From ranier.vf at gmail.com  Tue Jun 11 22:59:37 2019
From: ranier.vf at gmail.com (Ranier Vf)
Date: Tue, 11 Jun 2019 19:59:37 -0300
Subject: CID 308517 (#1 of 1): Missing unlock (LOCK)
Message-ID: <CAEudQAo_H6uK6pzEowMsLbcy6mgRQPLT_xFvp4__wFaGfJc5Dg@mail.gmail.com>

description: CID 308517 (#1 of 1): Missing unlock (LOCK)
unit: nxt_unit.c

According Coverity Scan, missing_unlock: Returning without unlocking
lib->mutex.

--- c:\web\nginx\unit\a\src\nxt_unit.c    Mon Jun 10 12:47:35 2019
+++ nxt_unit.c    Tue Jun 11 19:50:59 2019
@@ -3140,6 +3140,7 @@
     }

     nxt_unit_remove_process(ctx, process);
+    pthread_mutex_unlock(&lib->mutex);
 }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/unit/attachments/20190611/e54d4013/attachment.html>

From vbart at nginx.com  Tue Jun 11 23:17:31 2019
From: vbart at nginx.com (Valentin V. Bartenev)
Date: Wed, 12 Jun 2019 02:17:31 +0300
Subject: CID 308517 (#1 of 1): Missing unlock (LOCK)
In-Reply-To: <CAEudQAo_H6uK6pzEowMsLbcy6mgRQPLT_xFvp4__wFaGfJc5Dg@mail.gmail.com>
References: <CAEudQAo_H6uK6pzEowMsLbcy6mgRQPLT_xFvp4__wFaGfJc5Dg@mail.gmail.com>
Message-ID: <19757759.biITpbsk9r@vbart-laptop>

On Wednesday, 12 June 2019 01:59:37 MSK Ranier Vf wrote:
> description: CID 308517 (#1 of 1): Missing unlock (LOCK)
> unit: nxt_unit.c
> 
> According Coverity Scan, missing_unlock: Returning without unlocking
> lib->mutex.

We use Coverity on a daily basis.  While sometimes it catches
something interesting, but most of the time it has lots of false
positives.

> 
> --- c:\web\nginx\unit\a\src\nxt_unit.c    Mon Jun 10 12:47:35 2019
> +++ nxt_unit.c    Tue Jun 11 19:50:59 2019
> @@ -3140,6 +3140,7 @@
>      }
> 
>      nxt_unit_remove_process(ctx, process);
> +    pthread_mutex_unlock(&lib->mutex);
>  }
> 

The nxt_unit_remove_process() function always unlocks this mutex.

  wbr, Valentin V. Bartenev 





From ranier.vf at gmail.com  Wed Jun 12 01:11:42 2019
From: ranier.vf at gmail.com (Ranier Vf)
Date: Tue, 11 Jun 2019 22:11:42 -0300
Subject: CID 308517 (#1 of 1): Missing unlock (LOCK)
In-Reply-To: <19757759.biITpbsk9r@vbart-laptop>
References: <CAEudQAo_H6uK6pzEowMsLbcy6mgRQPLT_xFvp4__wFaGfJc5Dg@mail.gmail.com>
 <19757759.biITpbsk9r@vbart-laptop>
Message-ID: <CAEudQArwouABe61bTBabn6SgzWa-O9ZLSWMpYYs1N4v=VMb3Fw@mail.gmail.com>

Hi,
You are right.
But with this warning I think Coverity is correct (not false positive).
file: ngx_unit.c
line: 3161 nxt_unit_process_use(ctx, process, -1);

If all conditions take true nxt_unit_process_use, free var process (line
2306).
And in line 3183, nxt_unit_process_use is called again, now with var
process freed.

static void
nxt_unit_process_use(nxt_unit_ctx_t *ctx, nxt_unit_process_t *process, int
i)
{
    long c;

    c = nxt_atomic_fetch_add(&process->use_count, i);
    if (i < 0 && c == -i) {
        nxt_unit_debug(ctx, "destroy process #%d", (int) process->pid);
        nxt_unit_mmaps_destroy(&process->incoming);
        nxt_unit_mmaps_destroy(&process->outgoing);
        free(process);
    }
}

Best regards,
Ranier Vilela

Em ter, 11 de jun de 2019 ?s 20:16, Valentin V. Bartenev <vbart at nginx.com>
escreveu:

> On Wednesday, 12 June 2019 01:59:37 MSK Ranier Vf wrote:
> > description: CID 308517 (#1 of 1): Missing unlock (LOCK)
> > unit: nxt_unit.c
> >
> > According Coverity Scan, missing_unlock: Returning without unlocking
> > lib->mutex.
>
> We use Coverity on a daily basis.  While sometimes it catches
> something interesting, but most of the time it has lots of false
> positives.
>
> >
> > --- c:\web\nginx\unit\a\src\nxt_unit.c    Mon Jun 10 12:47:35 2019
> > +++ nxt_unit.c    Tue Jun 11 19:50:59 2019
> > @@ -3140,6 +3140,7 @@
> >      }
> >
> >      nxt_unit_remove_process(ctx, process);
> > +    pthread_mutex_unlock(&lib->mutex);
> >  }
> >
>
> The nxt_unit_remove_process() function always unlocks this mutex.
>
>   wbr, Valentin V. Bartenev
>
>
>
>
> _______________________________________________
> unit mailing list
> unit at nginx.org
> https://mailman.nginx.org/mailman/listinfo/unit
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/unit/attachments/20190611/4bb670bd/attachment.html>

From vbart at nginx.com  Wed Jun 12 01:47:41 2019
From: vbart at nginx.com (Valentin V. Bartenev)
Date: Wed, 12 Jun 2019 04:47:41 +0300
Subject: CID 308517 (#1 of 1): Missing unlock (LOCK)
In-Reply-To: <CAEudQArwouABe61bTBabn6SgzWa-O9ZLSWMpYYs1N4v=VMb3Fw@mail.gmail.com>
References: <CAEudQAo_H6uK6pzEowMsLbcy6mgRQPLT_xFvp4__wFaGfJc5Dg@mail.gmail.com>
 <19757759.biITpbsk9r@vbart-laptop>
 <CAEudQArwouABe61bTBabn6SgzWa-O9ZLSWMpYYs1N4v=VMb3Fw@mail.gmail.com>
Message-ID: <3211098.lzGIMjSnsv@vbart-laptop>

On Wednesday, 12 June 2019 04:11:42 MSK Ranier Vf wrote:
> Hi,
> You are right.
> But with this warning I think Coverity is correct (not false positive).
> file: ngx_unit.c
> line: 3161 nxt_unit_process_use(ctx, process, -1);
> 
> If all conditions take true nxt_unit_process_use, free var process (line
> 2306).
[..]

The nxt_unit_process_use() increments and decrements reference counter
of the "process" object.  When the reference counter turns 0, which
effectively means no references, it frees the object.

When "process" is allocated, the reference counter is initialized to 1.
Each time when a new "port" is added to the process->ports queue, the
reference counter is incremented.


> And in line 3183, nxt_unit_process_use is called again, now with var
> process freed.

That's wrong, because all previous calls of nxt_unit_process_use() in
this function related to iterating over the process->ports queue.

So, at that particular moment, when all ports have been removed,
the reference counter is at least 1, and the "process" object
is still there.

The code here is correct and won't double free the process object
while the reference counting is used correctly.

  wbr, Valentin V. Bartenev