From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no
	version=3.4.4
Received: (qmail 27096 invoked from network); 3 Feb 2021 20:21:24 -0000
Received: from mother.openwall.net (195.42.179.200)
  by inbox.vuxu.org with ESMTPUTF8; 3 Feb 2021 20:21:24 -0000
Received: (qmail 25743 invoked by uid 550); 3 Feb 2021 20:21:19 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 25725 invoked from network); 3 Feb 2021 20:21:18 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:cc:references:from:message-id:date:mime-version
         :in-reply-to:content-transfer-encoding:content-language;
        bh=UYX11Qa0KdUWSLANabT79LKlJJIi17fILmZ0osHcjng=;
        b=qJ5ECP8W5INfFRAqT1FjT+JyXwvEzp7h7fXMlltVWiFDWm6kpK+Zm2VrYSQC3eJC5w
         N7bSTLvXbPGr9S5zn+xerSkCCoKWj5l/7zZr9UBkohuW30LQvA0frCEeIe9Ln3yA5DfY
         9/l9CnjxvMibEghntlFkMukW5h3nY9zTY0v+Oaqx91tk31A7aEtUN4rImaqPDKH+76xo
         mTZC9loUFphMhmlsTQs7eVvcswWTjx6Cr4+gZXfulV/4txbk8w36vcZUB9HcZNCZyOyU
         KLL+JlW9jyc4W5Bvqyry0ISithFnD/xHqXQwgJequo/b619H29JLL38KP08Z1e/5W2vm
         7HGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :mime-version:in-reply-to:content-transfer-encoding:content-language;
        bh=UYX11Qa0KdUWSLANabT79LKlJJIi17fILmZ0osHcjng=;
        b=p/ykUA2DpeSZKJ41tC6UhZZdrwFhzOLATKYSlgc6XjFhUXKeF3K/Ay+UeS3hq1xnya
         jmuWtXn1Kg6eBzXVKwpRTIIMUEitB70mAJSv9lEqtBqisSHL+YGd/MobMDCxGqMSQrQv
         xuVzsgQHC3LZON8OmVBrpU06lFG8W1lKqV0TdhV+j7K2NSN+xX0X+ylh1zkX4EQ1nMEW
         G60YYwDir8MP9jkxespIa/5UDRibOdlF1I0gu3zEzFm50TFK8izyNGMUZwsbzVEz8tw+
         44Pk9ruezRYGJTxWH83xYgQL3Y8GSbQ5wlihfDadrsztNwyNyHLPb3Bz0jW2LkfJNFEN
         bOwA==
X-Gm-Message-State: AOAM533SH+mzhce4/IldYfOoerjn/6+s50neBXpz0N8JsBx0x9nncXa6
	w4YxYqy7+nBqlvLaTKgTxzCX25dBIrw=
X-Google-Smtp-Source: ABdhPJzefruBb6BptS9PPET+ZCADmE5hgS9VnCMoAz/FOwiN1c/URBc1/CP3xCi5kaEd355prBWscQ==
X-Received: by 2002:ac8:6b11:: with SMTP id w17mr4196540qts.274.1612383666146;
        Wed, 03 Feb 2021 12:21:06 -0800 (PST)
To: Rich Felker <dalias@libc.org>, fweimer@redhat.com
Cc: musl@lists.openwall.com
References: <62be4b85-4a42-413e-a83f-866eab4d601a@gmail.com>
 <20210203192145.GW23432@brightrain.aerifal.cx>
From: Dominic Chen <d.c.ddcc@gmail.com>
Message-ID: <c1944b59-e2ab-d110-b2a1-ca47b93bf521@gmail.com>
Date: Wed, 3 Feb 2021 15:21:06 -0500
MIME-Version: 1.0
In-Reply-To: <20210203192145.GW23432@brightrain.aerifal.cx>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Subject: Re: [musl] Incorrect thread TID caching


On 2/3/2021 2:16 AM, Florian Weimer wrote:
> If you use the clone system call wrapper in threading (not fork/vfork)
> mode, you cannot call any libc functions afterwards, including the
> syscall function.  Instead, you have to issue direct system calls.
On 2/3/2021 2:21 PM, Rich Felker wrote:
> Unfortunately it's really underdocumented and underexplored what a
> child created with clone() can do. There are definitely limitations --
> for example any usage with CLONE_VM or CLONE_THREAD is restricted not
> to call into libc at all, and might not even be safe whatsoever.
> However basic usage comparable in semantics to _Fork is probably
> supposed to work at least as well as _Fork -- in particular calling
> AS-safe libc functions should work.

I wasn't aware of this behavior, and didn't see any documentation about 
this for the glibc clone() wrapper either. This seems to be a big 
footgun, and after looking through the history for this code in Chrome, 
it looks like they had a similar issue with glibc too.

> BTW does Chrom{e,ium} itself do something with raw clone? If so this
> could be a source of some of the bugs users hit, and it would be great
> to get a clearer picture on what's happening.

The code in question is a unittest for the sandbox, which manually calls 
clone with CLONE_NEWPID to fork a child in a PID namespace, then 
installs a signal handler and checks that it receives SIGTERM correctly: 
https://source.chromium.org/chromium/chromium/src/+/master:sandbox/linux/services/namespace_sandbox_unittest.cc;l=194 
. But under musl, raise() uses the cached TID value, so the test 
eventually times out.

I missed that the NamespaceSandbox::ForkInNewPidNamespace() function 
does manually update the cached TID for glibc after calling the 
ForkWithFlags wrapper, so I can just do the same for musl too.

Separately, it looks like glibc used to have a PID cache too, but was 
removed after a discussion that you were both involved with: 
http://sourceware-org.1504.n7.nabble.com/Caching-of-PID-TID-after-fork-td416394.html

Thanks,

Dominic