Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

threads/144558: Repeated calls to __rpc_createerr allocates multiple thread-specific data slots

2 views
Skip to first unread message

Sam Robb

unread,
Mar 8, 2010, 12:51:39 PM3/8/10
to freebsd-gn...@freebsd.org

>Number: 144558
>Category: threads
>Synopsis: Repeated calls to __rpc_createerr allocates multiple thread-specific data slots
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-threads
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Mar 08 18:00:16 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Sam Robb
>Release: 7.1
>Organization:
Avere Systems
>Environment:
FreeBSD build1.arriad.com 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan 1 08:58:24 UTC 2009 ro...@driscoll.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
On the first call to __rpc_createerr() in a thread, the function attempts to allocate a thread-specific slot to hold the rpc error data. Subsequent calls from the same thread continue to allocate new thread-specific slots without freeing the first, so that repeated calls eventually result in all available thread-specific data slots being allocated.

>How-To-Repeat:

>Fix:
Patch attached

Patch attached with submission follows:

--- a/src/lib/libc/rpc/mt_misc.c
+++ b/src/lib/libc/rpc/mt_misc.c
@@ -89,15 +89,16 @@ struct rpc_createerr rpc_createerr;
struct rpc_createerr *
__rpc_createerr()
{
- static thread_key_t rce_key = 0;
+ static thread_key_t rce_key = -1;
struct rpc_createerr *rce_addr = 0;

if (thr_main())
return (&rpc_createerr);
if ((rce_addr =
- (struct rpc_createerr *)thr_getspecific(rce_key)) != 0) {
+ (struct rpc_createerr *)thr_getspecific(rce_key)) == 0) {
mutex_lock(&tsd_lock);
- if (thr_keycreate(&rce_key, free) != 0) {
+ if ((rce_key == -1) &&
+ (thr_keycreate(&rce_key, free) != 0)) {
mutex_unlock(&tsd_lock);
return (&rpc_createerr);
}


>Release-Note:
>Audit-Trail:
>Unformatted:

Sam Robb

unread,
Mar 8, 2010, 2:00:17 PM3/8/10
to freebsd...@freebsd.org
The following reply was made to PR threads/144558; it has been noted by GNATS.

From: Sam Robb <sam...@averesystems.com>
To: bug-fo...@FreeBSD.org,
Sam Robb <sam...@averesystems.com>
Cc:
Subject: Re: threads/144558: Repeated calls to __rpc_createerr allocates multiple thread-specific data slots
Date: Mon, 8 Mar 2010 13:36:16 -0500

Example program that shows repeated allocation of thread-specific data =
slots caused by calling clnt_pcreateerror() from a thread.

#include <netinet/in.h>
#include <rpc/rpc.h>
#include <rpc/clnt.h>
#include <rpcsvc/rex.h>
#include <stdio.h>
#include <assert.h>
#include <stdlib.h>

void *
rce_test(void * arg)
{
struct sockaddr_in addr;
int i =3D 0;
pthread_key_t thr_key_start =3D -1;
pthread_key_t thr_key_end =3D -1;
int * pdata =3D malloc(sizeof(int));

pthread_key_create(&thr_key_start, pdata);
printf("thr_key_start =3D %d\n", thr_key_start);

for (i =3D 0; i <=3D 25 ; i++) {
CLIENT * client =3D NULL;
char buf[256];
pthread_key_t thr_key_intermediate =3D -1;

sprintf(buf, "Call #%d", i);
client =3D clnt_create("127.0.0.2", REXPROG, REXVERS, =
"udp");
clnt_pcreateerror(buf);

pthread_key_create(&thr_key_intermediate, pdata);
printf("thr_key_intermediate =3D %d\n", =
thr_key_intermediate);

if (client) {
clnt_destroy(client);
}
}

pthread_key_create(&thr_key_end, pdata);
printf("thr_key_end =3D %d\n", thr_key_end);

return pdata;
}

int main(int argc, char** argv)
{
pthread_t thread;
void *result;
pthread_attr_t attr =3D 0;
int res =3D 0;

res =3D pthread_create(&thread, &attr, rce_test, NULL);
assert(res =3D=3D 0);

res =3D pthread_join(thread, &result);
assert(res =3D=3D 0);

return 0;
}

John Baldwin

unread,
Mar 9, 2010, 10:20:04 AM3/9/10
to freebsd...@freebsd.org
The following reply was made to PR threads/144558; it has been noted by GNATS.

From: John Baldwin <j...@freebsd.org>
To: freebsd...@freebsd.org
Cc: Sam Robb <sam...@averesystems.com>,
freebsd-gn...@freebsd.org
Subject: Re: threads/144558: Repeated calls to __rpc_createerr allocates multiple thread-specific data slots

Date: Tue, 9 Mar 2010 10:11:00 -0500

On Monday 08 March 2010 12:51:39 pm Sam Robb wrote:
>
> >Number: 144558
> >Category: threads

> >Synopsis: Repeated calls to __rpc_createerr allocates multiple
thread-specific data slots

Can you try this patch instead? It changes the RPC code in libc to use
pthread_once() to execute init functions that create various pthread keys used
for per-thread data.

http://www.FreeBSD.org/~jhb/patches/rpc_once.patch

--
John Baldwin

John Baldwin

unread,
Mar 9, 2010, 10:11:00 AM3/9/10
to freebsd...@freebsd.org, Sam Robb, freebsd-gn...@freebsd.org
On Monday 08 March 2010 12:51:39 pm Sam Robb wrote:
>

Can you try this patch instead? It changes the RPC code in libc to use

0 new messages