From patchwork Mon Nov 24 21:44:35 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
X-Patchwork-Id: 414121
Return-Path: 
 <libc-alpha-return-54707-incoming=patchwork.ozlabs.org@sourceware.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 09DF514014D
	for <incoming@patchwork.ozlabs.org>;
	Tue, 25 Nov 2014 08:44:52 +1100 (AEDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:cc
	:subject:content-type:content-transfer-encoding; q=dns; s=
	default; b=ZtAVtkKcKGD7wf0NE9VYQ1YrytMR+m5lI+ESJ112yZ6eWWNt8YrGX
	bqk2il3wf1Rw3v8aWMxwcaGHNxS4AYtEB6BZ2jRiSLxojMn5H6W9Cgu4dd7puW2a
	ykZb8hkdHoc8xpztZQAzVz1kk2FbNskuirWO1740cxNDSs1cniYVVw=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:cc
	:subject:content-type:content-transfer-encoding; s=default; bh=Z
	XNdYmy1A0uUKE4xVcqHVxwDdRQ=; b=GswkPMo2h5ud+fZGXtbN34X6cMgkyH1RY
	Iy5jrkiZH/BaYu6k4AfxLKnxJOnZVdMwQ/J7cwzMgkZsypCtxiKh634sbZGhJ2L6
	9F3BwkSWEG0DPYKOWzXL7z+nDWY1vrug+saH5qMVCqJ73DmzJxP2RfpyOxIMp5qg
	yOAJR2DyBo=
Received: (qmail 20677 invoked by alias); 24 Nov 2014 21:44:46 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: 
 <mailto:libc-alpha-unsubscribe-incoming=patchwork.ozlabs.org@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 20659 invoked by uid 89); 24 Nov 2014 21:44:45 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-0.7 required=5.0 tests=AWL, BAYES_50,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-HELO: e24smtp04.br.ibm.com
Message-ID: <5473A6C3.5020806@linux.vnet.ibm.com>
Date: Mon, 24 Nov 2014 19:44:35 -0200
From: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: "GNU C. Library" <libc-alpha@sourceware.org>
CC: Alexandre Oliva <aoliva@redhat.com>
Subject: BZ# 16418: Fix powerpc get_clockfreq raciness
X-TM-AS-MML: disable
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 14112421-0029-0000-0000-0000021EA0EF

This patch fixes powerpc __get_clockfreq racy and cancel-safe issues by
dropping internal static cache and by using nocancel file operations.
The vDSO failure check is also removed, since kernel code does not
return an error (it cleans cr0.so bit on function return) and the static
code (to read value /proc) now uses non-cancellable calls.

Since currently I don't see this code patch to be performance sensitive
(usually the clock frequency is obtained once to transform timebase
values), I don't see a problem to drop its internal cache.  Also, if
latency came up as being important for this one, correct approach would
be use IFUNC to call vDSO symbols directly (which I do not aim to
implement now).

Tested on powerpc64 and powerpc32.
---

	[BZ# 16418]
	* sysdeps/unix/sysv/linux/powerpc/get_clockfreq.c
	(__get_clockfreq): Make code racy and cancel safe.

---

diff --git a/NEWS b/NEWS
index ad170c4..833a680 100644
--- a/NEWS
+++ b/NEWS
@@ -9,10 +9,10 @@ Version 2.21
 
 * The following bugs are resolved with this release:
 
-  6652, 12926, 14132, 14138, 14171, 14498, 15215, 15884, 16469, 17266,
-  17344, 17363, 17370, 17371, 17411, 17460, 17475, 17485, 17501, 17506,
-  17508, 17522, 17555, 17570, 17571, 17572, 17573, 17574, 17582, 17583,
-  17584, 17585, 17589, 17594, 17616, 17625.
+  6652, 12926, 14132, 14138, 14171, 14498, 15215, 15884, 16418, 16469,
+  17266, 17344, 17363, 17370, 17371, 17411, 17460, 17475, 17485, 17501,
+  17506, 17508, 17522, 17555, 17570, 17571, 17572, 17573, 17574, 17582,
+  17583, 17584, 17585, 17589, 17594, 17616, 17625.
 
 * CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
   under certain input conditions resulting in the execution of a shell for
diff --git a/sysdeps/unix/sysv/linux/powerpc/get_clockfreq.c b/sysdeps/unix/sysv/linux/powerpc/get_clockfreq.c
index 62217b1..44f90b4 100644
--- a/sysdeps/unix/sysv/linux/powerpc/get_clockfreq.c
+++ b/sysdeps/unix/sysv/linux/powerpc/get_clockfreq.c
@@ -24,95 +24,85 @@
 #include <libc-internal.h>
 #include <sysdep.h>
 #include <bits/libc-vdso.h>
+#include <not-cancel.h>
 
 hp_timing_t
 __get_clockfreq (void)
 {
+  hp_timing_t result = 0L;
+
+#ifdef SHARED
+  /* The vDSO does not return an error (it clear cr0.so on returning).  */
+  INTERNAL_SYSCALL_DECL (err);
+  result =
+    INTERNAL_VSYSCALL_NO_SYSCALL_FALLBACK (get_tbfreq, err, uint64_t, 0);
+#else
   /* We read the information from the /proc filesystem.  /proc/cpuinfo
      contains at least one line like:
      timebase        : 33333333
      We search for this line and convert the number into an integer.  */
-  static hp_timing_t timebase_freq;
-  hp_timing_t result = 0L;
+  int fd = __open_nocancel ("/proc/cpuinfo", O_RDONLY);
+  if (__glibc_likely (fd != -1))
+    return result;
 
-  /* If this function was called before, we know the result.  */
-  if (timebase_freq != 0)
-    return timebase_freq;
+  /* The timebase will be in the 1st 1024 bytes for systems with up
+     to 8 processors.  If the first read returns less then 1024
+     bytes read,  we have the whole cpuinfo and can start the scan.
+     Otherwise we will have to read more to insure we have the
+     timebase value in the scan.  */
+  char buf[1024];
+  ssize_t n;
 
-  /* If we can use the vDSO to obtain the timebase even better.  */
-#ifdef SHARED
-  INTERNAL_SYSCALL_DECL (err);
-  timebase_freq =
-    INTERNAL_VSYSCALL_NO_SYSCALL_FALLBACK (get_tbfreq, err, uint64_t, 0);
-  if (INTERNAL_SYSCALL_ERROR_P (timebase_freq, err)
-      && INTERNAL_SYSCALL_ERRNO (timebase_freq, err) == ENOSYS)
-#endif
+  n = __read_nocancel (fd, buf, sizeof (buf));
+  if (n == sizeof (buf))
     {
-      int fd = __open ("/proc/cpuinfo", O_RDONLY);
+      /* We are here because the 1st read returned exactly sizeof
+         (buf) bytes.  This implies that we are not at EOF and may
+         not have read the timebase value yet.  So we need to read
+         more bytes until we know we have EOF.  We copy the lower
+         half of buf to the upper half and read sizeof (buf)/2
+         bytes into the lower half of buf and repeat until we
+         reach EOF.  We can assume that the timebase will be in
+         the last 512 bytes of cpuinfo, so two 512 byte half_bufs
+         will be sufficient to contain the timebase and will
+         handle the case where the timebase spans the half_buf
+         boundry.  */
+      const ssize_t half_buf = sizeof (buf) / 2;
+      while (n >= half_buf)
+	{
+	  memcpy (buf, buf + half_buf, half_buf);
+	  n = __read_nocancel (fd, buf + half_buf, half_buf);
+	}
+      if (n >= 0)
+	n += half_buf;
+    }
+  __close_nocancel (fd);
 
-      if (__glibc_likely (fd != -1))
+  if (__glibc_likely (n > 0))
+    {
+      char *mhz = memmem (buf, n, "timebase", 7);
+
+      if (__glibc_likely (mhz != NULL))
 	{
-	  /* The timebase will be in the 1st 1024 bytes for systems with up
-	     to 8 processors.  If the first read returns less then 1024
-	     bytes read,  we have the whole cpuinfo and can start the scan.
-	     Otherwise we will have to read more to insure we have the
-	     timebase value in the scan.  */
-	  char buf[1024];
-	  ssize_t n;
+	  char *endp = buf + n;
 
-	  n = __read (fd, buf, sizeof (buf));
-	  if (n == sizeof (buf))
-	    {
-	      /* We are here because the 1st read returned exactly sizeof
-	         (buf) bytes.  This implies that we are not at EOF and may
-	         not have read the timebase value yet.  So we need to read
-	         more bytes until we know we have EOF.  We copy the lower
-	         half of buf to the upper half and read sizeof (buf)/2
-	         bytes into the lower half of buf and repeat until we
-	         reach EOF.  We can assume that the timebase will be in
-	         the last 512 bytes of cpuinfo, so two 512 byte half_bufs
-	         will be sufficient to contain the timebase and will
-	         handle the case where the timebase spans the half_buf
-	         boundry.  */
-	      const ssize_t half_buf = sizeof (buf) / 2;
-	      while (n >= half_buf)
-		{
-		  memcpy (buf, buf + half_buf, half_buf);
-		  n = __read (fd, buf + half_buf, half_buf);
-		}
-	      if (n >= 0)
-		n += half_buf;
-	    }
+	  /* Search for the beginning of the string.  */
+	  while (mhz < endp && (*mhz < '0' || *mhz > '9') && *mhz != '\n')
+	    ++mhz;
 
-	  if (__builtin_expect (n, 1) > 0)
+	  while (mhz < endp && *mhz != '\n')
 	    {
-	      char *mhz = memmem (buf, n, "timebase", 7);
-
-	      if (__glibc_likely (mhz != NULL))
+	      if (*mhz >= '0' && *mhz <= '9')
 		{
-		  char *endp = buf + n;
-
-		  /* Search for the beginning of the string.  */
-		  while (mhz < endp && (*mhz < '0' || *mhz > '9')
-			 && *mhz != '\n')
-		    ++mhz;
-
-		  while (mhz < endp && *mhz != '\n')
-		    {
-		      if (*mhz >= '0' && *mhz <= '9')
-			{
-			  result *= 10;
-			  result += *mhz - '0';
-			}
-
-		      ++mhz;
-		    }
+		  result *= 10;
+		  result += *mhz - '0';
 		}
-	      timebase_freq = result;
+
+	      ++mhz;
 	    }
-	  __close (fd);
 	}
     }
+#endif
 
-  return timebase_freq;
+  return result;
 }