[PATCH 00/10] nptl: Fix Race conditions in pthread cancellation (BZ#12683)

Thu Sep 24 22:26:00 GMT 2015

On 18-09-2015 08:31, Joseph Myers wrote:
> 
>> And for lseek we need to define for GLIBC if this function is indeed a
>> cancellation entrypoint of not and make it consistent for all architectures
>> (and POSIX states it an optional one [1]).
>>
>> [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html#tag_15_09_05_02
> 
> Yes, we need to make this consistent unless there is a good reason for the 
> inconsistency.
> 
> It seems lseek was made not-cancellable for some systems by
> 
> 2003-07-14  Ulrich Drepper  <drepper@redhat.com>
> 
>         More cancellation handling fixups.
> [...]
>         * sysdeps/unix/sysv/linux/llseek.c: Must not be cancelable.
>         * sysdeps/unix/syscalls.list: Don't mark lseek as cancelable.
> 
> (see <https://sourceware.org/ml/libc-hacker/2003-07/msg00012.html>) but 
> that didn't make the change for 64-bit architectures.  (But it's marked 
> with __THROW.)
> 
>> One way is to make the return syscall another type like __syscall_arg_t
>> and make the specific implementation for such ports to redefine it to
>> a better one if it is required.
> 
> I think that's the right logical thing to do to handle such ABIs more 
> cleanly and reliably.
> 
> Whether it's needed for this patch series could be determined by examining 
> all syscalls.list entries for cancellable syscalls that can be used for 
> ILP32 configurations with 64-bit registers used in the syscall interface 
> (that's MIPS n32 and x86_64 x32, and I'm not sure about what the syscall 
> interface for tilegx32 looks like), to see if any beyond lseek can return 
> non-error values 2^32 or more.
> 

I checked all the concealable syscalls and the only one that might return
a value larger than the long int is indeed only lseek/lseek64.  Currently
all the 32-bits targets mark them as non-cancellable while 64-bits, MIPS
n32 and x32 implements it as cancellable.

So the most straighforward solution I see is just to make it as 
non-cancellable and use the patch as is (musl does not mark is as cancellable).
It has the advantage that it does not require to make __syscall_cancel_arch
return different types based on port definition, it removes the inconsistency
and align the cancellable functions with others libc implementation (musl).

For possible future cancellable syscalls that might require a type larger
than unsigned long we might create a specialized implementation meant to
be used in such cases (sysdeps/unix/sysv/linux/...) and then redefine 
__syscall_cancel_arch prototype to make it expect to return such values.