Date: Tue, 3 Jul 2018 11:17:56 -0400 From: Rich Felker <dalias@...c.org> To: Florian Weimer <fweimer@...hat.com> Cc: musl@...ts.openwall.com Subject: Re: arc4random/csprng On Tue, Jul 03, 2018 at 05:08:21PM +0200, Florian Weimer wrote: > On 07/03/2018 04:47 PM, Rich Felker wrote: > > >>The main lock (for non-current kernels) is needed for the fork > >>detection counters. Fork detection is required for compatibility > >>with applications which call clone/fork system calls directly, so > > > >How do you consider this supported usage at all? The tid in the TCB > >will be invalid after such a call, and other things may be broken too. > > Right, robust mutexes are quite broken by this. Not just robust. Due to tid reuse, if a single-threaded parent bypasses libc to fork, then exits, the tid that was copied into the child's TCB could get reused for a new thread in the child, thereby allowing two threads to lock the same recursive mutex at the same time. Lots of other versions of this are possible too whenever TCB->tid has a value that's not reserved against reuse. > But it's still quite common to do things with direct system calls, > particularly for setting up containers. > > I have not yet found a case which I couldn't solve with plain fork > (with handlers) and unshare, but that's not what everyone does > unfortunately. I agree you might need direct use of clone sometime for namespace/container stuff, but I don't think there's any way it can be made safe without careful consideration of what you do after the operation before a subsequent execve or _exit. I don't think it makes sense to design big machinery to support doing something that has deeper reasons it can't work, but this is probably partly a difference in philosophy between glibc and musl (see also: dlclose, lazy dtls, lazy tlsdesc, ...). Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.