf_init (); if (__res_maybe_init (&_res, 0) == -1) no_more = 1; diff --git a/nss/getXXbyYY_r.c b/nss/getXXbyYY_r.c index 93af2538ec..18d3ad68cc 100644 --- a/nss/getXXbyYY_r.c +++ b/nss/getXXbyYY_r.c @@ -274,8 +274,7 @@ INTERNAL (REENTRANT_NAME) (ADD_PARAMS, LOOKUP_TYPE *resbuf, char *buffer, } #endif /* need _res */ #ifdef NEED__RES_HCONF - if (!_res_hconf.initialized) - _res_hconf_init (); + _res_hconf_init (); #endif /* need _res_hconf */ void *tmp_ptr = fct.l; diff --git a/resolv/res_hconf.c b/resolv/res_hconf.c index 5cd128916d..093c26837f 100644 --- a/resolv/res_hconf.c +++ b/resolv/res_hconf.c @@ -348,7 +348,8 @@ do_init (void) arg_trimdomain_list (ENV_TRIM_OVERR, 1, envval); } - _res_hconf.initialized = 1; + /* See comments on the declaration of _res_hconf. */ + atomic_store_release (&_res_hconf.initialized, 1); } diff --git a/resolv/res_hconf.h b/resolv/res_hconf.h index b97734df9e..a3d23f3e58 100644 --- a/resolv/res_hconf.h +++ b/resolv/res_hconf.h @@ -25,6 +25,15 @@ struct hconf { + /* We keep the INITIALIZED member only for backwards compatibility. New + code should just call _res_hconf_init unconditionally. For this field + to be used safely, users must ensure that either (1) a call to + _res_hconf_init happens-before any load from INITIALIZED, or (2) an + assignment of zero to INITIALIZED happens-before any load from it, and + these loads use acquire MO if the intent is to skip calling + _res_hconf_init if the load returns a nonzero value. Such acquire MO + loads will then synchronize with the release MO store to INITIALIZED + in do_init in res_hconf.c; see pthread_once for more detail. */ int initialized; int unused1; int unused2[4]; diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c index 574ce08aea..09fbc83cf8 100644 --- a/sysdeps/posix/getaddrinfo.c +++ b/sysdeps/posix/getaddrinfo.c @@ -816,8 +816,7 @@ gaih_inet (const char *name, const struct gaih_service *service, nip = __nss_hosts_database; /* Initialize configurations. */ - if (__glibc_unlikely (!_res_hconf.initialized)) - _res_hconf_init (); + _res_hconf_init (); if (__res_maybe_init (&_res, 0) == -1) no_more = 1; -- cgit v1.2.3