aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2011-04-17 15:30:08 -0400
committerRich Felker <dalias@aerifal.cx>2011-04-17 15:30:08 -0400
commit09dae2b7b66f741b30aa7ce95ab395239da20762 (patch)
treeda94ed95c914ec60663aec3368e3642d8c41cfeb
parentebf82447be4b30bedc19ad868c3a0662b1ba596d (diff)
downloadmusl-09dae2b7b66f741b30aa7ce95ab395239da20762.zip
musl-09dae2b7b66f741b30aa7ce95ab395239da20762.tar.gz
musl-09dae2b7b66f741b30aa7ce95ab395239da20762.tar.bz2
fix bugs in cancellable syscall asm
x86_64 was just plain wrong in the cancel-flag-already-set path, and crashing. the more subtle error was not clearing the saved stack pointer before returning to c code. this could result in the signal handler misidentifying c code as the pre-syscall part of the asm, and acting on cancellation at the wrong time, and thus resource leak race conditions. also, now __cancel (in the c code) is responsible for clearing the saved sp in the already-cancelled branch. this means we have to use call rather than jmp to ensure the stack pointer in the c will never match what the asm saved.
-rw-r--r--src/thread/cancel_impl.c3
-rw-r--r--src/thread/i386/syscall_cp.s9
-rw-r--r--src/thread/x86_64/syscall_cp.s11
3 files changed, 12 insertions, 11 deletions
diff --git a/src/thread/cancel_impl.c b/src/thread/cancel_impl.c
index 7bcfaef..2d2bb57 100644
--- a/src/thread/cancel_impl.c
+++ b/src/thread/cancel_impl.c
@@ -3,6 +3,7 @@
void __cancel()
{
pthread_t self = __pthread_self();
+ self->cp_sp = 0;
self->canceldisable = 1;
self->cancelasync = 0;
pthread_exit(PTHREAD_CANCELED);
@@ -24,8 +25,8 @@ long (__syscall_cp)(long nr, long u, long v, long w, long x, long y, long z)
self->cp_sp = 0;
self->cp_ip = 0;
r = __syscall_cp_asm(&self->cp_sp, nr, u, v, w, x, y, z);
- self->cp_sp = old_sp;
self->cp_ip = old_ip;
+ self->cp_sp = old_sp;
if (r == -EINTR && self->cancel) __cancel();
return r;
}
diff --git a/src/thread/i386/syscall_cp.s b/src/thread/i386/syscall_cp.s
index 6d8c354..5190513 100644
--- a/src/thread/i386/syscall_cp.s
+++ b/src/thread/i386/syscall_cp.s
@@ -28,9 +28,8 @@ __syscall_cp_asm:
popl %edi
popl %esi
popl %ebx
+ xorl %edx,%edx
+ movl 4(%esp),%ecx
+ movl %edx,(%ecx)
ret
-2: xorl %eax,%eax
- movl %eax,4(%ecx)
- movl %eax,(%ecx)
- pushl $-1
- call __cancel
+2: call __cancel
diff --git a/src/thread/x86_64/syscall_cp.s b/src/thread/x86_64/syscall_cp.s
index a36e8d1..8b25048 100644
--- a/src/thread/x86_64/syscall_cp.s
+++ b/src/thread/x86_64/syscall_cp.s
@@ -8,6 +8,7 @@ __syscall_cp_asm:
mov 16(%rdi),%eax
test %eax,%eax
jnz 2f
+ mov %rdi,%r11
mov %rsi,%rax
mov %rdx,%rdi
mov %rcx,%rsi
@@ -15,10 +16,10 @@ __syscall_cp_asm:
mov %r9,%r10
mov 8(%rsp),%r8
mov 16(%rsp),%r9
+ mov %r11,8(%rsp)
1: syscall
+ xor %ecx,%ecx
+ mov 8(%rsp),%edi
+ mov %rcx,(%rdi)
ret
-2: xor %edi,%edi
- mov %rdi,8(%r10)
- mov %rdi,(%r10)
- dec %rdi
- jmp __cancel
+2: call __cancel