From 9b663419711ee2beb92c1c34a79669b251e7562d Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 20 Aug 2020 12:46:24 +1000
Subject: [PATCH] Lock access when updating/reading manager->epoll_events[fd]

WARNING: ThreadSanitizer: data race (pid=110)
  Write of size 4 at 0x7ba400014050 by main thread (mutexes: write M1100, write M75):
    #0 socket_create /builds/isc-projects/bind9/lib/isc/unix/socket.c:3012:34 (libisc.so.1105+0x6085c)
    #1 isc__socket_create /builds/isc-projects/bind9/lib/isc/unix/socket.c:3044:10 (libisc.so.1105+0x60583)
    #2 isc_socket_create /builds/isc-projects/bind9/lib/isc/unix/./../socket_api.c:105:11 (libisc.so.1105+0x6a4a0)
    #3 open_socket /builds/isc-projects/bind9/lib/dns/dispatch.c:1708:12 (libdns.so.1110+0x7491c)
    #4 get_udpsocket /builds/isc-projects/bind9/lib/dns/dispatch.c:2904:13 (libdns.so.1110+0x745ec)
    #5 dispatch_createudp /builds/isc-projects/bind9/lib/dns/dispatch.c:2994:12 (libdns.so.1110+0x6e159)
    #6 dns_dispatch_getudp_dup /builds/isc-projects/bind9/lib/dns/dispatch.c:2823:11 (libdns.so.1110+0x6d8f2)
    #7 dns_dispatch_getudp /builds/isc-projects/bind9/lib/dns/dispatch.c:2849:10 (libdns.so.1110+0x6e99e)
    #8 make_dispatchset /builds/isc-projects/bind9/lib/dns/tests/dispatch_test.c:81:11 (dispatch_test+0x4ba8fc)
    #9 dispatchset_create /builds/isc-projects/bind9/lib/dns/tests/dispatch_test.c:115:11 (dispatch_test+0x4b9f99)
    #10 <null> <null> (libcmocka.so.0+0x50d8)
    #11 __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16 (libc.so.6+0x2409a)

  Previous write of size 4 at 0x7ba400014050 by thread T14:
    #0 unwatch_fd /builds/isc-projects/bind9/lib/isc/unix/socket.c (libisc.so.1105+0x6b913)
    #1 wakeup_socket /builds/isc-projects/bind9/lib/isc/unix/socket.c:1128:9 (libisc.so.1105+0x701fc)
    #2 process_ctlfd /builds/isc-projects/bind9/lib/isc/unix/socket.c:4253:3 (libisc.so.1105+0x6c048)
    #3 process_fds /builds/isc-projects/bind9/lib/isc/unix/socket.c:4157:10 (libisc.so.1105+0x6bcb4)
    #4 watcher /builds/isc-projects/bind9/lib/isc/unix/socket.c:4396:10 (libisc.so.1105+0x64188)

  Location is heap block of size 16385 at 0x7ba400014000 allocated by main thread:
    #0 malloc <null> (dispatch_test+0x42b7c4)
    #1 internal_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:887:8 (libisc.so.1105+0x37e38)
    #2 mem_get /builds/isc-projects/bind9/lib/isc/mem.c:792:8 (libisc.so.1105+0x32c2c)
    #3 isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1310:9 (libisc.so.1105+0x325d7)
    #4 isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:3012:11 (libisc.so.1105+0x34f80)
    #5 isc__socketmgr_create2 /builds/isc-projects/bind9/lib/isc/unix/socket.c:4704:26 (libisc.so.1105+0x6379a)
    #6 isc__socketmgr_create /builds/isc-projects/bind9/lib/isc/unix/socket.c:4652:10 (libisc.so.1105+0x635f2)
    #7 isc_socketmgr_create /builds/isc-projects/bind9/lib/isc/unix/./../socket_api.c:74:11 (libisc.so.1105+0x6a2c7)
    #8 create_managers /builds/isc-projects/bind9/lib/dns/tests/dnstest.c:120:2 (dispatch_test+0x4bb28a)
    #9 dns_test_begin /builds/isc-projects/bind9/lib/dns/tests/dnstest.c:192:3 (dispatch_test+0x4bb182)
    #10 _setup /builds/isc-projects/bind9/lib/dns/tests/dispatch_test.c:53:11 (dispatch_test+0x4b9ff8)
    #11 <null> <null> (libcmocka.so.0+0x51e2)
    #12 __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16 (libc.so.6+0x2409a)

  Mutex M1100 (0x7b5000000230) created at:
    #0 pthread_mutex_init <null> (dispatch_test+0x42e60d)
    #1 isc__mutex_init /builds/isc-projects/bind9/lib/isc/pthreads/mutex.c:287:8 (libisc.so.1105+0x72377)
    #2 dns_dispatchmgr_create /builds/isc-projects/bind9/lib/dns/dispatch.c:1778:11 (libdns.so.1110+0x6a055)
    #3 make_dispatchset /builds/isc-projects/bind9/lib/dns/tests/dispatch_test.c:75:11 (dispatch_test+0x4ba883)
    #4 dispatchset_create /builds/isc-projects/bind9/lib/dns/tests/dispatch_test.c:115:11 (dispatch_test+0x4b9f99)
    #5 <null> <null> (libcmocka.so.0+0x50d8)
    #6 __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16 (libc.so.6+0x2409a)

  Mutex M75 (0x7bb800000320) created at:
    #0 pthread_mutex_init <null> (dispatch_test+0x42e60d)
    #1 isc__mutex_init /builds/isc-projects/bind9/lib/isc/pthreads/mutex.c:287:8 (libisc.so.1105+0x72377)
    #2 isc__socketmgr_create2 /builds/isc-projects/bind9/lib/isc/unix/socket.c:4729:12 (libisc.so.1105+0x63914)
    #3 isc__socketmgr_create /builds/isc-projects/bind9/lib/isc/unix/socket.c:4652:10 (libisc.so.1105+0x635f2)
    #4 isc_socketmgr_create /builds/isc-projects/bind9/lib/isc/unix/./../socket_api.c:74:11 (libisc.so.1105+0x6a2c7)
    #5 create_managers /builds/isc-projects/bind9/lib/dns/tests/dnstest.c:120:2 (dispatch_test+0x4bb28a)
    #6 dns_test_begin /builds/isc-projects/bind9/lib/dns/tests/dnstest.c:192:3 (dispatch_test+0x4bb182)
    #7 _setup /builds/isc-projects/bind9/lib/dns/tests/dispatch_test.c:53:11 (dispatch_test+0x4b9ff8)
    #8 <null> <null> (libcmocka.so.0+0x51e2)
    #9 __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16 (libc.so.6+0x2409a)

  Thread T14 'isc-socket' (tid=150, running) created by main thread at:
    #0 pthread_create <null> (dispatch_test+0x42d08b)
    #1 isc_thread_create /builds/isc-projects/bind9/lib/isc/pthreads/thread.c:60:8 (libisc.so.1105+0x724e8)
    #2 isc__socketmgr_create2 /builds/isc-projects/bind9/lib/isc/unix/socket.c:4788:6 (libisc.so.1105+0x63cc6)
    #3 isc__socketmgr_create /builds/isc-projects/bind9/lib/isc/unix/socket.c:4652:10 (libisc.so.1105+0x635f2)
    #4 isc_socketmgr_create /builds/isc-projects/bind9/lib/isc/unix/./../socket_api.c:74:11 (libisc.so.1105+0x6a2c7)
    #5 create_managers /builds/isc-projects/bind9/lib/dns/tests/dnstest.c:120:2 (dispatch_test+0x4bb28a)
    #6 dns_test_begin /builds/isc-projects/bind9/lib/dns/tests/dnstest.c:192:3 (dispatch_test+0x4bb182)
    #7 _setup /builds/isc-projects/bind9/lib/dns/tests/dispatch_test.c:53:11 (dispatch_test+0x4b9ff8)
    #8 <null> <null> (libcmocka.so.0+0x51e2)
    #9 __libc_start_main /build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:308:16 (libc.so.6+0x2409a)

SUMMARY: ThreadSanitizer: data race /builds/isc-projects/bind9/lib/isc/unix/socket.c:3012:34 in socket_create
Conflict: NA
Reference: https://gitlab.isc.org/isc-projects/bind9/-/commit/9b663419711ee2beb92c1c34a79669b251e7562d
---
 lib/isc/unix/socket.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index 219f4e3f92..2b034d1762 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -957,14 +957,17 @@ watch_fd(isc__socketmgr_t *manager, int fd, int msg) {
 	uint32_t oldevents;
 	int ret;
 	int op;
+	int lockid = FDLOCK_ID(fd);
 
 	oldevents = manager->epoll_events[fd];
+	LOCK(&manager->fdlock[lockid]);
 	if (msg == SELECT_POKE_READ)
 		manager->epoll_events[fd] |= EPOLLIN;
 	else
 		manager->epoll_events[fd] |= EPOLLOUT;
 
 	event.events = manager->epoll_events[fd];
+	UNLOCK(&manager->fdlock[lockid]);
 	memset(&event.data, 0, sizeof(event.data));
 	event.data.fd = fd;
 
@@ -1036,13 +1039,15 @@ unwatch_fd(isc__socketmgr_t *manager, int fd, int msg) {
 	struct epoll_event event;
 	int ret;
 	int op;
+	int lockid = FDLOCK_ID(fd);
 
+	LOCK(&manager->fdlock[lockid]);
 	if (msg == SELECT_POKE_READ)
 		manager->epoll_events[fd] &= ~(EPOLLIN);
 	else
 		manager->epoll_events[fd] &= ~(EPOLLOUT);
-
 	event.events = manager->epoll_events[fd];
+	UNLOCK(&manager->fdlock[lockid]);
 	memset(&event.data, 0, sizeof(event.data));
 	event.data.fd = fd;
 
-- 
2.23.0