about summary refs log tree commit diff
path: root/src/thread/cancel_impl.c
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2011-04-17 15:30:08 -0400
committerRich Felker <dalias@aerifal.cx>2011-04-17 15:30:08 -0400
commit09dae2b7b66f741b30aa7ce95ab395239da20762 (patch)
treeda94ed95c914ec60663aec3368e3642d8c41cfeb /src/thread/cancel_impl.c
parentebf82447be4b30bedc19ad868c3a0662b1ba596d (diff)
downloadmusl-09dae2b7b66f741b30aa7ce95ab395239da20762.tar.gz
musl-09dae2b7b66f741b30aa7ce95ab395239da20762.tar.xz
musl-09dae2b7b66f741b30aa7ce95ab395239da20762.zip
fix bugs in cancellable syscall asm
x86_64 was just plain wrong in the cancel-flag-already-set path, and
crashing.

the more subtle error was not clearing the saved stack pointer before
returning to c code. this could result in the signal handler
misidentifying c code as the pre-syscall part of the asm, and acting
on cancellation at the wrong time, and thus resource leak race
conditions.

also, now __cancel (in the c code) is responsible for clearing the
saved sp in the already-cancelled branch. this means we have to use
call rather than jmp to ensure the stack pointer in the c will never
match what the asm saved.
Diffstat (limited to 'src/thread/cancel_impl.c')
-rw-r--r--src/thread/cancel_impl.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/thread/cancel_impl.c b/src/thread/cancel_impl.c
index 7bcfaef5..2d2bb572 100644
--- a/src/thread/cancel_impl.c
+++ b/src/thread/cancel_impl.c
@@ -3,6 +3,7 @@
 void __cancel()
 {
 	pthread_t self = __pthread_self();
+	self->cp_sp = 0;
 	self->canceldisable = 1;
 	self->cancelasync = 0;
 	pthread_exit(PTHREAD_CANCELED);
@@ -24,8 +25,8 @@ long (__syscall_cp)(long nr, long u, long v, long w, long x, long y, long z)
 	self->cp_sp = 0;
 	self->cp_ip = 0;
 	r = __syscall_cp_asm(&self->cp_sp, nr, u, v, w, x, y, z);
-	self->cp_sp = old_sp;
 	self->cp_ip = old_ip;
+	self->cp_sp = old_sp;
 	if (r == -EINTR && self->cancel) __cancel();
 	return r;
 }