[alsa-devel] [PATCH] pcm: Fix shm initialization race-condition
Ismael Luceno
ismael at iodev.co.uk
Mon Aug 22 18:02:39 CEST 2016
On 22/Ago/2016 17:11, Takashi Iwai wrote:
> On Mon, 22 Aug 2016 17:02:41 +0200,
> Ismael Luceno wrote:
> >
> > On 22/Ago/2016 11:26, Takashi Iwai wrote:
> > > On Sun, 14 Aug 2016 02:28:52 +0200,
> > > Ismael Luceno wrote:
> > > >
> > > > Easily seen when two threads try at the same time, one of them will fail.
> > > >
> > > > The bug was identified by using apulse with Skype.
> > > >
> > > > Fixes: dec428c35221 ("pcm: fix 'unable to create IPC shm instance' caused by fork from a thread")
> > > > Fixes: https://github.com/i-rinat/apulse/issues/38
> > > > Signed-off-by: Ismael Luceno <ismael at iodev.co.uk>
> > > > ---
> > > > src/pcm/pcm_direct.c | 2 ++
> > > > 1 file changed, 2 insertions(+)
> > > >
> > > > diff --git a/src/pcm/pcm_direct.c b/src/pcm/pcm_direct.c
> > > > index c3925cc20fd3..b5215ba35406 100644
> > > > --- a/src/pcm/pcm_direct.c
> > > > +++ b/src/pcm/pcm_direct.c
> > > > @@ -101,6 +101,8 @@ retryget:
> > > > if ((dmix->shmid = shmget(dmix->ipc_key, sizeof(snd_pcm_direct_share_t),
> > > > IPC_CREAT | IPC_EXCL | dmix->ipc_perm)) != -1)
> > > > first_instance = 1;
> > > > + if (dmix->shmid < 0 && errno == EEXIST)
> > > > + goto retryget;
> > >
> > > Hrm, but this would result in an endless loop if the shm was already
> > > taken persistently.
> >
> > If so, shouldn't the first call to shmget succeed?
> >
> > To me it seems very unlikely that both calls continuosly fail.
>
> Well, you are inserting a loop at the code below:
>
> retryget:
> dmix->shmid = shmget(dmix->ipc_key, sizeof(snd_pcm_direct_share_t),
> dmix->ipc_perm);
> if (dmix->shmid < 0) {
> if (errno == ENOENT)
> if ((dmix->shmid = shmget(dmix->ipc_key, sizeof(snd_pcm_direct_share_t),
> IPC_CREAT | IPC_EXCL | dmix->ipc_perm)) != -1)
> first_instance = 1;
> ==> if (dmix->shmid < 0 && errno == EEXIST)
> ==> goto retryget;
> }
>
>
> It's in the if block when the first shmget() fails. If there was
> already a shm with the given id that had been assigned by another (not
> necessarily by alsa-lib but by whatever program), the first shmget
> returns an error with EEXIST. Then it goes back again in a loop; and
> it can be endless if another program doesn't release the shm.
I will fix my patch, I see a problem now, but the spirit of the
idea should be right: if the first call fails with ENOENT, and the
second with EEXIST, it should retry, and getting EEXIST again should
be very unlikely.
> > > Also, which call does give a negative shmid, actually? It's from the
> > > first shmget() or the second shmget()?
> >
> > What happens is that both threads go down that path but, of course,
> > only one succeeds in the second shmget call.
>
> This should have been protected by a sempahore beforehand.
> And if it's about threads, the application itself has to take care of
> the race. alsa-lib is no thread-safe, after all.
>
> So, did you see the issue with multiple processes, or is it about the
> multi-threads?
Threads in this case, but could happen with processes as well.
More information about the Alsa-devel
mailing list