From 09dae2b7b66f741b30aa7ce95ab395239da20762 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Sun, 17 Apr 2011 15:30:08 -0400 Subject: fix bugs in cancellable syscall asm x86_64 was just plain wrong in the cancel-flag-already-set path, and crashing. the more subtle error was not clearing the saved stack pointer before returning to c code. this could result in the signal handler misidentifying c code as the pre-syscall part of the asm, and acting on cancellation at the wrong time, and thus resource leak race conditions. also, now __cancel (in the c code) is responsible for clearing the saved sp in the already-cancelled branch. this means we have to use call rather than jmp to ensure the stack pointer in the c will never match what the asm saved. --- src/thread/cancel_impl.c | 3 ++- src/thread/i386/syscall_cp.s | 9 ++++----- src/thread/x86_64/syscall_cp.s | 11 ++++++----- 3 files changed, 12 insertions(+), 11 deletions(-) (limited to 'src') diff --git a/src/thread/cancel_impl.c b/src/thread/cancel_impl.c index 7bcfaef5..2d2bb572 100644 --- a/src/thread/cancel_impl.c +++ b/src/thread/cancel_impl.c @@ -3,6 +3,7 @@ void __cancel() { pthread_t self = __pthread_self(); + self->cp_sp = 0; self->canceldisable = 1; self->cancelasync = 0; pthread_exit(PTHREAD_CANCELED); @@ -24,8 +25,8 @@ long (__syscall_cp)(long nr, long u, long v, long w, long x, long y, long z) self->cp_sp = 0; self->cp_ip = 0; r = __syscall_cp_asm(&self->cp_sp, nr, u, v, w, x, y, z); - self->cp_sp = old_sp; self->cp_ip = old_ip; + self->cp_sp = old_sp; if (r == -EINTR && self->cancel) __cancel(); return r; } diff --git a/src/thread/i386/syscall_cp.s b/src/thread/i386/syscall_cp.s index 6d8c354b..51905131 100644 --- a/src/thread/i386/syscall_cp.s +++ b/src/thread/i386/syscall_cp.s @@ -28,9 +28,8 @@ __syscall_cp_asm: popl %edi popl %esi popl %ebx + xorl %edx,%edx + movl 4(%esp),%ecx + movl %edx,(%ecx) ret -2: xorl %eax,%eax - movl %eax,4(%ecx) - movl %eax,(%ecx) - pushl $-1 - call __cancel +2: call __cancel diff --git a/src/thread/x86_64/syscall_cp.s b/src/thread/x86_64/syscall_cp.s index a36e8d1d..8b250488 100644 --- a/src/thread/x86_64/syscall_cp.s +++ b/src/thread/x86_64/syscall_cp.s @@ -8,6 +8,7 @@ __syscall_cp_asm: mov 16(%rdi),%eax test %eax,%eax jnz 2f + mov %rdi,%r11 mov %rsi,%rax mov %rdx,%rdi mov %rcx,%rsi @@ -15,10 +16,10 @@ __syscall_cp_asm: mov %r9,%r10 mov 8(%rsp),%r8 mov 16(%rsp),%r9 + mov %r11,8(%rsp) 1: syscall + xor %ecx,%ecx + mov 8(%rsp),%edi + mov %rcx,(%rdi) ret -2: xor %edi,%edi - mov %rdi,8(%r10) - mov %rdi,(%r10) - dec %rdi - jmp __cancel +2: call __cancel -- cgit v1.2.1