[PATCH v4 0/8] Fix sock_send reordering issue (#52401)
Jinoh Kang
jinoh.kang.kr at gmail.com
Thu Mar 3 07:29:26 CST 2022
This fixes the send part of the issue #52401 [1]: "Improper
synchronization in sock_recv/sock_send leads to arbitrary reordering of
completion of I/O requests", which was initially reported (outside
Bugzilla) by Dongwan Kim [2].
Changelog:
v1 -> v2:
- drop patch "server: Compact struct set_async_direct_result_reply."
- add async and fd arguments to async_initial_status_callback
- recv_socket_initial_callback: pass OOB flag via private instead of
implementing two separate functions for OOB and non-OOB
- detect short write in send_socket_initial_callback
- preserve the behaviour of returning success if we had a short write
and the socket is nonblocking and force_async is unset
v2 -> v3:
- fix typo in comment
v3 -> v4:
- fix typo in commit message
- address feedback
- drop patch "server: Defer postprocessing until after setting initial
status in recv_socket handler."
[1] https://bugs.winehq.org/show_bug.cgi?id=52401
[2] https://www.winehq.org/pipermail/wine-devel/2021-May/186454.html
Jinoh Kang (8):
server: Actually set initial status in set_async_direct_result
handler.
server: Ensure initial status is set in async_set_result().
server: Add async_initial_status_callback.
server: Defer postprocessing until after setting initial status in
send_socket handler.
server: Add mark_pending field to set_async_direct_result request.
server: Attempt to complete I/O request immediately in send_socket.
ntdll: Don't call try_send before server call in sock_send.
server: Replace redundant send_socket status fields with force_async
boolean field.
dlls/ntdll/unix/socket.c | 102 +++++++++++++++++++++++++--------
dlls/ntdll/unix/sync.c | 9 +--
dlls/ntdll/unix/unix_private.h | 2 +-
dlls/ws2_32/tests/sock.c | 14 ++---
server/async.c | 60 ++++++++++++++-----
server/file.h | 2 +
server/protocol.def | 6 +-
server/sock.c | 92 ++++++++++++++++-------------
8 files changed, 194 insertions(+), 93 deletions(-)
Interdiff:
diff --git a/server/async.c b/server/async.c
index ded4f8392d2..90fede50371 100644
--- a/server/async.c
+++ b/server/async.c
@@ -326,12 +326,8 @@ void async_set_initial_status_callback( struct async *async, async_initial_statu
* the initial status may be STATUS_PENDING */
void async_set_initial_status( struct async *async, unsigned int status )
{
- assert( async->unknown_status );
- if (!async->terminated)
- {
- set_async_initial_status( async, status );
- async->unknown_status = 0;
- }
+ set_async_initial_status( async, status );
+ async->unknown_status = 0;
}
void set_async_pending( struct async *async )
@@ -509,6 +505,8 @@ void async_set_result( struct object *obj, unsigned int status, apc_param_t tota
assert( async->terminated ); /* it must have been woken up if we get a result */
+ if (async->unknown_status) async_set_initial_status( async, status );
+
if (async->alerted && status == STATUS_PENDING) /* restart it */
{
async->terminated = 0;
@@ -797,11 +795,6 @@ DECL_HANDLER(set_async_direct_result)
return;
}
- /* Set iosb information field for async_initial_status_callback */
- async->iosb->result = information;
- set_async_initial_status( async, status );
- async->unknown_status = 0;
-
if (status == STATUS_PENDING)
{
async->direct_result = 0;
@@ -812,6 +805,9 @@ DECL_HANDLER(set_async_direct_result)
async->pending = 1;
}
+ /* Set iosb information field for async_initial_status_callback */
+ async->iosb->result = information;
+
/* if the I/O has completed successfully (or unsuccessfully, and
* async->pending is set), the client would have already set the IOSB.
* therefore, we can do async_set_result() directly and let the client skip
diff --git a/server/sock.c b/server/sock.c
index 1112708369d..c742bd687a1 100644
--- a/server/sock.c
+++ b/server/sock.c
@@ -3393,16 +3393,6 @@ struct object *create_socket_device( struct object *root, const struct unicode_s
return create_named_object( root, &socket_device_ops, name, attr, sd );
}
-static void recv_socket_initial_callback( void *private, struct async *async, struct fd *fd, unsigned int status )
-{
- struct sock *sock = get_fd_user( fd );
- int is_oob = (int)(long)private;
-
- sock->pending_events &= ~(is_oob ? AFD_POLL_OOB : AFD_POLL_READ);
- sock->reported_events &= ~(is_oob ? AFD_POLL_OOB : AFD_POLL_READ);
- sock_reselect( sock );
-}
-
DECL_HANDLER(recv_socket)
{
struct sock *sock = (struct sock *)get_handle_obj( current->process, req->async.handle, 0, &sock_ops );
@@ -3440,18 +3430,22 @@ DECL_HANDLER(recv_socket)
if (status == STATUS_PENDING && !req->force_async && sock->nonblocking)
status = STATUS_DEVICE_NOT_READY;
+ sock->pending_events &= ~(req->oob ? AFD_POLL_OOB : AFD_POLL_READ);
+ sock->reported_events &= ~(req->oob ? AFD_POLL_OOB : AFD_POLL_READ);
+
if ((async = create_request_async( fd, get_fd_comp_flags( fd ), &req->async )))
{
set_error( status );
- async_set_initial_status_callback( async, recv_socket_initial_callback, (void *)(long)req->oob );
-
if (timeout)
async_set_timeout( async, timeout, STATUS_IO_TIMEOUT );
if (status == STATUS_PENDING || status == STATUS_ALERTED)
queue_async( &sock->read_q, async );
+ /* always reselect; we changed reported_events above */
+ sock_reselect( sock );
+
reply->wait = async_handoff( async, NULL, 0 );
reply->options = get_fd_options( fd );
reply->nonblocking = sock->nonblocking;
--
2.34.1
More information about the wine-devel
mailing list