From patchwork Mon Jun 26 14:26:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Phil Blundell X-Patchwork-Id: 780744 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3wxBFD51lPz9s65 for ; Tue, 27 Jun 2017 00:26:24 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b="aoQX9OQd"; dkim-atps=neutral DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:subject:from:to:date:in-reply-to :references:content-type:mime-version:content-transfer-encoding; q=dns; s=default; b=aUeO/vZPwDQACGDDGKSgecUcLQqwI0HcovKKZ0vggxs RjHYXQRLqykP1LBuR3lk/ciUa3Jcv/bmn1Ht+nIt/0tDarVHC8RZleAJmQM2qfGZ rnOrCzH71pDUl+MDIT6vH0UDOjmNdvDKSbVH6hNzNvHMfOyemIk+gBxl1ldK3D80 = DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:subject:from:to:date:in-reply-to :references:content-type:mime-version:content-transfer-encoding; s=default; bh=tPMc0zRJ+xBRxCnOAuQfwQsV2jE=; b=aoQX9OQd/cBjYEQLR YSeRjoaWQwP2qaFLfK0r8XwfjvaC6fbiSA1Jq8UTa6Ya+EwGnF0OKHP9X60vRLxu lUMLd3dJ5GOnWgyK3/MwjQpO9f0BHymPZiW0XDCg1EvuJWysT+WLn2Cl1xF1GWAE 1iwNpqQODrhXdBdAERR/sogC3o= Received: (qmail 52127 invoked by alias); 26 Jun 2017 14:26:17 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 52000 invoked by uid 89); 26 Jun 2017 14:26:16 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_LAZY_DOMAIN_SECURITY, RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy=H*r:7889, HContent-Transfer-Encoding:8bit X-HELO: hetzner.pbcl.net Message-ID: <1498487169.6717.64.camel@pbcl.net> Subject: Re: gai_cancel() From: Phil Blundell To: Florian Weimer , libc-alpha@sourceware.org Date: Mon, 26 Jun 2017 15:26:09 +0100 In-Reply-To: <1497874716.6717.39.camel@pbcl.net> References: <1497627984.6717.32.camel@pbcl.net> <1497870281.6717.37.camel@pbcl.net> <1497874716.6717.39.camel@pbcl.net> Mime-Version: 1.0 On Mon, 2017-06-19 at 13:18 +0100, Phil Blundell wrote: > On Mon, 2017-06-19 at 12:04 +0100, Phil Blundell wrote: > > Under conditions that I don't entirely understand yet, we seem to > > be somehow returning from gai_suspend while its waitlist[] entry is > > still linked into requestlist->waiting.  > > Here's a patch that fixes bug 20874 for me, fwiw.  It still passes > "make subdirs='resolv' xcheck".  > > OK to commit? Ping? 2017-06-26 Phil Blundell * resolv/gai_suspend.c (gai_suspend): Ensure we always remove the entry we added to the waitlist before returning. From 6e5dbbcfc0594dad90dc6f8b4537dba26bceb428 Mon Sep 17 00:00:00 2001 From: Phil Blundell Date: Mon, 19 Jun 2017 13:11:00 +0100 Subject: [PATCH] gai_suspend: Remove bogus check for EAI_INPROGRESS [BZ #20874] If we added an entry to the waitlist for any request, it is important that we remove it again before returning. Failing to do so will cause obscure and hard-to-debug crashes because the linked list will contain a pointer to a struct that was assigned on the stack and has since been overwritten. Although we check that the current "return value" of the request is EAI_INPROGRESS before adding an entry to its waitlist, this value may change while we sleep so we cannot assume it will still be EAI_INPROGRESS when we come to remove the entry afterwards. --- resolv/gai_suspend.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/resolv/gai_suspend.c b/resolv/gai_suspend.c index a86bd4360d..139d636c78 100644 --- a/resolv/gai_suspend.c +++ b/resolv/gai_suspend.c @@ -111,8 +111,7 @@ gai_suspend (const struct gaicb *const list[], int ent, /* Now remove the entry in the waiting list for all requests which didn't terminate. */ for (cnt = 0; cnt < ent; ++cnt) - if (list[cnt] != NULL && list[cnt]->__return == EAI_INPROGRESS - && requestlist[cnt] != NULL) + if (list[cnt] != NULL && requestlist[cnt] != NULL) { struct waitlist **listp = &requestlist[cnt]->waiting;