From: Rich Felker <dalias@libc.org>
To: musl@lists.openwall.com
Subject: Re: [PATCH] save/restore errno around pthread_atfork handlers
Date: Fri, 10 Nov 2017 19:16:27 -0500 [thread overview]
Message-ID: <20171111001627.GS1627@brightrain.aerifal.cx> (raw)
In-Reply-To: <20171111000340.GA22903@dora.lan>
On Fri, Nov 10, 2017 at 06:03:40PM -0600, Bobby Bingham wrote:
> On Fri, Nov 10, 2017 at 06:31:34PM -0500, Rich Felker wrote:
> > On Fri, Nov 10, 2017 at 02:58:29PM -0600, Bobby Bingham wrote:
> > > If the syscall fails, errno must be preserved for the caller. There's no
> > > guarantee that the handlers registered with pthread_atfork won't clobber
> > > errno.
> > > ---
> > > src/process/fork.c | 5 +++++
> > > 1 file changed, 5 insertions(+)
> > >
> > > diff --git a/src/process/fork.c b/src/process/fork.c
> > > index b96f0024..6602eafc 100644
> > > --- a/src/process/fork.c
> > > +++ b/src/process/fork.c
> > > @@ -15,6 +15,7 @@ pid_t fork(void)
> > > {
> > > pid_t ret;
> > > sigset_t set;
> > > + int olderr;
> > > __fork_handler(-1);
> > > __block_all_sigs(&set);
> > > #ifdef SYS_fork
> > > @@ -30,6 +31,10 @@ pid_t fork(void)
> > > libc.threads_minus_1 = 0;
> > > }
> > > __restore_sigs(&set);
> > > +
> > > + olderr = errno;
> > > __fork_handler(!ret);
> > > + errno = olderr;
> > > +
> > > return ret;
> > > }
> > > --
> > > 2.15.0
> >
> > I think the patch as written is incorrect, because it can set errno to
> > 0 after application code in the atfork handler set it to something
> > nonzero; doing so is non-conforming.
>
> Good point. It does make me wonder though: when libc invokes a callback
> and that callback sets errno to zero, is that a violation of the
> prohibition on library functions setting errno to zero?
No, that's application code setting it to 0. The case I'm talking
about is when errno is 0 before fork is called, 0 gets stored in
olderr, the atfork handler sets errno to some nonzero value, and then
the implementation wrongly sets it back to 0. That's observable by the
application.
> > It would be possible to special-case to avoid this, but it probably
> > makes more sense to just call SYS_fork/SYS_clone with __syscall rather
> > than syscall, then return __syscall_ret(ret) instead of return ret.
> > Does that sound correct?
>
> Yes, and it's also probably simpler. I'll send a new patch.
OK.
Rich
next prev parent reply other threads:[~2017-11-11 0:16 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-10 20:58 Bobby Bingham
2017-11-10 23:31 ` Rich Felker
2017-11-11 0:03 ` Bobby Bingham
2017-11-11 0:16 ` Rich Felker [this message]
2017-11-11 0:37 ` Bobby Bingham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171111001627.GS1627@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).