Adhemerval Zanella 0cb313f7cb Fix clone (CLONE_VM) pid/tid reset (BZ#19957)
As discussed in libc-alpha [1] current clone with CLONE_VM (without
CLONE_THREAD set) will reset the pthread pid/tid fields to -1.  The
issue is since memory is shared between the parent and child it will
clobber parent's cached pid/tid leading to internal inconsistencies
if the value is not restored.

And even it is restored it may lead to racy conditions when between
set/restore a thread might invoke pthread function that validate the
pthread with INVALID_TD_P/INVALID_NOT_TERMINATED_TD_P and thus get
wrong results.

As stated in BZ19957, previously reports of this behaviour was close
with EWONTFIX due the fact usage of clone outside glibc is tricky
since glibc requires consistent internal pthread, while using clone
directly may not provide it. However since now posix_spawn uses
clone (CLONE_VM) to fixes various issues related to previous vfork
usage this issue requires fixing.

The vfork implementation also does something similar, but instead
it negates and restores only the *pid* field and functions that
might access its value know to handle such case (getpid, raise
and pthread ones that uses INVALID_TD_P/INVALID_NOT_TERMINATED_TD_P
macros that check only *tid* field).  Also vfork does not call
__clone directly, instead calling either __NR_vfork or __NR_clone
directly.

So this patch removes this clone behavior by avoiding setting
the pthread pid/tid field for CLONE_VM. There is no need to
check for CLONE_THREAD, since the minimum supported kernel in all
architecture implies that CLONE_VM must be used with CLONE_THREAD,
otherwise clone returns EINVAL.

Instead of current approach of:

   int clone(int (*fn)(void *), void *child_stack, int flags, ...)
      [...]
      if (flags & CLONE_THREAD)
        goto do_syscall;
      pid_t new_value;
      if (flags & CLONE_VM)
        new_value = -1;
      else
        new_value = getpid ();
      THREAD_SETMEM (THREAD_SELF, pid, new_value);
      THREAD_SETMEM (THREAD_SELF, tid, new_value);

    do_syscall:
      [...]

The new approach uses:

   int clone(int (*fn)(void *), void *child_stack, int flags, ...)
      [...]
      if (flags & CLONE_VM)
        goto do_syscall;
      pid_t new_value = getpid ();
      THREAD_SETMEM (THREAD_SELF, pid, new_value);
      THREAD_SETMEM (THREAD_SELF, tid, new_value);

    do_syscall:
      [...]

It also removes the linux tst-getpid2.c test which expects the previous
behavior and instead add another clone test.

Tested on x86_64, i686, x32, powerpc64le, aarch64, armhf, s390, and
s390x. I also did limited check on mips32 and sparc64 (using the new
added test).

I also got reviews from both m68k, hppa, and tile.  So I presume for
these architecture the patch works.

The fixes for alpha, microblaze, sh, ia64, and nio2 have not been
tested.

[1] https://sourceware.org/ml/libc-alpha/2016-04/msg00307.html

	* sysdeps/unix/sysv/linux/Makefile [$(subdir) == nptl] (test): Remove
	tst-getpid2.
	(test): Add tst-clone2.
	* sysdeps/unix/sysv/linux/tst-clone2.c: New file.
	* sysdeps/unix/sysv/linux/aarch64/clone.S (__clone): Do not change
	pid/tid fields for CLONE_VM.
	* sysdeps/unix/sysv/linux/arm/clone.S: Likewise.
	* sysdeps/unix/sysv/linux/i386/clone.S: Likewise.
	* sysdeps/unix/sysv/linux/mips/clone.S: Likewise.
	* sysdeps/unix/sysv/linux/powerpc/powerpc32/clone.S: Likewise.
	* sysdeps/unix/sysv/linux/powerpc/powerpc64/clone.S: Likewise.
	* sysdeps/unix/sysv/linux/s390/s390-32/clone.S: Likewise.
	* sysdeps/unix/sysv/linux/s390/s390-64/clone.S: Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc32/clone.S: Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc64/clone.S: Likewise.
	* sysdeps/unix/sysv/linux/x86_64/clone.S: Likewise.
	* sysdeps/unix/sysv/linux/tst-getpid2.c: Remove file.
2016-04-29 18:19:30 -03:00

201 lines
6.4 KiB
Makefile

ifeq ($(subdir),csu)
sysdep_routines += errno-loc
endif
ifeq ($(subdir),assert)
CFLAGS-assert.c += -DFATAL_PREPARE_INCLUDE='<fatal-prepare.h>'
CFLAGS-assert-perr.c += -DFATAL_PREPARE_INCLUDE='<fatal-prepare.h>'
endif
ifeq ($(subdir),malloc)
CFLAGS-malloc.c += -DMORECORE_CLEARS=2
endif
ifeq ($(subdir),misc)
include $(firstword $(wildcard $(sysdirs:=/sysctl.mk)))
sysdep_routines += clone llseek umount umount2 readahead \
setfsuid setfsgid makedev epoll_pwait signalfd \
eventfd eventfd_read eventfd_write prlimit \
personality
CFLAGS-gethostid.c = -fexceptions
CFLAGS-tst-writev.c += "-DARTIFICIAL_LIMIT=0x80000000-__getpagesize()"
# Note that bits/mman-linux.h is listed here though the file lives in the
# top-level bits/ subdirectory instead of here in sysdeps/.../linux/bits/.
# That is just so that other (non-Linux) configurations for whom the
# bits/mman-linux.h definitions work well do not have to duplicate the
# contents of the file. The file must still be listed in sysdep_headers
# here and in any non-Linux configuration that uses it; other
# configurations will not install the file.
sysdep_headers += sys/mount.h sys/acct.h sys/sysctl.h \
sys/klog.h \
sys/user.h sys/prctl.h \
sys/kd.h sys/soundcard.h sys/vt.h \
sys/quota.h sys/fsuid.h \
scsi/sg.h scsi/scsi.h scsi/scsi_ioctl.h sys/pci.h \
sys/ultrasound.h sys/raw.h sys/personality.h sys/epoll.h \
bits/a.out.h sys/inotify.h sys/signalfd.h sys/eventfd.h \
sys/timerfd.h sys/fanotify.h bits/eventfd.h bits/inotify.h \
bits/signalfd.h bits/timerfd.h bits/epoll.h \
bits/socket_type.h bits/syscall.h bits/sysctl.h \
bits/mman-linux.h
tests += tst-clone tst-clone2 tst-fanotify tst-personality
# Generate the list of SYS_* macros for the system calls (__NR_* macros).
# If there is more than one syscall list for different architecture
# variants, the CPU/Makefile defines abi-variants to be a list of names
# for those variants (e.g. 32 64), and, for each variant, defines
# abi-$(variant)-options to be compiler options to cause <asm/unistd.h>
# to define the desired list of syscalls and abi-$(variant)-condition to
# be the condition for those options to use in a C #if condition.
# abi-includes may be defined to a list of headers to include
# in the generated header, if the default does not suffice.
#
# The generated header is compiled with `-ffreestanding' to avoid any
# circular dependencies against the installed implementation headers.
# Such a dependency would require the implementation header to be
# installed before the generated header could be built (See bug 15711).
# In current practice the generated header dependencies do not include
# any of the implementation headers removed by the use of `-ffreestanding'.
$(objpfx)bits/syscall%h $(objpfx)bits/syscall%d: ../sysdeps/unix/sysv/linux/sys/syscall.h
$(make-target-directory)
{ \
echo '/* Generated at libc build time from kernel syscall list. */';\
echo ''; \
echo '#ifndef _SYSCALL_H'; \
echo '# error "Never use <bits/syscall.h> directly; include <sys/syscall.h> instead."'; \
echo '#endif'; \
echo ''; \
$(foreach h,$(abi-includes), echo '#include <$(h)>';) \
echo ''; \
$(if $(abi-variants), \
$(foreach v,$(abi-variants),\
$(CC) -ffreestanding -E -MD -MP -MF $(@:.h=.d)-t$(v) -MT '$(@:.d=.h) $(@:.h=.d)' \
-x c $(sysincludes) $< $(abi-$(v)-options) \
-D_LIBC -dM | \
sed -n 's@^#define __NR_\([^ ]*\) .*$$@#define SYS_\1 __NR_\1@p' | \
LC_ALL=C sort > $(@:.d=.h).new$(v); \
$(if $(abi-$(v)-condition),\
echo '#if $(abi-$(v)-condition)';) \
cat $(@:.d=.h).new$(v); \
$(if $(abi-$(v)-condition),echo '#endif';) \
rm -f $(@:.d=.h).new$(v); \
), \
$(CC) -ffreestanding -E -MD -MP -MF $(@:.h=.d)-t$(v) -MT '$(@:.d=.h) $(@:.h=.d)' \
-x c $(sysincludes) $< \
-D_LIBC -dM | \
sed -n 's@^#define __NR_\([^ ]*\) .*$$@#define SYS_\1 __NR_\1@p' | \
LC_ALL=C sort;) \
} > $(@:.d=.h).new
mv -f $(@:.d=.h).new $(@:.d=.h)
ifdef abi-variants
ifneq (,$(objpfx))
sed $(sed-remove-objpfx) \
$(foreach v,$(abi-variants),$(@:.h=.d)-t$(v)) > $(@:.h=.d)-t3
else
cat $(foreach v,$(abi-variants),$(@:.h=.d)-t$(v)) \
> $(@:.h=.d)-t3
endif
rm -f $(foreach v,$(abi-variants),$(@:.h=.d)-t$(v))
mv -f $(@:.h=.d)-t3 $(@:.h=.d)
else
mv -f $(@:.h=.d)-t $(@:.h=.d)
endif
ifndef no_deps
# Get the generated list of dependencies (probably /usr/include/asm/unistd.h).
-include $(objpfx)bits/syscall.d
endif
generated += bits/syscall.h bits/syscall.d
endif
ifeq ($(subdir),time)
sysdep_headers += sys/timex.h bits/timex.h
sysdep_routines += ntp_gettime ntp_gettimex
endif
ifeq ($(subdir),socket)
sysdep_headers += net/if_ppp.h net/ppp-comp.h \
net/ppp_defs.h net/if_arp.h net/route.h net/ethernet.h \
net/if_slip.h net/if_packet.h net/if_shaper.h
sysdep_routines += cmsg_nxthdr
endif
ifeq ($(subdir),sunrpc)
sysdep_headers += nfs/nfs.h
endif
ifeq ($(subdir),termios)
sysdep_headers += termio.h
endif
ifeq ($(subdir),posix)
sysdep_headers += bits/initspin.h
sysdep_routines += sched_getcpu
tests += tst-affinity tst-affinity-pid
CFLAGS-fork.c = $(libio-mtsafe)
CFLAGS-getpid.o = -fomit-frame-pointer
CFLAGS-getpid.os = -fomit-frame-pointer
endif
ifeq ($(subdir),inet)
sysdep_headers += netinet/if_fddi.h netinet/if_tr.h \
netipx/ipx.h netash/ash.h netax25/ax25.h netatalk/at.h \
netrom/netrom.h netpacket/packet.h netrose/rose.h \
neteconet/ec.h netiucv/iucv.h
sysdep_routines += netlink_assert_response
endif
# Don't compile the ctype glue code, since there is no old non-GNU C library.
inhibit-glue = yes
ifeq ($(subdir),dirent)
sysdep_routines += getdirentries getdirentries64
endif
ifeq ($(subdir),nis)
CFLAGS-ypclnt.c = -DUSE_BINDINGDIR=1
endif
ifeq ($(subdir),io)
sysdep_routines += xstatconv internal_statvfs internal_statvfs64 \
sync_file_range fallocate fallocate64
sysdep_headers += bits/fcntl-linux.h
endif
ifeq ($(subdir),elf)
sysdep-rtld-routines += dl-brk dl-sbrk dl-getcwd dl-openat64 dl-opendir \
dl-fxstatat64
libof-lddlibc4 = lddlibc4
others += pldd
install-bin += pldd
$(objpfx)pldd: $(objpfx)xmalloc.o
endif
ifeq ($(subdir),rt)
CFLAGS-mq_send.c += -fexceptions
CFLAGS-mq_receive.c += -fexceptions
endif
ifeq ($(subdir),nscd)
sysdep-CFLAGS += -DHAVE_EPOLL -DHAVE_SENDFILE -DHAVE_INOTIFY -DHAVE_NETLINK
CFLAGS-gai.c += -DNEED_NETLINK
endif
ifeq ($(subdir),nptl)
tests += tst-setgetname tst-align-clone tst-getpid1 \
tst-thread-affinity-pthread tst-thread-affinity-pthread2 \
tst-thread-affinity-sched
endif