From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.8 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,HTML_MESSAGE,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RDNS_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: (qmail 551 invoked from network); 27 Mar 2020 17:53:26 -0000 Received-SPF: pass (mother.openwall.net: domain of lists.openwall.com designates 195.42.179.200 as permitted sender) receiver=inbox.vuxu.org; client-ip=195.42.179.200 envelope-from= Received: from unknown (HELO mother.openwall.net) (195.42.179.200) by inbox.vuxu.org with ESMTP; 27 Mar 2020 17:53:26 -0000 Received: (qmail 17547 invoked by uid 550); 27 Mar 2020 17:53:22 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 17516 invoked from network); 27 Mar 2020 17:53:21 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=XgQOIcJV0/CQR6uXUA6ZztNJdOQcHyr7nbNa/2HGd9w=; b=mZcH260UPGao9oQ5tOoeucBWO/Q5229tja4XhMHyEuPpZRdlGxltKxMNa4BlGyygtZ 1909B/VR3ypPSkerqcYu75gy86W+3eJb9c5lOFXWl1Nm/BWThUJRO49gruOvjOyjBeT2 ZDPy1poNPOpsc/1zQ2dDXTITpRY8+jF77t9lsw4Hfo+rTDTrw5xsOjZLnZHj/Zu29f3w ia4UVnh1LM6IFVM4TleC1zpsAf6ucXE2zC6TgG74sFGEQyKmpVjR8Jn88yiOtXRJ3JUx ZpNtZAX4Xk2MNmvfbpkdULl0fFwZokHJ7NzQs454QWJ6B7oGHIjaJEbqSH5mdfgWK5YX jCXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=XgQOIcJV0/CQR6uXUA6ZztNJdOQcHyr7nbNa/2HGd9w=; b=fMxFjH2fvzKdmAcjpvvSFS3L+8jMlVHQBk1ntwsVzFrzrhnZvO/XQvrZjQt7hHgrW5 Z24NyEY7wsa6eqHc7xt3eikv1pajecEcaIdWJYVqJsZIQEmp0dJxCN+R26HLbdWzzbht eIkS7QuWgzTD2d1T2wYfEoB7+z1qNgW2rQ3kEatqTE1FyjGvM363NrmK2rsIPGuZ6zZh G2X8X1orshgcb7licwtAcDVVTX/sY3aHqHnMIri/hzykOl1kkD/LSE0L30N4OP+SbocK iIRJo5JVeUvfNZhB7SkOIZJEV3WkjqsXXpnysU/iWGI2sF99LZVILVvYw15UK2AWMlw6 zpgA== X-Gm-Message-State: AGi0PuYcHWJQRqSvjvJModr42uHXqTs8VykRwPDeBLuwWyOzc4GLfQKb j3l7WAuQNsheBuajY0hVzuvJPMtBvxWK930bUhgGcehAvvU= X-Google-Smtp-Source: APiQypLeNM2pwmZwquomerfy9hOzZbOItcOQWwCgZbkdbRLbpRUAtOsX7a9wZV7GpBSpuB0p4zjaTz6l7kYTo8tVJTA= X-Received: by 2002:a67:b001:: with SMTP id z1mr166076vse.82.1585331589386; Fri, 27 Mar 2020 10:53:09 -0700 (PDT) MIME-Version: 1.0 From: Leonid Shamis Date: Fri, 27 Mar 2020 10:52:58 -0700 Message-ID: To: musl@lists.openwall.com Content-Type: multipart/alternative; boundary="0000000000003c978705a1d9c6b7" Subject: [musl] __pthread_mutex_unlock uninitialized value --0000000000003c978705a1d9c6b7 Content-Type: text/plain; charset="UTF-8" https://github.com/bminor/musl/blob/54ca677983d47529bab8752315ac1a2b49888870/src/thread/pthread_mutex_unlock.c#L34 In the case where a mutex: is one of PTHREAD_MUTEX_ERRORCHECK or PTHREAD_MUTEX_RECURSIVE and PTHREAD_PRIO_INHERIT an uninitialized value of 'old' is used to check whether to futex. --0000000000003c978705a1d9c6b7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
https:= //github.com/bminor/musl/blob/54ca677983d47529bab8752315ac1a2b49888870/src/= thread/pthread_mutex_unlock.c#L34

In the case wh= ere a mutex:
is one of PTHREAD_MUTEX_ERRORCHECK or PTHREAD_MUTEX_= RECURSIVE
and PTHREAD_PRIO_INHERIT

a= n uninitialized value of 'old' is used to check whether to=C2=A0fut= ex.

--0000000000003c978705a1d9c6b7-- From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RDNS_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: (qmail 3554 invoked from network); 27 Mar 2020 18:17:14 -0000 Received-SPF: pass (mother.openwall.net: domain of lists.openwall.com designates 195.42.179.200 as permitted sender) receiver=inbox.vuxu.org; client-ip=195.42.179.200 envelope-from= Received: from unknown (HELO mother.openwall.net) (195.42.179.200) by inbox.vuxu.org with ESMTP; 27 Mar 2020 18:17:14 -0000 Received: (qmail 28276 invoked by uid 550); 27 Mar 2020 18:17:08 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 28252 invoked from network); 27 Mar 2020 18:17:07 -0000 Date: Fri, 27 Mar 2020 14:16:54 -0400 From: Rich Felker To: musl@lists.openwall.com Cc: Leonid Shamis Message-ID: <20200327181654.GH11469@brightrain.aerifal.cx> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [musl] __pthread_mutex_unlock uninitialized value On Fri, Mar 27, 2020 at 10:52:58AM -0700, Leonid Shamis wrote: > https://github.com/bminor/musl/blob/54ca677983d47529bab8752315ac1a2b49888870/src/thread/pthread_mutex_unlock.c#L34 BTW official git is here: https://git.musl-libc.org/cgit/musl/tree/src/thread/pthread_mutex_unlock.c?id=v1.2.0 > In the case where a mutex: > is one of PTHREAD_MUTEX_ERRORCHECK or PTHREAD_MUTEX_RECURSIVE > and PTHREAD_PRIO_INHERIT > > an uninitialized value of 'old' is used to check whether to futex. Can you elaborate on this? In line 15, old is assigned; this applies to all mutex types except plain boring normal (without PI and without robust). The condition in line 33 can only be true if type is nonzero (not plain boring normal mutex) so I don't see any way it can be used uninitialized in line 34. Is your report based on your own reading or a static analysis tool? Rich From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RDNS_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: (qmail 4473 invoked from network); 27 Mar 2020 18:23:53 -0000 Received-SPF: pass (mother.openwall.net: domain of lists.openwall.com designates 195.42.179.200 as permitted sender) receiver=inbox.vuxu.org; client-ip=195.42.179.200 envelope-from= Received: from unknown (HELO mother.openwall.net) (195.42.179.200) by inbox.vuxu.org with ESMTP; 27 Mar 2020 18:23:53 -0000 Received: (qmail 32159 invoked by uid 550); 27 Mar 2020 18:23:52 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 32141 invoked from network); 27 Mar 2020 18:23:51 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LUq63c8bF6HZK/gi7GSXwzno5W45yL9WHOS4yEYEjJU=; b=jbpk7y12RXNKPTTxDQp/mQmINY9Nk1sIZnJ7yQnrK9Z4GfOSdAMAEHSKUMyG3WTb8N mYvFK4ASofwB79gj3sFnLdNWxgJdPqPBztxfngUdKKh1Vz1c5bxgd7kTcopXt7FhDMGX KkNeFdYMmLASSGIdPw+euyJO4ke50rplek9RYRiRYaJ4SnWcagQ+2cpWGCxSxlhv1GNM f9KtDIGMcwPipwNffSHXkw2Usu0mkOVbAmSRaN3soR5dbFctrmWwpaWIpqbGR4n6bRMK rEPfaqWlc7eqlbdSq196KVncDXiBiAostJKK0ppJOhbDP4Eu4eaeKaIbeTCbRxxj6cRz AiNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LUq63c8bF6HZK/gi7GSXwzno5W45yL9WHOS4yEYEjJU=; b=K5VsD4Yi1+iyokJewbRa9xQyFRXs50nnAgL2zKGPAB7M7gwjidRpyCDK4adN5zG7Vu gOhM3qYSjWNJNZIDJze5pCVirfk+9EX8/w+wEZIYJMN4NE5fNsRywWYdpboiORzHTquE o+bXacWXFu2D6G7Kq2B23gASGb6CsIl6CRyA02E6ZO6Qb9EAKKyLLf/idKTbfJ5aUa24 WY+Sl58fjWPzH+2gCHQBfLzEUQX5yAY4QHgJ3KhK6/340VzT6t9spe6NYBYCCUZBszIG DZ5DLVmcIpVaAtX9ndZys9D+U1Uaw9DYsgiNDZqTsIOfACZRgWztrfy0ZAeChqFkkwWt GbUg== X-Gm-Message-State: AGi0PubiiMjEBJnycWMBa44D0CQD8+xPb8OJ/ECbEvV6L3NKH9xfm9oD denqVHS6JAIPLzfsEWHnewR91RLd+RJ4zndo7nz2s1eWEVU= X-Google-Smtp-Source: APiQypKxNHsa9F8ueNKuacsqh9CQYrGp/fPZwECoYxdxWsb+3Hp2tP49dA6dDLhtNfeDtHXzb1s6NsqivVBgklbK/fc= X-Received: by 2002:a67:f3d3:: with SMTP id j19mr300604vsn.190.1585333419504; Fri, 27 Mar 2020 11:23:39 -0700 (PDT) MIME-Version: 1.0 References: <20200327181654.GH11469@brightrain.aerifal.cx> In-Reply-To: <20200327181654.GH11469@brightrain.aerifal.cx> From: Leonid Shamis Date: Fri, 27 Mar 2020 11:23:28 -0700 Message-ID: To: Rich Felker Cc: musl@lists.openwall.com Content-Type: multipart/alternative; boundary="00000000000051f86005a1da33b5" Subject: Re: [musl] __pthread_mutex_unlock uninitialized value --00000000000051f86005a1da33b5 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Apologies. First post. I'll use the official repo from now on. This was originally brought to my attention via static analysis: warning: =E2=80=98old=E2=80=99 may be used uninitialized in this function [-Wmaybe-uninitialized] __asm__ __volatile__("lock ; cmpxchg %3, %1" : "=3Da"(t), "=3Dm"(*p) : "a"(t), "r"(s) : "memory"); ^~~~~~~ And in my reading, I thought the (type !=3D PTHREAD_MUTEX_NORMAL) only checked the bottom three bits. Please disregard this email chain :) On Fri, Mar 27, 2020 at 11:16 AM Rich Felker wrote: > On Fri, Mar 27, 2020 at 10:52:58AM -0700, Leonid Shamis wrote: > > > https://github.com/bminor/musl/blob/54ca677983d47529bab8752315ac1a2b49888= 870/src/thread/pthread_mutex_unlock.c#L34 > > BTW official git is here: > > > https://git.musl-libc.org/cgit/musl/tree/src/thread/pthread_mutex_unlock.= c?id=3Dv1.2.0 > > > In the case where a mutex: > > is one of PTHREAD_MUTEX_ERRORCHECK or PTHREAD_MUTEX_RECURSIVE > > and PTHREAD_PRIO_INHERIT > > > > an uninitialized value of 'old' is used to check whether to futex. > > Can you elaborate on this? In line 15, old is assigned; this applies > to all mutex types except plain boring normal (without PI and without > robust). The condition in line 33 can only be true if type is nonzero > (not plain boring normal mutex) so I don't see any way it can be used > uninitialized in line 34. Is your report based on your own reading or > a static analysis tool? > > Rich > --00000000000051f86005a1da33b5 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Apologies. First post. I'll use the official repo= from=C2=A0now on.

This was originally brought to= =C2=A0my attention via static analysis:

warning: =E2=80= =98old=E2=80=99 may be used uninitialized in this function [-Wmaybe-uniniti= alized]
=C2=A0 =C2=A0__asm__ __volatile__("lock ; cmpxchg %3, %1&qu= ot; : "=3Da"(t), "=3Dm"(*p) : "a"(t), "r= "(s) : "memory");
=C2=A0 =C2=A0^~~~~~~

=
And in my reading, I thought the (type !=3D PTHREAD_MUTEX_NORMAL) only= checked the bottom three bits.

Please disregard t= his email chain :)

On Fri, Mar 27, 2020 at 11:16 AM Rich Felker <dalias@libc.org> wrote:
On Fri, Mar 27, 2020 at 10:= 52:58AM -0700, Leonid Shamis wrote:
> https://github.com/bminor/musl/blob/54ca677983d47529bab8= 752315ac1a2b49888870/src/thread/pthread_mutex_unlock.c#L34

BTW official git is here:

https://git.mu= sl-libc.org/cgit/musl/tree/src/thread/pthread_mutex_unlock.c?id=3Dv1.2.0

> In the case where a mutex:
> is one of PTHREAD_MUTEX_ERRORCHECK or PTHREAD_MUTEX_RECURSIVE
> and PTHREAD_PRIO_INHERIT
>
> an uninitialized value of 'old' is used to check whether to fu= tex.

Can you elaborate on this? In line 15, old is assigned; this applies
to all mutex types except plain boring normal (without PI and without
robust). The condition in line 33 can only be true if type is nonzero
(not plain boring normal mutex) so I don't see any way it can be used uninitialized in line 34. Is your report based on your own reading or
a static analysis tool?

Rich
--00000000000051f86005a1da33b5--