From patchwork Mon Feb 11 20:54:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 1040145 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=sourceware.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=libc-alpha-return-99940-incoming=patchwork.ozlabs.org@sourceware.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b="oyPChC+K"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43yyhJ4vf9z9s7h for ; Tue, 12 Feb 2019 07:54:24 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:mime-version :content-type; q=dns; s=default; b=h1wszyWswLu46pMglCdhZULiLq1xh JUswy2Ih9ZJ+DpD8xig5Dl+g1TLTxYoF6+h6IEqukoRhLphvcsOCxxTHCzzgGk/R 5/jos0Oe+PesIJTj1plH6xNXZHVvTw+lgijKMQN10dV4sAvHiYqxMPylbGMPV85I xYTd6lp9NEjlR8= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:mime-version :content-type; s=default; bh=3ocWewgzud9PBzo/BnYpiZwDvyo=; b=oyP ChC+KnO+K5Wp5s+qxA8Wfieln7KQnjQN3D4uSs/lhKbRd7bBX5cBrK41kTVbTNHM kqiedO3yMBHuag0GY21nv1VpMjU2p2q8AyhvFUg/rm/y1lyBOtHECSp5fjuPsMOL LsJJjqvAz+0q/QHoWgMoaD9umBDcHOgbMNFD3G6Y= Received: (qmail 64413 invoked by alias); 11 Feb 2019 20:54:18 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 64405 invoked by uid 89); 11 Feb 2019 20:54:18 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_PASS autolearn=ham version=3.3.2 spammy= X-HELO: mx1.redhat.com From: Florian Weimer To: libc-alpha@sourceware.org Subject: [PATCH] nptl: Fix invalid Systemtap probe in pthread_join [BZ #24211] Date: Mon, 11 Feb 2019 21:54:13 +0100 Message-ID: <87k1i6cah6.fsf@oldenburg2.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 After commit f1ac7455831546e5dca0ed98fe8af2686fae7ce6 ("arm: Use "nr" constraint for Systemtap probes [BZ #24164]"), we load pd->result into a register in the probe below: /* Free the TCB. */ __free_tcb (pd); } else pd->joinid = NULL; LIBC_PROBE (pthread_join_ret, 3, threadid, result, result); However, at this point, the thread descriptor has been freed. If the thread stack does not fit into the thread stack cache, the memory will have been unmapped, and the program will crash in the probe. 2019-02-11 Florian Weimer [BZ #24211] * nptl/pthread_join_common.c (__pthread_timedjoin_ex): Do not read pd->result again after the thread descriptor has been freed. Reviewed-by: Carlos O'Donell diff --git a/nptl/pthread_join_common.c b/nptl/pthread_join_common.c index ecb78ffba5..45deba6a74 100644 --- a/nptl/pthread_join_common.c +++ b/nptl/pthread_join_common.c @@ -101,7 +101,7 @@ __pthread_timedjoin_ex (pthread_t threadid, void **thread_return, else pd->joinid = NULL; - LIBC_PROBE (pthread_join_ret, 3, threadid, result, pd->result); + LIBC_PROBE (pthread_join_ret, 3, threadid, result, result); return result; }