Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 16 Aug 2014 19:06:11 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Test case for 'false ownership' of mutex via TID reuse

The attached test case exhibits a bug I'm about to fix in musl, and
which also exists in glibc, whereby happening to get the same TID as a
previous mutex owner who exited with the mutex locked allows the new
thread to unlock the mutex. See also:

http://austingroupbugs.net/view.php?id=755

Sadly it's rather slow and impractical to add to libc-test. I'm not
sure if it's possible to run it in a container with a smaller pid/tid
space to get the reuse to happen sooner. It can also have false
negatives if some other process claims the tid before it gets reused
for a new thread in the test process. Ideas to make the test more
practical and reliable would be nice.

Rich

View attachment "false_ownership_2.c" of type "text/plain" (622 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.