From: enh <enh@google.com>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>,
linux-man@vger.kernel.org
Subject: Re: [PATCH] pthread_kill.3: Update to match POSIX.
Date: Tue, 12 Nov 2019 21:27:21 -0800 [thread overview]
Message-ID: <CAJgzZorB99W2PzjQ5ZU1nBiYb81Ubm=VvaF50BOm9sTFUHeE4A@mail.gmail.com> (raw)
In-Reply-To: <87imnobufy.fsf@mid.deneb.enyo.de>
On Tue, Nov 12, 2019 at 2:28 PM Florian Weimer <fw@deneb.enyo.de> wrote:
>
> * enh:
>
> > but this is all about *invalid* threads, which obviously can't be
> > joinable. i'm really not sure what you're trying to say.
>
> Uhm, people try use pthread_kill to probe for thread termination.
yes, that's why i'm keen that we make it clearer that this doesn't work.
> Termintation of a non-detached thread doesn't make a thread
> non-joinable, so from a temporal memory safety perspective, that's
> totally fine. Except that POSIX requires implementations to hide this
> information from callers.
>
> Maybe we are talking past each other, though.
>
> Let's look at what musl does:
>
> int pthread_kill(pthread_t t, int sig)
> {
> int r;
> LOCK(t->killlock);
> r = t->tid ? -__syscall(SYS_tkill, t->tid, sig)
> : (sig+0U >= _NSIG ? EINVAL : 0);
> UNLOCK(t->killlock);
> return r;
> }
>
> The 0 could be ESRCH to support probing for termination.
no, because the C library has two choices when a thread exits:
1. unmap the thread.
2. keep the thread around for recycling.
if you choose 1 (optimizing for space, like Android), your dereference
is illegal.
if you choose 2 (optimizing for time, as i believe glibc does), your
dereference is fine and you read the zero that the kernel put there
... until the thread is reused. now you're actually looking at a
different thread than the one you think you're looking at. and as a
caller who by definition doesn't know the current state of the thread,
you've no idea whether it's been reused or not. (this is also strictly
the case on Android if ASLR has put a new thread's stack where the old
one used to be.)
there's more detail about this -- and some less unreliable options --
in the Android documentation i linked to in the commit message.
next prev parent reply other threads:[~2019-11-13 5:27 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-12 20:36 [PATCH] pthread_kill.3: Update to match POSIX enh
2019-11-12 21:38 ` Florian Weimer
2019-11-12 21:40 ` enh
2019-11-12 21:52 ` Florian Weimer
2019-11-12 22:06 ` enh
2019-11-12 22:11 ` Florian Weimer
2019-11-12 22:22 ` enh
2019-11-12 22:28 ` Florian Weimer
2019-11-13 5:27 ` enh [this message]
2019-11-13 5:51 ` Florian Weimer
2019-11-13 5:59 ` enh
2019-11-13 6:10 ` Florian Weimer
2021-11-09 23:00 ` enh
2021-11-10 7:14 ` Florian Weimer
2021-11-12 0:01 ` enh
2021-11-12 13:02 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJgzZorB99W2PzjQ5ZU1nBiYb81Ubm=VvaF50BOm9sTFUHeE4A@mail.gmail.com' \
--to=enh@google.com \
--cc=fw@deneb.enyo.de \
--cc=linux-man@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).