[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] Deadlock when calling bufferevent_free from an other thread

To: libevent-users@xxxxxxxxxxxxx
Subject: Re: [Libevent-users] Deadlock when calling bufferevent_free from an other thread
From: Zack Weinberg <zackw@xxxxxxxxx>
Date: Mon, 18 Feb 2013 17:12:13 -0500
Cc: Nick Mathewson <nickm@xxxxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivered-to: libevent-users-outgoing@xxxxxxxx
Delivered-to: libevent-users@xxxxxxxx
Delivery-date: Mon, 18 Feb 2013 17:12:22 -0500
In-reply-to: <CAKDKvuxw53Y9xAGgZJf=18RxRZ0q8ARYJ6d44VrfyWW+0_S_Rw@xxxxxxxxxxxxxx>
References: <50200FF9.9090009@xxxxxxxxxxxxxxxxxxxxxx> <CAKDKvuxw53Y9xAGgZJf=18RxRZ0q8ARYJ6d44VrfyWW+0_S_Rw@xxxxxxxxxxxxxx>
Reply-to: libevent-users@xxxxxxxxxxxxx
Sender: owner-libevent-users@xxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/17.0 Thunderbird/17.0

On 2012-08-08 2:52 PM, Nick Mathewson wrote:

On Mon, Aug 6, 2012 at 2:42 PM, Matthieu Nottale wrote:


I'm experiencing a deadlock on 2.0.19 while calling bufferevent_free frome
thread A, while thread B is in event_base_dispatch.


Ouch.  This is a known bug.  This fix is going to be hard.  I wrote
about it here:
http://archives.seul.org/libevent/users/Feb-2012/msg00053.html

I've been thinking about this a little. As I mentioned quite some timeago, I've seen what seems to be the same root problem (but of coursewith a different manifestation) in a single-threaded application:http://archives.seul.org/libevent/users/Jun-2012/msg00043.html Becauseof that, I think this is fundamentally an ownership issue rather than athreading issue. The problem is that the application is responsible fordeallocating events, bufferevents, etc. and their respective contextdata, and the APIs for doing so are synchronous, but it cannot ingeneral know whether libevent holds live references to any of theseitems. I don't think this can be fixed without application changes, butI think I have a solution that involves only a pretty narrow change tothe API. (I'd like to make more drastic changes but those are not 2.1material.)

To fix things, we need to change abstract behavior in two places.First, when you event_del() an event while the event loop to which itbelongs is running, it does not actually get disassociated from theevent loop until the next time the loop is about to either block or exit(this is called the "stabilization point"). It is not safe todeallocate the event object before then. Second, we consider each eventobject to _own_ its context data (if any), and therefore to beresponsible for deallocating it at the appropriate time, via anapplication-provided callback (henceforth the "deallocation hook").

Concretely, when you call event_free, it _may_ synchronously deallocatethe event and call your deallocation hook to free the context data, butif the event loop is running, it will just event_del the event andreturn, and the actual deallocation will be queued to occur when theevent loop reaches the stabilization point. Similarly forbufferevent_free and all other libevent objects that are wrapped aroundan event.

For events allocated with event_new, if the application providesnontrivial context data but does _not_ set a deallocation hook, we haveto allow the application to deallocate its context itself, when itcurrently does (near-contemporaneous with event_free). I think the wayto handle that is, if the deallocation hook isn't set, we clear thecontext pointer when event_free is called. This means that theapplication may subsequently see an unexpected event callback withcontext NULL, or be unable to retrieve its context point from the eventobject, but that can only happen in circumstances where we wouldpreviously have had a use-after-free condition, so we've converted adangerous bug into a less dangerous one.

For events allocated with event_assign, if you set a deallocation hook,then it becomes safe to call event_free on that event. At the nextstabilization point, instead of the above behavior, the deallocationhook will be called with the *event* as its argument; it is responsiblefor deallocating everything at that time (event_get_callback_arg() isguaranteed still to work).

Ideally you'd set the deallocation hook in event_new(), but we can'teasily add arguments to that function, so as the short-term narrow APIchange I propose


typedef void (*event_dealloc_cb)(void *);

void event_set_dealloc(struct event *, event_dealloc_cb);
void bufferevent_set_dealloc(struct bufferevent *, event_dealloc_cb);
/* and so on for anything else that needs it */

What do you think? Most importantly, does this solve the problem?Could it be polished?


zw
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.

Follow-Ups:
- Re: [Libevent-users] Deadlock when calling bufferevent_free from an other thread
  - From: Zack Weinberg

Prev by Author: Re: [Libevent-users] random crashed by [err] event_queue_remove:not on queue 8
Next by Author: Re: [Libevent-users] Deadlock when calling bufferevent_free from an other thread
Previous by thread: Re: [Libevent-users] Deep recursive call of bufferevent write callback when openssl is in use
Next by thread: Re: [Libevent-users] Deadlock when calling bufferevent_free from an other thread
Index(es):
- Author
- Thread