From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/13530
Path: news.gmane.org!.POSTED!not-for-mail
From: "A. Wilcox" <awilfox@adelielinux.org>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: aio_cancel segmentation fault for in progress write
 requests
Date: Fri, 7 Dec 2018 13:05:53 -0600
Organization: =?UTF-8?Q?Ad=c3=a9lie_Linux?=
Message-ID: <d62d767d-0751-8dc4-88b1-1f9fa810181e@adelielinux.org>
References: <CAO=yjR2ZEh1Rj24ABcObeB6q6dXMF=HYwEnAJZ7+S9Ezv_37Xg@mail.gmail.com>
 <20181207154419.GD23599@brightrain.aerifal.cx>
 <CAO=yjR1xdDHijaCAv0UpCKZCXBmyL_21SGBOQjQd+Z9dmjb2aw@mail.gmail.com>
 <20181207165217.GE23599@brightrain.aerifal.cx>
 <54b4d253-1660-3207-5d59-f23f1c25b2b9@adelielinux.org>
 <20181207182650.GF23599@brightrain.aerifal.cx>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="uJhKVj6v9Mw12PWt7NuKDbZH78YeQxq6O"
X-Trace: blaine.gmane.org 1544209361 26480 195.159.176.226 (7 Dec 2018 19:02:41 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Fri, 7 Dec 2018 19:02:41 +0000 (UTC)
User-Agent: Mozilla/5.0 (X11; Linux ppc64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
To: musl@lists.openwall.com
Original-X-From: musl-return-13546-gllmg-musl=m.gmane.org@lists.openwall.com Fri Dec 07 20:02:37 2018
Return-path: <musl-return-13546-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by blaine.gmane.org with smtp (Exim 4.84_2)
	(envelope-from <musl-return-13546-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1gVLOW-0006nM-SB
	for gllmg-musl@m.gmane.org; Fri, 07 Dec 2018 20:02:36 +0100
Original-Received: (qmail 7794 invoked by uid 550); 7 Dec 2018 19:04:45 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Original-Received: (qmail 7773 invoked from network); 7 Dec 2018 19:04:45 -0000
Openpgp: preference=signencrypt
In-Reply-To: <20181207182650.GF23599@brightrain.aerifal.cx>
Xref: news.gmane.org gmane.linux.lib.musl.general:13530
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/13530>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--uJhKVj6v9Mw12PWt7NuKDbZH78YeQxq6O
Content-Type: multipart/mixed; boundary="lnHtmcdTRezpwr6GftKs0vm0reHfX5Byw";
 protected-headers="v1"
From: "A. Wilcox" <awilfox@adelielinux.org>
To: musl@lists.openwall.com
Message-ID: <d62d767d-0751-8dc4-88b1-1f9fa810181e@adelielinux.org>
Subject: Re: [musl] aio_cancel segmentation fault for in progress write
 requests
References: <CAO=yjR2ZEh1Rj24ABcObeB6q6dXMF=HYwEnAJZ7+S9Ezv_37Xg@mail.gmail.com>
 <20181207154419.GD23599@brightrain.aerifal.cx>
 <CAO=yjR1xdDHijaCAv0UpCKZCXBmyL_21SGBOQjQd+Z9dmjb2aw@mail.gmail.com>
 <20181207165217.GE23599@brightrain.aerifal.cx>
 <54b4d253-1660-3207-5d59-f23f1c25b2b9@adelielinux.org>
 <20181207182650.GF23599@brightrain.aerifal.cx>
In-Reply-To: <20181207182650.GF23599@brightrain.aerifal.cx>

--lnHtmcdTRezpwr6GftKs0vm0reHfX5Byw
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 12/07/18 12:26, Rich Felker wrote:
> On Fri, Dec 07, 2018 at 11:31:01AM -0600, A. Wilcox wrote:
>> awilcox on gwyn [pts/7 Fri 7 11:29] ~: ./aioWrite
>> zsh: segmentation fault  ./aioWrite
>>
>> (gdb) run
>> Starting program: /home/awilcox/aioWrite
>> [New LWP 60165]
>> [LWP 60165 exited]
>> aio_write/1-1.c cancelationStatus : 2
>> Test PASSED
>> [Inferior 1 (process 60162) exited normally]
>> (gdb) quit
>>
> I don't think so. I'm concerned that it's a stack overflow, and that
> somehow the kernel folks have managed to break the MINSIGSTKSZ ABI.
> AIO threads use a PTHREAD_STACK_MIN-sized stack with no guard page
> (because they don't run any application code, just a tiny stub
> function) but this could overflow in kernelspace (and either crash or
> clobber memory depending on memory layout and presence/absence of
> ASLR) if the kernel is making a signal frame that's too big. Note that
> this would have to be nearly twice MINSIGSTKSZ (on x86 at least) due
> to rounding up to whole pages, so if the kernel is misbehaving here
> it's *badly* misbehaving...
>=20
> Rich
>=20


Note how for me, it runs correctly in gdb, but not bare.  I can
reproduce this behaviour in valgrind, too:

awilcox on gwyn [pts/7 Fri 7 13:03] ~: valgrind ./aioWrite
=3D=3D47650=3D=3D Memcheck, a memory error detector
=3D=3D47650=3D=3D Copyright (C) 2002-2017, and GNU GPL'd, by Julian Sewar=
d et al.
=3D=3D47650=3D=3D Using Valgrind-3.13.0 and LibVEX; rerun with -h for cop=
yright info
=3D=3D47650=3D=3D Command: ./aioWrite
=3D=3D47650=3D=3D
--47650-- WARNING: unhandled ppc64be-linux syscall: 208
--47650-- You may be able to write your own handler.
--47650-- Read the file README_MISSING_SYSCALL_OR_IOCTL.
--47650-- Nevertheless we consider this a bug.  Please report
--47650-- it at http://valgrind.org/support/bug_reports.html.
aio_write/1-1.c cancelationStatus : 2
Test PASSED
=3D=3D47650=3D=3D
=3D=3D47650=3D=3D HEAP SUMMARY:
=3D=3D47650=3D=3D     in use at exit: 7,574 bytes in 5 blocks
=3D=3D47650=3D=3D   total heap usage: 6 allocs, 1 frees, 7,694 bytes allo=
cated
=3D=3D47650=3D=3D
=3D=3D47650=3D=3D LEAK SUMMARY:
=3D=3D47650=3D=3D    definitely lost: 0 bytes in 0 blocks
=3D=3D47650=3D=3D    indirectly lost: 0 bytes in 0 blocks
=3D=3D47650=3D=3D      possibly lost: 0 bytes in 0 blocks
=3D=3D47650=3D=3D    still reachable: 7,168 bytes in 4 blocks
=3D=3D47650=3D=3D         suppressed: 406 bytes in 1 blocks
=3D=3D47650=3D=3D Rerun with --leak-check=3Dfull to see details of leaked=
 memory
=3D=3D47650=3D=3D
=3D=3D47650=3D=3D For counts of detected and suppressed errors, rerun wit=
h: -v
=3D=3D47650=3D=3D ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 =
from 0)


(syscall 208 is tkill)

Best,
--arw

--=20
A. Wilcox (awilfox)
Project Lead, Ad=C3=A9lie Linux
https://www.adelielinux.org


--lnHtmcdTRezpwr6GftKs0vm0reHfX5Byw--

--uJhKVj6v9Mw12PWt7NuKDbZH78YeQxq6O
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEjNyWOYPU1SaTSMHHyynLUZIrnRQFAlwKxJEACgkQyynLUZIr
nRTCNg/+P64t9xWXmpNwHQscobAhNqM4pkifS7L1DsWGVtxDgo5Soc6MlQZvjjOj
kMleEhIiPVi9fCzSQIIFO11kICv81SRhHHBlJpqFWGoy6NbLWgh2rNA7jJv8KlKJ
fyYfAbBl/KMAhy7WdBFMe7OwgMormJJtylUGT/jxV5kS34wwzixeleljnqVI80oO
RQwm1HBsZWn9k7Oz6IwXPVs3kHQdrpqef+ZFR9ddSmQECojlVbx0rGlQLpeACApZ
9AXGMiUZQK97wAzPs00ANYOm10BjJRJLo9AHMqpC6QAwpRu/g0pw4UXbEcJDkQNG
ydZ14Zco93zzr9xLshw7SEjRjnZb15tp/5rgN76EBakDxfgBl+YjZWeoALTfVy8m
5FN8aUu9+LiDC5H+oO8DGcvCIrVagC8Wxr0H+QUOn06SYKdoG2xR8BE3Ic6GbtRL
46g89uB6RJiAIGL1lExuGtYhZgbpubJPy+Ol7Lq+ETSU6QKYISxsi7StOgXQ8aJD
JlRWN20YFTmfyDKFdnrhYRbVuDy1qkl4AF9xDTPGX4ln+5EWpBZ0mMAQnJAZTw18
8Iwbzgld10LQFNMFaOFhHTB4fsLxRFvNFuYQBJMOf+4wci2lnz2p5JyLoh4Pei87
wM5ouASprPV0AhLUIL4k+sUzFNUTG4ahE55ww4L4elu8aOF5tvA=
=HVof
-----END PGP SIGNATURE-----

--uJhKVj6v9Mw12PWt7NuKDbZH78YeQxq6O--