diff options
author | Filipe David Borba Manana <[email protected]> | 2012-12-27 12:45:26 +0000 |
---|---|---|
committer | Patrik Nyblom <[email protected]> | 2013-01-23 15:57:40 +0100 |
commit | a2ed83ab92c6267f5d5d459e69347c7db7e9ab48 (patch) | |
tree | 4f8a0ad77c8b12b6e7eabb9059e8d943b9765fd1 /lib/ic/doc | |
parent | 8b3bcc5a126dfbc4f7152345e7c6ebcadbaa9eb6 (diff) | |
download | otp-a2ed83ab92c6267f5d5d459e69347c7db7e9ab48.tar.gz otp-a2ed83ab92c6267f5d5d459e69347c7db7e9ab48.tar.bz2 otp-a2ed83ab92c6267f5d5d459e69347c7db7e9ab48.zip |
Fix efile_drv crash when using async thread pool
When using the async thread pool and compressed files, when
an efile driver port instance is shutdown, the efile_drv
stop callback closes the file descriptor (a gzFile instance
actually) - this is dangerous if at the same time there's
an async thread performing an operation against the file,
for example calling invoke_read(), which can result in a
segmentation fault, or calling invoke_close() which double
closes the gzFile and this in turn causes 2 consecutive calls
to driver_free() against same gzFile instance (resulting in
later unexpected crashes in erl_bestfit_alloc.c for example).
The following test program makes the emulator crash when using
the async thread pool:
-module(t2).
-export([t/1]).
t(N) ->
file:delete("foo.bar"),
% Use of 'compressed' option, for creating/writing the file,
% is irrelevant. It only matters when opening it later for
% reads - a non-compressed file open with the 'compressed'
% option goes through an internal gzFile handle (instead of
% a plain integer fd), just like a compressed file.
%{ok, Fd} = file:open("foo.bar", [raw, write, binary]),
{ok, Fd} = file:open("foo.bar", [raw, write, binary, compressed]),
ok = file:write(Fd, <<"qwerty">>),
ok = file:close(Fd),
Pid = spawn_link(fun() ->
process_flag(trap_exit, true),
loop(N)
end),
Ref = erlang:monitor(process, Pid),
receive
{'DOWN', Ref, _, _, _} ->
ok
end.
loop(0) ->
ok;
loop(N) ->
Server = self(),
Pid = spawn(fun() ->
{ok, Fd} = file:open("foo.bar", [read, raw, binary, compressed]),
Server ! continue,
% Comment the file:read/2 call to make the file:close/1 call much
% more likely to crash or end up causing efile_drv to close twice
% the fd (gzFile), which will make the emulator crash later in the
% best fit allocator (erl_bestfit_alloc.c).
_ = file:read(Fd, 5),
file:close(Fd)
end),
receive continue -> ok end,
exit(Pid, shutdown),
loop(N - 1).
Running this test when using the async thread pool:
shell> erl +A 4
Erlang R15B03 (erts-5.9.3.1) [source] [64-bit] [smp:4:4] [async-threads:4] [hipe] [kernel-poll:false]
Eshell V5.9.3.1 (abort with ^G)
1> c(t2).
{ok,t2}
2> t2:t(500000).
Segmentation fault (core dumped)
When not using the async thread pool, there are no issues:
shell> erl
Erlang R15B03 (erts-5.9.3.1) [source] [64-bit] [smp:4:4] [async-threads:0] [hipe] [kernel-poll:false]
Eshell V5.9.3.1 (abort with ^G)
1> c(t2).
{ok,t2}
2> t2:t(500000).
ok
3>
An example stack trace when the crash happens because there's
an ongoing read operation is:
Thread 1 (Thread 0x7f021cf2c700 (LWP 10687)):
#0 updatewindow (strm=0x2691bf8, out=5) at zlib/inflate.c:338
#1 0x00000000005a2ba0 in inflate (strm=0x2691bf8, flush=0) at zlib/inflate.c:1141
#2 0x000000000055c46a in erts_gzread (file=0x2691bf8, buf=0x7f0215b29e80, len=5) at drivers/common/gzio.c:523
#3 0x00000000005849ef in invoke_read (data=0x26b2228) at drivers/common/efile_drv.c:1114
#4 0x000000000050adcb in async_main (arg=0x7f021bf5cf40) at beam/erl_async.c:488
#5 0x00000000005c21a0 in thr_wrapper (vtwd=0x7fff69c6ff10) at pthread/ethread.c:106
#6 0x00007f021c573e9a in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#7 0x00007f021c097cbd in clone () from /lib/x86_64-linux-gnu/libc.so.6
#8 0x0000000000000000 in ?? ()
And when there's an ongoing close operation when the driver
is stopped:
Thread 1 (Thread 0x7fe5f5654700 (LWP 747)):
#0 0x0000000000459b64 in bf_unlink_free_block (block=0x10b2a70, allctr=<optimized out>, flags=<optimized out>) at beam/erl_bestfit_alloc.c:792
#1 bf_unlink_free_block (flags=0, block=0x10b2a70, allctr=0x873380) at beam/erl_bestfit_alloc.c:822
#2 bf_get_free_block (allctr=0x873380, size=<optimized out>, cand_blk=<optimized out>, cand_size=<optimized out>, flags=0) at beam/erl_bestfit_alloc.c:869
#3 0x000000000044f0dd in mbc_alloc_block (alcu_flgsp=<synthetic pointer>, blk_szp=<synthetic pointer>, size=200, allctr=0x873380) at beam/erl_alloc_util.c:1198
#4 mbc_alloc (allctr=0x873380, size=200) at beam/erl_alloc_util.c:1345
#5 0x000000000045449b in do_erts_alcu_alloc (size=200, extra=0x873380, type=165) at beam/erl_alloc_util.c:3442
#6 erts_alcu_alloc_thr_pref (type=165, extra=<optimized out>, size=192) at beam/erl_alloc_util.c:3520
#7 0x000000000055c0bf in gz_open (mode=0x5d98b2 "rb", path=0x1103418 "foo.bar") at drivers/common/gzio.c:164
#8 erts_gzopen (path=0x1103418 "foo.bar", mode=0x5d98b2 "rb") at drivers/common/gzio.c:307
#9 0x0000000000584e47 in invoke_open (data=0x1103330) at drivers/common/efile_drv.c:1857
#10 0x000000000050adcb in async_main (arg=0x7fe5f698af80) at beam/erl_async.c:488
Diffstat (limited to 'lib/ic/doc')
0 files changed, 0 insertions, 0 deletions