summary refs log tree commit diff
path: root/nptl/sysdeps/pthread/createthread.c
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2010-03-05 11:23:28 -0800
committerUlrich Drepper <drepper@redhat.com>2010-03-05 11:23:28 -0800
commit66f1b8eeb20c49c8566abeeacf36540f258ad5f4 (patch)
tree1149fbc80470ff586f1815d334b5308ad24cc4cb /nptl/sysdeps/pthread/createthread.c
parent01f1f5ee8b58d5a3dce5250ed3514e9dfa5ceff4 (diff)
downloadglibc-66f1b8eeb20c49c8566abeeacf36540f258ad5f4.tar.gz
glibc-66f1b8eeb20c49c8566abeeacf36540f258ad5f4.tar.xz
glibc-66f1b8eeb20c49c8566abeeacf36540f258ad5f4.zip
Fix setxid race with thread creation
Diffstat (limited to 'nptl/sysdeps/pthread/createthread.c')
-rw-r--r--nptl/sysdeps/pthread/createthread.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/nptl/sysdeps/pthread/createthread.c b/nptl/sysdeps/pthread/createthread.c
index 66fafe8050..3bb3915281 100644
--- a/nptl/sysdeps/pthread/createthread.c
+++ b/nptl/sysdeps/pthread/createthread.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2002-2007, 2008 Free Software Foundation, Inc.
+/* Copyright (C) 2002-2007, 2008, 2010 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@redhat.com>, 2002.
 
@@ -28,7 +28,7 @@
 #include "kernel-features.h"
 
 
-#define CLONE_SIGNAL    	(CLONE_SIGHAND | CLONE_THREAD)
+#define CLONE_SIGNAL		(CLONE_SIGHAND | CLONE_THREAD)
 
 /* Unless otherwise specified, the thread "register" is going to be
    initialized with a pointer to the TCB.  */
@@ -72,8 +72,14 @@ do_clone (struct pthread *pd, const struct pthread_attr *attr,
      that cares whether the thread count is correct.  */
   atomic_increment (&__nptl_nthreads);
 
-  if (ARCH_CLONE (fct, STACK_VARIABLES_ARGS, clone_flags,
-		  pd, &pd->tid, TLS_VALUE, &pd->tid) == -1)
+  int rc = ARCH_CLONE (fct, STACK_VARIABLES_ARGS, clone_flags,
+		       pd, &pd->tid, TLS_VALUE, &pd->tid);
+
+  /* Allow setxid from now onwards.  */
+  if (__builtin_expect (atomic_exchange_acq (&pd->setxid_futex, 0) == -2, 0))
+    lll_futex_wake (&pd->setxid_futex, 1, LLL_PRIVATE);
+
+  if (__builtin_expect (rc == -1, 0))
     {
       atomic_decrement (&__nptl_nthreads); /* Oops, we lied for a second.  */