about summary refs log tree commit diff
path: root/src/thread/x86_64
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2011-04-17 15:30:08 -0400
committerRich Felker <dalias@aerifal.cx>2011-04-17 15:30:08 -0400
commit09dae2b7b66f741b30aa7ce95ab395239da20762 (patch)
treeda94ed95c914ec60663aec3368e3642d8c41cfeb /src/thread/x86_64
parentebf82447be4b30bedc19ad868c3a0662b1ba596d (diff)
downloadmusl-09dae2b7b66f741b30aa7ce95ab395239da20762.tar.gz
musl-09dae2b7b66f741b30aa7ce95ab395239da20762.tar.xz
musl-09dae2b7b66f741b30aa7ce95ab395239da20762.zip
fix bugs in cancellable syscall asm
x86_64 was just plain wrong in the cancel-flag-already-set path, and
crashing.

the more subtle error was not clearing the saved stack pointer before
returning to c code. this could result in the signal handler
misidentifying c code as the pre-syscall part of the asm, and acting
on cancellation at the wrong time, and thus resource leak race
conditions.

also, now __cancel (in the c code) is responsible for clearing the
saved sp in the already-cancelled branch. this means we have to use
call rather than jmp to ensure the stack pointer in the c will never
match what the asm saved.
Diffstat (limited to 'src/thread/x86_64')
-rw-r--r--src/thread/x86_64/syscall_cp.s11
1 files changed, 6 insertions, 5 deletions
diff --git a/src/thread/x86_64/syscall_cp.s b/src/thread/x86_64/syscall_cp.s
index a36e8d1d..8b250488 100644
--- a/src/thread/x86_64/syscall_cp.s
+++ b/src/thread/x86_64/syscall_cp.s
@@ -8,6 +8,7 @@ __syscall_cp_asm:
 	mov 16(%rdi),%eax
 	test %eax,%eax
 	jnz 2f
+	mov %rdi,%r11
 	mov %rsi,%rax
 	mov %rdx,%rdi
 	mov %rcx,%rsi
@@ -15,10 +16,10 @@ __syscall_cp_asm:
 	mov %r9,%r10
 	mov 8(%rsp),%r8
 	mov 16(%rsp),%r9
+	mov %r11,8(%rsp)
 1:	syscall
+	xor %ecx,%ecx
+	mov 8(%rsp),%edi
+	mov %rcx,(%rdi)
 	ret
-2:	xor %edi,%edi
-	mov %rdi,8(%r10)
-	mov %rdi,(%r10)
-	dec %rdi
-	jmp __cancel
+2:	call __cancel