-
-
Notifications
You must be signed in to change notification settings - Fork 30.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
grp
is not thread safe
#126316
Comments
Thanks for the bug reports. What is fusil? |
fusil is a fuzzer written in Python by Victor Stinner around 2007 I think. Somehow it has been memory holed, but some references can still be found in the WayBack Machine: I used it in the old days to find a couple of issues and was curious whether it could still find some. The source is still available even if not so easy to find. I got it, fixed some issues, added a bit of (very rough) threading, and let it search for crashes. Not sure what to do with the code, first I'd like to know why it disappeared. But I'd be happy to share privately. |
From a quick glance, it looks like The macOS implementations appear to be thread-safe Linux with glibc 2.19+ has |
As a quick fix, I think the module should be marked with |
I wrote a fix #126488 using |
I don't think that would fix the issue, there can be two instances of module which can race with each other. The correct fix would be to have a global lock which would serialize calls across modules. |
Yeah, this will still race if there are subinterpreters using |
grp
called from multiple threads in no-gil build segfaultsgrp
is not thread safe
Oh, I forgot that we can have more than one extension instance, you're right.
I wrote PR gh-126504 which adds one mutex per function. IMO it's safe to call the 3 functions in parallel, but not to call the same function in parallel. At least, it works on Linux. |
Recently, the ssl module was fixed by using |
Critical sections only apply to the current interpreter (or really, they only apply to one object, but objects can't be shared directly anyway). The SSL problem was that OpenSSL doesn't support concurrent use on the same socket, but since those sockets can't be shared between interpreters, there wasn't any issue there. |
I think we should use the thread-safe function, |
Yes, that isn't thread safe, adding critical section makes it thread safe if you only have one instance of such module, if there are multiples of them then a global lock is necessary. |
I am not a fan of locking around these sorts of libc functions:
|
I don't know how to use this function, and I'm not sure that it's available on all (non-Windows) platforms. For example, it's not available on FreeBSD. |
FreeBSD's version of |
If available, use getgrent_r() in grp.getgrall() to make the function reentrant.
If available, use getgrent_r() in grp.getgrall() to make the function reentrant.
Ok, so apparently, only In short, I wrote PR gh-126506 to fix the issue using getgrent_r(). |
Ugh, I guess locks it is... at least for Linux. |
Crash report
What happened?
It's possible to crash
grp
in a no-gil build by repeatedly calling functions in threads, it only happens withPYTHON_GIL=0
.Backtrace is:
Found using fusil by @vstinner.
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux
Output from running 'python -VV' on the command line:
Python 3.14.0a1+ experimental free-threading build (heads/main:d467d9246c, Nov 1 2024, 09:05:56) [GCC 11.4.0]
Linked PRs
The text was updated successfully, but these errors were encountered: