| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Mar 2016 02:49:59 +0100 From: Szabolcs Nagy <nsz@...t70.net> To: Rich Felker <dalias@...c.org>, Ingo Molnar <mingo@...nel.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Andy Lutomirski <luto@...nel.org>, the arch/x86 maintainers <x86@...nel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Borislav Petkov <bp@...en8.de>, "musl@...ts.openwall.com" <musl@...ts.openwall.com>, Andrew Morton <akpm@...ux-foundation.org>, Thomas Gleixner <tglx@...utronix.de>, Peter Zijlstra <a.p.zijlstra@...llo.nl> Subject: Re: [musl] Re: [RFC PATCH] x86/vdso/32: Add AT_SYSINFO cancellation helpers * Szabolcs Nagy <nsz@...t70.net> [2016-03-11 02:39:47 +0100]: > * Rich Felker <dalias@...c.org> [2016-03-10 19:48:59 -0500]: > > On Fri, Mar 11, 2016 at 01:18:54AM +0100, Szabolcs Nagy wrote: > > > * Rich Felker <dalias@...c.org> [2016-03-10 18:28:20 -0500]: > > > > On Thu, Mar 10, 2016 at 07:03:31PM +0100, Ingo Molnar wrote: > > > > > > > > > > The sticky signal is only ever sent when the thread is in cancellable state - and > > > > > if the target thread notices the cancellation request before the signal arrives, > ^^^^^^... > > > > > it first waits for its arrival before executing any new system calls (as part of > ^^^^^^... > > > > > the teardown, etc.). > > > > > > > > > > So the C library never has to do complex work with a sticky signal pending. > > > > > > > > > > Does that make more sense to you? > > > > > > > > No, it doesn't work. Cancellability of the target thread at the time > > > > of the cancellation request (when you would decide whether or not to > > > > send the signal) has no relation to cancellability at the time of > > > > calling the cancellation point. Consider 2 threads A and B and the > > > > following sequence of events: > > > > > > > > 1. A has cancellation enabled > > > > 2. B calls pthread_cancel(A) and sets sticky pending signal > > > > 3. A disables cancellation > > > > 4. A calls cancellation point and syscall wrongly gets interrupted > > > > > > > > This can be solved with more synchronization in pthread_cancel and > > > > pthread_setcancelstate, but it seems costly. pthread_setcancelstate > > > > would have to clear pending sticky cancellation signals, and any > > > > internal non-cancellable syscalls would have to be made using the same > > > > mechanism (effectively calling pthread_setcancelstate). A naive > > > > implementation of such clearing would involve a syscall itself, > > > > > > i think a syscall in setcancelstate in case of pending sticky signal > > > is not that bad given that cancellation is very rarely used. > > > > I agree, but it's not clear to me whether you could eliminate syscalls > > in the case where it's not pending, since AS-safe lock machinery is > > hard to get right. I don't see a way it can be done with just atomics > > because the syscall that sends the signal cannot be atomic with the > > memory operating setting a flag, which suggests a lock is needed, and > > then there are all sorts of issues to deal with. > > > > i think this is not a problem and the above marked text hints for > a solution: just call pause() to wait for the sticky signal if > self->cancelstate indicates that there is one comming or pending. > > t->cancelstate always have to be atomically modified but sending > the sticky signal can be delayed (does not have to be atomic with > the memory op). > i take this back, if there are signals between the check of self->cancelstate and pause() in setcancelstate that can cause problems (the sticky signal will not hit pause but something else).
Powered by blists - more mailing lists