mirror of git://git.musl-libc.org/musl
fix bugs in cancellable syscall asm
x86_64 was just plain wrong in the cancel-flag-already-set path, and crashing. the more subtle error was not clearing the saved stack pointer before returning to c code. this could result in the signal handler misidentifying c code as the pre-syscall part of the asm, and acting on cancellation at the wrong time, and thus resource leak race conditions. also, now __cancel (in the c code) is responsible for clearing the saved sp in the already-cancelled branch. this means we have to use call rather than jmp to ensure the stack pointer in the c will never match what the asm saved.
This commit is contained in:
parent
ebf82447be
commit
09dae2b7b6
|
@ -3,6 +3,7 @@
|
||||||
void __cancel()
|
void __cancel()
|
||||||
{
|
{
|
||||||
pthread_t self = __pthread_self();
|
pthread_t self = __pthread_self();
|
||||||
|
self->cp_sp = 0;
|
||||||
self->canceldisable = 1;
|
self->canceldisable = 1;
|
||||||
self->cancelasync = 0;
|
self->cancelasync = 0;
|
||||||
pthread_exit(PTHREAD_CANCELED);
|
pthread_exit(PTHREAD_CANCELED);
|
||||||
|
@ -24,8 +25,8 @@ long (__syscall_cp)(long nr, long u, long v, long w, long x, long y, long z)
|
||||||
self->cp_sp = 0;
|
self->cp_sp = 0;
|
||||||
self->cp_ip = 0;
|
self->cp_ip = 0;
|
||||||
r = __syscall_cp_asm(&self->cp_sp, nr, u, v, w, x, y, z);
|
r = __syscall_cp_asm(&self->cp_sp, nr, u, v, w, x, y, z);
|
||||||
self->cp_sp = old_sp;
|
|
||||||
self->cp_ip = old_ip;
|
self->cp_ip = old_ip;
|
||||||
|
self->cp_sp = old_sp;
|
||||||
if (r == -EINTR && self->cancel) __cancel();
|
if (r == -EINTR && self->cancel) __cancel();
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,9 +28,8 @@ __syscall_cp_asm:
|
||||||
popl %edi
|
popl %edi
|
||||||
popl %esi
|
popl %esi
|
||||||
popl %ebx
|
popl %ebx
|
||||||
|
xorl %edx,%edx
|
||||||
|
movl 4(%esp),%ecx
|
||||||
|
movl %edx,(%ecx)
|
||||||
ret
|
ret
|
||||||
2: xorl %eax,%eax
|
2: call __cancel
|
||||||
movl %eax,4(%ecx)
|
|
||||||
movl %eax,(%ecx)
|
|
||||||
pushl $-1
|
|
||||||
call __cancel
|
|
||||||
|
|
|
@ -8,6 +8,7 @@ __syscall_cp_asm:
|
||||||
mov 16(%rdi),%eax
|
mov 16(%rdi),%eax
|
||||||
test %eax,%eax
|
test %eax,%eax
|
||||||
jnz 2f
|
jnz 2f
|
||||||
|
mov %rdi,%r11
|
||||||
mov %rsi,%rax
|
mov %rsi,%rax
|
||||||
mov %rdx,%rdi
|
mov %rdx,%rdi
|
||||||
mov %rcx,%rsi
|
mov %rcx,%rsi
|
||||||
|
@ -15,10 +16,10 @@ __syscall_cp_asm:
|
||||||
mov %r9,%r10
|
mov %r9,%r10
|
||||||
mov 8(%rsp),%r8
|
mov 8(%rsp),%r8
|
||||||
mov 16(%rsp),%r9
|
mov 16(%rsp),%r9
|
||||||
|
mov %r11,8(%rsp)
|
||||||
1: syscall
|
1: syscall
|
||||||
|
xor %ecx,%ecx
|
||||||
|
mov 8(%rsp),%edi
|
||||||
|
mov %rcx,(%rdi)
|
||||||
ret
|
ret
|
||||||
2: xor %edi,%edi
|
2: call __cancel
|
||||||
mov %rdi,8(%r10)
|
|
||||||
mov %rdi,(%r10)
|
|
||||||
dec %rdi
|
|
||||||
jmp __cancel
|
|
||||||
|
|
Loading…
Reference in New Issue