diff options
author | Rich Felker <dalias@aerifal.cx> | 2011-04-17 15:30:08 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2011-04-17 15:30:08 -0400 |
commit | 09dae2b7b66f741b30aa7ce95ab395239da20762 (patch) | |
tree | da94ed95c914ec60663aec3368e3642d8c41cfeb /src/thread/i386 | |
parent | ebf82447be4b30bedc19ad868c3a0662b1ba596d (diff) | |
download | musl-09dae2b7b66f741b30aa7ce95ab395239da20762.tar.gz musl-09dae2b7b66f741b30aa7ce95ab395239da20762.tar.xz musl-09dae2b7b66f741b30aa7ce95ab395239da20762.zip |
fix bugs in cancellable syscall asm
x86_64 was just plain wrong in the cancel-flag-already-set path, and crashing. the more subtle error was not clearing the saved stack pointer before returning to c code. this could result in the signal handler misidentifying c code as the pre-syscall part of the asm, and acting on cancellation at the wrong time, and thus resource leak race conditions. also, now __cancel (in the c code) is responsible for clearing the saved sp in the already-cancelled branch. this means we have to use call rather than jmp to ensure the stack pointer in the c will never match what the asm saved.
Diffstat (limited to 'src/thread/i386')
-rw-r--r-- | src/thread/i386/syscall_cp.s | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/src/thread/i386/syscall_cp.s b/src/thread/i386/syscall_cp.s index 6d8c354b..51905131 100644 --- a/src/thread/i386/syscall_cp.s +++ b/src/thread/i386/syscall_cp.s @@ -28,9 +28,8 @@ __syscall_cp_asm: popl %edi popl %esi popl %ebx + xorl %edx,%edx + movl 4(%esp),%ecx + movl %edx,(%ecx) ret -2: xorl %eax,%eax - movl %eax,4(%ecx) - movl %eax,(%ecx) - pushl $-1 - call __cancel +2: call __cancel |