[kirkstone,V3,0/8] glibc: Fix lost wakeup in pthread_cond_wait (PR25847)

Message ID	20250617100855.2696492-1-sunilkumar.dora@windriver.com
Headers	show Return-Path: <SunilKumar.Dora@windriver.com> ip: 205.220.166.238, mailfrom: prvs=8263d137de=sunilkumar.dora@windriver.com) From: sunilkumar.dora@windriver.com To: openembedded-core@lists.openembedded.org Cc: Randy.MacLeod@windriver.com, Sundeep.Kokkonda@windriver.com, skandigraun@gmail.com, steve@sakoman.com Subject: [kirkstone][PATCH V3 0/8] glibc: Fix lost wakeup in pthread_cond_wait (PR25847) Date: Tue, 17 Jun 2025 03:08:47 -0700 Message-ID: <20250617100855.2696492-1-sunilkumar.dora@windriver.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0
Series	glibc: Fix lost wakeup in pthread_cond_wait (PR25847) \| expand [kirkstone,V3,0/8] glibc: Fix lost wakeup in pthread_cond_wait (PR25847) [kirkstone,V3,1/8] glibc: pthreads NPTL lost wakeup fix 2 [kirkstone,V3,2/8] glibc: nptl Update comments and indentation for new condvar implementation [kirkstone,V3,3/8] glibc: nptl Remove unnecessary catch-all-wake in condvar group switch [kirkstone,V3,4/8] glibc: nptl Remove unnecessary quadruple check in pthread_cond_wait [kirkstone,V3,5/8] glibc: nptl Use a single loop in pthread_cond_wait instaed of a nested loop [kirkstone,V3,6/8] glibc: nptl Fix indentation [kirkstone,V3,7/8] glibc: nptl rename __condvar_quiesce_and_switch_g1 [kirkstone,V3,8/8] glibc: nptl Use all of g1_start and g_signals

Message ID

20250617100855.2696492-1-sunilkumar.dora@windriver.com

Headers

From: sunilkumar.dora@windriver.com
To: openembedded-core@lists.openembedded.org
Cc: Randy.MacLeod@windriver.com, Sundeep.Kokkonda@windriver.com,
        skandigraun@gmail.com, steve@sakoman.com
Subject: [kirkstone][PATCH V3 0/8] glibc: Fix lost wakeup in pthread_cond_wait
 (PR25847)
Date: Tue, 17 Jun 2025 03:08:47 -0700
Message-ID: <20250617100855.2696492-1-sunilkumar.dora@windriver.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 IFIPCf2fyH6mvMWqkCegGFvXKSeUpAk1EUyJf36uu5Y2NG+gB9EEL/3Rjh6eQlsA9P0JFlBX3CKPFMd3EAHnW3lkdgQ12NYhkiX/a5nf9ehP/0hWlK9XvK/yradq5jRJ8e3E3vYI1PxdLJKfYNj75+L1H2c827BRXIpzSPPIxKAdZDX7UzcnHJTJPZ6tRIoWYpueZLThSXdWSMWGDbB43zsk51hNBc4HPkHXsgnML5kGeYq/ClfZ7FcIfaVJvz4inR3RaI9fE6V8qCHEvFylHvbV5tLFdr0E2bdOOnLEgapwuuei/E8IrmQyROhiswyU84qFNkFTpTiyepHf4W316t2moUQ3wr05qT+hBFJUgQy6jH+ONeIspoEojQ754a1+aesZLV3hlJtdvVszfVz4Iu2H2Yb3teLMbwFnHA7D2ICpOPWDX/+6s2O0tyuHOIWaZtHWaRT257wERafx8mz4Znz/AEmwyuWuptdD6rZbkhtCD14Mw1oaThb9xrzrNroLMi3UCH9swEUPmPxU/KEylFmFakRx129mOPEIrghyOlgP/ZpPGWQU0l7z6Zg9EcGcu9/b83MUzwy1Cpcv1PnaJddkISLVIqY4KCc80k03fjNNDfmKj9kLgh1drFWmAL0XojkM+cEPKQshC1jktLQmuA+mTnKQzI6b8YjpLx3lGsZsvPKd1M4eQyqHcOE/8xACcFfAKZphll9Thc/ak3ia0wXUgYiWtl7Us+Uqlwur9AIa9m243feJkVq8uTOxxH8qhjr8YAYl/04xMxmLOAgBqhsXOQHRtaVB1w1OmEwZeYO6Pt9Hvi1S0FWJJWs5S0aWB0tJ8LvXni0sPmN/1gYkZu2yDQYNvEiHip7L78tOZ9KzTN9B1i0+tXHafMEFgTZxpEDQdBYIFyYw4giD7ACzAC+etjQF1pFmkODFTQLaWxLilRcWsy/grFT+x1+o27Z67k9UFVD96TKsg37iSSsy+vsONyouWk7EBeF55CVGhIHdrqVOuTN4y7e03M9vgSgkvJA8xRuufLWMmAREbxhWniMc329VM/0ATd/KqmiztAYyNX25slz4ctBTLRvxhVrxJNt9gHJkIOT++QT+tbkzRX3/Rs/6g3Y7Hd1Bz41ox6wpaMMMNoXxIgLcXC6ene71X7KO+iGZ/Tp/K7r4cTiz3GvN35r+U5C+MwwuaHXUAudV/D/YwKQEpWjM8OLP8Sp6PHGYBBKYseCy7olIS/3MQcJoZMMzIwMa9Hq/ZrPdGTH3t7VK8AV0CfCG1yEYuhQrtiDIEgnF7byprEKDd/Pdy1EnwpV662Tl8Gk2gceafGWJc9eW7ZE7wcWxXHSgEfi0j0L6Ql53OBnjdn66qUBeL/2Bxw1vdKNx+QqcYQRRVmRRY8I5Nf9EBlX/bVHF7UpO/mrh1TVm/3oKQXAg0y3gIuM5ZvgLMtZFTuX/NwtFVsPbe2lyHgXJzDbUYuKfILY0tx6zZjXjNquJMydUA+SFg+kjiMRe8Dbni3NKAt2Xn4yheLLNs+PNPge69cG938ngiU9f0C4J0j/ykgYiBB8iuK8PBO5MkccBB93fZAxLqjuCKedtCHYhXzjmJJ9xhKUt9syMqYdAiKLxS0nj2VSYTyyYbfBIDm1MoXeRzdjLOuc=
X-OriginatorOrg: windriver.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 3a768ef0-0f36-42ca-7aa6-08ddad8701ab
X-MS-Exchange-CrossTenant-AuthSource: DS0PR11MB7901.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jun 2025 10:09:11.8062
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 szjo84n82ZU4GK+k1vJY4W/hCfJixTfcbbnnU5Yo/Bx19ONxJ41BVISfDGKhMsZtjbKS8NW+4DIW6UNWZ3cbdW3D/4f4BJ+EBFen+MfCyDM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB4880
X-Proofpoint-ORIG-GUID: j-LNvqO32QuYKX-ntKh2asjc_LhkizOp
X-Authority-Analysis: v=2.4 cv=b9Gy4sGx c=1 sm=1 tr=0 ts=68513ecb cx=c_pps
 a=3ezGG+GkFOPSbF321pmECA==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19
 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19
 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19
 a=xqWC_Br6kY4A:10 a=6IFa9wvqVegA:10 a=CCpqsmhAAAAA:8 a=t7CeM3EgAAAA:8
 a=1jwiQazYJRaXmt-w61sA:9 a=ul9cdbp4aOFLsgKbc677:22 a=FdTzh2GWekK77mhwV6Dw:22
X-Proofpoint-GUID: 4uoRV6Kh05cZCDXHYCUxV2b9bKX2-rok
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjE3MDA4MiBTYWx0ZWRfX5/9/Mt6VFw5d
 NSvVlX/mHn1vReOac6BpvzOt6X/iZ02atluBLg7cMQxubjFNqBlfIlSQZO+f7QT/t1kRvJUNM9w
 wpv80p/646VzNAflqI2Td1QOCpkj61PMTSQVgtbV/vzcJy/T9CfDjchnhzgfp4FUsBGj2nsWKAb
 d+vvdichQHSyT0MpU3F8ZsiXzfIz6ikVTljUSRDXrynvp5qO5RjhSyo0MvOLnxUUh90JvLnTpn4
 55en7MQUixfm7k/LEvZFuXwNhRHoXaBiJpZzB1lSs5P0XgcwgcCUFujy2b8AEX6Y2my0HmXPv5K
 2IJoZut7Xm4ggiFFi4JbQ1o97GO+cNkzTSU9bF7z59Aem1i6r1XtjZ5vSqrWejQJnBBd8cFJCri
 mSmxEWokDNEJVnWPAl5GA+Xrxt9wWkba6ehg450FAP+JqSGC3Itqk0KaSteU70mrd1ZBNfcy
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40
 definitions=2025-06-17_04,2025-06-13_01,2025-03-28_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 mlxscore=0 suspectscore=0
 spamscore=0 clxscore=1015 impostorscore=0 malwarescore=0
 priorityscore=1501 lowpriorityscore=0 bulkscore=0 phishscore=0
 mlxlogscore=999 adultscore=0 classifier=spam authscore=0 authtc=n/a
 authcc= route=outbound adjust=0 reason=mlx scancount=1
 engine=8.21.0-2505280000 definitions=main-2506170082
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 17 Jun 2025 10:09:20 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218869

Series

glibc: Fix lost wakeup in pthread_cond_wait (PR25847) | expand

Message

Dora, Sunil Kumar June 17, 2025, 10:08 a.m. UTC

From: Sunil Dora <sunilkumar.dora@windriver.com>

V3 Changes:
  - Split the previous single large patch into 9 individual patches, 
    each corresponding to an upstream commit, for easier review as requested.
  - Added the recipe name (glibc) at the beginning of each commit message for clarity.
  - In the Upstream-Status field, replaced the upstream commit ID with a direct link to the
    corresponding commit on the Sourceware repository for better traceability.

PR: https://sourceware.org/bugzilla/show_bug.cgi?id=25847

A race condition in pthread_cond_wait that could cause lost wake-ups
under high thread contention. The issue particularly affects
applications with many threads waiting on condition variables.

[Root Cause Analysis]
 The lost wakeup occurs when all of these happen simultaneously:
 1. A waiter thread gets preempted between signal decrement and group check
 2. Multiple group rotations occur during preemption
 3. Signal accounting becomes corrupted
 4. Final signals are delivered to empty groups

[Impact]
 Applications using pthread condition variables could experience hangs due to lost wake-ups.
 This particularly affects high-contention scenarios with many threads.

[Fix Details]
 The fix prevents signal stealing by:
     Broadening scope of g_refs to cover entire wait operation
     Removing the complex signal stealing handling code
     Properly maintaining signal accounting invariants

Upstream Status: Fixed in glibc 2.41 and master:
 [https://sourceware.org/bugzilla/show_bug.cgi?id=25847#c72]

According to https://sourceware.org/bugzilla/show_bug.cgi?id=25847#c74, 
commit c36fc50781995e6758cae2b6927839d0157f213c is unsuitable for backporting to older branches 
and has therefore been excluded.

[Testing]
 Verified on x86_64 with:
 - Custom reproduction test case
 - Stress testing with high thread counts

Reproduction Steps:
 1. Build glibc(2.35) with injected delay (usleep(10)) in __pthread_cond_wait_common
     Just before : uint64_t g1_start = __condvar_load_g1_start_relaxed (cond);
     File: { nptl/pthread_cond_wait.c }
     (Note: The injected delay is for testing purposes only to reliably reproduce the race condition)
 2. Compile test program with custom glibc:
     [https://sourceware.org/bugzilla/attachment.cgi?id=14360]
     gcc -g -o pthread_cond_bug pthread_cond_bug.c \
     -Wl,-dynamic-linker=<CUSTOM_GLIBC>/lib/ld-linux-x86-64.so.2 \
     -Wl,-rpath=<CUSTOM_GLIBC>/lib -L<CUSTOM_GLIBC>/lib \
     -I<CUSTOM_GLIBC>/include -lpthread
 3. Run with CPU pinning: taskset -c 0 ./pthread_cond_bug

[Behavior]
 Without the fix:
 - Process hangs for 300 seconds
 - Eventually crashes with core dump
 - Verifiable via gdb

With the fix:
 - Process runs smoothly even with forced delay.
  

Sunil Dora (8):
  glibc: pthreads NPTL lost wakeup fix 2
  glibc: nptl Update comments and indentation for new condvar
    implementation
  glibc: nptl Remove unnecessary catch-all-wake in condvar group switch
  glibc: nptl Remove unnecessary quadruple check in pthread_cond_wait
  glibc: nptl Use a single loop in pthread_cond_wait instaed of a nested
    loop
  glibc: nptl Fix indentation
  glibc: nptl rename __condvar_quiesce_and_switch_g1
  glibc: nptl Use all of g1_start and g_signals

 .../glibc/glibc/0026-PR25847-1.patch          | 455 ++++++++++++++++++
 .../glibc/glibc/0026-PR25847-2.patch          | 144 ++++++
 .../glibc/glibc/0026-PR25847-3.patch          |  77 +++
 .../glibc/glibc/0026-PR25847-4.patch          | 117 +++++
 .../glibc/glibc/0026-PR25847-5.patch          | 105 ++++
 .../glibc/glibc/0026-PR25847-6.patch          | 169 +++++++
 .../glibc/glibc/0026-PR25847-7.patch          | 160 ++++++
 .../glibc/glibc/0026-PR25847-8.patch          | 192 ++++++++
 meta/recipes-core/glibc/glibc_2.35.bb         |   8 +
 9 files changed, 1427 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-1.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-2.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-3.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-4.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-5.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-6.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-7.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0026-PR25847-8.patch