From graf@schurli.wu-wien.ac.at  Thu Apr 10 01:48:20 2003
Return-Path: <graf@schurli.wu-wien.ac.at>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9B89837B401
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 10 Apr 2003 01:48:20 -0700 (PDT)
Received: from schurli.wu-wien.ac.at (schurli.wu-wien.ac.at [137.208.16.32])
	by mx1.FreeBSD.org (Postfix) with SMTP id 7CE1243F93
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 10 Apr 2003 01:48:19 -0700 (PDT)
	(envelope-from graf@schurli.wu-wien.ac.at)
Received: (qmail 14875 invoked by uid 1000); 10 Apr 2003 08:48:17 -0000
Message-Id: <20030410084817.14874.qmail@schurli.wu-wien.ac.at>
Date: 10 Apr 2003 08:48:17 -0000
From: Georg Graf <georg@graf.priv.at>
Reply-To: Georg Graf <georg@graf.priv.at>
To: FreeBSD-gnats-submit@freebsd.org
Cc: <georg@graf.priv.at>, gonter@buddy.wu-wien.ac.at
Subject: popen in libc_r not threadsafe
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         50770
>Category:       bin
>Synopsis:       popen in libc_r not threadsafe
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    yar
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 10 01:50:07 PDT 2003
>Closed-Date:    Wed Dec 15 13:14:50 GMT 2004
>Last-Modified:  Wed Dec 15 13:14:50 GMT 2004
>Originator:     Georg Graf
>Release:        FreeBSD 4.7-RELEASE-p7 i386
>Organization:
WU WIEN
>Environment:
System: FreeBSD schurli.wu-wien.ac.at 4.7-RELEASE-p7 FreeBSD
4.7-RELEASE-p7 #0: Tue Mar 4 07:47:12 CET 2003
root@mingus.wu-wien.ac.at:/usr/obj/usr/src/sys/GENERIC i386

System: FreeBSD milo.wu-wien.ac.at 4.8-RELEASE FreeBSD 4.8-RELEASE #0:
Wed Apr 2 18:22:23 CEST 2003
root@milo.wu-wien.ac.at:/usr/obj/usr/src/sys/GENERIC i386

System: FreeBSD philip.wu-wien.ac.at 5.0-RELEASE FreeBSD 5.0-RELEASE #0:
Wed Apr 9 14:30:35 CEST 2003
root@philip.wu-wien.ac.at:/usr/obj/usr/src/sys/PHILIP i386

>Description:
Using popen(3) from within a thread causes weird behavior after running
the program for a while. I assume that the pipe creation code in popen
and the pipe deletion code in pclose should be made reentrant in libc_r.

Some of the created childs stay hanging in a fcntl loop before doing the
exec, as shown in http://schurli.wu-wien.ac.at/pthread/pr. And in the
parent process the pclose(3) call in some threads constantly fails with
EAGAIN.

Note also that this program may crash a 4.7-RELEASE-p8 (not exactly sure
about the patchlevel) SMP machine. Should I file an extra PR for that?

>How-To-Repeat:
Basically: Call popen() and pclose() in a program compiled with
-pthread, and do not protect these calls with a mutex.

I have haunted this bug on  http://schurli.wu-wien.ac.at/pthread.tgz
"co -r1.32 thread.c" gives a version where you can see the described
behavior.

>Fix:
The workaround: protect the popen and pclose calls with a mutex, so that
the operations on filedescriptors in the global scope are atomic. (As
done in -r1.33 of my program). IMO for a fix this should be moved into
the library.

Please contact me if you want me to propose a fix for that.

Thank you!

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->patched 
State-Changed-By: tjr 
State-Changed-When: Fri Apr 11 06:26:00 PDT 2003 
State-Changed-Why:  
This has been fixed in -current since January. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=50770 
Responsible-Changed-From-To: freebsd-bugs->tjr 
Responsible-Changed-By: tjr 
Responsible-Changed-When: Fri Apr 11 06:27:18 PDT 2003 
Responsible-Changed-Why:  
I will merge the popen thread safety changes into -stable. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=50770 
Responsible-Changed-From-To: tjr->freebsd-bugs 
Responsible-Changed-By: tjr 
Responsible-Changed-When: Fri Apr 23 06:20:28 PDT 2004 
Responsible-Changed-Why:  
I no longer have resources to support RELENG_4. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=50770 
State-Changed-From-To: patched->closed 
State-Changed-By: yar 
State-Changed-When: Wed Dec 15 13:13:19 GMT 2004 
State-Changed-Why:  
The fix has been merged into RELENG_4.  Thanks! 


Responsible-Changed-From-To: freebsd-bugs->yar 
Responsible-Changed-By: yar 
Responsible-Changed-When: Wed Dec 15 13:13:19 GMT 2004 
Responsible-Changed-Why:  
I did the merge, so I'd like to see possible feedback. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=50770 
>Unformatted:
