This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug nptl/14147] New: Async cancellation left active after longjmp out of signal handler
- From: "bugdal at aerifal dot cx" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Wed, 23 May 2012 19:50:22 +0000
- Subject: [Bug nptl/14147] New: Async cancellation left active after longjmp out of signal handler
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=14147
Bug #: 14147
Summary: Async cancellation left active after longjmp out of
signal handler
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: nptl
AssignedTo: unassigned@sourceware.org
ReportedBy: bugdal@aerifal.cx
CC: drepper.fsp@gmail.com
Classification: Unclassified
If a signal handler interrupts a function which is async-signal-safe, it's
valid to exit the signal handler with longjmp. Suppose the interrupted function
is also a cancellation point. Due to NPTL's implementation of cancellation
points (switch to async cancellation mode, invoke the syscall, switch back),
the cancellation mode will get left as asynchronous, contrary to the
expectations of a conforming application, and subsequent code that is not
async-cancellation-safe will get run with async cancellation, possibly causing
severe memory corruption when a cancellation request arrives.
This bug is related to bug #12683 (also reported by me), but I'm reporting it
separately because it's not a rare race condition but breakage in a specific
usage case that will occur without any race.
Fixing all of these issues requires abandoning the naive approach of wrapping
syscalls in switches to/from async cancellation mode, and instead having the
cancellation signal handler check (via program counter comparison, either
directly or using whatever fancy DWARF stuff is popular) to determine whether
the interrupted thread was blocked at a cancellation point, and thus whether to
act on cancellation.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.