From patchwork Mon Jun 19 12:18:36 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Phil Blundell X-Patchwork-Id: 777714 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3wrqlr1KFXz9s7m for ; Mon, 19 Jun 2017 22:19:19 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b="SK6rSScU"; dkim-atps=neutral DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:subject:from:to:date:in-reply-to :references:content-type:mime-version; q=dns; s=default; b=oY0kx qaRn1TuuIIiflP2okRstDIURx0NYThZc8mz3JNhtgHd97KfPvCCS7xMiB+jGmpWu HCGTAn9ywshrT81OkAXsF1M9TEKK0WBnCbhHHIyUvrTc8Xy89kn5iZYaGaYZADuQ 5ecOtdMXmnmYp0N6YcvYkxGLr+vcdz5GUI7PuQ= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:subject:from:to:date:in-reply-to :references:content-type:mime-version; s=default; bh=5aUukUBxgq8 3AH4II7hmMglPNKo=; b=SK6rSScUwLPVkr82zwxaIKoYA+3tAu4GU95Y9Dzxahe XHrsNX2S2N7Euf2x1TJzeXEUaFgObTVJbE81jQ0lhDczPFBoDUKlPSQKT5djY/as tBJy1NXcK0V+X9i27/g3NUyz+I7BdNQv2b0dKh0s1cvyHxiw6EuAKzdY4j4rQro8 = Received: (qmail 124428 invoked by alias); 19 Jun 2017 12:18:38 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 122819 invoked by uid 89); 19 Jun 2017 12:18:37 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_LAZY_DOMAIN_SECURITY, T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy= X-HELO: hetzner.pbcl.net Message-ID: <1497874716.6717.39.camel@pbcl.net> Subject: Re: gai_cancel() From: Phil Blundell To: Florian Weimer , libc-alpha@sourceware.org Date: Mon, 19 Jun 2017 13:18:36 +0100 In-Reply-To: <1497870281.6717.37.camel@pbcl.net> References: <1497627984.6717.32.camel@pbcl.net> <1497870281.6717.37.camel@pbcl.net> Mime-Version: 1.0 On Mon, 2017-06-19 at 12:04 +0100, Phil Blundell wrote: > Under conditions that I don't entirely understand yet, we seem to be > somehow returning from gai_suspend while its waitlist[] entry is > still > linked into requestlist->waiting.  Here's a patch that fixes bug 20874 for me, fwiw. It still passes "make subdirs='resolv' xcheck".  OK to commit? Phil From 6e5dbbcfc0594dad90dc6f8b4537dba26bceb428 Mon Sep 17 00:00:00 2001 From: Phil Blundell Date: Mon, 19 Jun 2017 13:11:00 +0100 Subject: [PATCH] gai_suspend: Remove bogus check for EAI_INPROGRESS [BZ #20874] If we added an entry to the waitlist for any request, it is important that we remove it again before returning. Failing to do so will cause obscure and hard-to-debug crashes because the linked list will contain a pointer to a struct that was assigned on the stack and has since been overwritten. Although we check that the current "return value" of the request is EAI_INPROGRESS before adding an entry to its waitlist, this value may change while we sleep so we cannot assume it will still be EAI_INPROGRESS when we come to remove the entry afterwards. --- resolv/gai_suspend.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/resolv/gai_suspend.c b/resolv/gai_suspend.c index a86bd4360d..139d636c78 100644 --- a/resolv/gai_suspend.c +++ b/resolv/gai_suspend.c @@ -111,8 +111,7 @@ gai_suspend (const struct gaicb *const list[], int ent, /* Now remove the entry in the waiting list for all requests which didn't terminate. */ for (cnt = 0; cnt < ent; ++cnt) - if (list[cnt] != NULL && list[cnt]->__return == EAI_INPROGRESS - && requestlist[cnt] != NULL) + if (list[cnt] != NULL && requestlist[cnt] != NULL) { struct waitlist **listp = &requestlist[cnt]->waiting; -- 2.11.0