[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bug in aio_suspend, I believe
|
From: |
Steve Huston |
|
Subject: |
Bug in aio_suspend, I believe |
|
Date: |
Sat, 21 Dec 2002 17:39:46 -0500 |
Glibc 2.2.93-5 on Redhat Linux 8.
I have some aio-using code that runs ok on single-CPU machines, or with
one thread, but crashes quickly with multiple threads on a 2-CPU Xeon.
This code is a test for an aio framework... Start a bunch of loopback
TCP connections and ping-pong some data back and forth. There are 3
threads dispatching aio completions paced on aio_suspend. The crash
always happens in aio_suspend. From examining the code, I believe I see
what's going on.
On entry, an array of request-related structures (waitlist and
requestlist) is filled in, in parallel with information related to the
aiocb array passed in to aio_suspend. Then there's a wait on a condition
variable.
After waking up from the condition, the code scans the aiocb list again,
looking for completed operations. The problem is that it assumes that if
an entry in requestlist is not NULL, it's one of the entries filled in
before waiting on the condition. This is not necessarily true...
requestlist wasn't initialized to 0 pointers, and the aiocb list may
have changed while the current thread was waiting on the condition. So,
there may be a new aiocb entry that's now in progress, but was not there
on entry, and that causes the requestlist dereference to go into
undefined memory.
So, I assume the correct thing to do is initialize requestlist to 0
pointers on entry. Does this seem correct?
Thanks,
-Steve
--
Steve Huston, Riverace Corporation
508-541-9180, fax 508-541-9185
http://www.riverace.com/
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Bug in aio_suspend, I believe,
Steve Huston <=