Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20120210074002.GA13559@openwall.com>
Date: Fri, 10 Feb 2012 11:40:02 +0400
From: Solar Designer <solar@...nwall.com>
To: musl@...ts.openwall.com
Subject: Re: tough choice on thread pointer initialization issue

Hi Rich,

Thank you for posting this!

On Thu, Feb 09, 2012 at 09:58:25PM -0500, Rich Felker wrote:
> approach 1: hack the signal-return "restore" function to save the
> current thread register value into the struct sigcontext before
> calling SYS_sigreturn, so that it will be preserved when the
> interrupted code resumes.
> 
> pros: minimal costs, never adds any syscalls versus current musl.
> 
> cons: ugly hack, and gdb does not like non-canonical sigreturn
> functions (it refuses to work when the instruction pointer is at
> them).
> 
> 
> approach 2: call pthread_self() from sigaction(). this will ensure
> that a signal handler never runs prior to the thread pointer being
> initialized.
> 
> pros: minimal code changes, and avoids adding syscalls except for
> programs that use signals but not threads.
> 
> cons: adds a syscall, and links unnecessary thread code when static
> linking, in any program that uses signal handlers.

I think another con of the two approaches above is that they'll fail if
a program sets up a signal handler in a way bypassing musl (and other
prerequisites of the problem are met as well, as you described them).
Indeed, this makes it even more of a special case, but it's still legal
(or not? that's a musl policy thing I guess).

> approach 3: always initialize the thread pointer from
> __libc_start_main (befoe main runs). (this is the glibc approach)
...

> before i make a decision, i'd like to hear if anyone from the
> community has strong opinions one way or the other. i've almost ruled
> out approach #1 and i'm leaning towards #3, with the idea that
> simplicity is worth more than a couple trivial syscalls.

Not a strong opinion, but how about:

approach 4: initialize the thread pointer register to zero at program
startup.  Then before its use, just check it for non-zero instead of
checking a global flag.  (I presume that you're doing the latter now,
based on your description of the problem.)

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.