From patchwork Wed Sep 20 22:57:10 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: DJ Delorie <dj@redhat.com>
X-Patchwork-Id: 22982
Received: (qmail 20942 invoked by alias); 20 Sep 2017 22:57:15 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 20923 invoked by uid 89); 20 Sep 2017 22:57:15 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00, GIT_PATCH_0,
	GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RP_MATCHES_RCVD,
	SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=
X-HELO: mx1.redhat.com
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com ECB35C0587C5
Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com;
	dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com;
	spf=fail smtp.mailfrom=dj@redhat.com
Date: Wed, 20 Sep 2017 18:57:10 -0400
Message-Id: <xnd16lt1vd.fsf@greed.delorie.com>
From: DJ Delorie <dj@redhat.com>
To: libc-alpha@sourceware.org
Subject: [patch] Fix for bz22161: ncsd: avoid dangling lock in netgroup
	cache timeout code

Patch for https://sourceware.org/bugzilla/show_bug.cgi?id=22161

 "From the bz: in nscd/netgroupcache.c in addinnetgrX() we call
  mempool_alloc(..., 1) which takes a lock on the database.  If we
  exit via the "bump timeout" clause, the lock is not released."

This patch adds an unlock if mempool_alloc actually took a lock, in
the case where we return early because the timeout hasn't timed out.

Because the dangling lock is a read lock, queries to the database
continue to work.  The cache prune thread eventually becomes
deadlocked, and queries stop seeing updates (i.e. they return stale
data forever).

Original patch by Al Heisner via https://bugzilla.redhat.com/show_bug.cgi?id=1277672

2017-09-20  DJ Delorie  <dj@redhat.com>

	* nscd/netgroupcache.c (addinnetgrX): Release read lock after
	bumping timeout values.
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>

diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index cd0c3ea..3ca96f8 100644
--- a/nscd/netgroupcache.c
+++ b/nscd/netgroupcache.c
@@ -584,6 +584,8 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
       dh->timeout = timeout;
       dh->ttl = dataset->head.ttl;
       ++dh->nreloads;
+      if (cacheable)
+        pthread_rwlock_unlock (&db->lock);
       return timeout;
     }