From: Rich Felker <dalias@libc.org>
To: Dominic Chen <d.c.ddcc@gmail.com>
Cc: musl@lists.openwall.com
Subject: Re: [musl] Incorrect thread TID caching
Date: Wed, 3 Feb 2021 14:21:46 -0500 [thread overview]
Message-ID: <20210203192145.GW23432@brightrain.aerifal.cx> (raw)
In-Reply-To: <62be4b85-4a42-413e-a83f-866eab4d601a@gmail.com>
On Tue, Feb 02, 2021 at 11:04:23PM -0500, Dominic Chen wrote:
> I've been debugging a local port of Chrome using musl, and have
> noticed that musl is caching the thread TID in
> __pthread_self()->tid, which results in incorrect behavior if the
> application calls the clone() libc wrapper or the clone system call,
> and then calls libc functions which use the cached TID value, like
> raise().
Unfortunately it's really underdocumented and underexplored what a
child created with clone() can do. There are definitely limitations --
for example any usage with CLONE_VM or CLONE_THREAD is restricted not
to call into libc at all, and might not even be safe whatsoever.
However basic usage comparable in semantics to _Fork is probably
supposed to work at least as well as _Fork -- in particular calling
AS-safe libc functions should work.
BTW does Chrom{e,ium} itself do something with raw clone? If so this
could be a source of some of the bugs users hit, and it would be great
to get a clearer picture on what's happening.
> From a quick skim of other libc implementations, both bionic and
> glibc don't seem to cache TID, and directly call the gettid system
> call inside raise(). I also recall that glibc removed PID caching a
> few years ago due to similar issues there as well. So, it seems that
> musl should either not cache the TID, or at least update the cached
> value after returning from the system call inside the clone()
> wrapper (with special handling for CLONE_VM/CLONE_VFORK)?
I think the clone() function should be updated to provide whatever
contract we expect it to have in the cases where it's valid to use,
and this should include the same logic as in _Fork. I'm not sure what
we should have it do for unsafe/invalid usage.
> Please CC me on replies.
OK.
Rich
next prev parent reply other threads:[~2021-02-03 19:22 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-03 4:04 Dominic Chen
2021-02-03 7:16 ` Florian Weimer
2021-02-03 19:21 ` Rich Felker [this message]
2021-02-03 20:21 ` Dominic Chen
2021-02-03 21:01 ` Rich Felker
2021-02-03 22:30 ` Dominic Chen
2021-02-03 22:55 ` Rich Felker
2021-02-15 16:56 ` Rich Felker
2021-02-17 19:49 ` Dominic Chen
2021-02-17 20:11 ` Rich Felker
2021-02-17 21:07 ` Rich Felker
2021-03-12 21:14 ` Dominic Chen
2021-02-04 3:28 ` Carlos O'Donell
2021-02-04 4:22 ` Dominic Chen
2021-02-04 16:15 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210203192145.GW23432@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=d.c.ddcc@gmail.com \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).